SUSE SLES12 Security Update : kernel (SUSE-SU-2024:2901-1)

high Nessus Plugin ID 205579

Language:

Synopsis

The remote SUSE host is missing one or more security updates.

Description

The remote SUSE Linux SLES12 / SLES_SAP12 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2024:2901-1 advisory.

The SUSE Linux Enterprise 12 SP5 Azure kernel was updated to receive various security bugfixes.


The following security bugs were fixed:

- CVE-2024-39494: ima: Fix use-after-free on a dentry's dname.name (bsc#1227716).
- CVE-2024-42096: x86: stop playing stack games in profile_pc() (bsc#1228633).
- CVE-2024-39506: liquidio: adjust a NULL pointer handling path in lio_vf_rep_copy_packet (bsc#1227729).
- CVE-2021-47619: i40e: Fix queues reservation for XDP (bsc#1226645).
- CVE-2024-42145: IB/core: Implement a limit on UMAD receive List (bsc#1228743).
- CVE-2024-42124: scsi: qedf: Make qedf_execute_tmf() non-preemptible (bsc#1228705).
- CVE-2024-42223: media: dvb-frontends: tda10048: Fix integer overflow (bsc#1228726).
- CVE-2024-42119: drm/amd/display: Skip finding free audio for unknown engine_id (bsc#1228584).
- CVE-2024-42120: drm/amd/display: Check pipe offset before setting vblank (bsc#1228588).
- CVE-2024-41095: drm/nouveau/dispnv04: fix null pointer dereference in nv17_tv_get_ld_modes (bsc#1228662).
- CVE-2024-42224: net: dsa: mv88e6xxx: Correct check for empty list (bsc#1228723).
- CVE-2024-41072: wifi: cfg80211: wext: add extra SIOCSIWSCAN data check (bsc#1228626).
- CVE-2024-41048: skmsg: Skip zero length skb in sk_msg_recvmsg (bsc#1228565).
- CVE-2024-40995: net/sched: act_api: fix possible infinite loop in tcf_idr_check_alloc() (bsc#1227830).
- CVE-2024-41044: ppp: reject claimed-as-LCP but actually malformed packets (bsc#1228530).
- CVE-2024-41066: ibmvnic: add tx check to prevent skb leak (bsc#1228640).
- CVE-2024-42093: net/dpaa2: Avoid explicit cpumask var allocation on stack (bsc#1228680).
- CVE-2024-41089: drm/nouveau/dispnv04: fix null pointer dereference in nv17_tv_get_hd_modes (bsc#1228658).
- CVE-2024-41060: drm/radeon: check bo_va->bo is non-NULL before using it (bsc#1228567).
- CVE-2022-48829: NFSD: Fix NFSv3 SETATTR/CREATE's handling of large file sizes (bsc#1228055).
- CVE-2022-48828: NFSD: Fix ia_size underflow (bsc#1228054).
- CVE-2022-48827: NFSD: Fix the behavior of READ near OFFSET_MAX (bsc#1228037).
- CVE-2024-41078: btrfs: qgroup: fix quota root leak after quota disable failure (bsc#1228655).
- CVE-2024-41071: wifi: mac80211: Avoid address calculations via out of bounds array indexing (bsc#1228625).
- CVE-2024-41064: powerpc/eeh: avoid possible crash when edev->pdev changes (bsc#1228599).
- CVE-2024-35949: btrfs: make sure that WRITTEN is set on all metadata blocks (bsc#1224700).
- CVE-2024-41081: ila: block BH in ila_output() (bsc#1228617).
- CVE-2024-40978: scsi: qedi: Fix crash while reading debugfs attribute (bsc#1227929).
- CVE-2022-48792: scsi: pm8001: Fix use-after-free for aborted SSP/STP sas_task (bsc#1228013).
- CVE-2022-48823: scsi: qedf: Fix refcount issue when LOGO is received during TMF (bsc#1228045).
- CVE-2024-41076: NFSv4: Fix memory leak in nfs4_set_security_label (bsc#1228649).
- CVE-2024-40998: ext4: fix uninitialized ratelimit_state->lock access in __ext4_fill_super() (bsc#1227866).
- CVE-2024-41059: hfsplus: fix uninit-value in copy_name (bsc#1228561).
- CVE-2024-40987: drm/amdgpu: fix UBSAN warning in kv_dpm.c (bsc#1228235).
- CVE-2022-48826: drm/vc4: Fix deadlock on DSI device attach error (bsc#1227975)
- CVE-2024-27437: vfio/pci: Disable auto-enable of exclusive INTx IRQ (bsc#1222625).
- CVE-2024-41015: ocfs2: add bounds checking to ocfs2_check_dir_entry() (bsc#1228409).
- CVE-2024-41016: ocfs2: strict bound check before memcmp in ocfs2_xattr_find_entry() (bsc#1228410).
- CVE-2024-41063: bluetooth: hci_core: cancel all works upon hci_unregister_dev() (bsc#1228580).
- CVE-2024-42070: netfilter: nf_tables: fully validate NFT_DATA_VALUE on store to data registers (bsc#1228470).
- CVE-2024-41070: KVM: PPC: Book3S HV: Prevent UAF in kvm_spapr_tce_attach_iommu_group() (bsc#1228581).
- CVE-2021-47405: HID: usbhid: free raw_report buffers in usbhid_stop (bsc#1225238).
- CVE-2024-40988: drm/radeon: fix UBSAN warning in kv_dpm.c (bsc#1227957).
- CVE-2024-40932: drm/exynos/vidi: fix memory leak in .get_modes() (bsc#1227828).
- CVE-2021-47403: ipack: ipoctal: fix module reference leak (bsc#1225241).
- CVE-2021-47388: mac80211: fix use-after-free in CCMP/GCMP RX (bsc#1225214).
- CVE-2024-41014: xfs: add bounds checking to xlog_recover_process_data (bsc#1228408).
- CVE-2024-41091: tun: add missing verification for short frame (bsc#1228327).
