Detections
Analytics
SUSE SLES15 Security Update : kernel (SUSE-SU-2024:1650-1)
high Nessus Plugin ID 197173
Language:
Synopsis
The remote SUSE host is missing one or more security updates.Description
The remote SUSE Linux SLES15 / SLES_SAP15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2024:1650-1 advisory.The SUSE Linux Enterprise 15 SP2 kernel was updated to receive various security bugfixes.
The following security bugs were fixed:
- CVE-2024-26840: Fixed a memory leak in cachefiles_add_cache() (bsc#1222976).
- CVE-2021-47113: Abort btrfs rename_exchange if we fail to insert the second ref (bsc#1221543).
- CVE-2021-47131: Fixed a use-after-free after the TLS device goes down and up (bsc#1221545).
- CVE-2024-26852: Fixed net/ipv6 to avoid possible UAF in ip6_route_mpath_notify() (bsc#1223057).
- CVE-2021-46955: Fixed an out-of-bounds read with openvswitch, when fragmenting IPv4 packets (bsc#1220513).
- CVE-2024-26862: Fixed packet annotate data-races around ignore_outgoing (bsc#1223111).
- CVE-2024-0639: Fixed a denial-of-service vulnerability due to a deadlock found in sctp_auto_asconf_init in net/sctp/socket.c (bsc#1218917).
- CVE-2024-27043: Fixed a use-after-free in edia/dvbdev in different places (bsc#1223824).
- CVE-2022-48631: Fixed a bug in ext4, when parsing extents where eh_entries == 0 and eh_depth > 0 (bsc#1223475).
- CVE-2024-23307: Fixed Integer Overflow or Wraparound vulnerability in x86 and ARM md, raid, raid5 modules (bsc#1219169).
- CVE-2022-48651: Fixed an out-of-bound bug in ipvlan caused by unset skb->mac_header (bsc#1223513).
- CVE-2024-26816: Fixed relocations in .notes section when building with CONFIG_XEN_PV=y by ignoring them (bsc#1222624).
- CVE-2024-26906: Disallowed vsyscall page read for copy_from_kernel_nofault() (bsc#1223202).
- CVE-2024-26689: Fixed a use-after-free in encode_cap_msg() (bsc#1222503).
- CVE-2021-47041: Don't set sk_user_data without write_lock (bsc#1220755).
- CVE-2021-47074: Fixed memory leak in nvme_loop_create_ctrl() (bsc#1220854).
- CVE-2024-26744: Fixed null pointer dereference in srpt_service_guid parameter in rdma/srpt (bsc#1222449).
Tenable has extracted the preceding description block directly from the SUSE security advisory.
Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.
Solution
Update the affected packages.See Also
https://bugzilla.suse.com/1190576
https://bugzilla.suse.com/1192145
https://bugzilla.suse.com/1204614
https://bugzilla.suse.com/1211592
https://bugzilla.suse.com/1218562
https://bugzilla.suse.com/1218917
https://bugzilla.suse.com/1219169
https://bugzilla.suse.com/1219170
https://bugzilla.suse.com/1219264
https://bugzilla.suse.com/1220513
https://bugzilla.suse.com/1220755
https://bugzilla.suse.com/1220854
https://bugzilla.suse.com/1221543
https://bugzilla.suse.com/1221545
https://bugzilla.suse.com/1222449
https://bugzilla.suse.com/1222482
https://bugzilla.suse.com/1222503
https://bugzilla.suse.com/1222559
https://bugzilla.suse.com/1222585
https://bugzilla.suse.com/1222624
https://bugzilla.suse.com/1222666
https://bugzilla.suse.com/1222669
https://bugzilla.suse.com/1222709
https://bugzilla.suse.com/1222790
https://bugzilla.suse.com/1222792
https://bugzilla.suse.com/1222829
https://bugzilla.suse.com/1222881
https://bugzilla.suse.com/1222883
https://bugzilla.suse.com/1222894
https://bugzilla.suse.com/1222976
https://bugzilla.suse.com/1223016
https://bugzilla.suse.com/1223057
https://bugzilla.suse.com/1223111
https://bugzilla.suse.com/1223187
https://bugzilla.suse.com/1223202
https://bugzilla.suse.com/1223475
https://bugzilla.suse.com/1223482
https://bugzilla.suse.com/1223513
https://bugzilla.suse.com/1223824
https://bugzilla.suse.com/1223952
https://lists.suse.com/pipermail/sle-updates/2024-May/035272.html
https://www.suse.com/security/cve/CVE-2021-46955
https://www.suse.com/security/cve/CVE-2021-47041
https://www.suse.com/security/cve/CVE-2021-47074
https://www.suse.com/security/cve/CVE-2021-47113
