SUSE SLED15 / SLES15 / openSUSE 15 Security Update : kernel (SUSE-SU-2024:2571-1)

high Nessus Plugin ID 202999

Language:

Synopsis

The remote SUSE host is missing one or more security updates.

Description

The remote SUSE Linux SLED15 / SLED_SAP15 / SLES15 / SLES_SAP15 / openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2024:2571-1 advisory.

The SUSE Linux Enterprise 15 SP6 kernel was updated to receive various security bugfixes.

The following security bugs were fixed:

- CVE-2024-39371: io_uring: check for non-NULL file pointer in io_file_can_poll() (bsc#1226990).
- CVE-2023-52846: hsr: Prevent use after free in prp_create_tagged_frame() (bsc#1225098).
- CVE-2024-38610: drivers/virt/acrn: fix PFNMAP PTE checks in acrn_vm_ram_map() (bsc#1226758).
- CVE-2024-37354: btrfs: fix crash on racing fsync and size-extending write into prealloc (bsc#1227101).
- CVE-2024-36919: scsi: bnx2fc: Remove spin_lock_bh while releasing resources after upload (bsc#1225767).
- CVE-2024-38559: scsi: qedf: Ensure the copied buf is NUL terminated (bsc#1226785).
- CVE-2024-38570: gfs2: Fix potential glock use-after-free on unmount (bsc#1226775).
- CVE-2024-36904: tcp: Use refcount_inc_not_zero() in tcp_twsk_unique() (bsc#1225732).
- CVE-2023-52840: Fix use after free in rmi_unregister_function() (bsc#1224928).
- CVE-2024-38545: RDMA/hns: Fix UAF for cq async event (bsc#1226595).
- CVE-2023-52834: atl1c: Work around the DMA RX overflow issue (bsc#1225599).
- CVE-2023-52875: Add check for mtk_alloc_clk_data (bsc#1225096).
- CVE-2023-52865: Add check for mtk_alloc_clk_data (bsc#1225086).
- CVE-2023-52821: Fixed a possible null pointer dereference (bsc#1225022).
- CVE-2023-52867: Fixed possible buffer overflow (bsc#1225009).
- CVE-2024-38578: ecryptfs: Fix buffer size for tag 66 packet (bsc#1226634,).
- CVE-2024-36964: fs/9p: only translate RWX permissions for plain 9P2000 (bsc#1225866).
- CVE-2023-52759: Ignore negated quota changes (bsc#1225560).
- CVE-2023-52796: Add ipvlan_route_v6_outbound() helper (bsc#1224930).
- CVE-2023-52807: Fixed out-of-bounds access may occur when coalesce info is read via debugfs (bsc#1225097).
- CVE-2023-52864: Fixed opening of char device (bsc#1225132).
- CVE-2024-36926: Fixed LPAR panics during boot up with a frozen PE (bsc#1222011).
- CVE-2023-52871: Handle a second device without data corruption (bsc#1225534)
- CVE-2023-52795: Fixed use after free in vhost_vdpa_probe() (bsc#1225085).
- CVE-2023-52881: tcp: do not accept ACK of bytes we never sent (bsc#1225611).
- CVE-2024-37353: virtio: fixed a double free in vp_del_vqs() (bsc#1226875).
- CVE-2024-39301: net/9p: fix uninit-value in p9_client_rpc() (bsc#1226994).
- CVE-2024-35843: iommu/vt-d: Use device rbtree in iopf reporting path (bsc#1224751).
- CVE-2024-37078: nilfs2: fix potential kernel bug due to lack of writeback flag waiting (bsc#1227066).
- CVE-2024-35247: fpga: region: add owner module and take its refcount (bsc#1226948).
- CVE-2024-36479: fpga: bridge: add owner module and take its refcount (bsc#1226949).
- CVE-2024-37021: fpga: manager: add owner module and take its refcount (bsc#1226950).
- CVE-2024-36281: net/mlx5: Use mlx5_ipsec_rx_status_destroy to correctly delete status rules (bsc#1226799).
- CVE-2024-38580: epoll: be better about file lifetimes (bsc#1226610).
- CVE-2024-36478: null_blk: fix null-ptr-dereference while configuring 'power' and 'submit_queues' (bsc#1226841).
- CVE-2024-38636: f2fs: multidev: fix to recognize valid zero block address (bsc#1226879).
- CVE-2024-38661: s390/ap: Fix crash in AP internal function modify_bitmap() (bsc#1226996).
- CVE-2024-38564: bpf: Add BPF_PROG_TYPE_CGROUP_SKB attach type enforcement in BPF_LINK_CREATE (bsc#1226789).
- CVE-2024-38560: scsi: bfa: Ensure the copied buf is NUL terminated (bsc#1226786).
- CVE-2024-36978: net: sched: sch_multiq: fix possible OOB write in multiq_tune() (bsc#1226514).
- CVE-2024-36917: block: fix overflow in blk_ioctl_discard() (bsc#1225770).
- CVE-2024-38627: stm class: Fix a double free in stm_register_device() (bsc#1226857).
- CVE-2024-38603: drivers/perf: hisi: hns3: Actually use devm_add_action_or_reset() (bsc#1226842).
- CVE-2024-38553: net: fec: remove .ndo_poll_controller to avoid deadlock (bsc#1226744).
- CVE-2024-38555: net/mlx5: Discard command completions in internal error (bsc#1226607).
- CVE-2024-38556: net/mlx5: Add a timeout to acquire the command queue semaphore (bsc#1226774).
- CVE-2024-38557: net/mlx5: Reload only IB representors upon lag disable/enable (bsc#1226781).
- CVE-2024-38608: net/mlx5e: Fix netif state handling (bsc#1226746).
