SUSE SLES15 Security Update : kernel (SUSE-SU-2024:2183-1)

critical Nessus Plugin ID 200932

Language:

Synopsis

The remote SUSE host is missing one or more security updates.

Description

The remote SUSE Linux SLES15 / SLES_SAP15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2024:2183-1 advisory.

The SUSE Linux Enterprise 15 SP2 kernel was updated to receive various security bugfixes.

The following security bugs were fixed:

- CVE-2021-47497: Fixed shift-out-of-bound (UBSAN) with byte size cells (bsc#1225355).
- CVE-2021-47500: Fixed trigger reference couting (bsc#1225360).
- CVE-2021-47383: Fiedx out-of-bound vmalloc access in imageblit (bsc#1225208).
- CVE-2021-47511: Fixed negative period/buffer sizes (bsc#1225411).
- CVE-2024-27398: Fixed use-after-free bugs caused by sco_sock_timeout (bsc#1224174).
- CVE-2023-4244: Fixed a use-after-free in the nf_tables component, which could be exploited to achieve local privilege escalation (bsc#1215420).
- CVE-2023-4244: Fixed a use-after-free in the nf_tables component, which could be exploited to achieve local privilege escalation (bsc#1215420).
- CVE-2023-1829: Fixed a use-after-free vulnerability in the control index filter (tcindex) (bsc#1210335).
- CVE-2021-47378: Destroy cm id before destroy qp to avoid use after free (bsc#1225201).
- CVE-2021-47496: Fix flipped sign in tls_err_abort() calls (bsc#1225354)
- CVE-2021-47402: Protect fl_walk() with rcu (bsc#1225301)
- CVE-2022-48673: kABI workarounds for struct smc_link (bsc#1223934).
- CVE-2023-52871: Handle a second device without data corruption (bsc#1225534)
- CVE-2024-26828: Fix underflow in parse_server_interfaces() (bsc#1223084).
- CVE-2024-27413: Fix incorrect allocation size (bsc#1224438).
- CVE-2023-52840: Fix use after free in rmi_unregister_function() (bsc#1224928).
- CVE-2021-47261: Fix initializing CQ fragments buffer (bsc#1224954)
- CVE-2021-47254: Fix use-after-free in gfs2_glock_shrink_scan (bsc#1224888).
- CVE-2023-52655: Check packet for fixup for true limit (bsc#1217169).
- CVE-2023-52686: Fix a null pointer in opal_event_init() (bsc#1065729).


Tenable has extracted the preceding description block directly from the SUSE security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

Solution

Update the affected packages.