- CVE-2024-41090: tap: add missing verification for short frame (bsc#1228328).
- CVE-2024-40999: net: ena: Add validation for completion descriptors consistency (bsc#1227913).
- CVE-2024-35837: net: mvpp2: clear BM pool before initialization (bsc#1224500).
- CVE-2021-47588: sit: do not call ipip6_dev_free() from sit_init_net() (bsc#1226568).
- CVE-2022-48804: vt_ioctl: fix array_index_nospec in vt_setactivate (bsc#1227968).
- CVE-2024-40967: serial: imx: Introduce timeout when waiting on transmitter empty (bsc#1227891).
- CVE-2024-40966: kABI: tty: add the option to have a tty reject a new ldisc (bsc#1227886).
- CVE-2022-48850: net-sysfs: add check for netdevice being present to speed_show (bsc#1228071).
- CVE-2021-47582: usb: core: Do not hold the device lock while sleeping in do_proc_control() (bsc#1226559).
- CVE-2024-40982: ssb: fix potential NULL pointer dereference in ssb_device_uevent() (bsc#1227865).
- CVE-2021-47468: isdn: mISDN: Fix sleeping function called from invalid context (bsc#1225346).
- CVE-2021-47395: mac80211: limit injected vht mcs/nss in ieee80211_parse_tx_radiotap (bsc#1225326).
- CVE-2022-48810: ipmr,ip6mr: acquire RTNL before calling ip[6]mr_free_table() on failure path (bsc#1227936).
- CVE-2023-52594: Fixed potential array-index-out-of-bounds read in ath9k_htc_txstatus() (bsc#1221045).
- CVE-2022-48855: sctp: fix kernel-infoleak for SCTP sockets (bsc#1228003).
- CVE-2021-47580: scsi: scsi_debug: Fix type in min_t to avoid stack OOB (bsc#1226550).
- CVE-2024-26735: ipv6: sr: fix possible use-after-free and null-ptr-deref (bsc#1222372).
- CVE-2024-38560: scsi: bfa: Ensure the copied buf is NUL terminated (bsc#1226786).
- CVE-2022-48811: ibmvnic: do not release napi in __ibmvnic_open() (bsc#1227928).
- CVE-2021-0129: Improper access control in BlueZ may have allowed an authenticated user to potentially enable information disclosure via adjacent access (bsc#1186463).
- CVE-2020-26558: Fixed a flaw in the Bluetooth LE and BR/EDR secure pairing that could permit a nearby man-in-the-middle attacker to identify the Passkey used during pairing (bsc#1179610).
- CVE-2024-40937: gve: Clear napi->skb before dev_kfree_skb_any() (bsc#1227836).
- CVE-2024-39507: net: hns3: fix kernel crash problem in concurrent scenario (bsc#1227730).
- CVE-2024-40923: vmxnet3: disable rx data ring on dma allocation failure (bsc#1227786).
- CVE-2024-40941: wifi: iwlwifi: mvm: do not read past the mfuart notifcation (bsc#1227771).
- CVE-2022-48860: ethernet: Fix error handling in xemaclite_of_probe (bsc#1228008).
- CVE-2022-48863: mISDN: Fix memory leak in dsp_pipeline_build() (bsc#1228063).
- CVE-2024-40953: KVM: Fix a data race on last_boosted_vcpu in kvm_vcpu_on_spin() (bsc#1227806).
- CVE-2024-39499: vmci: prevent speculation leaks by sanitizing event in event_deliver() (bsc#1227725).
- CVE-2024-39487: bonding: Fix out-of-bounds read in bond_option_arp_ip_targets_set() (bsc#1227573)
- CVE-2024-35934: net/smc: reduce rtnl pressure in smc_pnet_create_pnetids_list() (bsc#1224641)
- CVE-2024-40959: xfrm6: check ip6_dst_idev() return value in xfrm6_get_saddr() (bsc#1227884).
- CVE-2024-35893: net/sched: act_skbmod: prevent kernel-infoleak (bsc#1224512)
- CVE-2021-47441: mlxsw: thermal: Fix out-of-bounds memory accesses (bsc#1225224)
- CVE-2021-47194: cfg80211: call cfg80211_stop_ap when switch from P2P_GO type (bsc#1222829).
- CVE-2024-27020: netfilter: nf_tables: Fix potential data-race in __nft_expr_type_get() (bsc#1223815)
- CVE-2022-48775: Drivers: hv: vmbus: Fix memory leak in vmbus_add_channel_kobj (bsc#1227924).
- CVE-2024-27019: netfilter: nf_tables: Fix potential data-race in __nft_obj_type_get() (bsc#1223813)
- CVE-2024-40929: wifi: iwlwifi: mvm: check n_ssids before accessing the ssids (bsc#1227774).
- CVE-2024-40912: wifi: mac80211: Fix deadlock in ieee80211_sta_ps_deliver_wakeup() (bsc#1227790).
- CVE-2024-40942: wifi: mac80211: mesh: Fix leak of mesh_preq_queue objects (bsc#1227770).
- CVE-2022-48857: NFC: port100: fix use-after-free in port100_send_complete (bsc#1228005).
- CVE-2024-36902: ipv6: fib6_rules: avoid possible NULL dereference in fib6_rule_action() (bsc#1225719).
- CVE-2021-47606: net: netlink: af_netlink: Prevent empty skb by adding a check on len. (bsc#1226555).
- CVE-2024-40901: scsi: mpt3sas: Avoid test/set_bit() operating in non-allocated memory (bsc#1227762).
- CVE-2024-26924: scsi: lpfc: Release hbalock before calling lpfc_worker_wake_up() (bsc#1225820).
- CVE-2024-26830: Fixed i40e to not allow untrusted VF to remove administratively set MAC (bsc#1223012).
- CVE-2021-47516: nfp: Fix memory leak in nfp_cpp_area_cache_add() (bsc#1225427).
