SUSE SLES12 Security Update : kernel (SUSE-SU-2024:1979-1)

high Nessus Plugin ID 200401

Language:

Synopsis

The remote SUSE host is missing one or more security updates.

Description

The remote SUSE Linux SLES12 / SLES_SAP12 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2024:1979-1 advisory.

The SUSE Linux Enterprise 12 SP5 Azure kernel was updated to receive various security bugfixes.

The following security bugs were fixed:

- CVE-2024-26921: Preserve kabi for sk_buff (bsc#1223138).
- CVE-2022-48686: Fix UAF when detecting digest errors (bsc#1223948). Update blacklist.conf: remove entry
- CVE-2021-47074: Fixed memory leak in nvme_loop_create_ctrl() (bsc#1220854).
- CVE-2021-47378: Destroy cm id before destroy qp to avoid use after free (bsc#1225201).
- CVE-2022-48697: Fix a use-after-free (bsc#1223922). Update blacklist.conf: drop entry from it
- CVE-2024-26846: Do not wait in vain when unloading module (bsc#1223023).
- CVE-2021-47496: Fix flipped sign in tls_err_abort() calls (bsc#1225354)
- CVE-2023-42755: Check user supplied offsets (bsc#1215702).
- CVE-2023-52664: Eliminate double free in error handling logic (bsc#1224747).
- CVE-2023-52796: Add ipvlan_route_v6_outbound() helper (bsc#1224930).
- CVE-2021-47246: Fix page reclaim for dead peer hairpin (bsc#1224831).
- CVE-2023-52732: Blocklist the kclient when receiving corrupted snap trace (bsc#1225222 CVE-2023-52732).
- CVE-2024-35936: Add missing mutex_unlock in btrfs_relocate_sys_chunks() (bsc#1224644)
- CVE-2021-47548: Fixed a possible array out-of=bounds (bsc#1225506)
- CVE-2024-36029: Pervent access to suspended controller (bsc#1225708 CVE-2024-36029)
- CVE-2024-26625: Call sock_orphan() at release time (bsc#1221086)
- CVE-2021-47352: Add validation for used length (bsc#1225124).
- CVE-2023-52698: Fixed memory leak in netlbl_calipso_add_pass() (bsc#1224621)
- CVE-2021-47431: Fix gart.bo pin_count leak (bsc#1225390).
- CVE-2024-35935: Handle path ref underflow in header iterate_inode_ref() (bsc#1224645)
- CVE-2024-26828: Fixed underflow in parse_server_interfaces() (bsc#1223084).
- CVE-2021-47423: Fix file release memory leak (bsc#1225366).
- CVE-2022-48710: Fix a possible null pointer dereference (bsc#1225230).
- CVE-2021-47497: Fixed shift-out-of-bound (UBSAN) with byte size cells (bsc#1225355).
- CVE-2024-35932: Do not check if plane->state->fb == state->fb (bsc#1224650).
- CVE-2021-47500: Fixed trigger reference couting (bsc#1225360).
- CVE-2024-35809: Drain runtime-idle callbacks before driver removal (bsc#1224738).
- CVE-2021-47383: Fiedx out-of-bound vmalloc access in imageblit (bsc#1225208).
- CVE-2021-47511: Fixed negative period/buffer sizes (bsc#1225411).
- CVE-2021-47509: Limit the period size to 16MB (bsc#1225409).
- CVE-2024-35877: Fixed VM_PAT handling in COW mappings (bsc#1224525).
- CVE-2024-35982: Avoid infinite loop trying to resize local TT (bsc#1224566)
- CVE-2024-35969: Fixed race condition between ipv6_get_ifaddr and ipv6_del_addr (bsc#1224580).
- CVE-2021-47277: Avoid speculation-based attacks from out-of-range memslot accesses (bsc#1224960, CVE-2021-47277).
- CVE-2024-35791: Flush pages under kvm->lock to fix UAF in svm_register_enc_region() (bsc#1224725).
- CVE-2021-47401: Fix stack information leak (bsc#1225242).
- CVE-2023-52867: Fix possible buffer overflow (bsc#1225009).
- CVE-2023-52821: Fix a possible null pointer dereference (bsc#1225022).