- CVE-2024-38597: eth: sungem: remove .ndo_poll_controller to avoid deadlocks (bsc#1226749).
- CVE-2024-38594: net: stmmac: move the EST lock to struct stmmac_priv (bsc#1226734).
- CVE-2024-38569: drivers/perf: hisi_pcie: Fix out-of-bound access when valid event group (bsc#1226772).
- CVE-2024-38568: drivers/perf: hisi: hns3: Fix out-of-bound access when valid event group (bsc#1226771).
- CVE-2024-26814: vfio/fsl-mc: Block calling interrupt handler without trigger (bsc#1222810).
- CVE-2024-26813: vfio/platform: Create persistent IRQ handlers (bsc#1222809).
- CVE-2024-36945: net/smc: fix neighbour and rtable leak in smc_ib_find_route() (bsc#1225823).
- CVE-2024-36923: fs/9p: fix uninitialized values during inode evict (bsc#1225815).
- CVE-2024-36971: net: fix __dst_negative_advice() race (bsc#1226145).
- CVE-2024-27414: rtnetlink: fix error logic of IFLA_BRIDGE_FLAGS writing back (bsc#1224439).
- CVE-2024-35886: ipv6: Fix infinite recursion in fib6_dump_done() (bsc#1224670).
- CVE-2024-36024: drm/amd/display: Disable idle reallow as part of command/gpint execution (bsc#1225702).
- CVE-2024-36903: ipv6: Fix potential uninit-value access in __ip6_make_skb() (bsc#1225741).
- CVE-2024-36899: gpiolib: cdev: Fix use after free in lineinfo_changed_notify (bsc#1225737).
- CVE-2024-35979: raid1: fix use-after-free for original bio in raid1_write_request() (bsc#1224572).
- CVE-2024-35807: ext4: fix corruption during on-line resize (bsc#1224735).
- CVE-2023-52622: ext4: avoid online resizing failures due to oversized flex bg (bsc#1222080).
- CVE-2023-52843: llc: verify mac len before reading mac header (bsc#1224951).
- CVE-2024-35898: netfilter: nf_tables: Fix potential data-race in __nft_flowtable_type_get() (bsc#1224498).
- CVE-2024-36915: nfc: llcp: fix nfc_llcp_setsockopt() unsafe copies (bsc#1225758).
- CVE-2024-36882: mm: use memalloc_nofs_save() in page_cache_ra_order() (bsc#1225723).
- CVE-2024-36916: blk-iocost: avoid out of bounds shift (bsc#1225759).
- CVE-2024-36900: net: hns3: fix kernel crash when devlink reload during initialization (bsc#1225726).
- CVE-2023-52787: blk-mq: make sure active queue usage is held for bio_integrity_prep() (bsc#1225105).
- CVE-2024-35925: block: prevent division by zero in blk_rq_stat_sum() (bsc#1224661).
- CVE-2023-52837: nbd: fix uaf in nbd_open (bsc#1224935).
- CVE-2023-52786: ext4: fix racy may inline data check in dio write (bsc#1224939).
- CVE-2024-36934: bna: ensure the copied buf is NUL terminated (bsc#1225760).
- CVE-2024-36935: ice: ensure the copied buf is NUL terminated (bsc#1225763).
- CVE-2024-36937: xdp: use flags field to disambiguate broadcast redirect (bsc#1225834).
- CVE-2023-52672: pipe: wakeup wr_wait after setting max_usage (bsc#1224614).
- CVE-2023-52845: tipc: Change nla_policy for bearer-related names to NLA_NUL_STRING (bsc#1225585).
- CVE-2024-36005: netfilter: nf_tables: honor table dormant flag from netdev release event path (bsc#1224539).
- CVE-2024-26845: scsi: target: core: Add TMF to tmr_list handling (bsc#1223018).
- CVE-2024-35892: net/sched: fix lockdep splat in qdisc_tree_reduce_backlog() (bsc#1224515).
- CVE-2024-35848: eeprom: at24: fix memory corruption race condition (bsc#1224612).
- CVE-2024-35884: udp: do not accept non-tunnel GSO skbs landing in a tunnel (bsc#1224520).
- CVE-2024-35857: icmp: prevent possible NULL dereferences from icmp_build_probe() (bsc#1224619).
- CVE-2023-52735: bpf, sockmap: Don't let sock_map_{close,destroy,unhash} call itself (bsc#1225475).
- CVE-2024-35926: crypto: iaa - Fix async_disable descriptor leak (bsc#1224655).
- CVE-2024-35976: Validate user input for XDP_{UMEM|COMPLETION}_FILL_RING (bsc#1224575).
- CVE-2024-36938: Fixed NULL pointer dereference in sk_psock_skb_ingress_enqueue (bsc#1225761).
- CVE-2024-36008: ipv4: check for NULL idev in ip_route_use_hint() (bsc#1224540).
- CVE-2024-35998: Fixed lock ordering potential deadlock in cifs_sync_mid_result (bsc#1224549).
- CVE-2023-52757: Fixed potential deadlock when releasing mids (bsc#1225548).
- CVE-2024-27419: Fixed data-races around sysctl_net_busy_read (bsc#1224759)
- CVE-2024-36957: octeontx2-af: avoid off-by-one read from userspace (bsc#1225762).
- CVE-2024-26625: Call sock_orphan() at release time (bsc#1221086)
- CVE-2024-35880: io_uring/kbuf: hold io_buffer_list reference over mmap (bsc#1224523).
- CVE-2024-35831: io_uring: Fix release of pinned pages when __io_uaddr_map fails (bsc#1224698).
- CVE-2024-35827: io_uring/net: fix overflow check in io_recvmsg_mshot_prep() (bsc#1224606).
- CVE-2023-52656: Dropped any code related to SCM_RIGHTS (bsc#1224187).
- CVE-2023-52699: sysv: don't call sb_bread() with pointers_lock held (bsc#1224659).