- CVE-2021-47501: i40e: Fix NULL pointer dereference in i40e_dbg_dump_desc (bsc#1225361).
- CVE-2024-39501: drivers: core: synchronize really_probe() and dev_uevent() (bsc#1227754).
- CVE-2023-52743: ice: Do not use WQ_MEM_RECLAIM flag for workqueue (bsc#1225003)
- CVE-2021-47542: net: qlogic: qlcnic: Fix a NULL pointer dereference in qlcnic_83xx_add_rings() (bsc#1225455).
- CVE-2024-36901: ipv6: prevent NULL dereference in ip6_output() (bsc#1225711)
- CVE-2024-36004: i40e: Do not use WQ_MEM_RECLAIM flag for workqueue (bsc#1224545)
- CVE-2024-27025: nbd: null check for nla_nest_start (bsc#1223778)
- CVE-2021-47599: btrfs: use latest_dev in btrfs_show_devname (bsc#1226571).
- CVE-2023-52435: net: prevent mss overflow in skb_segment() (bsc#1220138).
- CVE-2024-26663: tipc: Check the bearer type before calling tipc_udp_nl_bearer_add() (bsc#1222326).
- CVE-2021-47597: inet_diag: fix kernel-infoleak for UDP sockets (bsc#1226553).
- CVE-2024-39490: ipv6: sr: fix missing sk_buff release in seg6_input_core (bsc#1227626).
- CVE-2024-38558: net: openvswitch: fix overwriting ct original tuple for ICMPv6 (bsc#1226783).
- CVE-2024-26615: net/smc: fix illegal rmb_desc access in SMC-D connection dump (bsc#1220942).
- CVE-2023-52619: Fixed possible crash when setting number of cpus to an odd number in pstore/ram (bsc#1221618).
- CVE-2024-26659: Fixed wrong handling of isoc Babble and Buffer Overrun events in xhci (bsc#1222317).
- CVE-2024-35978: Bluetooth: Fix memory leak in hci_req_sync_complete() (bsc#1224571).
- CVE-2023-52669: crypto: s390/aes - Fix buffer overread in CTR mode (bsc#1224637).
- CVE-2023-52615: Fixed page fault dead lock on mmap-ed hwrng (bsc#1221614).
- CVE-2023-52612: Fixed req->dst buffer overflow in crypto/scomp (bsc#1221616).
- CVE-2024-35995: ACPI: CPPC: Use access_width over bit_width for system memory accesses (bsc#1224557).
- CVE-2023-52623: Fixed suspicious RCU usage in SUNRPC (bsc#1222060).
- CVE-2021-47295: net: sched: fix memory leak in tcindex_partial_destroy_work (bsc#1224975)
- CVE-2023-52693: ACPI: video: check for error while searching for backlight device parent (bsc#1224686).
- CVE-2023-52683: ACPI: LPIT: Avoid u32 multiplication overflow (bsc#1224627).
- CVE-2023-4244: Fixed a use-after-free in the nf_tables component, which could be exploited to achieve local privilege escalation (bsc#1215420).
- CVE-2024-39475: fbdev: savage: Handle err return when savagefb_check_var failed (bsc#1227435)
- CVE-2021-47520: can: pch_can: pch_can_rx_normal: fix use after free (bsc#1225431).
- CVE-2024-36941: wifi: nl80211: do not free NULL coalescing rule (bsc#1225835).
- CVE-2021-47145: btrfs: do not BUG_ON in link_to_fixup_dir (bsc#1222005).
- CVE-2021-47547: net: tulip: de4x5: fix the problem that the array 'lp->phy' may be out of bound (bsc#1225505).
- CVE-2023-52817: drm/amdgpu: Fix a null pointer access when the smc_rreg pointer is NULL (bsc#1225569).
- CVE-2023-52819: drm/amd: Fix UBSAN array-index-out-of-bounds for Polaris and Tonga (bsc#1225532).
- CVE-2023-52818: drm/amd: Fix UBSAN array-index-out-of-bounds for SMU7 (bsc#1225530).
- CVE-2023-52753: drm/amd/display: Avoid NULL dereference of timing generator (bsc#1225478).
- CVE-2024-36014: drm/arm/malidp: fix a possible null pointer dereference (bsc#1225593).
- CVE-2024-26636: llc: make llc_ui_sendmsg() more robust against bonding changes (bsc#1221659).
- CVE-2024-26635: llc: Drop support for ETH_P_TR_802_2 (bsc#1221656).
- CVE-2024-35828: wifi: libertas: fix some memleaks in lbs_allocate_cmd_buffer() (bsc#1224622).
- CVE-2023-52507: Fixed possible shift-out-of-bounds in nfc/nci (bsc#1220833).
- CVE-2024-38598: md: fix resync softlockup when bitmap size is less than array size (bsc#1226757).
- CVE-2024-35805: dm snapshot: fix lockup in dm_exception_table_exit (bsc#1224743).
- CVE-2024-26880: dm: call the resume method on internal suspend (bsc#1223188).
- CVE-2021-47498: dm rq: do not queue request to blk-mq during DM suspend (bsc#1225357).
- CVE-2021-47275: bcache: avoid oversized read request in cache missing code path (bsc#1224965).
- CVE-2024-38619: usb-storage: alauda: Check whether the media is initialized (bsc#1226861).
- CVE-2021-47201: iavf: free q_vectors before queues in iavf_disable_vf (bsc#1222792).
- CVE-2024-26863: hsr: Fix uninit-value access in hsr_get_node() (bsc#1223021).
- CVE-2024-38630: watchdog: cpu5wdt.c: Fix use-after-free bug caused by cpu5wdt_trigger (bsc#1226908).
- CVE-2024-39301: net/9p: fix uninit-value in p9_client_rpc() (bsc#1226994).
- CVE-2021-47559: net/smc: Fix NULL pointer dereferencing in smc_vlan_by_tcpsk() (bsc#1225396).


