SUSE SLES12 Security Update : kernel (SUSE-SU-2024:3189-1)

high Nessus Plugin ID 206954

Language:

Synopsis

The remote SUSE host is missing one or more security updates.

Description

The remote SUSE Linux SLES12 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2024:3189-1 advisory.

The SUSE Linux Enterprise 12 SP5 RT kernel was updated to receive various security bugfixes.

The following security bugs were fixed:

- CVE-2024-43907: drm/amdgpu/pm: fix the null pointer dereference in apply_state_adjust_rules (bsc#1229787).
- CVE-2024-43905: drm/amd/pm: fix the null pointer dereference for vega10_hwmgr (bsc#1229784).
- CVE-2024-43902: Add null checker before passing variables (bsc#1229767).
- CVE-2024-43900: Avoid use-after-free in load_firmware_cb() (bsc#1229756).
- CVE-2024-43893: Check uartclk for zero to avoid divide by zero (bsc#1229759).
- CVE-2024-43883: Do not drop references before new references are gained (bsc#1229707).
- CVE-2024-43882: Fixed ToCToU between perm check and set-uid/gid usage. (bsc#1229503)
- CVE-2024-43879: wifi: cfg80211: handle 2x996 RU allocation in cfg80211_calculate_bitrate_he() (bsc#1229482).
- CVE-2024-43872: RDMA/hns: Fix soft lockup under heavy CEQE load (bsc#1229489).
- CVE-2024-43871: devres: Fix memory leakage caused by driver API devm_free_percpu() (bsc#1229490).
- CVE-2024-43866: net/mlx5: Always drain health in shutdown callback (bsc#1229495).
- CVE-2024-43863: drm/vmwgfx: Fix a deadlock in dma buf fence polling (bsc#1229497).
- CVE-2024-43861: Fix memory leak for not ip packets (bsc#1229500).
- CVE-2024-43856: dma: fix call order in dmam_free_coherent (bsc#1229346).
- CVE-2024-43854: block: initialize integrity buffer to zero before writing it to media (bsc#1229345)
- CVE-2024-43839: bna: adjust 'name' buf size of bna_tcb and bna_ccb structures (bsc#1229301).
- CVE-2024-43831: media: mediatek: vcodec: Handle invalid decoder vsi (bsc#1229309).
- CVE-2024-43819: Reject memory region operations for ucontrol VMs (bsc#1229290 git-fixes).
- CVE-2024-42322: ipvs: properly dereference pe in ip_vs_add_service (bsc#1229347)
- CVE-2024-42312: sysctl: always initialize i_uid/i_gid (bsc#1229357)
- CVE-2024-42310: drm/gma500: fix null pointer dereference in cdv_intel_lvds_get_modes (bsc#1229358).
- CVE-2024-42309: drm/gma500: fix null pointer dereference in psb_intel_lvds_get_modes (bsc#1229359).
- CVE-2024-42301: dev/parport: fix the array out-of-bounds risk (bsc#1229407).
- CVE-2024-42285: RDMA/iwcm: Fix a use-after-free related to destroying CM IDs (bsc#1229381).
- CVE-2024-42284: tipc: Return non-zero value from tipc_udp_addr2str() on error (bsc#1229382)
- CVE-2024-42281: bpf: Fix a segment issue when downgrading gso_size (bsc#1229386).
- CVE-2024-42280: Fix a use after free in hfcmulti_tx() (bsc#1229388)
- CVE-2024-42271: Fixed a use after free in iucv_sock_close(). (bsc#1229400)
- CVE-2024-42259: drm/i915/gem: fix Virtual Memory mapping boundaries calculation (bsc#1229156).
- CVE-2024-42246: net, sunrpc: Remap EPERM in case of connection failure in xs_tcp_setup_socket (bsc#1228989).
- CVE-2024-42244: usb: serial: mos7840: fix crash on resume (bsc#1228967).
- CVE-2024-42236: usb: gadget: configfs: prevent OOB read/write in usb_string_copy() (bsc#1228964).
- CVE-2024-42232: Fixed a race between delayed_work() and ceph_monc_stop(). (bsc#1228959)
- CVE-2024-42228: Using uninitialized value *size when calling amdgpu_vce_cs_reloc (bsc#1228667).
- CVE-2024-42226: usb: xhci: prevent potential failure in handle_tx_event() for Transfer events without TRB (bsc#1228709).
- CVE-2024-42162: gve: Account for stopped queues when reading NIC stats (bsc#1228706).
- CVE-2024-42158: s390/pkey: Use kfree_sensitive() to fix Coccinelle warnings (bsc#1228720).
- CVE-2024-42157: s390/pkey: Wipe sensitive data on failure (bsc#1228727).
- CVE-2024-42155: s390/pkey: Wipe copies of protected- and secure-keys (bsc#1228733).
- CVE-2024-42148: bnx2x: Fix multiple UBSAN array-index-out-of-bounds (bsc#1228487).
- CVE-2024-42110: net: ntb_netdev: Move ntb_netdev_rx_handler() to call netif_rx() from __netif_rx() (bsc#1228501).