https://www.suse.com/security/cve/CVE-2021-47131
https://www.suse.com/security/cve/CVE-2021-47184
https://www.suse.com/security/cve/CVE-2021-47185
https://www.suse.com/security/cve/CVE-2021-47194
https://www.suse.com/security/cve/CVE-2021-47198
https://www.suse.com/security/cve/CVE-2021-47201
https://www.suse.com/security/cve/CVE-2021-47203
https://www.suse.com/security/cve/CVE-2021-47206
https://www.suse.com/security/cve/CVE-2021-47207
https://www.suse.com/security/cve/CVE-2021-47212
https://www.suse.com/security/cve/CVE-2022-48631
https://www.suse.com/security/cve/CVE-2022-48651
https://www.suse.com/security/cve/CVE-2022-48654
https://www.suse.com/security/cve/CVE-2022-48687
https://www.suse.com/security/cve/CVE-2023-2860
https://www.suse.com/security/cve/CVE-2023-6270
https://www.suse.com/security/cve/CVE-2024-0639
https://www.suse.com/security/cve/CVE-2024-0841
https://www.suse.com/security/cve/CVE-2024-22099
https://www.suse.com/security/cve/CVE-2024-23307
https://www.suse.com/security/cve/CVE-2024-26688
https://www.suse.com/security/cve/CVE-2024-26689
https://www.suse.com/security/cve/CVE-2024-26733
https://www.suse.com/security/cve/CVE-2024-26739
https://www.suse.com/security/cve/CVE-2024-26744
https://www.suse.com/security/cve/CVE-2024-26816
https://www.suse.com/security/cve/CVE-2024-26840
https://www.suse.com/security/cve/CVE-2024-26852
https://www.suse.com/security/cve/CVE-2024-26862
https://www.suse.com/security/cve/CVE-2024-26898
https://www.suse.com/security/cve/CVE-2024-26903
Plugin Details
Severity: High
ID: 197173
File Name: suse_SU-2024-1650-1.nasl
Version: 1.2
Type: local
Agent: unix
Family: SuSE Local Security Checks
Published: 5/16/2024
Updated: 8/28/2024
Supported Sensors: Frictionless Assessment AWS, Frictionless Assessment Azure, Frictionless Assessment Agent, Nessus Agent, Agentless Assessment, Nessus
Risk Information
VPR
Risk Factor: High
Score: 7.4
CVSS v2
Risk Factor: Medium
Base Score: 6.8
Temporal Score: 5
Vector: CVSS2#AV:L/AC:L/Au:S/C:C/I:C/A:C
CVSS Score Source: CVE-2024-26898
CVSS v3
Risk Factor: High
Base Score: 7.8
Temporal Score: 6.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Temporal Vector: CVSS:3.0/E:U/RL:O/RC:C
Vulnerability Information
CPE: p-cpe:/a:novell:suse_linux:kernel-macros, p-cpe:/a:novell:suse_linux:kernel-preempt-devel, p-cpe:/a:novell:suse_linux:ocfs2-kmp-default, p-cpe:/a:novell:suse_linux:dlm-kmp-default, p-cpe:/a:novell:suse_linux:kernel-livepatch-5_3_18-150200_24_191-default, p-cpe:/a:novell:suse_linux:kernel-default-base, p-cpe:/a:novell:suse_linux:kernel-preempt, p-cpe:/a:novell:suse_linux:kernel-default-livepatch, p-cpe:/a:novell:suse_linux:kernel-default-devel, p-cpe:/a:novell:suse_linux:kernel-devel, p-cpe:/a:novell:suse_linux:gfs2-kmp-default, p-cpe:/a:novell:suse_linux:kernel-syms, cpe:/o:novell:suse_linux:15, p-cpe:/a:novell:suse_linux:kernel-default-livepatch-devel, p-cpe:/a:novell:suse_linux:cluster-md-kmp-default, p-cpe:/a:novell:suse_linux:kernel-obs-build, p-cpe:/a:novell:suse_linux:kernel-default, p-cpe:/a:novell:suse_linux:kernel-source, p-cpe:/a:novell:suse_linux:reiserfs-kmp-default
Required KB Items: Host/local_checks_enabled, Host/cpu, Host/SuSE/release, Host/SuSE/rpm-list
Exploit Ease: No known exploits are available
Patch Publication Date: 5/15/2024
Vulnerability Publication Date: 9/30/2022
Reference Information
CVE: CVE-2021-46955, CVE-2021-47041, CVE-2021-47074, CVE-2021-47113, CVE-2021-47131, CVE-2021-47184, CVE-2021-47185, CVE-2021-47194, CVE-2021-47198, CVE-2021-47201, CVE-2021-47203, CVE-2021-47206, CVE-2021-47207, CVE-2021-47212, CVE-2022-48631, CVE-2022-48651, CVE-2022-48654, CVE-2022-48687, CVE-2023-2860, CVE-2023-6270, CVE-2024-0639, CVE-2024-0841, CVE-2024-22099, CVE-2024-23307, CVE-2024-26688, CVE-2024-26689, CVE-2024-26733, CVE-2024-26739, CVE-2024-26744, CVE-2024-26816, CVE-2024-26840, CVE-2024-26852, CVE-2024-26862, CVE-2024-26898, CVE-2024-26903, CVE-2024-26906, CVE-2024-27043
SuSE: SUSE-SU-2024:1650-1