Tenable has extracted the preceding description block directly from the SUSE security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

Solution

Update the affected packages.

See Also

https://bugzilla.suse.com/1065729

https://bugzilla.suse.com/1088701

https://bugzilla.suse.com/1149446

https://bugzilla.suse.com/1179610

https://bugzilla.suse.com/1186463

https://bugzilla.suse.com/1196018

https://bugzilla.suse.com/1202346

https://bugzilla.suse.com/1215420

https://bugzilla.suse.com/1216834

https://bugzilla.suse.com/1220138

https://bugzilla.suse.com/1220833

https://bugzilla.suse.com/1220942

https://bugzilla.suse.com/1221045

https://bugzilla.suse.com/1221614

https://bugzilla.suse.com/1221616

https://bugzilla.suse.com/1221618

https://bugzilla.suse.com/1221656

https://bugzilla.suse.com/1221659

https://bugzilla.suse.com/1222005

https://bugzilla.suse.com/1222060

https://bugzilla.suse.com/1222317

https://bugzilla.suse.com/1222326

https://bugzilla.suse.com/1222372

https://bugzilla.suse.com/1222625

https://bugzilla.suse.com/1222776

https://bugzilla.suse.com/1222792

https://bugzilla.suse.com/1222824

https://bugzilla.suse.com/1222829

https://bugzilla.suse.com/1222866

https://bugzilla.suse.com/1223012

https://bugzilla.suse.com/1223021

https://bugzilla.suse.com/1223188

https://bugzilla.suse.com/1223778

https://bugzilla.suse.com/1223813

https://bugzilla.suse.com/1223815

https://bugzilla.suse.com/1224500

https://bugzilla.suse.com/1224512

https://bugzilla.suse.com/1224545

https://bugzilla.suse.com/1224557

https://bugzilla.suse.com/1224571

https://bugzilla.suse.com/1224576

https://bugzilla.suse.com/1224587

https://bugzilla.suse.com/1224622

https://bugzilla.suse.com/1224627

https://bugzilla.suse.com/1224637

https://bugzilla.suse.com/1224641

https://bugzilla.suse.com/1224647

https://bugzilla.suse.com/1224663

https://bugzilla.suse.com/1224683

https://bugzilla.suse.com/1224686

https://bugzilla.suse.com/1224699

https://bugzilla.suse.com/1224700

https://bugzilla.suse.com/1224743

https://bugzilla.suse.com/1224965

https://bugzilla.suse.com/1224975

https://bugzilla.suse.com/1225003

https://bugzilla.suse.com/1225214

https://bugzilla.suse.com/1225224

https://bugzilla.suse.com/1225229

https://bugzilla.suse.com/1225238

https://bugzilla.suse.com/1225241

https://bugzilla.suse.com/1225326

https://bugzilla.suse.com/1225328

https://bugzilla.suse.com/1225346

https://bugzilla.suse.com/1225357

https://bugzilla.suse.com/1225361

https://bugzilla.suse.com/1225396

https://bugzilla.suse.com/1225427

https://bugzilla.suse.com/1225431

https://bugzilla.suse.com/1225455

https://bugzilla.suse.com/1225478

https://bugzilla.suse.com/1225505

https://bugzilla.suse.com/1225530

https://bugzilla.suse.com/1225532

https://bugzilla.suse.com/1225569

https://bugzilla.suse.com/1225593

https://bugzilla.suse.com/1225711

https://bugzilla.suse.com/1225719

https://bugzilla.suse.com/1225767

https://bugzilla.suse.com/1225820

https://bugzilla.suse.com/1225835

https://bugzilla.suse.com/1225838

https://bugzilla.suse.com/1225898

https://bugzilla.suse.com/1226550

https://bugzilla.suse.com/1226553

https://bugzilla.suse.com/1226555

https://bugzilla.suse.com/1226559

https://bugzilla.suse.com/1226568

https://bugzilla.suse.com/1226571

https://bugzilla.suse.com/1226645

https://bugzilla.suse.com/1226757

https://bugzilla.suse.com/1226783

https://bugzilla.suse.com/1226786

https://bugzilla.suse.com/1226834

https://bugzilla.suse.com/1226861

https://bugzilla.suse.com/1226908

https://bugzilla.suse.com/1226994

https://bugzilla.suse.com/1227191

https://bugzilla.suse.com/1227213

https://bugzilla.suse.com/1227407

https://bugzilla.suse.com/1227435

https://bugzilla.suse.com/1227487

https://bugzilla.suse.com/1227573

https://bugzilla.suse.com/1227618

https://bugzilla.suse.com/1227626

https://bugzilla.suse.com/1227716

https://bugzilla.suse.com/1227725

https://bugzilla.suse.com/1227729

https://bugzilla.suse.com/1227730

https://bugzilla.suse.com/1227733

https://bugzilla.suse.com/1227750