- CVE-2021-47265: Verify port when creating flow rule (bsc#1224957)
- CVE-2021-47362: Update intermediate power state for SI (bsc#1225153).
- CVE-2021-47361: Fix error handling in mcb_alloc_bus() (bsc#1225151).
- CVE-2023-52864: Fix opening of char device (bsc#1225132).
- CVE-2022-48708: Fix potential NULL dereference (bsc#1224942).
- CVE-2024-35944: Fixed memcpy() run-time warning in dg_dispatch_as_host() (bsc#1224648).
- CVE-2021-47238: Fix memory leak in ip_mc_add1_src (bsc#1224847)
- CVE-2023-52730: Fix possible resource leaks in some error paths (bsc#1224956).
- CVE-2021-47355: Fix possible use-after-free in nicstar_cleanup() (bsc#1225141).
- CVE-2021-47245: Fix out of bounds when parsing TCP options (bsc#1224838)
- CVE-2024-35878: Prevent NULL pointer dereference in vsnprintf() (bsc#1224671).
- CVE-2023-52747: Restore allocated resources on failed copyout (bsc#1224931)
- CVE-2021-47249: Fix memory leak in rds_recvmsg (bsc#1224880)
- CVE-2021-47397: Break out if skb_header_pointer returns NULL in sctp_rcv_ootb (bsc#1225082)
- CVE-2021-47250: Fix memory leak in netlbl_cipsov4_add_std (bsc#1224827)
- CVE-2024-35849: Fix information leak in btrfs_ioctl_logical_to_ino() (bsc#1224733).
- CVE-2024-27436: Stop parsing channels bits when all channels are found (bsc#1224803).
- CVE-2021-47281: Fix race of snd_seq_timer_open() (bsc#1224983).
- CVE-2024-35789: Clear fast rx for non-4addr in VLAN netdev (bsc#1224749).
- CVE-2024-35830: Register v4l2 async device only after successful setup (bsc#1224680).
- CVE-2021-47334: Fix two use after free in ibmasm_init_one (bsc#1225112).
- CVE-2021-47357: Fix possible use-after-free in ia_module_exit() (bsc#1225144).
- CVE-2023-52875: Add check for mtk_alloc_clk_data (bsc#1225096).
- CVE-2023-52865: Add check for mtk_alloc_clk_data (bsc#1225086).
- CVE-2024-35887: Fix use-after-free bugs caused by ax25_ds_del_timer (bsc#1224663)
- CVE-2021-47483: Fixed possible double-free in regcache_rbtree_exit() (bsc#1224907).
- CVE-2024-26957: Fix reference counting on zcrypt card objects (bsc#1223666).
- CVE-2023-52691: Fix a double-free in si_dpm_init (bsc#1224607).
- CVE-2024-27398: Fixed use-after-free bugs caused by sco_sock_timeout (bsc#1224174).
- CVE-2023-52586: Fixed mutex lock in control vblank irq (bsc#1221081).
- CVE-2024-27062: Fixed nouveau lock inside client object tree (bsc#1223834).
- CVE-2024-26984: Fix instmem race condition around ptr stores (bsc#1223633)
- CVE-2021-46933: Fixed possible underflow in ffs_data_clear() (bsc#1220487).
- CVE-2024-27396: Fixed Use-After-Free in gtp_dellink (bsc#1224096).
- CVE-2023-52655: Check packet for fixup for true limit (bsc#1217169).
- CVE-2024-26900: Fixed kmemleak of rdev->serial (bsc#1223046).
- CVE-2024-27401: Fixed user_length taken into account when fetching packet contents (bsc#1224181).
- CVE-2024-26775: Fixed potential deadlock at set_capacity (bsc#1222627).
- CVE-2024-26958: Fixed UAF in direct writes (bsc#1223653).
- CVE-2022-48704: Add a force flush to delay work when radeon (bsc#1223932)
- CVE-2021-47206: Check return value after calling platform_get_resource() (bsc#1222894).
- CVE-2024-26915: Reset IH OVERFLOW_CLEAR bit (bsc#1223207)
- CVE-2024-26996: Fix UAF ncm object at re-bind after usb transport error (bsc#1223752).
- CVE-2024-26874: Fix a null pointer crash in mtk_drm_crtc_finish_page_flip (bsc#1223048)
- CVE-2023-1829: Fixed a use-after-free vulnerability in the control index filter (tcindex) (bsc#1210335).

