SUSE SLES15 Security Update : kernel (SUSE-SU-2024:2365-1)

high Nessus Plugin ID 202104

Language:

Synopsis

The remote SUSE host is missing one or more security updates.

Description

The remote SUSE Linux SLES15 / SLES_SAP15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2024:2365-1 advisory.

The SUSE Linux Enterprise 15 SP2 kernel was updated to receive various security bugfixes.


The following security bugs were fixed:

- CVE-2021-47247: net/mlx5e: Fix use-after-free of encap entry in neigh update handler (bsc#1224865).
- CVE-2021-47311: net: qcom/emac: fix UAF in emac_remove (bsc#1225010).
- CVE-2021-47368: enetc: Fix illegal access when reading affinity_hint (bsc#1225161).
- CVE-2021-47372: net: macb: fix use after free on rmmod (bsc#1225184).
- CVE-2021-47379: blk-cgroup: fix UAF by grabbing blkcg lock before destroying blkg pd (bsc#1225203).
- CVE-2021-47571: staging: rtl8192e: Fix use after free in _rtl92e_pci_disconnect() (bsc#1225518).
- CVE-2022-2938: psi: Fix uaf issue when psi trigger is destroyed while being polled (bsc#1202623).
- CVE-2022-48760: USB: core: Fix hang in usb_kill_urb by adding memory barriers (bsc#1226712).
- CVE-2023-52707: sched/psi: Fix use-after-free in ep_remove_wait_queue() (bsc#1225109).
- CVE-2023-52752: smb: client: fix use-after-free bug in cifs_debug_data_proc_show() (bsc#1225487).
- CVE-2023-52881: tcp: do not accept ACK of bytes we never sent (bsc#1225611).
- CVE-2024-26921: Preserve kabi for sk_buff (bsc#1223138).
- CVE-2024-26923: Fixed false-positive lockdep splat for spin_lock() in __unix_gc() (bsc#1223384).
- CVE-2024-35789: Check fast rx for non-4addr sta VLAN changes (bsc#1224749).
- CVE-2024-35861: Fixed potential UAF in cifs_signal_cifsd_for_reconnect() (bsc#1224766).
- CVE-2024-35862: Fixed potential UAF in smb2_is_network_name_deleted() (bsc#1224764).
- CVE-2024-35864: Fixed potential UAF in smb2_is_valid_lease_break() (bsc#1224765).
- CVE-2024-35950: drm/client: Fully protect modes with dev->mode_config.mutex (bsc#1224703).
- CVE-2024-36894: usb: gadget: f_fs: Fix race between aio_cancel() and AIO request complete (bsc#1225749).
- CVE-2024-36904: tcp: Use refcount_inc_not_zero() in tcp_twsk_unique() (bsc#1225732).
- CVE-2024-36940: pinctrl: core: delete incorrect free in pinctrl_enable() (bsc#1225840).
- CVE-2024-36964: fs/9p: only translate RWX permissions for plain 9P2000 (bsc#1225866).
- CVE-2024-38545: RDMA/hns: Fix UAF for cq async event (bsc#1226595)
- CVE-2024-38559: scsi: qedf: Ensure the copied buf is NUL terminated (bsc#1226758).
- CVE-2024-38560: scsi: bfa: Ensure the copied buf is NUL terminated (bsc#1226786).


Tenable has extracted the preceding description block directly from the SUSE security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

Solution

Update the affected packages.