See Also

https://bugzilla.suse.com/1065729

https://bugzilla.suse.com/1151927

https://bugzilla.suse.com/1154353

https://bugzilla.suse.com/1156395

https://bugzilla.suse.com/1174585

https://bugzilla.suse.com/1176869

https://bugzilla.suse.com/1184631

https://bugzilla.suse.com/1185589

https://bugzilla.suse.com/1185902

https://bugzilla.suse.com/1188616

https://bugzilla.suse.com/1188772

https://bugzilla.suse.com/1189883

https://bugzilla.suse.com/1190795

https://bugzilla.suse.com/1191452

https://bugzilla.suse.com/1192107

https://bugzilla.suse.com/1194288

https://bugzilla.suse.com/1196956

https://bugzilla.suse.com/1200619

https://bugzilla.suse.com/1208813

https://bugzilla.suse.com/1209657

https://bugzilla.suse.com/1210335

https://bugzilla.suse.com/1210629

https://bugzilla.suse.com/1215356

https://bugzilla.suse.com/1215420

https://bugzilla.suse.com/1216702

https://bugzilla.suse.com/1217169

https://bugzilla.suse.com/1220137

https://bugzilla.suse.com/1220144

https://bugzilla.suse.com/1220754

https://bugzilla.suse.com/1220877

https://bugzilla.suse.com/1220960

https://bugzilla.suse.com/1221044

https://bugzilla.suse.com/1221829

https://bugzilla.suse.com/1222251

https://bugzilla.suse.com/1222619

https://bugzilla.suse.com/1223084

https://bugzilla.suse.com/1223384

https://bugzilla.suse.com/1223390

https://bugzilla.suse.com/1223934

https://bugzilla.suse.com/1224099

https://bugzilla.suse.com/1224174

https://bugzilla.suse.com/1224438

https://bugzilla.suse.com/1224482

https://bugzilla.suse.com/1224511

https://bugzilla.suse.com/1224592

https://bugzilla.suse.com/1224831

https://bugzilla.suse.com/1224832

https://bugzilla.suse.com/1224834

https://bugzilla.suse.com/1224841

https://bugzilla.suse.com/1224843

https://bugzilla.suse.com/1224846

https://bugzilla.suse.com/1224849

https://bugzilla.suse.com/1224854

https://bugzilla.suse.com/1224859

https://bugzilla.suse.com/1224882

https://bugzilla.suse.com/1224888

https://bugzilla.suse.com/1224889

https://bugzilla.suse.com/1224891

https://bugzilla.suse.com/1224892

https://bugzilla.suse.com/1224893

https://bugzilla.suse.com/1224904

https://bugzilla.suse.com/1224907

https://bugzilla.suse.com/1224909

https://bugzilla.suse.com/1224916

https://bugzilla.suse.com/1224917

https://bugzilla.suse.com/1224922

https://bugzilla.suse.com/1224923

https://bugzilla.suse.com/1224924

https://bugzilla.suse.com/1224928

https://bugzilla.suse.com/1224953

https://bugzilla.suse.com/1224954

https://bugzilla.suse.com/1224961

https://bugzilla.suse.com/1224963

https://bugzilla.suse.com/1224965

https://bugzilla.suse.com/1224966

https://bugzilla.suse.com/1224968

https://bugzilla.suse.com/1224981

https://bugzilla.suse.com/1224982

https://bugzilla.suse.com/1224984

https://bugzilla.suse.com/1224987

https://bugzilla.suse.com/1224990

https://bugzilla.suse.com/1224993

https://bugzilla.suse.com/1224996

https://bugzilla.suse.com/1224997

https://bugzilla.suse.com/1225026

https://bugzilla.suse.com/1225030

https://bugzilla.suse.com/1225058

https://bugzilla.suse.com/1225060

https://bugzilla.suse.com/1225084

https://bugzilla.suse.com/1225091

https://bugzilla.suse.com/1225112

https://bugzilla.suse.com/1225113

https://bugzilla.suse.com/1225140

https://bugzilla.suse.com/1225143

https://bugzilla.suse.com/1225164

https://bugzilla.suse.com/1225177

https://bugzilla.suse.com/1225181

https://bugzilla.suse.com/1225192

https://bugzilla.suse.com/1225193

https://bugzilla.suse.com/1225201

https://bugzilla.suse.com/1225206

https://bugzilla.suse.com/1225207

https://bugzilla.suse.com/1225208

https://bugzilla.suse.com/1225214

https://bugzilla.suse.com/1225223

https://bugzilla.suse.com/1225224

https://bugzilla.suse.com/1225232

https://bugzilla.suse.com/1225238

https://bugzilla.suse.com/1225244

https://bugzilla.suse.com/1225251

https://bugzilla.suse.com/1225256

https://bugzilla.suse.com/1225261

https://bugzilla.suse.com/1225262

https://bugzilla.suse.com/1225263

https://bugzilla.suse.com/1225301

https://bugzilla.suse.com/1225303

https://bugzilla.suse.com/1225318