Tenable has extracted the preceding description block directly from the SUSE security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

Solution

Update the affected packages.

Plugin Details

Severity: High

ID: 202999

File Name: suse_SU-2024-2571-1.nasl

Version: 1.6

Type: local

Agent: unix

Family: SuSE Local Security Checks

Published: 7/23/2024

Updated: 8/28/2024

Supported Sensors: Frictionless Assessment AWS, Frictionless Assessment Azure, Frictionless Assessment Agent, Nessus Agent, Agentless Assessment, Nessus

Risk Information

VPR

Risk Factor: High

Score: 8.4

CVSS v2

Risk Factor: Medium

Base Score: 6.8

Temporal Score: 5.6

Vector: CVSS2#AV:L/AC:L/Au:S/C:C/I:C/A:C

CVSS Score Source: CVE-2024-39463

CVSS v3

Risk Factor: High

Base Score: 7.8

Temporal Score: 7.2

Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Temporal Vector: CVSS:3.0/E:F/RL:O/RC:C

Vulnerability Information

CPE: p-cpe:/a:novell:suse_linux:kernel-livepatch-6_4_0-150600_23_14-default, p-cpe:/a:novell:suse_linux:kernel-macros, p-cpe:/a:novell:suse_linux:kernel-zfcpdump, p-cpe:/a:novell:suse_linux:kernel-64kb-devel, p-cpe:/a:novell:suse_linux:ocfs2-kmp-default, p-cpe:/a:novell:suse_linux:dlm-kmp-default, p-cpe:/a:novell:suse_linux:kernel-default-base, p-cpe:/a:novell:suse_linux:kernel-default-livepatch, p-cpe:/a:novell:suse_linux:kernel-default-devel, p-cpe:/a:novell:suse_linux:kernel-devel, p-cpe:/a:novell:suse_linux:gfs2-kmp-default, p-cpe:/a:novell:suse_linux:kernel-syms, p-cpe:/a:novell:suse_linux:kernel-default-extra, cpe:/o:novell:suse_linux:15, p-cpe:/a:novell:suse_linux:reiserfs-kmp-default, p-cpe:/a:novell:suse_linux:kernel-default-livepatch-devel, p-cpe:/a:novell:suse_linux:cluster-md-kmp-default, p-cpe:/a:novell:suse_linux:kernel-obs-build, p-cpe:/a:novell:suse_linux:kernel-default, p-cpe:/a:novell:suse_linux:kernel-source, p-cpe:/a:novell:suse_linux:kernel-64kb

Required KB Items: Host/local_checks_enabled, Host/cpu, Host/SuSE/release, Host/SuSE/rpm-list

