SUSE SLES15 / openSUSE 15 Security Update : kernel (SUSE-SU-2024:3209-1)

high Nessus Plugin ID 207050

Synopsis

The remote SUSE host is missing one or more security updates.

Description

The remote SUSE Linux SLES15 / openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2024:3209-1 advisory.

The SUSE Linux Enterprise 15 SP5 RT kernel was updated to receive various security bugfixes.

The following security bugs were fixed:

- CVE-2024-44947: Initialize beyond-EOF page contents before setting uptodate (bsc#1229454).
- CVE-2024-36936: Touch soft lockup during memory accept (bsc#1225773).
- CVE-2022-48706: Do proper cleanup if IFCVF init fails (bsc#1225524).
- CVE-2024-43883: Do not drop references before new references are gained (bsc#1229707).
- CVE-2024-41062: Sync sock recv cb and release (bsc#1228576).
- CVE-2024-43861: Fix memory leak for not ip packets (bsc#1229500).
- CVE-2023-52489: Fix race in accessing memory_section->usage (bsc#1221326).
- CVE-2024-43893: Check uartclk for zero to avoid divide by zero (bsc#1229759).
- CVE-2024-43821: Fix a possible null pointer dereference (bsc#1229315).
- CVE-2024-43900: Avoid use-after-free in load_firmware_cb() (bsc#1229756).
- CVE-2024-44938: Fix shift-out-of-bounds in dbDiscardAG (bsc#1229792).
- CVE-2024-44939: Fix null ptr deref in dtInsertEntry (bsc#1229820).
- CVE-2024-41087: Fix double free on error (bsc#1228466).
- CVE-2024-42277: Avoid NULL deref in sprd_iommu_hw_en (bsc#1229409).
- CVE-2024-43902: Add null checker before passing variables (bsc#1229767).
- CVE-2024-43904: Add null checks for 'stream' and 'plane' before dereferencing (bsc#1229768)
- CVE-2024-43880: Put back removed metod in struct objagg_ops (bsc#1229481).
- CVE-2024-43884: Add error handling to pair_device() (bsc#1229739)
- CVE-2024-43899: Fix null pointer deref in dcn20_resource.c (bsc#1229754).
- CVE-2022-48920: Get rid of warning on transaction commit when using flushoncommit (bsc#1229658).
- CVE-2023-52906: Fix warning during failed attribute validation (bsc#1229527).
- CVE-2024-43882: Fixed ToCToU between perm check and set-uid/gid usage. (bsc#1229503)
- CVE-2024-43866: Always drain health in shutdown callback (bsc#1229495).
- CVE-2024-26812: struct virqfd kABI workaround (bsc#1222808).
- CVE-2022-48912: Fix use-after-free in __nf_register_net_hook() (bsc#1229641)
- CVE-2024-27010: Fix mirred deadlock on device recursion (bsc#1223720).
- CVE-2022-48906: Correctly set DATA_FIN timeout when number of retransmits is large (bsc#1229605)
- CVE-2024-42155: Wipe copies of protected- and secure-keys (bsc#1228733).
- CVE-2024-42156: Wipe copies of clear-key structures on failure (bsc#1228722).
- CVE-2023-52899: Add exception protection processing for vd in axi_chan_handle_err function (bsc#1229569).
- CVE-2024-42158: Use kfree_sensitive() to fix Coccinelle warnings (bsc#1228720).
- CVE-2024-26631: Fix data-race in ipv6_mc_down / mld_ifc_work (bsc#1221630).
- CVE-2024-43873: Always initialize seqpacket_allow (bsc#1229488)
- CVE-2024-40905: Fix possible race in __fib6_drop_pcpu_from() (bsc#1227761)
- CVE-2024-39489: Fix memleak in seg6_hmac_init_algo (bsc#1227623)
- CVE-2021-47106: Fix use-after-free in nft_set_catchall_destroy() (bsc#1220962)
- CVE-2021-47517: Fix panic when interrupt coaleceing is set via ethtool (bsc#1225428).
- CVE-2024-36489: Fix missing memory barrier in tls_init (bsc#1226874)
- CVE-2024-41020: Fix fcntl/close race recovery compat path (bsc#1228427).
- CVE-2024-27079: Fix NULL domain on device release (bsc#1223742).
- CVE-2024-35897: Discard table flag update with pending basechain deletion (bsc#1224510).
- CVE-2024-27403: Restore const specifier in flow_offload_route_init() (bsc#1224415).
- CVE-2024-27011: Fix memleak in map from abort path (bsc#1223803).
- CVE-2024-43819: Reject memory region operations for ucontrol VMs (bsc#1229290).
- CVE-2024-26668: Reject configurations that cause integer overflow (bsc#1222335).
- CVE-2024-26835: Set dormant flag on hook register failure (bsc#1222967).
- CVE-2024-26808: Handle NETDEV_UNREGISTER for inet/ingress basechain (bsc#1222634).
- CVE-2024-27016: Validate pppoe header (bsc#1223807).
- CVE-2024-35945: Prevent nullptr exceptions on ISR (bsc#1224639).
- CVE-2023-52581: Fix memleak when more than 255 elements expired (bsc#1220877).
- CVE-2024-36013: Fix slab-use-after-free in l2cap_connect() (bsc#1225578).
- CVE-2024-43837: Fix updating attached freplace prog in prog_array map (bsc#1229297).
- CVE-2024-42291: Add a per-VF limit on number of FDIR filters (bsc#1229374).
- CVE-2024-42268: Fix missing lock on sync reset reload (bsc#1229391).
- CVE-2024-43834: Fix invalid wait context of page_pool_destroy() (bsc#1229314)
