SUSE SLES15 Security Update : kernel (SUSE-SU-2024:2185-1)

critical Nessus Plugin ID 200930

Language:

Synopsis

The remote SUSE host is missing one or more security updates.

Description

The remote SUSE Linux SLES15 / SLES_SAP15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2024:2185-1 advisory.

The SUSE Linux Enterprise 15 SP3 kernel was updated to receive various security bugfixes.

The following security bugs were fixed:

- CVE-2021-47378: Destroy cm id before destroy qp to avoid use after free (bsc#1225201).
- CVE-2021-47496: Fix flipped sign in tls_err_abort() calls (bsc#1225354)
- CVE-2021-47402: Protect fl_walk() with rcu (bsc#1225301)
- CVE-2022-48673: kABI workarounds for struct smc_link (bsc#1223934).
- CVE-2023-52871: Handle a second device without data corruption (bsc#1225534)
- CVE-2024-26828: Fix underflow in parse_server_interfaces() (bsc#1223084).
- CVE-2021-47497: Fixed shift-out-of-bound (UBSAN) with byte size cells (bsc#1225355).
- CVE-2021-47500: Fixed trigger reference couting (bsc#1225360).
- CVE-2024-27413: Fix incorrect allocation size (bsc#1224438).
- CVE-2021-47383: Fiedx out-of-bound vmalloc access in imageblit (bsc#1225208).
- CVE-2021-47511: Fixed negative period/buffer sizes (bsc#1225411).
- CVE-2023-52840: Fix use after free in rmi_unregister_function() (bsc#1224928).
- CVE-2021-47261: Fix initializing CQ fragments buffer (bsc#1224954)
- CVE-2021-47254: Fix use-after-free in gfs2_glock_shrink_scan (bsc#1224888).
- CVE-2024-27398: Fixed use-after-free bugs caused by sco_sock_timeout (bsc#1224174).
- CVE-2024-26921: Preserve kabi for sk_buff (bsc#1223138).
- CVE-2023-52655: Check packet for fixup for true limit (bsc#1217169).
- CVE-2023-4244: Fixed a use-after-free in the nf_tables component, which could be exploited to achieve local privilege escalation (bsc#1215420).
- CVE-2023-4244: Fixed a use-after-free in the nf_tables component, which could be exploited to achieve local privilege escalation (bsc#1215420).
- CVE-2023-1829: Fixed a use-after-free vulnerability in the control index filter (tcindex) (bsc#1210335).
- CVE-2023-52686: Fix a null pointer in opal_event_init() (bsc#1065729).

The following non-security bugs were fixed:

- af_unix: annote lockless accesses to unix_tot_inflight & gc_in_progress (bsc#1223384).
- af_unix: Do not use atomic ops for unix_sk(sk)->inflight (bsc#1223384).
- af_unix: Replace BUG_ON() with WARN_ON_ONCE() (bsc#1223384).
- btrfs: do not start relocation until in progress drops are done (bsc#1222251).
- btrfs: do not start relocation until in progress drops are done (bsc#1222251).
- cifs: add missing spinlock around tcon refcount (bsc#1213476).
- cifs: avoid dup prefix path in dfs_get_automount_devname() (bsc#1213476).
- cifs: avoid race conditions with parallel reconnects (bsc#1213476).
- cifs: avoid re-lookups in dfs_cache_find() (bsc#1213476).
- cifs: avoid use of global locks for high contention data (bsc#1213476).
- cifs: check only tcon status on tcon related functions (bsc#1213476).
- cifs: do all necessary checks for credits within or before locking (bsc#1213476).
- cifs: do not block in dfs_cache_noreq_update_tgthint() (bsc#1213476).
- cifs: do not refresh cached referrals from unactive mounts (bsc#1213476).
- cifs: do not take exclusive lock for updating target hints (bsc#1213476).
- cifs: fix confusing debug message (bsc#1213476).
- cifs: fix missing unload_nls() in smb2_reconnect() (bsc#1213476).
- cifs: fix potential deadlock in cache_refresh_path() (bsc#1213476).
- cifs: fix refresh of cached referrals (bsc#1213476).
- cifs: fix return of uninitialized rc in dfs_cache_update_tgthint() (bsc#1213476).
- cifs: fix source pathname comparison of dfs supers (bsc#1213476).
- cifs: fix status checks in cifs_tree_connect (bsc#1213476).
- cifs: fix use-after-free bug in refresh_cache_worker() (bsc#1213476).
- cifs: get rid of dns resolve worker (bsc#1213476).
- cifs: get rid of mount options string parsing (bsc#1213476).
- cifs: handle cache lookup errors different than -ENOENT (bsc#1213476).
- cifs: ignore ipc reconnect failures during dfs failover (bsc#1213476).
- cifs: match even the scope id for ipv6 addresses (bsc#1213476).
- cifs: optimize reconnect of nested links (bsc#1213476).
- cifs: prevent data race in smb2_reconnect() (bsc#1213476).
- cifs: refresh root referrals (bsc#1213476).
- cifs: remove duplicate code in __refresh_tcon() (bsc#1213476).
- cifs: remove unused function (bsc#1213476).
- cifs: remove unused smb3_fs_context::mount_options (bsc#1213476).
- cifs: return DFS root session id in DebugData (bsc#1213476).
- cifs: reuse cifs_match_ipaddr for comparison of dstaddr too (bsc#1213476).
- cifs: set correct ipc status after initial tree connect (bsc#1213476).
- cifs: set correct status of tcon ipc when reconnecting (bsc#1213476).
- cifs: set correct tcon status after initial tree connect (bsc#1213476).
- cifs: set DFS root session in cifs_get_smb_ses() (bsc#1213476).
- cifs: set resolved ip in sockaddr (bsc#1213476).
- cifs: share dfs connections and supers (bsc#1213476).
- cifs: split out ses and tcon retrieval from mount_get_conns() (bsc#1213476).
- cifs: use fs_context for automounts (bsc#1213476).
- cifs: use origin fullpath for automounts (bsc#1213476).
- cifs: use tcon allocation functions even for dummy tcon (bsc#1213476).
- netfilter: nf_tables: defer gc run if previous batch is still pending (git-fixes).
- netfilter: nf_tables: fix GC transaction races with netns and netlink event exit path (git-fixes).
- netfilter: nf_tables: fix kdoc warnings after gc rework (git-fixes).
- netfilter: nf_tables: fix memleak when more than 255 elements expired (git-fixes).
- netfilter: nf_tables: GC transaction race with abort path (git-fixes).
- netfilter: nf_tables: GC transaction race with netns dismantle (git-fixes).
- netfilter: nf_tables: mark newset as dead on transaction abort (git-fixes).
- netfilter: nf_tables: mark set as dead when unbinding anonymous set with timeout (git-fixes).
- netfilter: nf_tables: nft_set_rbtree: fix spurious insertion failure (git-fixes).
- netfilter: nf_tables: release mutex after nft_gc_seq_end from abort path (git-fixes).
- netfilter: nf_tables: skip dead set elements in netlink dump (git-fixes).
- netfilter: nf_tables: use correct lock to protect gc_list (git-fixes).
- netfilter: nft_set_hash: try later when GC hits EAGAIN on iteration (git-fixes).
- netfilter: nft_set_rbtree: Add missing expired checks (git-fixes).
- netfilter: nft_set_rbtree: bogus lookup/get on consecutive elements in named sets (git-fixes).
- netfilter: nft_set_rbtree: Detect partial overlap with start endpoint match (git-fixes).
- netfilter: nft_set_rbtree: Detect partial overlaps on insertion (git-fixes).
- netfilter: nft_set_rbtree: Do not account for expired elements on insertion (git-fixes).
- netfilter: nft_set_rbtree: Drop spurious condition for overlap detection on insertion (git-fixes).
- netfilter: nft_set_rbtree: fix null deref on element insertion (git-fixes).
- netfilter: nft_set_rbtree: fix overlap expiration walk (git-fixes).
- netfilter: nft_set_rbtree: Handle outcomes of tree rotations in overlap detection (git-fixes).
- netfilter: nft_set_rbtree: Introduce and use nft_rbtree_interval_start() (git-fixes).
- netfilter: nft_set_rbtree: overlap detection with element re-addition after deletion (git-fixes).
- netfilter: nft_set_rbtree: skip elements in transaction from garbage collection (git-fixes).
- netfilter: nft_set_rbtree: skip end interval element from gc (git-fixes).
- netfilter: nft_set_rbtree: skip sync GC for new elements in this transaction (git-fixes).
- netfilter: nft_set_rbtree: Switch to node list walk for overlap detection (git-fixes).
- netfilter: nft_set_rbtree: use read spinlock to avoid datapath contention (git-fixes).
- NFC: nxp: add NXP1002 (bsc#1185589).
- PCI: rpaphp: Add MODULE_DESCRIPTION (bsc#1176869 ltc#188243).
- smb: client: fix dfs link mount against w2k8 (git-fixes).
- smb: client: fix null auth (bsc#1213476).
- smb: client: set correct id, uid and cruid for multiuser automounts (git-fixes).
- x86/xen: Drop USERGS_SYSRET64 paravirt call (git-fixes).