See Also

https://www.suse.com/security/cve/CVE-2024-36904

https://www.suse.com/security/cve/CVE-2024-36940

https://www.suse.com/security/cve/CVE-2024-36964

https://www.suse.com/security/cve/CVE-2024-38541

https://www.suse.com/security/cve/CVE-2024-38545

https://www.suse.com/security/cve/CVE-2024-38559

https://www.suse.com/security/cve/CVE-2024-38560

https://bugzilla.suse.com/1171988

https://bugzilla.suse.com/1191958

https://bugzilla.suse.com/1195065

https://bugzilla.suse.com/1195254

https://bugzilla.suse.com/1202623

https://bugzilla.suse.com/1218148

https://bugzilla.suse.com/1219224

https://bugzilla.suse.com/1222015

https://bugzilla.suse.com/1223138

https://bugzilla.suse.com/1223384

https://bugzilla.suse.com/1224671

https://bugzilla.suse.com/1224703

https://bugzilla.suse.com/1224749

https://bugzilla.suse.com/1224764

https://bugzilla.suse.com/1224765

https://bugzilla.suse.com/1224766

https://bugzilla.suse.com/1224865

https://bugzilla.suse.com/1225010

https://bugzilla.suse.com/1225047

https://bugzilla.suse.com/1225109

https://bugzilla.suse.com/1225161

https://bugzilla.suse.com/1225184

https://bugzilla.suse.com/1225203

https://bugzilla.suse.com/1225487

https://bugzilla.suse.com/1225518

https://bugzilla.suse.com/1225611

https://bugzilla.suse.com/1225732

https://bugzilla.suse.com/1225749

https://bugzilla.suse.com/1225840

https://bugzilla.suse.com/1225866

https://bugzilla.suse.com/1226563

https://bugzilla.suse.com/1226587

https://bugzilla.suse.com/1226595

https://bugzilla.suse.com/1226670

https://bugzilla.suse.com/1226672

https://bugzilla.suse.com/1226712

https://bugzilla.suse.com/1226732

https://bugzilla.suse.com/1226758

https://bugzilla.suse.com/1226786

https://bugzilla.suse.com/1226962

https://lists.suse.com/pipermail/sle-updates/2024-July/035864.html

https://www.suse.com/security/cve/CVE-2020-10135

https://www.suse.com/security/cve/CVE-2021-3896

https://www.suse.com/security/cve/CVE-2021-43389

https://www.suse.com/security/cve/CVE-2021-4439

https://www.suse.com/security/cve/CVE-2021-47247

https://www.suse.com/security/cve/CVE-2021-47311

https://www.suse.com/security/cve/CVE-2021-47328

https://www.suse.com/security/cve/CVE-2021-47368

https://www.suse.com/security/cve/CVE-2021-47372

https://www.suse.com/security/cve/CVE-2021-47379

https://www.suse.com/security/cve/CVE-2021-47571

https://www.suse.com/security/cve/CVE-2021-47583

https://www.suse.com/security/cve/CVE-2022-0435

https://www.suse.com/security/cve/CVE-2022-22942

https://www.suse.com/security/cve/CVE-2022-2938

https://www.suse.com/security/cve/CVE-2022-48711

https://www.suse.com/security/cve/CVE-2022-48760

https://www.suse.com/security/cve/CVE-2022-48771

https://www.suse.com/security/cve/CVE-2023-24023

https://www.suse.com/security/cve/CVE-2023-52707

https://www.suse.com/security/cve/CVE-2023-52752

https://www.suse.com/security/cve/CVE-2023-52881

https://www.suse.com/security/cve/CVE-2024-26921

https://www.suse.com/security/cve/CVE-2024-26923

https://www.suse.com/security/cve/CVE-2024-35789

https://www.suse.com/security/cve/CVE-2024-35861

https://www.suse.com/security/cve/CVE-2024-35862

https://www.suse.com/security/cve/CVE-2024-35864

https://www.suse.com/security/cve/CVE-2024-35878

https://www.suse.com/security/cve/CVE-2024-35950

https://www.suse.com/security/cve/CVE-2024-36894

Plugin Details

Severity: High

ID: 202104

File Name: suse_SU-2024-2365-1.nasl

Version: 1.3

Type: local

Agent: unix

Published: 7/10/2024

Updated: 8/28/2024

Supported Sensors: Agentless Assessment, Continuous Assessment, Frictionless Assessment Agent, Frictionless Assessment AWS, Frictionless Assessment Azure, Nessus Agent, Nessus

Risk Information

VPR

Risk Factor: Critical

Score: 9.4

CVSS v2

Risk Factor: High

Base Score: 9

Temporal Score: 7.8

Vector: CVSS2#AV:N/AC:L/Au:S/C:C/I:C/A:C

CVSS Score Source: CVE-2022-0435

CVSS v3

Risk Factor: High

Base Score: 8.8

Temporal Score: 8.4

Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Temporal Vector: CVSS:3.0/E:H/RL:O/RC:C

Vulnerability Information

CPE: p-cpe:/a:novell:suse_linux:kernel-syms, p-cpe:/a:novell:suse_linux:kernel-default-livepatch-devel, p-cpe:/a:novell:suse_linux:cluster-md-kmp-default, p-cpe:/a:novell:suse_linux:kernel-livepatch-5_3_18-150200_24_197-default, p-cpe:/a:novell:suse_linux:dlm-kmp-default, p-cpe:/a:novell:suse_linux:kernel-default-livepatch, p-cpe:/a:novell:suse_linux:ocfs2-kmp-default, p-cpe:/a:novell:suse_linux:reiserfs-kmp-default, p-cpe:/a:novell:suse_linux:kernel-source, p-cpe:/a:novell:suse_linux:kernel-preempt-devel, p-cpe:/a:novell:suse_linux:kernel-macros, p-cpe:/a:novell:suse_linux:kernel-preempt, p-cpe:/a:novell:suse_linux:kernel-default-devel, p-cpe:/a:novell:suse_linux:kernel-default-base, p-cpe:/a:novell:suse_linux:kernel-default, p-cpe:/a:novell:suse_linux:kernel-devel, p-cpe:/a:novell:suse_linux:kernel-obs-build, p-cpe:/a:novell:suse_linux:gfs2-kmp-default, cpe:/o:novell:suse_linux:15

Required KB Items: Host/local_checks_enabled, Host/cpu, Host/SuSE/release, Host/SuSE/rpm-list

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 7/9/2024

Vulnerability Publication Date: 5/19/2020

Exploitable With

Metasploit (vmwgfx Driver File Descriptor Handling Priv Esc)

Reference Information

CVE: CVE-2020-10135, CVE-2021-3896, CVE-2021-43389, CVE-2021-4439, CVE-2021-47247, CVE-2021-47311, CVE-2021-47328, CVE-2021-47368, CVE-2021-47372, CVE-2021-47379, CVE-2021-47571, CVE-2021-47583, CVE-2022-0435, CVE-2022-22942, CVE-2022-2938, CVE-2022-48711, CVE-2022-48760, CVE-2022-48771, CVE-2023-24023, CVE-2023-52707, CVE-2023-52752, CVE-2023-52881, CVE-2024-26921, CVE-2024-26923, CVE-2024-35789, CVE-2024-35861, CVE-2024-35862, CVE-2024-35864, CVE-2024-35878, CVE-2024-35950, CVE-2024-36894, CVE-2024-36904, CVE-2024-36940, CVE-2024-36964, CVE-2024-38541, CVE-2024-38545, CVE-2024-38559, CVE-2024-38560

SuSE: SUSE-SU-2024:2365-1