The remote SUSE Linux SLES15 / SLES_SAP15 / openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2024:3194-1 advisory.

    The SUSE Linux Enterprise 15 SP6 Azure kernel was updated to receive various security bugfixes.

    The following security bugs were fixed:

    - CVE-2024-41062: Sync sock recv cb and release (bsc#1228576).
    - CVE-2023-52489: Fix race in accessing memory_section->usage (bsc#1221326).
    - CVE-2024-43821: Fix a possible null pointer dereference (bsc#1229315).
    - CVE-2024-43911: Fix NULL dereference at band check in starting tx ba session (bsc#1229827).
    - CVE-2024-42277: Avoid NULL deref in sprd_iommu_hw_en (bsc#1229409).
    - CVE-2024-43880: Put back removed metod in struct objagg_ops (bsc#1229481).
    - CVE-2024-43899: Fix null pointer deref in dcn20_resource.c (bsc#1229754).
    - CVE-2024-43882: Fixed ToCToU between perm check and set-uid/gid usage. (bsc#1229503)
    - CVE-2024-43866: Always drain health in shutdown callback (bsc#1229495).
    - CVE-2024-26812: Struct virqfd kABI workaround (bsc#1222808).
    - CVE-2024-27010: Fix mirred deadlock on device recursion (bsc#1223720).
    - CVE-2024-36270: Fix reference in patches.suse/netfilter-tproxy-bail-out-if-IP-has-been-disabled-on.patch     (bsc#1226798)
    - CVE-2024-36881: Reset ptes when close() for wr-protected ones (bsc#1225718).
    - CVE-2024-42316: Fix div-by-zero in vmpressure_calc_level() (bsc#1229353).
    - CVE-2024-43855: Fix deadlock between mddev_suspend and flush bio (bsc#1229342,).
    - CVE-2024-43864: Fix CT entry update leaks of modify header context (bsc#1229496)
    - CVE-2024-26631: Fix data-race in ipv6_mc_down / mld_ifc_work (bsc#1221630).
    - CVE-2024-42109: Unconditionally flush pending work before notifier (bsc#1228505)
    - CVE-2024-41084: Avoid null pointer dereference in region lookup (bsc#1228472)
    - CVE-2024-40905: Fix possible race in __fib6_drop_pcpu_from() (bsc#1227761)
    - CVE-2024-39489: Fix memleak in seg6_hmac_init_algo (bsc#1227623)
    - CVE-2024-36489: Fix missing memory barrier in tls_init (bsc#1226874)
    - CVE-2024-27079: Add kABI workaround patch (bsc#1223742).
    - CVE-2024-41020: Fix fcntl/close race recovery compat path (bsc#1228427).
    - CVE-2024-35897: Discard table flag update with pending basechain deletion (bsc#1224510).
    - CVE-2024-27403: Restore const specifier in flow_offload_route_init() (bsc#1224415).
    - CVE-2024-27011: Fix memleak in map from abort path (bsc#1223803).
    - CVE-2024-26668: Reject configurations that cause integer overflow (bsc#1222335).
    - CVE-2024-26835: Set dormant flag on hook register failure (bsc#1222967).
    - CVE-2024-26808: Handle NETDEV_UNREGISTER for inet/ingress basechain (bsc#1222634).
    - CVE-2024-26809: Release elements in clone only from destroy path (bsc#1222633).
    - CVE-2023-52581: Fix memleak when more than 255 elements expired (bsc#1220877).
    - CVE-2024-43837: Fix updating attached freplace prog in prog_array map (bsc#1229297).
    - CVE-2024-35939: Fixed leak pages on dma_set_decrypted() failure (bsc#1224535).
    - CVE-2024-42291: Add a per-VF limit on number of FDIR filters (bsc#1229374).
    - CVE-2024-42268: Fix missing lock on sync reset reload (bsc#1229391).
    - CVE-2024-43834: Fix invalid wait context of page_pool_destroy() (bsc#1229314)
