SUSE SLES12 Security Update : kernel (SUSE-SU-2024:3252-1)

high Nessus Plugin ID 207332

Synopsis

The remote SUSE host is missing one or more security updates.

Description

The remote SUSE Linux SLES12 / SLES_SAP12 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2024:3252-1 advisory.

The SUSE Linux Enterprise 12 SP5 Azure kernel was updated to receive various security bugfixes.

The following security bugs were fixed:

- CVE-2024-35965: Fix not validating setsockopt user input (bsc#1224579).
- CVE-2024-35933: Fixed a build regression (bsc#1224640).
- CVE-2024-43883: Do not drop references before new references are gained (bsc#1229707).
- CVE-2024-41062: Sync sock recv cb and release (bsc#1228576).
- CVE-2024-42259: Fix Virtual Memory mapping boundaries calculation (bsc#1229156)
- CVE-2024-43861: Fix memory leak for not ip packets (bsc#1229500).
- CVE-2024-43863: Fix a deadlock in dma buf fence polling (bsc#1229497)
- CVE-2024-41087: Fix double free on error (CVE-2024-41087,bsc#1228466).
- CVE-2024-43907: Fix the null pointer dereference in apply_state_adjust_rules (bsc#1229787).
- CVE-2024-43905: Fix the null pointer dereference for vega10_hwmgr (bsc#1229784).
- CVE-2024-43893: Check uartclk for zero to avoid divide by zero (bsc#1229759).
- CVE-2024-43900: Avoid use-after-free in load_firmware_cb() (bsc#1229756).
- CVE-2024-43902: Add null checker before passing variables (bsc#1229767).
- CVE-2022-48920: Get rid of warning on transaction commit when using flushoncommit (bsc#1229658).
- CVE-2024-26812: Struct virqfd kABI workaround (bsc#1222808).
- CVE-2024-43882: Fixed ToCToU between perm check and set-uid/gid usage. (bsc#1229503)
- CVE-2024-43866: Always drain health in shutdown callback (bsc#1229495).
- CVE-2022-48910: Ensure we call ipv6_mc_down() at most once (bsc#1229632)
- CVE-2023-52893: Fix null-deref in gsmi_get_variable (bsc#1229535)
- CVE-2024-42155: Wipe copies of protected- and secure-keys (bsc#1228733).
- CVE-2022-48875: Initialize struct pn533_out_arg properly (bsc#1229516).
- CVE-2023-52907: Wait for out_urb's completion in pn533_usb_send_frame() (bsc#1229526).
- CVE-2024-43871: Fix memory leakage caused by driver API devm_free_percpu() (bsc#1229490)
- CVE-2024-42158: Use kfree_sensitive() to fix Coccinelle warnings (bsc#1228720).
- CVE-2024-43872: Fix soft lockup under heavy CEQE load (bsc#1229489)
- CVE-2024-39489: Fix memleak in seg6_hmac_init_algo (bsc#1227623)
- CVE-2024-42226: Prevent potential failure in handle_tx_event() for Transfer events without TRB (bsc#1228709).
- CVE-2024-42236: Prevent OOB read/write in usb_string_copy() (bsc#1228964).
- CVE-2024-42244: Fix crash on resume (bsc#1228967).
- CVE-2024-43879: Handle 2x996 RU allocation in cfg80211_calculate_bitrate_he() (bsc#1229482).
- CVE-2024-27011: Fix memleak in map from abort path (bsc#1223803).
- CVE-2024-36013: Fix slab-use-after-free in l2cap_connect() (bsc#1225578).
- CVE-2024-41020: Fix fcntl/close race recovery compat path (bsc#1228427).
- CVE-2024-41012: Remove locks reliably when fcntl/close race is detected (bsc#1228247).
- CVE-2024-26668: Reject configurations that cause integer overflow (bsc#1222335).
- CVE-2024-43819: Reject memory region operations for ucontrol VMs (bsc#1229290 git-fixes).
- CVE-2024-42157: Wipe sensitive data on failure (bsc#1228727 CVE-2024-42157 git-fixes).
- CVE-2021-47341: Fix use-after-free Read in kvm_vm_ioctl_unregister_coalesced_mmio (bsc#1224923).
- CVE-2024-43839: Adjust 'name' buf size of bna_tcb and bna_ccb structures (bsc#1229301).
- CVE-2022-48769: Avoid EFIv2 runtime services on Apple x86 machines (bsc#1226629).