https://bugzilla.suse.com/1227754

https://bugzilla.suse.com/1227762

https://bugzilla.suse.com/1227770

https://bugzilla.suse.com/1227771

https://bugzilla.suse.com/1227772

https://bugzilla.suse.com/1227774

https://bugzilla.suse.com/1227786

https://bugzilla.suse.com/1227790

https://bugzilla.suse.com/1227806

https://bugzilla.suse.com/1227824

https://bugzilla.suse.com/1227828

https://bugzilla.suse.com/1227830

https://bugzilla.suse.com/1227836

https://bugzilla.suse.com/1227849

https://bugzilla.suse.com/1227865

https://bugzilla.suse.com/1227866

https://bugzilla.suse.com/1227884

https://bugzilla.suse.com/1227886

https://bugzilla.suse.com/1227891

https://bugzilla.suse.com/1227913

https://bugzilla.suse.com/1227924

https://bugzilla.suse.com/1227928

https://bugzilla.suse.com/1227929

https://bugzilla.suse.com/1227936

https://bugzilla.suse.com/1227957

https://bugzilla.suse.com/1227968

https://bugzilla.suse.com/1227969

https://bugzilla.suse.com/1227975

https://bugzilla.suse.com/1227985

https://bugzilla.suse.com/1227989

https://bugzilla.suse.com/1228003

https://bugzilla.suse.com/1228005

https://bugzilla.suse.com/1228008

https://bugzilla.suse.com/1228013

https://bugzilla.suse.com/1228025

https://bugzilla.suse.com/1228030

https://bugzilla.suse.com/1228037

https://bugzilla.suse.com/1228045

https://bugzilla.suse.com/1228054

https://bugzilla.suse.com/1228055

https://bugzilla.suse.com/1228063

https://bugzilla.suse.com/1228071

https://bugzilla.suse.com/1228235

https://bugzilla.suse.com/1228237

https://bugzilla.suse.com/1228327

https://bugzilla.suse.com/1228328

https://bugzilla.suse.com/1228408

https://bugzilla.suse.com/1228409

https://bugzilla.suse.com/1228410

https://bugzilla.suse.com/1228470

https://bugzilla.suse.com/1228530

https://bugzilla.suse.com/1228561

https://bugzilla.suse.com/1228565

https://bugzilla.suse.com/1228567

https://bugzilla.suse.com/1228580

https://bugzilla.suse.com/1228581

https://bugzilla.suse.com/1228584

https://bugzilla.suse.com/1228588

https://bugzilla.suse.com/1228599

https://bugzilla.suse.com/1228617

https://bugzilla.suse.com/1228625

https://bugzilla.suse.com/1228626

https://bugzilla.suse.com/1228633

https://bugzilla.suse.com/1228640

https://bugzilla.suse.com/1228649

https://bugzilla.suse.com/1228655

https://bugzilla.suse.com/1228658

https://bugzilla.suse.com/1228662

https://bugzilla.suse.com/1228680

https://bugzilla.suse.com/1228705

https://bugzilla.suse.com/1228723

https://bugzilla.suse.com/1228726

https://bugzilla.suse.com/1228743

https://bugzilla.suse.com/1228850

https://lists.suse.com/pipermail/sle-updates/2024-August/036444.html

https://www.suse.com/security/cve/CVE-2020-26558

https://www.suse.com/security/cve/CVE-2021-0129

https://www.suse.com/security/cve/CVE-2021-47145

https://www.suse.com/security/cve/CVE-2021-47191

https://www.suse.com/security/cve/CVE-2021-47194

https://www.suse.com/security/cve/CVE-2021-47197

https://www.suse.com/security/cve/CVE-2021-47201

https://www.suse.com/security/cve/CVE-2021-47219

https://www.suse.com/security/cve/CVE-2021-47275

https://www.suse.com/security/cve/CVE-2021-47295

https://www.suse.com/security/cve/CVE-2024-26830

https://www.suse.com/security/cve/CVE-2024-26863

https://www.suse.com/security/cve/CVE-2024-26880

https://www.suse.com/security/cve/CVE-2024-26920

https://www.suse.com/security/cve/CVE-2024-26924

https://www.suse.com/security/cve/CVE-2024-27019

https://www.suse.com/security/cve/CVE-2024-27020

https://www.suse.com/security/cve/CVE-2024-39475

https://www.suse.com/security/cve/CVE-2024-39487

https://www.suse.com/security/cve/CVE-2024-39488

https://www.suse.com/security/cve/CVE-2024-39490

https://www.suse.com/security/cve/CVE-2024-39494

https://www.suse.com/security/cve/CVE-2024-39499

https://www.suse.com/security/cve/CVE-2024-39501

https://www.suse.com/security/cve/CVE-2024-39506

https://www.suse.com/security/cve/CVE-2024-39507

https://www.suse.com/security/cve/CVE-2024-39509

https://www.suse.com/security/cve/CVE-2024-40901

https://www.suse.com/security/cve/CVE-2024-40978