    - CVE-2024-27433: Fix an error handling path in clk_mt8135_apmixed_probe() (bsc#1224711).
    - CVE-2024-36286: Acquire rcu_read_lock() in instance_destroy_rcu() (bsc#1226801)
    - CVE-2024-26851: Add protection for bmp length out of range (bsc#1223074)
    - CVE-2024-40920: Fix suspicious rcu usage in br_mst_set_state (bsc#1227781).
    - CVE-2024-40921: Pass vlan group directly to br_mst_vlan_set_state (bsc#1227784).
    - CVE-2024-36979: Fix vlan use-after-free (bsc#1226604).
    - CVE-2024-26590: Fix inconsistent per-file compression format (bsc#1220252,).
    - CVE-2023-52859: Fix use-after-free when register pmu fails (bsc#1225582).
    - CVE-2024-42270: Fix null-ptr-deref in iptable_nat_table_init() (bsc#1229404)
    - CVE-2024-42269: Fix potential null-ptr-deref in ip6table_nat_table_init() (bsc#1229402)
    - CVE-2024-42284: Return non-zero value from tipc_udp_addr2str() on error (bsc#1229382)
    - CVE-2024-42283: Initialize all fields in dumped nexthops (bsc#1229383)
    - CVE-2024-42312: Always initialize i_uid/i_gid (bsc#1229357)
    - CVE-2024-43854: Initialize integrity buffer to zero before writing it to media (bsc#1229345)
    - CVE-2024-42322: Properly dereference pe in ip_vs_add_service (bsc#1229347)
    - CVE-2024-42308: Update DRM patch reference (bsc#1229411)
    - CVE-2024-42301: Update parport patch reference (bsc#1229407)
    - CVE-2024-42290: Handle runtime power management correctly (bsc#1229379).
    - CVE-2024-42318: Do not lose track of restrictions on cred_transfer (bsc#1229351).
    - CVE-2023-52889: Fix null pointer deref when receiving skb during sock creation (bsc#1229287,).
    - CVE-2024-42295: Handle inconsistent state in nilfs_btnode_create_block() (bsc#1229370).
    - CVE-2024-43850: Fix refcount imbalance seen during bwmon_remove (bsc#1229316).
    - CVE-2024-43831: Handle invalid decoder vsi (bsc#1229309).
    - CVE-2024-43839: Adjust 'name' buf size of bna_tcb and bna_ccb structures (bsc#1229301).
    - CVE-2024-41007: Use signed arithmetic in tcp_rtx_probe0_timed_out() (bsc#1227863).
    - CVE-2024-42281: Fix a segment issue when downgrading gso_size (bsc#1229386).
    - CVE-2024-26669: kABI fix for --Fix chain template offload (bsc#1222350).
    - CVE-2024-26677: kABI fix for -Fix delayed ACKs to not set the reference serial number (bsc#1222387).
    - CVE-2024-41050: Cyclic allocation of msg_id to avoid reuse (bsc#1228499).
    - CVE-2024-41051: Wait for ondemand_object_worker to finish when dropping object (bsc#1228468).
    - CVE-2024-41074: Set object to close if ondemand_id > 0 in copen (bsc#1228643).
    - CVE-2024-41075: Add consistency check for copen/cread (bsc#1228646).
    - CVE-2024-41012: Remove locks reliably when fcntl/close race is detected (bsc#1228247).
    - CVE-2024-41080: Fix possible deadlock in io_register_iowq_max_workers() (bsc#1228616).
    - CVE-2024-42246: Remap EPERM in case of connection failure in xs_tcp_setup_socket (bsc#1228989).
    - CVE-2024-42159: Use proper format specifier in mpi3mr_sas_port_add() (bsc#1228754 CVE-2024-42159 git-     fixes).
    - CVE-2024-42241: Disable PMD-sized page cache if needed (bsc#1228986).
    - CVE-2024-42245: Revert 'Make sure to try to detach at least one movable task' (bsc#1228978).