https://bugzilla.suse.com/1225321

https://bugzilla.suse.com/1225326

https://bugzilla.suse.com/1225327

https://bugzilla.suse.com/1225328

https://bugzilla.suse.com/1225336

https://bugzilla.suse.com/1225341

https://bugzilla.suse.com/1225346

https://bugzilla.suse.com/1225351

https://bugzilla.suse.com/1225354

https://bugzilla.suse.com/1225355

https://bugzilla.suse.com/1225360

https://bugzilla.suse.com/1225366

https://bugzilla.suse.com/1225367

https://bugzilla.suse.com/1225384

https://bugzilla.suse.com/1225390

https://bugzilla.suse.com/1225393

https://bugzilla.suse.com/1225400

https://bugzilla.suse.com/1225404

https://bugzilla.suse.com/1225411

https://bugzilla.suse.com/1225427

https://bugzilla.suse.com/1225437

https://bugzilla.suse.com/1225448

https://bugzilla.suse.com/1225453

https://bugzilla.suse.com/1225455

https://bugzilla.suse.com/1225499

https://bugzilla.suse.com/1225500

https://bugzilla.suse.com/1225534

https://lists.suse.com/pipermail/sle-updates/2024-June/035717.html

https://www.suse.com/security/cve/CVE-2021-3743

https://www.suse.com/security/cve/CVE-2021-39698

https://www.suse.com/security/cve/CVE-2021-43056

https://www.suse.com/security/cve/CVE-2021-43527

https://www.suse.com/security/cve/CVE-2021-47104

https://www.suse.com/security/cve/CVE-2021-47220

https://www.suse.com/security/cve/CVE-2021-47229

https://www.suse.com/security/cve/CVE-2021-47231

https://www.suse.com/security/cve/CVE-2021-47236

https://www.suse.com/security/cve/CVE-2021-47239

https://www.suse.com/security/cve/CVE-2021-47240

https://www.suse.com/security/cve/CVE-2021-47246

https://www.suse.com/security/cve/CVE-2021-47252

https://www.suse.com/security/cve/CVE-2021-47254

https://www.suse.com/security/cve/CVE-2021-47255

https://www.suse.com/security/cve/CVE-2021-47259

https://www.suse.com/security/cve/CVE-2021-47260

https://www.suse.com/security/cve/CVE-2021-47261

https://www.suse.com/security/cve/CVE-2021-47267

https://www.suse.com/security/cve/CVE-2021-47269

https://www.suse.com/security/cve/CVE-2021-47270

https://www.suse.com/security/cve/CVE-2021-47274

https://www.suse.com/security/cve/CVE-2021-47275

https://www.suse.com/security/cve/CVE-2021-47276

https://www.suse.com/security/cve/CVE-2021-47280

https://www.suse.com/security/cve/CVE-2021-47284

https://www.suse.com/security/cve/CVE-2021-47285

https://www.suse.com/security/cve/CVE-2021-47288

https://www.suse.com/security/cve/CVE-2021-47289

https://www.suse.com/security/cve/CVE-2021-47296

https://www.suse.com/security/cve/CVE-2021-47301

https://www.suse.com/security/cve/CVE-2021-47302

https://www.suse.com/security/cve/CVE-2021-47305

https://www.suse.com/security/cve/CVE-2021-47307

https://www.suse.com/security/cve/CVE-2021-47308

https://www.suse.com/security/cve/CVE-2021-47314

https://www.suse.com/security/cve/CVE-2021-47315

https://www.suse.com/security/cve/CVE-2021-47320

https://www.suse.com/security/cve/CVE-2021-47321

https://www.suse.com/security/cve/CVE-2021-47323

https://www.suse.com/security/cve/CVE-2021-47324

https://www.suse.com/security/cve/CVE-2021-47330

https://www.suse.com/security/cve/CVE-2021-47332

https://www.suse.com/security/cve/CVE-2021-47333

https://www.suse.com/security/cve/CVE-2021-47334

https://www.suse.com/security/cve/CVE-2021-47338

https://www.suse.com/security/cve/CVE-2021-47341

https://www.suse.com/security/cve/CVE-2021-47344

https://www.suse.com/security/cve/CVE-2021-47347

https://www.suse.com/security/cve/CVE-2021-47350

https://www.suse.com/security/cve/CVE-2021-47354

https://www.suse.com/security/cve/CVE-2021-47356

https://www.suse.com/security/cve/CVE-2021-47369

https://www.suse.com/security/cve/CVE-2021-47375

https://www.suse.com/security/cve/CVE-2021-47378

https://www.suse.com/security/cve/CVE-2021-47381

https://www.suse.com/security/cve/CVE-2021-47382

https://www.suse.com/security/cve/CVE-2021-47383

https://www.suse.com/security/cve/CVE-2021-47388

https://www.suse.com/security/cve/CVE-2021-47391

https://www.suse.com/security/cve/CVE-2021-47393

https://www.suse.com/security/cve/CVE-2021-47395