https://www.suse.com/security/cve/CVE-2024-40982

https://www.suse.com/security/cve/CVE-2024-40987

https://www.suse.com/security/cve/CVE-2024-40988

https://www.suse.com/security/cve/CVE-2024-40990

https://www.suse.com/security/cve/CVE-2024-40995

https://www.suse.com/security/cve/CVE-2024-40998

https://www.suse.com/security/cve/CVE-2024-40999

https://www.suse.com/security/cve/CVE-2024-41014

https://www.suse.com/security/cve/CVE-2024-41015

https://www.suse.com/security/cve/CVE-2024-41016

https://www.suse.com/security/cve/CVE-2024-41044

https://www.suse.com/security/cve/CVE-2024-41048

https://www.suse.com/security/cve/CVE-2024-41059

https://www.suse.com/security/cve/CVE-2024-42223

https://www.suse.com/security/cve/CVE-2024-42224

https://www.suse.com/security/cve/CVE-2021-47388

https://www.suse.com/security/cve/CVE-2021-47395

https://www.suse.com/security/cve/CVE-2021-47399

https://www.suse.com/security/cve/CVE-2021-47403

https://www.suse.com/security/cve/CVE-2021-47405

https://www.suse.com/security/cve/CVE-2021-47438

https://www.suse.com/security/cve/CVE-2021-47441

https://www.suse.com/security/cve/CVE-2021-47468

https://www.suse.com/security/cve/CVE-2021-47498

https://www.suse.com/security/cve/CVE-2021-47501

https://www.suse.com/security/cve/CVE-2021-47516

https://www.suse.com/security/cve/CVE-2021-47520

https://www.suse.com/security/cve/CVE-2021-47542

https://www.suse.com/security/cve/CVE-2021-47547

https://www.suse.com/security/cve/CVE-2021-47559

https://www.suse.com/security/cve/CVE-2021-47580

https://www.suse.com/security/cve/CVE-2021-47582

https://www.suse.com/security/cve/CVE-2021-47588

https://www.suse.com/security/cve/CVE-2021-47597

https://www.suse.com/security/cve/CVE-2021-47599

https://www.suse.com/security/cve/CVE-2021-47606

https://www.suse.com/security/cve/CVE-2021-47619

https://www.suse.com/security/cve/CVE-2022-20368

https://www.suse.com/security/cve/CVE-2022-28748

https://www.suse.com/security/cve/CVE-2022-2964

https://www.suse.com/security/cve/CVE-2022-48775

https://www.suse.com/security/cve/CVE-2022-48792

https://www.suse.com/security/cve/CVE-2022-48794

https://www.suse.com/security/cve/CVE-2022-48804

https://www.suse.com/security/cve/CVE-2022-48805

https://www.suse.com/security/cve/CVE-2022-48810

https://www.suse.com/security/cve/CVE-2022-48811

https://www.suse.com/security/cve/CVE-2022-48823

https://www.suse.com/security/cve/CVE-2022-48826

https://www.suse.com/security/cve/CVE-2022-48827

https://www.suse.com/security/cve/CVE-2022-48828

https://www.suse.com/security/cve/CVE-2022-48829

https://www.suse.com/security/cve/CVE-2022-48836

https://www.suse.com/security/cve/CVE-2022-48839

https://www.suse.com/security/cve/CVE-2022-48850

https://www.suse.com/security/cve/CVE-2022-48855

https://www.suse.com/security/cve/CVE-2022-48857

https://www.suse.com/security/cve/CVE-2022-48860

https://www.suse.com/security/cve/CVE-2022-48863

https://www.suse.com/security/cve/CVE-2023-4244

https://www.suse.com/security/cve/CVE-2023-52435

https://www.suse.com/security/cve/CVE-2023-52507

https://www.suse.com/security/cve/CVE-2023-52594

https://www.suse.com/security/cve/CVE-2023-52612

https://www.suse.com/security/cve/CVE-2023-52615

https://www.suse.com/security/cve/CVE-2023-52619

https://www.suse.com/security/cve/CVE-2023-52623

https://www.suse.com/security/cve/CVE-2023-52669

https://www.suse.com/security/cve/CVE-2023-52683

https://www.suse.com/security/cve/CVE-2023-52693

https://www.suse.com/security/cve/CVE-2023-52743

https://www.suse.com/security/cve/CVE-2023-52753

https://www.suse.com/security/cve/CVE-2023-52817

https://www.suse.com/security/cve/CVE-2023-52818

https://www.suse.com/security/cve/CVE-2023-52819

https://www.suse.com/security/cve/CVE-2023-52885

https://www.suse.com/security/cve/CVE-2024-26615

https://www.suse.com/security/cve/CVE-2024-26635

https://www.suse.com/security/cve/CVE-2024-26636

https://www.suse.com/security/cve/CVE-2024-26659

https://www.suse.com/security/cve/CVE-2024-26663