The following non-security bugs were fixed:

- af_unix: annote lockless accesses to unix_tot_inflight & gc_in_progress (bsc#1223384).
- af_unix: Do not use atomic ops for unix_sk(sk)->inflight (bsc#1223384).
- af_unix: Replace BUG_ON() with WARN_ON_ONCE() (bsc#1223384).
- ASoC: tracing: Export SND_SOC_DAPM_DIR_OUT to its value (git-fixes).
- assoc_array: Fix BUG_ON during garbage collect.
- autofs: fix a leak in autofs_expire_indirect() (git-fixes)
- Bluetooth: btusb: Some Qualcomm Bluetooth adapters stop working (git-fixes).
- btrfs: avoid null pointer dereference on fs_info when calling btrfs_crit (git-fixes)
- btrfs: check if root is readonly while setting security xattr (git-fixes)
- btrfs: defrag: use btrfs_mod_outstanding_extents in cluster_pages_for_defrag (git-fixes)
- btrfs: do not get an EINTR during drop_snapshot for reloc (git-fixes)
- btrfs: do not stop integrity writeback too early (git-fixes)
- btrfs: Explicitly handle btrfs_update_root failure (git-fixes)
- btrfs: fail mount when sb flag is not in BTRFS_SUPER_FLAG_SUPP (git-fixes)
- btrfs: fix btrfs_prev_leaf() to not return the same key twice (git-fixes)
- btrfs: fix deadlock when writing out space cache (git-fixes)
- Btrfs: fix incorrect {node,sector}size endianness from BTRFS_IOC_FS_INFO (git-fixes)
- btrfs: fix lockdep splat and potential deadlock after failure running delayed items (git-fixes)
- btrfs: fix lost error handling when looking up extended ref on log replay (git-fixes)
- btrfs: Fix NULL pointer exception in find_bio_stripe (git-fixes)
- btrfs: Fix out of bounds access in btrfs_search_slot (git-fixes)
- btrfs: fix race when deleting quota root from the dirty cow roots list (git-fixes)
- btrfs: fix range_end calculation in extent_write_locked_range (git-fixes)
- btrfs: fix return value mixup in btrfs_get_extent (git-fixes)
- btrfs: fix unaligned access in readdir (git-fixes)
- btrfs: limit device extents to the device size (git-fixes)
- btrfs: prevent to set invalid default subvolid (git-fixes)
- btrfs: record delayed inode root in transaction (git-fixes)
- btrfs: scrub: reject unsupported scrub flags (git-fixes)
- btrfs: send: ensure send_fd is writable (git-fixes)
- btrfs: send: in case of IO error log it (git-fixes)
- btrfs: send: limit number of clones and allocated memory size (git-fixes)
- btrfs: sysfs: use NOFS for device creation (git-fixes) Adjustment: add #include
- btrfs: tree-checker: add missing return after error in root_item (git-fixes)
- btrfs: tree-checker: add missing returns after data_ref alignment checks (git-fixes)
- btrfs: tree-checker: do not error out if extent ref hash does not match (git-fixes)
- btrfs: tree-checker: fix inline ref size in error messages (git-fixes)
- btrfs: tree-checker: Fix misleading group system information (git-fixes)
- btrfs: undo writable superblocke when sprouting fails (git-fixes)
- btrfs: validate qgroup inherit for SNAP_CREATE_V2 ioctl (git-fixes)
- ecryptfs: fix a memory leak bug in ecryptfs_init_messaging() (git-fixes)
- ecryptfs: fix a memory leak bug in parse_tag_1_packet() (git-fixes)
- ecryptfs: fix kernel panic with null dev_name (git-fixes)
- ecryptfs: Fix typo in message (git-fixes)
- ep_create_wakeup_source(): dentry name can change under you (git-fixes)
- exportfs_decode_fh(): negative pinned may become positive without the parent locked (git-fixes)
- fs/proc/proc_sysctl.c: fix the default values of i_uid/i_gid on /proc/sys inodes (git-fixes)
- fscrypt: clean up some BUG_ON()s in block encryption/decryption (git-fixes)
- ila: do not generate empty messages in ila_xlat_nl_cmd_get_mapping() (git-fixes).
- ipv4, ipv6: Fix handling of transhdrlen in __ip{,6}_append_data() (git-fixes).
- kprobes: Fix possible use-after-free issue on kprobe registration (git-fixes).
- KVM: s390: Check kvm pointer when testing KVM_CAP_S390_HPAGE_1M (git-fixes bsc#1225059).
- l2tp: pass correct message length to ip6_append_data (git-fixes).
- lib/mpi: use kcalloc in mpi_resize (git-fixes).
- list: fix a data-race around ep->rdllist (git-fixes).
- net: 9p: avoid freeing uninit memory in p9pdu_vreadf (git-fixes).
- net: tcp: fix unexcepted socket die when snd_wnd is 0 (git-fixes).
- net: usb: ax88179_178a: stop lying about skb->truesize (git-fixes).
- net: usb: smsc95xx: stop lying about skb->truesize (git-fixes).
- net: usb: sr9700: stop lying about skb->truesize (git-fixes).
- net: vmxnet3: Fix NULL pointer dereference in vmxnet3_rq_rx_complete() (bsc#1223360).
- net/smc: fix fallback failed while sendmsg with fastopen (git-fixes).
- netfilter: nf_queue: augment nfqa_cfg_policy (git-fixes).
- netfilter: nft_compat: explicitly reject ERROR and standard target (git-fixes).
- netfilter: x_tables: set module owner for icmp(6) matches (git-fixes).
- nfc: change order inside nfc_se_io error path (git-fixes).
- powerpc/pseries/lparcfg: drop error message from guest name lookup (bsc#1187716 ltc#193451 git-fixes).
- ppdev: Add an error check in register_device (git-fixes).
- rds: avoid unenecessary cong_update in loop transport (git-fixes).
- rds: ib: Fix missing call to rds_ib_dev_put in rds_ib_setup_qp (git-fixes).
- ring-buffer: Clean ring_buffer_poll_wait() error return (git-fixes).
- ring-buffer: Fix a race between readers and resize checks (bsc#1222893).
- rxrpc: Do not put crypto buffers on the stack (git-fixes).
- rxrpc: Fix a memory leak in rxkad_verify_response() (git-fixes).
- rxrpc: Provide a different lockdep key for call->user_mutex for kernel calls (git-fixes).
- rxrpc: The mutex lock returned by rxrpc_accept_call() needs releasing (git-fixes).
- rxrpc: Work around usercopy check (git-fixes).
- s390/cpum_cf: make crypto counters upward compatible across machine types (bsc#1224347).
- s390/pci: fix max size calculation in zpci_memcpy_toio() (git-fixes bsc#1225062).
- tcp: tcp_make_synack() can be called from process context (git-fixes).
- tracing: Fix blocked reader of snapshot buffer (git-fixes).
- tracing: hide unused ftrace_event_id_fops (git-fixes).
- tracing: Use .flush() call to wake up readers (git-fixes).
- tracing: Use strncpy instead of memcpy when copying comm in trace.c (git-fixes).
- usb: aqc111: stop lying about skb->truesize (git-fixes).
- wifi: cfg80211: avoid leaking stack data into trace (git-fixes).
- wifi: radiotap: fix kernel-doc notation warnings (git-fixes).