- CVE-2024-42106: inet_diag: Initialize pad field in struct inet_diag_req_v2 (bsc#1228493).
- CVE-2024-42101: drm/nouveau: fix null pointer dereference in nouveau_connector_get_modes (bsc#1228495).
- CVE-2024-42090: pinctrl: fix deadlock in create_pinctrl() when handling -EPROBE_DEFER (bsc#1228449).
- CVE-2024-42082: xdp: Remove WARN() from __xdp_reg_mem_model() (bsc#1228482).
- CVE-2024-41098: ata: libata-core: Fix null pointer dereference on error (bsc#1228467).
- CVE-2024-41087: Fix double free on error (CVE-2024-41087,bsc#1228466).
- CVE-2024-41068: s390/sclp: Fix sclp_init() cleanup on failure (bsc#1228579).
- CVE-2024-41062: bluetooth/l2cap: sync sock recv cb and release (bsc#1228576).
- CVE-2024-41035: usb: core: Fix duplicate endpoint bug by clearing reserved bits in the descriptor (bsc#1228485).
- CVE-2024-41020: filelock: Fix fcntl/close race recovery compat path (bsc#1228427).
- CVE-2024-41012: filelock: Remove locks reliably when fcntl/close race is detected (bsc#1228247).
- CVE-2024-40984: ACPICA: Revert 'ACPICA: avoid Info: mapping multiple BARs. Your kernel is fine.' (bsc#1227820).
- CVE-2024-39489: ipv6: sr: fix memleak in seg6_hmac_init_algo (bsc#1227623)
- CVE-2024-38662: selftests/bpf: Cover verifier checks for mutating sockmap/sockhash (bsc#1226885).
- CVE-2024-38618: ALSA: timer: Set lower bound of start tick time (bsc#1226754).
- CVE-2024-36286: netfilter: nfnetlink_queue: acquire rcu_read_lock() in instance_destroy_rcu() (bsc#1226801)
- CVE-2024-36270: Fix reference in patches.suse/netfilter-tproxy-bail-out-if-IP-has-been-disabled-on.patch (bsc#1226798)
- CVE-2024-36013: Fix slab-use-after-free in l2cap_connect() (bsc#1225578).
- CVE-2024-35965: Bluetooth: L2CAP: Fix not validating setsockopt user input (bsc#1224579).
- CVE-2024-35933: Bluetooth: btintel: Fix null ptr deref in btintel_read_version (bsc#1224640).
- CVE-2024-35915: nfc: nci: Fix uninit-value in nci_dev_up and nci_ntf_packet (bsc#1224479).
- CVE-2024-27011: netfilter: nf_tables: fix memleak in map from abort path (bsc#1223803).
- CVE-2024-26851: netfilter: nf_conntrack_h323: Add protection for bmp length out of range (bsc#1223074)
- CVE-2024-26812: kABI: vfio: struct virqfd kABI workaround (bsc#1222808).
- CVE-2024-26677: Blacklist e7870cf13d20 (' Fix delayed ACKs to not set the reference serial number') (bsc#1222387)
- CVE-2024-26668: netfilter: nft_limit: reject configurations that cause integer overflow (bsc#1222335).
- CVE-2023-52907: nfc: pn533: Wait for out_urb's completion in pn533_usb_send_frame() (bsc#1229526).
- CVE-2023-52893: gsmi: fix null-deref in gsmi_get_variable (bsc#1229535).
- CVE-2023-52708: mmc: mmc_spi: fix error handling in mmc_spi_probe() (bsc#1225483).
- CVE-2022-48920: Get rid of warning on transaction commit when using flushoncommit (bsc#1229658).
- CVE-2022-48910: net: ipv6: ensure we call ipv6_mc_down() at most once (bsc#1229632).
- CVE-2022-48875: wifi: mac80211: sdata can be NULL during AMPDU start (bsc#1229516).
- CVE-2022-48865: Fix kernel panic when enabling bearer (bsc#1228065).
- CVE-2022-48822: usb: f_fs: fix use-after-free for epfile (bsc#1228040).
- CVE-2022-48786: vsock: remove vsock from connected table when connect is interrupted by a signal (bsc#1227996).
- CVE-2022-48769: efi: runtime: avoid EFIv2 runtime services on Apple x86 machines (bsc#1226629).
- CVE-2022-48751: net/smc: transitional solution for clcsock race issue (bsc#1226653).
- CVE-2021-47549: sata_fsl: fix UAF in sata_fsl_port_stop when rmmod sata_fsl (bsc#1225508).
- CVE-2021-47425: i2c: acpi: fix resource leak in reconfiguration device addition (bsc#1225223).
- CVE-2021-47373: irqchip/gic-v3-its: Fix potential VPE leak on error (bsc#1225190).
- CVE-2021-47341: KVM: mmio: Fix use-after-free Read in kvm_vm_ioctl_unregister_coalesced_mmio (bsc#1224923).
- CVE-2021-47289: ACPI: fix NULL pointer dereference (bsc#1224984).
- CVE-2021-47257: net: ieee802154: fix null deref in parse dev addr (bsc#1224896).
- CVE-2021-4440: x86/xen: drop USERGS_SYSRET64 paravirt call (bsc#1227069).