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 7/22/2024

Vulnerability Publication Date: 12/13/2023

CISA Known Exploited Vulnerability Due Dates: 8/28/2024

Reference Information

CVE: CVE-2021-47432, CVE-2022-48772, CVE-2023-52622, CVE-2023-52656, CVE-2023-52672, CVE-2023-52699, CVE-2023-52735, CVE-2023-52749, CVE-2023-52750, CVE-2023-52753, CVE-2023-52754, CVE-2023-52757, CVE-2023-52759, CVE-2023-52762, CVE-2023-52763, CVE-2023-52764, CVE-2023-52765, CVE-2023-52766, CVE-2023-52767, CVE-2023-52768, CVE-2023-52769, CVE-2023-52773, CVE-2023-52774, CVE-2023-52776, CVE-2023-52777, CVE-2023-52780, CVE-2023-52781, CVE-2023-52782, CVE-2023-52783, CVE-2023-52784, CVE-2023-52786, CVE-2023-52787, CVE-2023-52788, CVE-2023-52789, CVE-2023-52791, CVE-2023-52792, CVE-2023-52794, CVE-2023-52795, CVE-2023-52796, CVE-2023-52798, CVE-2023-52799, CVE-2023-52800, CVE-2023-52801, CVE-2023-52803, CVE-2023-52804, CVE-2023-52805, CVE-2023-52806, CVE-2023-52807, CVE-2023-52808, CVE-2023-52809, CVE-2023-52810, CVE-2023-52811, CVE-2023-52812, CVE-2023-52813, CVE-2023-52814, CVE-2023-52815, CVE-2023-52816, CVE-2023-52817, CVE-2023-52818, CVE-2023-52819, CVE-2023-52821, CVE-2023-52825, CVE-2023-52826, CVE-2023-52827, CVE-2023-52829, CVE-2023-52832, CVE-2023-52833, CVE-2023-52834, CVE-2023-52835, CVE-2023-52836, CVE-2023-52837, CVE-2023-52838, CVE-2023-52840, CVE-2023-52841, CVE-2023-52842, CVE-2023-52843, CVE-2023-52844, CVE-2023-52845, CVE-2023-52846, CVE-2023-52847, CVE-2023-52849, CVE-2023-52850, CVE-2023-52851, CVE-2023-52853, CVE-2023-52854, CVE-2023-52855, CVE-2023-52856, CVE-2023-52857, CVE-2023-52858, CVE-2023-52861, CVE-2023-52862, CVE-2023-52863, CVE-2023-52864, CVE-2023-52865, CVE-2023-52866, CVE-2023-52867, CVE-2023-52868, CVE-2023-52869, CVE-2023-52870, CVE-2023-52871, CVE-2023-52872, CVE-2023-52873, CVE-2023-52874, CVE-2023-52875, CVE-2023-52876, CVE-2023-52877, CVE-2023-52878, CVE-2023-52879, CVE-2023-52880, CVE-2023-52881, CVE-2023-52883, CVE-2023-52884, CVE-2024-26482, CVE-2024-26625, CVE-2024-26676, CVE-2024-26750, CVE-2024-26758, CVE-2024-26767, CVE-2024-26780, CVE-2024-26813, CVE-2024-26814, CVE-2024-26845, CVE-2024-26889, CVE-2024-26920, CVE-2024-27414, CVE-2024-27419, CVE-2024-33619, CVE-2024-34777, CVE-2024-35247, CVE-2024-35807, CVE-2024-35827, CVE-2024-35831, CVE-2024-35843, CVE-2024-35848, CVE-2024-35857, CVE-2024-35880, CVE-2024-35884, CVE-2024-35886, CVE-2024-35892, CVE-2024-35896, CVE-2024-35898, CVE-2024-35900, CVE-2024-35925, CVE-2024-35926, CVE-2024-35957, CVE-2024-35962, CVE-2024-35970, CVE-2024-35976, CVE-2024-35979, CVE-2024-35998, CVE-2024-36005, CVE-2024-36008, CVE-2024-36010, CVE-2024-36017, CVE-2024-36024, CVE-2024-36281, CVE-2024-36477, CVE-2024-36478, CVE-2024-36479, CVE-2024-36882, CVE-2024-36887, CVE-2024-36899, CVE-2024-36900, CVE-2024-36903, CVE-2024-36904, CVE-2024-36915, CVE-2024-36916, CVE-2024-36917, CVE-2024-36919, CVE-2024-36923, CVE-2024-36924, CVE-2024-36926, CVE-2024-36934, CVE-2024-36935, CVE-2024-36937, CVE-2024-36938, CVE-2024-36945, CVE-2024-36952, CVE-2024-36957, CVE-2024-36960, CVE-2024-36962, CVE-2024-36964, CVE-2024-36965, CVE-2024-36967, CVE-2024-36969, CVE-2024-36971, CVE-2024-36972, CVE-2024-36973, CVE-2024-36975, CVE-2024-36977, CVE-2024-36978, CVE-2024-37021, CVE-2024-37078, CVE-2024-37353, CVE-2024-37354, CVE-2024-38381, CVE-2024-38384, CVE-2024-38385, CVE-2024-38388, CVE-2024-38390, CVE-2024-38391, CVE-2024-38539, CVE-2024-38540, CVE-2024-38541, CVE-2024-38543, CVE-2024-38544, CVE-2024-38545, CVE-2024-38546, CVE-2024-38547, CVE-2024-38548, CVE-2024-38549, CVE-2024-38550, CVE-2024-38551, CVE-2024-38552, CVE-2024-38553, CVE-2024-38554, CVE-2024-38555, CVE-2024-38556, CVE-2024-38557, CVE-2024-38559, CVE-2024-38560, CVE-2024-38562, CVE-2024-38564, CVE-2024-38565, CVE-2024-38566, CVE-2024-38567, CVE-2024-38568, CVE-2024-38569, CVE-2024-38570, CVE-2024-38571, CVE-2024-38572, CVE-2024-38573, CVE-2024-38575, CVE-2024-38578, CVE-2024-38579, CVE-2024-38580, CVE-2024-38581, CVE-2024-38582, CVE-2024-38583, CVE-2024-38587, CVE-2024-38588, CVE-2024-38590, CVE-2024-38591, CVE-2024-38592, CVE-2024-38594, CVE-2024-38595, CVE-2024-38597, CVE-2024-38599, CVE-2024-38600, CVE-2024-38601, CVE-2024-38602, CVE-2024-38603, CVE-2024-38605, CVE-2024-38608, CVE-2024-38610, CVE-2024-38611, CVE-2024-38615, CVE-2024-38616, CVE-2024-38617, CVE-2024-38618, CVE-2024-38619, CVE-2024-38621, CVE-2024-38622, CVE-2024-38627, CVE-2024-38628, CVE-2024-38629, CVE-2024-38630, CVE-2024-38633, CVE-2024-38634, CVE-2024-38635, CVE-2024-38636, CVE-2024-38661, CVE-2024-38663, CVE-2024-38664, CVE-2024-38780, CVE-2024-39277, CVE-2024-39291, CVE-2024-39296, CVE-2024-39301, CVE-2024-39362, CVE-2024-39371, CVE-2024-39463, CVE-2024-39466, CVE-2024-39469, CVE-2024-39471

SuSE: SUSE-SU-2024:2571-1

Detections

Analytics