- CVE-2024-36286: Acquire rcu_read_lock() in instance_destroy_rcu() (bsc#1226801)
- CVE-2024-26851: Add protection for bmp length out of range (bsc#1223074)
- CVE-2024-42157: Wipe sensitive data on failure (bsc#1228727).
- CVE-2024-26677: Blacklist e7870cf13d20 (' Fix delayed ACKs to not set the reference serial number') (bsc#1222387)
- CVE-2024-36009: Blacklist 467324bcfe1a ('ax25: Fix netdev refcount issue') (bsc#1224542)
- CVE-2023-52859: Fix use-after-free when register pmu fails (bsc#1225582).
- CVE-2024-42280: Fix a use after free in hfcmulti_tx() (bsc#1229388)
- CVE-2024-42284: Return non-zero value from tipc_udp_addr2str() on error (bsc#1229382)
- CVE-2024-42283: Initialize all fields in dumped nexthops (bsc#1229383)
- CVE-2024-42312: Always initialize i_uid/i_gid (bsc#1229357)
- CVE-2024-43854: Initialize integrity buffer to zero before writing it to media (bsc#1229345)
- CVE-2024-42322: Properly dereference pe in ip_vs_add_service (bsc#1229347)
- CVE-2024-42301: Fix the array out-of-bounds risk (bsc#1229407).
- CVE-2024-42318: Do not lose track of restrictions on cred_transfer (bsc#1229351).
- CVE-2024-26669: Fix chain template offload (bsc#1222350).
- CVE-2023-52889: Fix null pointer deref when receiving skb during sock creation (bsc#1229287).
- CVE-2022-48645: Move enetc_set_psfp() out of the common enetc_set_features() (bsc#1223508).
- CVE-2024-41007: Use signed arithmetic in tcp_rtx_probe0_timed_out() (bsc#1227863).
- CVE-2024-36933: Use correct mac_offset to unwind gso skb in nsh_gso_segment() (bsc#1225832).
- CVE-2024-42295: Handle inconsistent state in nilfs_btnode_create_block() (bsc#1229370).
- CVE-2024-42319: Move devm_mbox_controller_register() after devm_pm_runtime_enable() (bsc#1229350).
- CVE-2024-43860: Skip over memory region when node value is NULL (bsc#1229319).
- CVE-2024-43831: Handle invalid decoder vsi (bsc#1229309).
- CVE-2024-43849: Protect locator_addr with the main mutex (bsc#1229307).
- CVE-2024-43841: Do not use strlen() in const context (bsc#1229304).
- CVE-2024-43839: Adjust 'name' buf size of bna_tcb and bna_ccb structures (bsc#1229301).
- CVE-2024-41088: Fix infinite loop when xmit fails (bsc#1228469).
- CVE-2024-42281: Fix a segment issue when downgrading gso_size (bsc#1229386).
- CVE-2024-42271: Fixed a use after free in iucv_sock_close(). (bsc#1229400)
- CVE-2024-41080: Fix possible deadlock in io_register_iowq_max_workers() (bsc#1228616).
- CVE-2024-42246: Remap EPERM in case of connection failure in xs_tcp_setup_socket (bsc#1228989).
- CVE-2024-42232: Fixed a race between delayed_work() and ceph_monc_stop(). (bsc#1228959)
- CVE-2024-26735: Fix possible use-after-free and null-ptr-deref (bsc#1222372).
- CVE-2024-42106: Initialize pad field in struct inet_diag_req_v2 (bsc#1228493).
- CVE-2024-38662: Cover verifier checks for mutating sockmap/sockhash (bsc#1226885).
- CVE-2024-42110: Move ntb_netdev_rx_handler() to call netif_rx() from __netif_rx() (bsc#1228501).
- CVE-2024-42247: Avoid unaligned 64-bit memory accesses (bsc#1228988).
- CVE-2022-48865: Fix kernel panic when enabling bearer (bsc#1228065).
- CVE-2023-52498: Fix possible deadlocks in core system-wide PM code (bsc#1221269).
- CVE-2024-41068: Fix sclp_init() cleanup on failure (bsc#1228579).
- CVE-2022-48808: Fix panic when DSA master device unbinds on shutdown (bsc#1227958).
- CVE-2024-42095: Fix Errata i2310 with RX FIFO level check (bsc#1228446).
- CVE-2024-40978: Fix crash while reading debugfs attribute (bsc#1227929).
- CVE-2024-42107: Do not process extts if PTP is disabled (bsc#1228494).
- CVE-2024-42139: Fix improper extts handling (bsc#1228503).
- CVE-2024-42148: Fix multiple UBSAN array-index-out-of-bounds (bsc#1228487).
- CVE-2024-42142: E-switch, Create ingress ACL when needed (bsc#1228491).
- CVE-2024-42162: Account for stopped queues when reading NIC stats (bsc#1228706).
- CVE-2024-42082: Remove WARN() from __xdp_reg_mem_model() (bsc#1228482).
- CVE-2024-41042: Prefer nft_chain_validate (bsc#1228526).
- CVE-2023-3610: Fixed use-after-free vulnerability in nf_tables can be exploited to achieve local privilege escalation (bsc#1213580).
- CVE-2024-42228: Using uninitialized value *size when calling amdgpu_vce_cs_reloc (bsc#1228667).
- CVE-2024-40995: Fix possible infinite loop in tcf_idr_check_alloc() (bsc#1227830).
- CVE-2024-38602: Merge repeat codes in ax25_dev_device_down() (bsc#1226613).
- CVE-2024-38554: Fix reference count leak issue of net_device (bsc#1226742).
- CVE-2024-36929: Reject skb_copy(_expand) for fraglist GSO skbs (bsc#1225814).
- CVE-2024-41009: Fix overrunning reservations in ringbuf (bsc#1228020).
- CVE-2024-27024: Fix WARNING in rds_conn_connect_if_down (bsc#1223777).