https://www.suse.com/security/cve/CVE-2021-47396

https://www.suse.com/security/cve/CVE-2021-47399

https://www.suse.com/security/cve/CVE-2021-47402

https://www.suse.com/security/cve/CVE-2021-47404

https://www.suse.com/security/cve/CVE-2021-47405

https://www.suse.com/security/cve/CVE-2021-47416

https://www.suse.com/security/cve/CVE-2021-47423

https://www.suse.com/security/cve/CVE-2021-47424

https://www.suse.com/security/cve/CVE-2021-47425

https://www.suse.com/security/cve/CVE-2021-47431

https://www.suse.com/security/cve/CVE-2021-47434

https://www.suse.com/security/cve/CVE-2021-47436

https://www.suse.com/security/cve/CVE-2021-47441

https://www.suse.com/security/cve/CVE-2021-47442

https://www.suse.com/security/cve/CVE-2021-47443

https://www.suse.com/security/cve/CVE-2021-47445

https://www.suse.com/security/cve/CVE-2021-47456

https://www.suse.com/security/cve/CVE-2021-47460

https://www.suse.com/security/cve/CVE-2021-47464

https://www.suse.com/security/cve/CVE-2021-47465

https://www.suse.com/security/cve/CVE-2021-47468

https://www.suse.com/security/cve/CVE-2021-47473

https://www.suse.com/security/cve/CVE-2021-47482

https://www.suse.com/security/cve/CVE-2021-47483

https://www.suse.com/security/cve/CVE-2021-47485

https://www.suse.com/security/cve/CVE-2021-47495

https://www.suse.com/security/cve/CVE-2021-47496

https://www.suse.com/security/cve/CVE-2021-47497

https://www.suse.com/security/cve/CVE-2021-47500

https://www.suse.com/security/cve/CVE-2021-47505

https://www.suse.com/security/cve/CVE-2021-47506

https://www.suse.com/security/cve/CVE-2021-47511

https://www.suse.com/security/cve/CVE-2021-47516

https://www.suse.com/security/cve/CVE-2021-47522

https://www.suse.com/security/cve/CVE-2021-47538

https://www.suse.com/security/cve/CVE-2021-47541

https://www.suse.com/security/cve/CVE-2021-47542

https://www.suse.com/security/cve/CVE-2021-47562

https://www.suse.com/security/cve/CVE-2021-47563

https://www.suse.com/security/cve/CVE-2021-47565

https://www.suse.com/security/cve/CVE-2022-20132

https://www.suse.com/security/cve/CVE-2022-48673

https://www.suse.com/security/cve/CVE-2023-0160

https://www.suse.com/security/cve/CVE-2023-1829

https://www.suse.com/security/cve/CVE-2023-2176

https://www.suse.com/security/cve/CVE-2023-4244

https://www.suse.com/security/cve/CVE-2023-47233

https://www.suse.com/security/cve/CVE-2023-52433

https://www.suse.com/security/cve/CVE-2023-52581

https://www.suse.com/security/cve/CVE-2023-52591

https://www.suse.com/security/cve/CVE-2023-52654

https://www.suse.com/security/cve/CVE-2023-52655

https://www.suse.com/security/cve/CVE-2023-52686

https://www.suse.com/security/cve/CVE-2023-52840

https://www.suse.com/security/cve/CVE-2023-52871

https://www.suse.com/security/cve/CVE-2023-52880

https://www.suse.com/security/cve/CVE-2023-6531

https://www.suse.com/security/cve/CVE-2024-26581

https://www.suse.com/security/cve/CVE-2024-26643

https://www.suse.com/security/cve/CVE-2024-26828

https://www.suse.com/security/cve/CVE-2024-26925

https://www.suse.com/security/cve/CVE-2024-26929

https://www.suse.com/security/cve/CVE-2024-26930

https://www.suse.com/security/cve/CVE-2024-27398

https://www.suse.com/security/cve/CVE-2024-27413

https://www.suse.com/security/cve/CVE-2024-35811

https://www.suse.com/security/cve/CVE-2024-35895

https://www.suse.com/security/cve/CVE-2024-35914

Plugin Details

Severity: Critical

ID: 200932

File Name: suse_SU-2024-2183-1.nasl

Version: 1.2

Type: local

Agent: unix

Published: 6/25/2024

Updated: 8/28/2024

Supported Sensors: Agentless Assessment, Continuous Assessment, Frictionless Assessment Agent, Frictionless Assessment AWS, Frictionless Assessment Azure, Nessus Agent, Nessus

Risk Information

VPR

Risk Factor: High

Score: 8.4

CVSS v2

Risk Factor: High

Base Score: 7.5

Temporal Score: 5.9

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P

CVSS Score Source: CVE-2021-43527

CVSS v3

Risk Factor: Critical

Base Score: 9.8

Temporal Score: 8.8

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Temporal Vector: CVSS:3.0/E:P/RL:O/RC:C