Tenable has extracted the preceding description block directly from the SUSE security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

Solution

Update the affected packages.

Plugin Details

Severity: High

ID: 200401

File Name: suse_SU-2024-1979-1.nasl

Version: 1.1

Type: local

Agent: unix

Family: SuSE Local Security Checks

Published: 6/12/2024

Updated: 6/12/2024

Supported Sensors: Agentless Assessment, Frictionless Assessment Agent, Frictionless Assessment AWS, Frictionless Assessment Azure, Nessus Agent, Nessus

Risk Information

VPR

Risk Factor: High

Score: 7.4

CVSS v2

Risk Factor: Medium

Base Score: 6.8

Temporal Score: 5.3

Vector: CVSS2#AV:L/AC:L/Au:S/C:C/I:C/A:C

CVSS Score Source: CVE-2024-26934

CVSS v3

Risk Factor: High

Base Score: 7.8

Temporal Score: 7

Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Temporal Vector: CVSS:3.0/E:P/RL:O/RC:C

Vulnerability Information

CPE: cpe:/o:novell:suse_linux:12, p-cpe:/a:novell:suse_linux:kernel-source-azure, p-cpe:/a:novell:suse_linux:kernel-syms-azure, p-cpe:/a:novell:suse_linux:kernel-azure-base, p-cpe:/a:novell:suse_linux:kernel-azure-devel, p-cpe:/a:novell:suse_linux:kernel-devel-azure, p-cpe:/a:novell:suse_linux:kernel-azure

Required KB Items: Host/local_checks_enabled, Host/cpu, Host/SuSE/release, Host/SuSE/rpm-list