    - CVE-2024-26735: Fix possible use-after-free and null-ptr-deref (bsc#1222372).
    - CVE-2024-26837: Skip MDB replays of deferred events on offload (bsc#1222973).
    - CVE-2024-42155: Wipe copies of protected- and secure-keys (bsc#1228733).
    - CVE-2024-42156: Wipe copies of clear-key structures on failure (bsc#1228722).
    - CVE-2024-42157: Wipe sensitive data on failure (bsc#1228727).
    - CVE-2024-42158: Use kfree_sensitive() to fix Coccinelle warnings (bsc#1228720).
    - CVE-2024-38662: Cover verifier checks for mutating sockmap/sockhash (bsc#1226885).
    - CVE-2024-36911: Do not free decrypted memory (bsc#1225745).
    - CVE-2024-36910: Do not free decrypted memory (bsc#1225717).
    - CVE-2024-36909: Do not free ring buffers that couldn't be re-encrypted (bsc#1225744).
    - CVE-2024-40938: Fix d_parent walk (bsc#1227840).
    - CVE-2024-42247: Avoid unaligned 64-bit memory accesses (bsc#1228988).
    - CVE-2024-41010: Add netlink helper library (bsc#1228021).
    - CVE-2024-42106: Initialize pad field in struct inet_diag_req_v2 (bsc#1228493).
    - CVE-2024-42095: Fix Errata i2310 with RX FIFO level check (bsc#1228446).
    - CVE-2024-41068: Fix sclp_init() cleanup on failure (bsc#1228579).
    - CVE-2024-42138: Fix double memory deallocation in case of invalid INI file (bsc#1228500).
    - CVE-2024-42107: Do not process extts if PTP is disabled (bsc#1228494).
    - CVE-2024-42139: Fix improper extts handling (bsc#1228503).
    - CVE-2024-42110: Move ntb_netdev_rx_handler() to call netif_rx() from __netif_rx() (bsc#1228501).
    - CVE-2024-42113: Initialize num_q_vectors for MSI/INTx interrupts (bsc#1228568).
    - CVE-2024-42148: Fix multiple UBSAN array-index-out-of-bounds (bsc#1228487).
    - CVE-2024-42142: E-switch, Create ingress ACL when needed (bsc#1228491).
    - CVE-2024-42073: Fix memory corruptions on Spectrum-4 systems (bsc#1228457).
    - CVE-2024-42162: Account for stopped queues when reading NIC stats (bsc#1228706).
    - CVE-2024-42082: Remove WARN() from __xdp_reg_mem_model() (bsc#1228482).
    - CVE-2024-40978: Fix crash while reading debugfs attribute (bsc#1227929).
    - CVE-2024-41000: Prefer different overflow check (bsc#1227867).
    - CVE-2024-40995: Fix possible infinite loop in tcf_idr_check_alloc() (bsc#1227830).
    - CVE-2024-42161: Avoid uninitialized value in BPF_CORE_READ_BITFIELD (bsc#1228756).
    - CVE-2024-41069: Fix route memory corruption (bsc#1228644).
    - CVE-2024-39506: Adjust a NULL pointer handling path in lio_vf_rep_copy_packet (bsc#1227729).
    - CVE-2024-42145: Implement a limit on UMAD receive List (bsc#1228743).
    - CVE-2024-40994: Fix integer overflow in max_vclocks_store (bsc#1227829).
    - CVE-2024-42124: Make qedf_execute_tmf() non-preemptible (bsc#1228705).
    - CVE-2024-42096: Stop playing stack games in profile_pc() (bsc#1228633).
    - CVE-2024-42224: Correct check for empty list (bsc#1228723).
    - CVE-2024-41048: Skip zero length skb in sk_msg_recvmsg (bsc#1228565).
    - CVE-2024-40958: Make get_net_ns() handle zero refcount net (bsc#1227812).
    - CVE-2024-40939: Fix tainted pointer delete is case of region creation fail (bsc#1227799).
    - CVE-2024-36933: Restore skb->{protocol,data,mac_header} for outer header in nsh_gso_segment()     (bsc#1225832).