Tenable has extracted the preceding description block directly from the SUSE security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

Solution

Update the affected packages.

Plugin Details

Severity: High

ID: 206954

File Name: suse_SU-2024-3189-1.nasl

Version: 1.1

Type: local

Agent: unix

Family: SuSE Local Security Checks

Published: 9/11/2024

Updated: 9/11/2024

Supported Sensors: Frictionless Assessment AWS, Frictionless Assessment Azure, Frictionless Assessment Agent, Nessus Agent, Agentless Assessment, Nessus

Risk Information

VPR

Risk Factor: High

Score: 7.4

CVSS v2

Risk Factor: Medium

Base Score: 6.8

Temporal Score: 5.3

Vector: CVSS2#AV:L/AC:L/Au:S/C:C/I:C/A:C

CVSS Score Source: CVE-2024-43900

CVSS v3

Risk Factor: High

Base Score: 7.8

Temporal Score: 7

Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Temporal Vector: CVSS:3.0/E:P/RL:O/RC:C

Vulnerability Information

CPE: p-cpe:/a:novell:suse_linux:dlm-kmp-rt, p-cpe:/a:novell:suse_linux:kernel-rt-devel, p-cpe:/a:novell:suse_linux:kernel-source-rt, cpe:/o:novell:suse_linux:12, p-cpe:/a:novell:suse_linux:kernel-rt-base, p-cpe:/a:novell:suse_linux:gfs2-kmp-rt, p-cpe:/a:novell:suse_linux:kernel-syms-rt, p-cpe:/a:novell:suse_linux:cluster-md-kmp-rt, p-cpe:/a:novell:suse_linux:kernel-rt_debug-devel, p-cpe:/a:novell:suse_linux:kernel-rt_debug, p-cpe:/a:novell:suse_linux:kernel-rt, p-cpe:/a:novell:suse_linux:ocfs2-kmp-rt, p-cpe:/a:novell:suse_linux:kernel-devel-rt

Required KB Items: Host/local_checks_enabled, Host/cpu, Host/SuSE/release, Host/SuSE/rpm-list

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 9/10/2024

Vulnerability Publication Date: 2/15/2024

Reference Information

CVE: CVE-2021-4440, CVE-2021-47257, CVE-2021-47289, CVE-2021-47341, CVE-2021-47373, CVE-2021-47425, CVE-2021-47549, CVE-2022-48751, CVE-2022-48769, CVE-2022-48786, CVE-2022-48822, CVE-2022-48865, CVE-2022-48875, CVE-2022-48896, CVE-2022-48899, CVE-2022-48905, CVE-2022-48910, CVE-2022-48919, CVE-2022-48920, CVE-2022-48925, CVE-2022-48930, CVE-2022-48931, CVE-2022-48938, CVE-2023-52708, CVE-2023-52893, CVE-2023-52901, CVE-2023-52907, CVE-2024-26668, CVE-2024-26677, CVE-2024-26812, CVE-2024-26851, CVE-2024-27011, CVE-2024-35915, CVE-2024-35933, CVE-2024-35965, CVE-2024-36013, CVE-2024-36270, CVE-2024-36286, CVE-2024-38618, CVE-2024-38662, CVE-2024-39489, CVE-2024-40984, CVE-2024-41012, CVE-2024-41016, CVE-2024-41020, CVE-2024-41035, CVE-2024-41062, CVE-2024-41068, CVE-2024-41087, CVE-2024-41097, CVE-2024-41098, CVE-2024-42077, CVE-2024-42082, CVE-2024-42090, CVE-2024-42101, CVE-2024-42106, CVE-2024-42110, CVE-2024-42148, CVE-2024-42155, CVE-2024-42157, CVE-2024-42158, CVE-2024-42162, CVE-2024-42226, CVE-2024-42228, CVE-2024-42232, CVE-2024-42236, CVE-2024-42240, CVE-2024-42244, CVE-2024-42246, CVE-2024-42259, CVE-2024-42271, CVE-2024-42280, CVE-2024-42281, CVE-2024-42284, CVE-2024-42285, CVE-2024-42286, CVE-2024-42287, CVE-2024-42288, CVE-2024-42289, CVE-2024-42301, CVE-2024-42309, CVE-2024-42310, CVE-2024-42312, CVE-2024-42322, CVE-2024-43819, CVE-2024-43831, CVE-2024-43839, CVE-2024-43853, CVE-2024-43854, CVE-2024-43856, CVE-2024-43861, CVE-2024-43863, CVE-2024-43866, CVE-2024-43871, CVE-2024-43872, CVE-2024-43879, CVE-2024-43882, CVE-2024-43883, CVE-2024-43892, CVE-2024-43893, CVE-2024-43900, CVE-2024-43902, CVE-2024-43905, CVE-2024-43907

SuSE: SUSE-SU-2024:3189-1

Detections

Analytics