Tenable has extracted the preceding description block directly from the SUSE security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

Solution

Update the affected packages.

Plugin Details

Severity: Critical

ID: 200930

File Name: suse_SU-2024-2185-1.nasl

Version: 1.1

Type: local

Agent: unix

Family: SuSE Local Security Checks

Published: 6/25/2024

Updated: 6/25/2024

Supported Sensors: Agentless Assessment, Frictionless Assessment Agent, Frictionless Assessment AWS, Frictionless Assessment Azure, Nessus Agent, Nessus

Risk Information

VPR

Risk Factor: High

Score: 7.4

CVSS v2

Risk Factor: High

Base Score: 7.5

Temporal Score: 5.9

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P

CVSS Score Source: CVE-2021-43527

CVSS v3

Risk Factor: Critical

Base Score: 9.8

Temporal Score: 8.8

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Temporal Vector: CVSS:3.0/E:P/RL:O/RC:C

Vulnerability Information

CPE: p-cpe:/a:novell:suse_linux:kernel-livepatch-5_3_18-150300_59_164-default, p-cpe:/a:novell:suse_linux:kernel-macros, p-cpe:/a:novell:suse_linux:kernel-zfcpdump, p-cpe:/a:novell:suse_linux:kernel-64kb-devel, p-cpe:/a:novell:suse_linux:kernel-preempt-devel, p-cpe:/a:novell:suse_linux:ocfs2-kmp-default, p-cpe:/a:novell:suse_linux:dlm-kmp-default, p-cpe:/a:novell:suse_linux:kernel-default-base, p-cpe:/a:novell:suse_linux:kernel-preempt, p-cpe:/a:novell:suse_linux:kernel-default-livepatch, p-cpe:/a:novell:suse_linux:kernel-default-devel, p-cpe:/a:novell:suse_linux:kernel-devel, p-cpe:/a:novell:suse_linux:gfs2-kmp-default, p-cpe:/a:novell:suse_linux:kernel-syms, cpe:/o:novell:suse_linux:15, p-cpe:/a:novell:suse_linux:reiserfs-kmp-default, p-cpe:/a:novell:suse_linux:kernel-default-livepatch-devel, p-cpe:/a:novell:suse_linux:cluster-md-kmp-default, p-cpe:/a:novell:suse_linux:kernel-obs-build, p-cpe:/a:novell:suse_linux:kernel-default, p-cpe:/a:novell:suse_linux:kernel-source, p-cpe:/a:novell:suse_linux:kernel-64kb

Required KB Items: Host/local_checks_enabled, Host/cpu, Host/SuSE/release, Host/SuSE/rpm-list