    - CVE-2024-36929: Reject skb_copy(_expand) for fraglist GSO skbs (bsc#1225814).
    - CVE-2024-41044: Reject claimed-as-LCP but actually malformed packets (bsc#1228530).
    - CVE-2024-41066: Add tx check to prevent skb leak (bsc#1228640).
    - CVE-2024-42093: Avoid explicit cpumask var allocation on stack (bsc#1228680).
    - CVE-2024-42122: Add NULL pointer check for kzalloc (bsc#1228591).
    - CVE-2024-41078: Fix quota root leak after quota disable failure (bsc#1228655).
    - CVE-2024-40989: Disassociate vcpus from redistributor region on teardown (bsc#1227823).
    - CVE-2024-41064: Avoid possible crash when edev->pdev changes (bsc#1228599).
    - CVE-2024-41036: Fix deadlock with the SPI chip variant (bsc#1228496)
    - CVE-2024-41040: Fix UAF when resolving a clash (bsc#1228518).
    - CVE-2024-35949: Make sure that WRITTEN is set on all metadata blocks (bsc#1224700).
    - CVE-2024-41081: Block BH in ila_output() (bsc#1228617).
    - CVE-2024-41076: Fix memory leak in nfs4_set_security_label (bsc#1228649).
    - CVE-2024-42079: Fix NULL pointer dereference in gfs2_log_flush (bsc#1228672).
    - CVE-2024-41057: Fix slab-use-after-free in cachefiles_withdraw_cookie() (bsc#1228462).
    - CVE-2024-41058: Fix slab-use-after-free in fscache_withdraw_volume() (bsc#1228459).
    - CVE-2024-41015: Add bounds checking to ocfs2_check_dir_entry() (bsc#1228409).
    - CVE-2024-40956: Fix possible Use-After-Free in irq_process_work_list (bsc#1227810).
    - CVE-2024-27437: Disable auto-enable of exclusive INTx IRQ (bsc#1222625).
    - CVE-2024-41032: Check if a hash-index is in cpu_possible_mask (bsc#1228460)
    - CVE-2024-40957: Fix parameter passing when calling NF_HOOK() in End.DX4 and End.DX6 behaviors     (bsc#1227811)
    - CVE-2024-41041: Set SOCK_RCU_FREE earlier in udp_lib_get_port() (bsc#1228520).
    - CVE-2024-40954: Do not leave a dangling sk pointer, when socket creation fails (bsc#1227808)
    - CVE-2024-42070: Fully validate NFT_DATA_VALUE on store to data registers (bsc#1228470).
    - CVE-2024-41070: Prevent UAF in kvm_spapr_tce_attach_iommu_group() (bsc#1228581).
    - CVE-2024-40959: Check ip6_dst_idev() return value in xfrm6_get_saddr() (bsc#1227884).
    - CVE-2024-41009: Fix overrunning reservations in ringbuf (bsc#1228020).
    - CVE-2024-40909: Fix a potential use-after-free in bpf_link_free() (bsc#1227798).
    - CVE-2024-27024: Fix WARNING in rds_conn_connect_if_down (bsc#1223777).


Tenable has extracted the preceding description block directly from the SUSE security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

Detections

Analytics

SUSE SLES15 / openSUSE 15 Security Update : kernel (SUSE-SU-2024:3194-1)

high Nessus Plugin ID 206968

Version 1.2

Version 1.1

Version 1.2 Oct 28, 2024, 9:20 AM CVSS metrics ("CVSSv2 score" set to 9.0) CVSS metrics ("CVSSv2 vector" set to "CVSS2#AV:N/AC:L/Au:S/C:C/I:C/A:C") CVSS metrics ("CVSSv3 score" set to 8.8) CVSS metrics ("CVSSv3 vector" set to "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H") CVSSv2 score source (changed from "CVE-2024-43900" to "CVE-2024-43847") CVSSv2 severity (based on CVE-2024-43847, severity increased from "Medium" to "High") Plugin Feed: 202410280920
Version 1.1 Sep 11, 2024, 10:09 AM New Plugin Feed: 202409111009