Vulnerability Information

CPE: p-cpe:/a:novell:suse_linux:kernel-macros, p-cpe:/a:novell:suse_linux:kernel-preempt-devel, p-cpe:/a:novell:suse_linux:ocfs2-kmp-default, p-cpe:/a:novell:suse_linux:dlm-kmp-default, p-cpe:/a:novell:suse_linux:kernel-default-base, p-cpe:/a:novell:suse_linux:kernel-livepatch-5_3_18-150200_24_194-default, p-cpe:/a:novell:suse_linux:kernel-preempt, p-cpe:/a:novell:suse_linux:kernel-default-livepatch, p-cpe:/a:novell:suse_linux:kernel-default-devel, p-cpe:/a:novell:suse_linux:kernel-devel, p-cpe:/a:novell:suse_linux:gfs2-kmp-default, p-cpe:/a:novell:suse_linux:kernel-syms, cpe:/o:novell:suse_linux:15, p-cpe:/a:novell:suse_linux:kernel-default-livepatch-devel, p-cpe:/a:novell:suse_linux:cluster-md-kmp-default, p-cpe:/a:novell:suse_linux:kernel-obs-build, p-cpe:/a:novell:suse_linux:kernel-default, p-cpe:/a:novell:suse_linux:kernel-source, p-cpe:/a:novell:suse_linux:reiserfs-kmp-default

Required KB Items: Host/local_checks_enabled, Host/cpu, Host/SuSE/release, Host/SuSE/rpm-list

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 6/24/2024

Vulnerability Publication Date: 10/28/2021

Reference Information

CVE: CVE-2021-3743, CVE-2021-39698, CVE-2021-43056, CVE-2021-43527, CVE-2021-47104, CVE-2021-47220, CVE-2021-47229, CVE-2021-47231, CVE-2021-47236, CVE-2021-47239, CVE-2021-47240, CVE-2021-47246, CVE-2021-47252, CVE-2021-47254, CVE-2021-47255, CVE-2021-47259, CVE-2021-47260, CVE-2021-47261, CVE-2021-47267, CVE-2021-47269, CVE-2021-47270, CVE-2021-47274, CVE-2021-47275, CVE-2021-47276, CVE-2021-47280, CVE-2021-47284, CVE-2021-47285, CVE-2021-47288, CVE-2021-47289, CVE-2021-47296, CVE-2021-47301, CVE-2021-47302, CVE-2021-47305, CVE-2021-47307, CVE-2021-47308, CVE-2021-47314, CVE-2021-47315, CVE-2021-47320, CVE-2021-47321, CVE-2021-47323, CVE-2021-47324, CVE-2021-47330, CVE-2021-47332, CVE-2021-47333, CVE-2021-47334, CVE-2021-47338, CVE-2021-47341, CVE-2021-47344, CVE-2021-47347, CVE-2021-47350, CVE-2021-47354, CVE-2021-47356, CVE-2021-47369, CVE-2021-47375, CVE-2021-47378, CVE-2021-47381, CVE-2021-47382, CVE-2021-47383, CVE-2021-47388, CVE-2021-47391, CVE-2021-47393, CVE-2021-47395, CVE-2021-47396, CVE-2021-47399, CVE-2021-47402, CVE-2021-47404, CVE-2021-47405, CVE-2021-47416, CVE-2021-47423, CVE-2021-47424, CVE-2021-47425, CVE-2021-47431, CVE-2021-47434, CVE-2021-47436, CVE-2021-47441, CVE-2021-47442, CVE-2021-47443, CVE-2021-47445, CVE-2021-47456, CVE-2021-47460, CVE-2021-47464, CVE-2021-47465, CVE-2021-47468, CVE-2021-47473, CVE-2021-47482, CVE-2021-47483, CVE-2021-47485, CVE-2021-47495, CVE-2021-47496, CVE-2021-47497, CVE-2021-47500, CVE-2021-47505, CVE-2021-47506, CVE-2021-47511, CVE-2021-47516, CVE-2021-47522, CVE-2021-47538, CVE-2021-47541, CVE-2021-47542, CVE-2021-47562, CVE-2021-47563, CVE-2021-47565, CVE-2022-20132, CVE-2022-48673, CVE-2023-0160, CVE-2023-1829, CVE-2023-2176, CVE-2023-4244, CVE-2023-47233, CVE-2023-52433, CVE-2023-52581, CVE-2023-52591, CVE-2023-52654, CVE-2023-52655, CVE-2023-52686, CVE-2023-52840, CVE-2023-52871, CVE-2023-52880, CVE-2023-6531, CVE-2024-26581, CVE-2024-26643, CVE-2024-26828, CVE-2024-26925, CVE-2024-26929, CVE-2024-26930, CVE-2024-27398, CVE-2024-27413, CVE-2024-35811, CVE-2024-35895, CVE-2024-35914

SuSE: SUSE-SU-2024:2183-1