https://www.suse.com/security/cve/CVE-2024-26735

https://www.suse.com/security/cve/CVE-2024-27025

https://www.suse.com/security/cve/CVE-2024-27437

https://www.suse.com/security/cve/CVE-2024-35805

https://www.suse.com/security/cve/CVE-2024-35806

https://www.suse.com/security/cve/CVE-2024-35819

https://www.suse.com/security/cve/CVE-2024-35828

https://www.suse.com/security/cve/CVE-2024-35837

https://www.suse.com/security/cve/CVE-2024-35887

https://www.suse.com/security/cve/CVE-2024-35893

https://www.suse.com/security/cve/CVE-2024-35934

https://www.suse.com/security/cve/CVE-2024-35947

https://www.suse.com/security/cve/CVE-2024-35949

https://www.suse.com/security/cve/CVE-2024-35966

https://www.suse.com/security/cve/CVE-2024-35967

https://www.suse.com/security/cve/CVE-2024-35978

https://www.suse.com/security/cve/CVE-2024-35995

https://www.suse.com/security/cve/CVE-2024-36004

https://www.suse.com/security/cve/CVE-2024-36014

https://www.suse.com/security/cve/CVE-2024-36288

https://www.suse.com/security/cve/CVE-2024-36592

https://www.suse.com/security/cve/CVE-2024-36901

https://www.suse.com/security/cve/CVE-2024-36902

https://www.suse.com/security/cve/CVE-2024-36919

https://www.suse.com/security/cve/CVE-2024-36924

https://www.suse.com/security/cve/CVE-2024-36939

https://www.suse.com/security/cve/CVE-2024-36941

https://www.suse.com/security/cve/CVE-2024-36952

https://www.suse.com/security/cve/CVE-2024-38558

https://www.suse.com/security/cve/CVE-2024-38560

https://www.suse.com/security/cve/CVE-2024-38598

https://www.suse.com/security/cve/CVE-2024-38619

https://www.suse.com/security/cve/CVE-2024-38630

https://www.suse.com/security/cve/CVE-2024-39301

https://www.suse.com/security/cve/CVE-2024-40904

https://www.suse.com/security/cve/CVE-2024-40912

https://www.suse.com/security/cve/CVE-2024-40923

https://www.suse.com/security/cve/CVE-2024-40929

https://www.suse.com/security/cve/CVE-2024-40932

https://www.suse.com/security/cve/CVE-2024-40937

https://www.suse.com/security/cve/CVE-2024-40941

https://www.suse.com/security/cve/CVE-2024-40942

https://www.suse.com/security/cve/CVE-2024-40943

https://www.suse.com/security/cve/CVE-2024-40953

https://www.suse.com/security/cve/CVE-2024-40959

https://www.suse.com/security/cve/CVE-2024-40966

https://www.suse.com/security/cve/CVE-2024-40967

https://www.suse.com/security/cve/CVE-2024-41060

https://www.suse.com/security/cve/CVE-2024-41063

https://www.suse.com/security/cve/CVE-2024-41064

https://www.suse.com/security/cve/CVE-2024-41066

https://www.suse.com/security/cve/CVE-2024-41070

https://www.suse.com/security/cve/CVE-2024-41071

https://www.suse.com/security/cve/CVE-2024-41072

https://www.suse.com/security/cve/CVE-2024-41076

https://www.suse.com/security/cve/CVE-2024-41078

https://www.suse.com/security/cve/CVE-2024-41081

https://www.suse.com/security/cve/CVE-2024-41089

https://www.suse.com/security/cve/CVE-2024-41090

https://www.suse.com/security/cve/CVE-2024-41091

https://www.suse.com/security/cve/CVE-2024-41095

https://www.suse.com/security/cve/CVE-2024-42070

https://www.suse.com/security/cve/CVE-2024-42093

https://www.suse.com/security/cve/CVE-2024-42096

https://www.suse.com/security/cve/CVE-2024-42119

https://www.suse.com/security/cve/CVE-2024-42120

https://www.suse.com/security/cve/CVE-2024-42124

https://www.suse.com/security/cve/CVE-2024-42145

Plugin Details

Severity: High

ID: 205579

File Name: suse_SU-2024-2901-1.nasl

Version: 1.3

Type: local

Agent: unix

Published: 8/15/2024

Updated: 9/26/2024

Supported Sensors: Agentless Assessment, Continuous Assessment, Frictionless Assessment Agent, Frictionless Assessment AWS, Frictionless Assessment Azure, Nessus Agent, Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 6.7

CVSS v2

Risk Factor: Medium

Base Score: 4.3

Temporal Score: 3.2

Vector: CVSS2#AV:A/AC:M/Au:N/C:P/I:P/A:N

CVSS Score Source: CVE-2020-26558

CVSS v3

Risk Factor: High

Base Score: 7.8

Temporal Score: 6.8

Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Temporal Vector: CVSS:3.0/E:U/RL:O/RC:C