Tenable has extracted the preceding description block directly from the SUSE security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

Solution

Update the affected packages.

Plugin Details

Severity: High

ID: 207050

File Name: suse_SU-2024-3209-1.nasl

Version: 1.1

Type: local

Agent: unix

Family: SuSE Local Security Checks

Published: 9/12/2024

Updated: 9/12/2024

Supported Sensors: Frictionless Assessment AWS, Frictionless Assessment Azure, Frictionless Assessment Agent, Nessus Agent, Agentless Assessment, Nessus

Risk Information

VPR

Risk Factor: High

Score: 7.4

CVSS v2

Risk Factor: Medium

Base Score: 6.8

Temporal Score: 5.3

Vector: CVSS2#AV:L/AC:L/Au:S/C:C/I:C/A:C

CVSS Score Source: CVE-2024-43900

CVSS v3

Risk Factor: High

Base Score: 7.8

Temporal Score: 7

Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Temporal Vector: CVSS:3.0/E:P/RL:O/RC:C

Vulnerability Information

CPE: p-cpe:/a:novell:suse_linux:kernel-livepatch-5_14_21-150500_13_67-rt, cpe:/o:novell:suse_linux:15

Required KB Items: Host/local_checks_enabled, Host/cpu, Host/SuSE/release, Host/SuSE/rpm-list