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 6/11/2024

Vulnerability Publication Date: 3/17/2023

Reference Information

CVE: CVE-2021-46933, CVE-2021-47074, CVE-2021-47162, CVE-2021-47171, CVE-2021-47188, CVE-2021-47206, CVE-2021-47220, CVE-2021-47229, CVE-2021-47231, CVE-2021-47235, CVE-2021-47236, CVE-2021-47237, CVE-2021-47238, CVE-2021-47239, CVE-2021-47245, CVE-2021-47246, CVE-2021-47248, CVE-2021-47249, CVE-2021-47250, CVE-2021-47252, CVE-2021-47254, CVE-2021-47258, CVE-2021-47260, CVE-2021-47261, CVE-2021-47265, CVE-2021-47269, CVE-2021-47274, CVE-2021-47276, CVE-2021-47277, CVE-2021-47280, CVE-2021-47281, CVE-2021-47284, CVE-2021-47285, CVE-2021-47288, CVE-2021-47301, CVE-2021-47302, CVE-2021-47305, CVE-2021-47307, CVE-2021-47308, CVE-2021-47310, CVE-2021-47311, CVE-2021-47314, CVE-2021-47315, CVE-2021-47319, CVE-2021-47320, CVE-2021-47321, CVE-2021-47323, CVE-2021-47324, CVE-2021-47330, CVE-2021-47334, CVE-2021-47337, CVE-2021-47343, CVE-2021-47344, CVE-2021-47345, CVE-2021-47347, CVE-2021-47352, CVE-2021-47353, CVE-2021-47355, CVE-2021-47356, CVE-2021-47357, CVE-2021-47361, CVE-2021-47362, CVE-2021-47369, CVE-2021-47375, CVE-2021-47378, CVE-2021-47382, CVE-2021-47383, CVE-2021-47391, CVE-2021-47397, CVE-2021-47400, CVE-2021-47401, CVE-2021-47404, CVE-2021-47409, CVE-2021-47416, CVE-2021-47423, CVE-2021-47424, CVE-2021-47431, CVE-2021-47435, CVE-2021-47436, CVE-2021-47456, CVE-2021-47458, CVE-2021-47460, CVE-2021-47469, CVE-2021-47472, CVE-2021-47473, CVE-2021-47478, CVE-2021-47480, CVE-2021-47483, CVE-2021-47485, CVE-2021-47495, CVE-2021-47496, CVE-2021-47497, CVE-2021-47500, CVE-2021-47506, CVE-2021-47509, CVE-2021-47511, CVE-2021-47523, CVE-2021-47541, CVE-2021-47548, CVE-2021-47565, CVE-2022-48686, CVE-2022-48697, CVE-2022-48704, CVE-2022-48708, CVE-2022-48710, CVE-2023-0160, CVE-2023-1829, CVE-2023-42755, CVE-2023-47233, CVE-2023-52527, CVE-2023-52586, CVE-2023-52591, CVE-2023-52655, CVE-2023-52664, CVE-2023-52685, CVE-2023-52686, CVE-2023-52691, CVE-2023-52696, CVE-2023-52698, CVE-2023-52703, CVE-2023-52730, CVE-2023-52732, CVE-2023-52741, CVE-2023-52742, CVE-2023-52747, CVE-2023-52759, CVE-2023-52774, CVE-2023-52781, CVE-2023-52796, CVE-2023-52803, CVE-2023-52821, CVE-2023-52864, CVE-2023-52865, CVE-2023-52867, CVE-2023-52875, CVE-2023-52880, CVE-2024-26625, CVE-2024-26752, CVE-2024-26775, CVE-2024-26828, CVE-2024-26846, CVE-2024-26874, CVE-2024-26900, CVE-2024-26915, CVE-2024-26920, CVE-2024-26921, CVE-2024-26934, CVE-2024-26957, CVE-2024-26958, CVE-2024-26984, CVE-2024-26996, CVE-2024-27059, CVE-2024-27062, CVE-2024-27396, CVE-2024-27398, CVE-2024-27401, CVE-2024-27419, CVE-2024-27436, CVE-2024-35789, CVE-2024-35791, CVE-2024-35809, CVE-2024-35811, CVE-2024-35830, CVE-2024-35849, CVE-2024-35877, CVE-2024-35878, CVE-2024-35887, CVE-2024-35895, CVE-2024-35914, CVE-2024-35932, CVE-2024-35935, CVE-2024-35936, CVE-2024-35944, CVE-2024-35955, CVE-2024-35969, CVE-2024-35982, CVE-2024-35984, CVE-2024-36015, CVE-2024-36029, CVE-2024-36954

SuSE: SUSE-SU-2024:1979-1

Detections

Analytics