CVSS Score Source: CVE-2024-42093

Vulnerability Information

CPE: cpe:/o:novell:suse_linux:12, p-cpe:/a:novell:suse_linux:kernel-source-azure, p-cpe:/a:novell:suse_linux:kernel-syms-azure, p-cpe:/a:novell:suse_linux:kernel-azure-base, p-cpe:/a:novell:suse_linux:kernel-azure-devel, p-cpe:/a:novell:suse_linux:kernel-devel-azure, p-cpe:/a:novell:suse_linux:kernel-azure

Required KB Items: Host/local_checks_enabled, Host/cpu, Host/SuSE/release, Host/SuSE/rpm-list

Exploit Ease: No known exploits are available

Patch Publication Date: 8/14/2024

Vulnerability Publication Date: 5/24/2021

Reference Information

CVE: CVE-2020-26558, CVE-2021-0129, CVE-2021-47145, CVE-2021-47191, CVE-2021-47194, CVE-2021-47197, CVE-2021-47201, CVE-2021-47219, CVE-2021-47275, CVE-2021-47295, CVE-2021-47388, CVE-2021-47395, CVE-2021-47399, CVE-2021-47403, CVE-2021-47405, CVE-2021-47438, CVE-2021-47441, CVE-2021-47468, CVE-2021-47498, CVE-2021-47501, CVE-2021-47516, CVE-2021-47520, CVE-2021-47542, CVE-2021-47547, CVE-2021-47559, CVE-2021-47580, CVE-2021-47582, CVE-2021-47588, CVE-2021-47597, CVE-2021-47599, CVE-2021-47606, CVE-2021-47619, CVE-2022-20368, CVE-2022-28748, CVE-2022-2964, CVE-2022-48775, CVE-2022-48792, CVE-2022-48794, CVE-2022-48804, CVE-2022-48805, CVE-2022-48810, CVE-2022-48811, CVE-2022-48823, CVE-2022-48826, CVE-2022-48827, CVE-2022-48828, CVE-2022-48829, CVE-2022-48836, CVE-2022-48839, CVE-2022-48850, CVE-2022-48855, CVE-2022-48857, CVE-2022-48860, CVE-2022-48863, CVE-2023-4244, CVE-2023-52435, CVE-2023-52507, CVE-2023-52594, CVE-2023-52612, CVE-2023-52615, CVE-2023-52619, CVE-2023-52623, CVE-2023-52669, CVE-2023-52683, CVE-2023-52693, CVE-2023-52743, CVE-2023-52753, CVE-2023-52817, CVE-2023-52818, CVE-2023-52819, CVE-2023-52885, CVE-2024-26615, CVE-2024-26635, CVE-2024-26636, CVE-2024-26659, CVE-2024-26663, CVE-2024-26735, CVE-2024-26830, CVE-2024-26863, CVE-2024-26880, CVE-2024-26920, CVE-2024-26924, CVE-2024-27019, CVE-2024-27020, CVE-2024-27025, CVE-2024-27437, CVE-2024-35805, CVE-2024-35806, CVE-2024-35819, CVE-2024-35828, CVE-2024-35837, CVE-2024-35887, CVE-2024-35893, CVE-2024-35934, CVE-2024-35947, CVE-2024-35949, CVE-2024-35966, CVE-2024-35967, CVE-2024-35978, CVE-2024-35995, CVE-2024-36004, CVE-2024-36014, CVE-2024-36288, CVE-2024-36592, CVE-2024-36901, CVE-2024-36902, CVE-2024-36919, CVE-2024-36924, CVE-2024-36939, CVE-2024-36941, CVE-2024-36952, CVE-2024-38558, CVE-2024-38560, CVE-2024-38598, CVE-2024-38619, CVE-2024-38630, CVE-2024-39301, CVE-2024-39475, CVE-2024-39487, CVE-2024-39488, CVE-2024-39490, CVE-2024-39494, CVE-2024-39499, CVE-2024-39501, CVE-2024-39506, CVE-2024-39507, CVE-2024-39509, CVE-2024-40901, CVE-2024-40904, CVE-2024-40912, CVE-2024-40923, CVE-2024-40929, CVE-2024-40932, CVE-2024-40937, CVE-2024-40941, CVE-2024-40942, CVE-2024-40943, CVE-2024-40953, CVE-2024-40959, CVE-2024-40966, CVE-2024-40967, CVE-2024-40978, CVE-2024-40982, CVE-2024-40987, CVE-2024-40988, CVE-2024-40990, CVE-2024-40995, CVE-2024-40998, CVE-2024-40999, CVE-2024-41014, CVE-2024-41015, CVE-2024-41016, CVE-2024-41044, CVE-2024-41048, CVE-2024-41059, CVE-2024-41060, CVE-2024-41063, CVE-2024-41064, CVE-2024-41066, CVE-2024-41070, CVE-2024-41071, CVE-2024-41072, CVE-2024-41076, CVE-2024-41078, CVE-2024-41081, CVE-2024-41089, CVE-2024-41090, CVE-2024-41091, CVE-2024-41095, CVE-2024-42070, CVE-2024-42093, CVE-2024-42096, CVE-2024-42119, CVE-2024-42120, CVE-2024-42124, CVE-2024-42145, CVE-2024-42223, CVE-2024-42224

SuSE: SUSE-SU-2024:2901-1