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 9/11/2024

Vulnerability Publication Date: 9/6/2022

Reference Information

CVE: CVE-2021-4441, CVE-2021-47106, CVE-2021-47517, CVE-2021-47546, CVE-2022-38457, CVE-2022-40133, CVE-2022-48645, CVE-2022-48706, CVE-2022-48808, CVE-2022-48865, CVE-2022-48868, CVE-2022-48869, CVE-2022-48870, CVE-2022-48871, CVE-2022-48872, CVE-2022-48873, CVE-2022-48875, CVE-2022-48878, CVE-2022-48880, CVE-2022-48881, CVE-2022-48882, CVE-2022-48883, CVE-2022-48884, CVE-2022-48885, CVE-2022-48886, CVE-2022-48887, CVE-2022-48888, CVE-2022-48889, CVE-2022-48890, CVE-2022-48891, CVE-2022-48893, CVE-2022-48896, CVE-2022-48898, CVE-2022-48899, CVE-2022-48903, CVE-2022-48904, CVE-2022-48905, CVE-2022-48906, CVE-2022-48907, CVE-2022-48909, CVE-2022-48910, CVE-2022-48912, CVE-2022-48913, CVE-2022-48914, CVE-2022-48915, CVE-2022-48916, CVE-2022-48917, CVE-2022-48918, CVE-2022-48919, CVE-2022-48920, CVE-2022-48921, CVE-2022-48923, CVE-2022-48924, CVE-2022-48925, CVE-2022-48926, CVE-2022-48927, CVE-2022-48928, CVE-2022-48929, CVE-2022-48930, CVE-2022-48931, CVE-2022-48932, CVE-2022-48934, CVE-2022-48937, CVE-2022-48938, CVE-2022-48939, CVE-2022-48940, CVE-2022-48941, CVE-2022-48942, CVE-2022-48943, CVE-2023-3610, CVE-2023-52458, CVE-2023-52489, CVE-2023-52498, CVE-2023-52581, CVE-2023-52859, CVE-2023-52887, CVE-2023-52889, CVE-2023-52893, CVE-2023-52894, CVE-2023-52896, CVE-2023-52898, CVE-2023-52899, CVE-2023-52900, CVE-2023-52901, CVE-2023-52904, CVE-2023-52905, CVE-2023-52906, CVE-2023-52907, CVE-2023-52908, CVE-2023-52909, CVE-2023-52910, CVE-2023-52911, CVE-2023-52912, CVE-2023-52913, CVE-2024-26631, CVE-2024-26668, CVE-2024-26669, CVE-2024-26677, CVE-2024-26735, CVE-2024-26808, CVE-2024-26812, CVE-2024-26835, CVE-2024-26851, CVE-2024-27010, CVE-2024-27011, CVE-2024-27016, CVE-2024-27024, CVE-2024-27079, CVE-2024-27403, CVE-2024-31076, CVE-2024-35897, CVE-2024-35902, CVE-2024-35945, CVE-2024-35971, CVE-2024-36009, CVE-2024-36013, CVE-2024-36270, CVE-2024-36286, CVE-2024-36489, CVE-2024-36929, CVE-2024-36933, CVE-2024-36936, CVE-2024-36962, CVE-2024-38554, CVE-2024-38602, CVE-2024-38662, CVE-2024-39489, CVE-2024-40905, CVE-2024-40978, CVE-2024-40980, CVE-2024-40995, CVE-2024-41000, CVE-2024-41007, CVE-2024-41009, CVE-2024-41011, CVE-2024-41016, CVE-2024-41020, CVE-2024-41022, CVE-2024-41035, CVE-2024-41036, CVE-2024-41038, CVE-2024-41039, CVE-2024-41042, CVE-2