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 6/24/2024

Vulnerability Publication Date: 10/28/2021

Reference Information

CVE: CVE-2020-36788, CVE-2021-3743, CVE-2021-39698, CVE-2021-43056, CVE-2021-43527, CVE-2021-47104, CVE-2021-47192, CVE-2021-47200, CVE-2021-47220, CVE-2021-47227, CVE-2021-47228, CVE-2021-47229, CVE-2021-47230, CVE-2021-47231, CVE-2021-47235, CVE-2021-47236, CVE-2021-47237, CVE-2021-47239, CVE-2021-47240, CVE-2021-47241, CVE-2021-47246, CVE-2021-47252, CVE-2021-47253, CVE-2021-47254, CVE-2021-47255, CVE-2021-47258, CVE-2021-47259, CVE-2021-47260, CVE-2021-47261, CVE-2021-47263, CVE-2021-47265, CVE-2021-47267, CVE-2021-47269, CVE-2021-47270, CVE-2021-47274, CVE-2021-47275, CVE-2021-47276, CVE-2021-47280, CVE-2021-47281, CVE-2021-47284, CVE-2021-47285, CVE-2021-47288, CVE-2021-47289, CVE-2021-47296, CVE-2021-47301, CVE-2021-47302, CVE-2021-47305, CVE-2021-47307, CVE-2021-47308, CVE-2021-47314, CVE-2021-47315, CVE-2021-47320, CVE-2021-47321, CVE-2021-47323, CVE-2021-47324, CVE-2021-47329, CVE-2021-47330, CVE-2021-47332, CVE-2021-47333, CVE-2021-47334, CVE-2021-47337, CVE-2021-47338, CVE-2021-47340, CVE-2021-47341, CVE-2021-47343, CVE-2021-47344, CVE-2021-47347, CVE-2021-47348, CVE-2021-47350, CVE-2021-47353, CVE-2021-47354, CVE-2021-47356, CVE-2021-47369, CVE-2021-47375, CVE-2021-47378, CVE-2021-47381, CVE-2021-47382, CVE-2021-47383, CVE-2021-47387, CVE-2021-47388, CVE-2021-47391, CVE-2021-47392, CVE-2021-47393, CVE-2021-47395, CVE-2021-47396, CVE-2021-47399, CVE-2021-47402, CVE-2021-47404, CVE-2021-47405, CVE-2021-47409, CVE-2021-47413, CVE-2021-47416, CVE-2021-47422, CVE-2021-47423, CVE-2021-47424, CVE-2021-47425, CVE-2021-47426, CVE-2021-47428, CVE-2021-47431, CVE-2021-47434, CVE-2021-47435, CVE-2021-47436, CVE-2021-47441, CVE-2021-47442, CVE-2021-47443, CVE-2021-47444, CVE-2021-47445, CVE-2021-47451, CVE-2021-47456, CVE-2021-47458, CVE-2021-47460, CVE-2021-47464, CVE-2021-47465, CVE-2021-47468, CVE-2021-47473, CVE-2021-47478, CVE-2021-47480, CVE-2021-47482, CVE-2021-47483, CVE-2021-47485, CVE-2021-47493, CVE-2021-47494, CVE-2021-47495, CVE-2021-47496, CVE-2021-47497, CVE-2021-47498, CVE-2021-47499, CVE-2021-47500, CVE-2021-47501, CVE-2021-47502, CVE-2021-47503, CVE-2021-47505, CVE-2021-47506, CVE-2021-47507, CVE-2021-47509, CVE-2021-47511, CVE-2021-47512, CVE-2021-47516, CVE-2021-47518, CVE-2021-47521, CVE-2021-47522, CVE-2021-47523, CVE-2021-47535, CVE-2021-47536, CVE-2021-47538, CVE-2021-47540, CVE-2021-47541, CVE-2021-47542, CVE-2021-47549, CVE-2021-47557, CVE-2021-47562, CVE-2021-47563, CVE-2021-47565, CVE-2022-1195, CVE-2022-20132, CVE-2022-48636, CVE-2022-48673, CVE-2022-48704, CVE-2022-48710, CVE-2023-0160, CVE-2023-1829, CVE-2023-2176, CVE-2023-4244, CVE-2023-47233, CVE-2023-52433, CVE-2023-52581, CVE-2023-52591, CVE-2023-52654, CVE-2023-52655, CVE-2023-52686, CVE-2023-52840, CVE-2023-52871, CVE-2023-52880, CVE-2023-6531, CVE-2024-26581, CVE-2024-26643, CVE-2024-26828, CVE-2024-26921, CVE-2024-26925, CVE-2024-26929, CVE-2024-26930, CVE-2024-27398, CVE-2024-27413, CVE-2024-35811, CVE-2024-35895, CVE-2024-35914

SuSE: SUSE-SU-2024:2185-1

Detections

Analytics