024-41045, CVE-2024-41056, CVE-2024-41060, CVE-2024-41062, CVE-2024-41065, CVE-2024-41068, CVE-2024-41073, CVE-2024-41079, CVE-2024-41080, CVE-2024-41087, CVE-2024-41088, CVE-2024-41089, CVE-2024-41092, CVE-2024-41093, CVE-2024-41095, CVE-2024-41097, CVE-2024-41098, CVE-2024-42069, CVE-2024-42074, CVE-2024-42076, CVE-2024-42077, CVE-2024-42080, CVE-2024-42082, CVE-2024-42085, CVE-2024-42086, CVE-2024-42087, CVE-2024-42089, CVE-2024-42090, CVE-2024-42092, CVE-2024-42095, CVE-2024-42097, CVE-2024-42098, CVE-2024-42101, CVE-2024-42104, CVE-2024-42106, CVE-2024-42107, CVE-2024-42110, CVE-2024-42114, CVE-2024-42115, CVE-2024-42119, CVE-2024-42120, CVE-2024-42121, CVE-2024-42126, CVE-2024-42127, CVE-2024-42130, CVE-2024-42137, CVE-2024-42139, CVE-2024-42142, CVE-2024-42143, CVE-2024-42148, CVE-2024-42152, CVE-2024-42155, CVE-2024-42156, CVE-2024-42157, CVE-2024-42158, CVE-2024-42162, CVE-2024-42223, CVE-2024-42225, CVE-2024-42228, CVE-2024-42229, CVE-2024-42230, CVE-2024-42232, CVE-2024-42236, CVE-2024-42237, CVE-2024-42238, CVE-2024-42239, CVE-2024-42240, CVE-2024-42244, CVE-2024-42246, CVE-2024-42247, CVE-2024-42268, CVE-2024-42271, CVE-2024-42274, CVE-2024-42276, CVE-2024-42277, CVE-2024-42280, CVE-2024-42281, CVE-2024-42283, CVE-2024-42284, CVE-2024-42285, CVE-2024-42286, CVE-2024-42287, CVE-2024-42288, CVE-2024-42289, CVE-2024-42291, CVE-2024-42292, CVE-2024-42295, CVE-2024-42301, CVE-2024-42302, CVE-2024-42308, CVE-2024-42309, CVE-2024-42310, CVE-2024-42311, CVE-2024-42312, CVE-2024-42313, CVE-2024-42315, CVE-2024-42318, CVE-2024-42319, CVE-2024-42320, CVE-2024-42322, CVE-2024-43816, CVE-2024-43818, CVE-2024-43819, CVE-2024-43821, CVE-2024-43823, CVE-2024-43829, CVE-2024-43830, CVE-2024-43831, CVE-2024-43834, CVE-2024-43837, CVE-2024-43839, CVE-2024-43841, CVE-2024-43842, CVE-2024-43846, CVE-2024-43849, CVE-2024-43853, CVE-2024-43854, CVE-2024-43856, CVE-2024-43858, CVE-2024-43860, CVE-2024-43861, CVE-2024-43863, CVE-2024-43866, CVE-2024-43867, CVE-2024-43871, CVE-2024-43872, CVE-2024-43873, CVE-2024-43879, CVE-2024-43880, CVE-2024-43882, CVE-2024-43883, CVE-2024-43884, CVE-2024-43889, CVE-2024-43892, CVE-2024-43893, CVE-2024-43894, CVE-2024-43895, CVE-2024-43899, CVE-2024-43900, CVE-2024-43902, CVE-2024-43903, CVE-2024-43904, CVE-2024-43905, CVE-2024-43907, CVE-2024-43908, CVE-2024-43909, CVE-2024-44938, CVE-2024-44939, CVE-2024-44947

SuSE: SUSE-SU-2024:3209-1

Detections

Analytics