- CVE-2024-43856: Fix call order in dmam_free_coherent (bsc#1229346).
- CVE-2024-36286: Acquire rcu_read_lock() in instance_destroy_rcu() (bsc#1226801)
- CVE-2024-26851: Add protection for bmp length out of range (bsc#1223074)
- CVE-2024-40984: Revert 'ACPICA: avoid Info: mapping multiple BARs. Your kernel is fine.' (bsc#1227820).
- CVE-2024-26677: Blacklist e7870cf13d20 ('rxrpc: Fix delayed ACKs to not set the reference serial number') (bsc#1222387)
- CVE-2024-42280: Fix a use after free in hfcmulti_tx() (bsc#1229388)
- CVE-2024-42284: Return non-zero value from tipc_udp_addr2str() on error (bsc#1229382)
- CVE-2024-42312: Always initialize i_uid/i_gid (bsc#1229357)
- CVE-2024-42310: Fix null pointer dereference in cdv_intel_lvds_get_modes (bsc#1229358)
- CVE-2024-42309: Fix null pointer dereference in psb_intel_lvds_get_modes (bsc#1229359)
- CVE-2024-43854: Initialize integrity buffer to zero before writing it to media (bsc#1229345)
- CVE-2024-42322: Properly dereference pe in ip_vs_add_service (bsc#1229347)
- CVE-2024-42301: Fix the array out-of-bounds risk (bsc#1229407).
- CVE-2024-42285: Fix a use-after-free related to destroying CM IDs (bsc#1229381)
- CVE-2024-43831: Handle invalid decoder vsi (bsc#1229309).
- CVE-2024-42281: Fix a segment issue when downgrading gso_size (bsc#1229386).
- CVE-2024-42271: Fixed a use after free in iucv_sock_close(). (bsc#1229400)
- CVE-2024-38618: Set lower bound of start tick time (bsc#1226754).
- CVE-2024-41035: Fix duplicate endpoint bug by clearing reserved bits in the descriptor (bsc#1228485)
- CVE-2024-42162: Account for stopped queues when reading NIC stats (bsc#1228706).
- CVE-2023-52708: Fix error handling in mmc_spi_probe() (bsc#1225483).
- CVE-2021-47549: Fix UAF in sata_fsl_port_stop when rmmod sata_fsl (bsc#1225508).
- CVE-2021-47373: Fix potential VPE leak on error (bsc#1225190).
- CVE-2021-47425: Fix resource leak in reconfiguration device addition (bsc#1225223).
- CVE-2024-42246: Remap EPERM in case of connection failure in xs_tcp_setup_socket (bsc#1228989).
- CVE-2024-41098: Fix null pointer dereference on error (bsc#1228467).
- CVE-2021-4440: Drop USERGS_SYSRET64 paravirt call (bsc#1227069).
- CVE-2022-48786: Remove vsock from connected table when connect is interrupted by a signal (bsc#1227996).
- CVE-2024-42232: Fixed a race between delayed_work() and ceph_monc_stop(). (bsc#1228959)
- CVE-2024-35915: Fix uninit-value in nci_dev_up and nci_ntf_packet (git-fixes CVE-2024-35915 bsc#1224479).
- CVE-2024-38662: Cover verifier checks for mutating sockmap/sockhash (bsc#1226885).
- CVE-2024-42110: Move ntb_netdev_rx_handler() to call netif_rx() from __netif_rx() (bsc#1228501).
- CVE-2024-42148: Fix multiple UBSAN array-index-out-of-bounds (bsc#1228487).
- CVE-2024-42106: Initialize pad field in struct inet_diag_req_v2 (bsc#1228493).
- CVE-2022-48865: Fix kernel panic when enabling bearer (bsc#1228065).
- CVE-2024-41068: Fix sclp_init() cleanup on failure (bsc#1228579).
- CVE-2024-42082: Remove WARN() from __xdp_reg_mem_model() (bsc#1228482).
- CVE-2024-42090: Fix deadlock in create_pinctrl() when handling -EPROBE_DEFER (bsc#1228449).
- CVE-2024-42101: Fix null pointer dereference in nouveau_connector_get_modes (bsc#1228495).
- CVE-2024-42228: Using uninitialized value *size when calling amdgpu_vce_cs_reloc (bsc#1228667).
- CVE-2021-47257: Fix null deref in parse dev addr (bsc#1224896).
- CVE-2022-48751: Transitional solution for clcsock race issue (bsc#1226653).


Tenable has extracted the preceding description block directly from the SUSE security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

Solution

Update the affected packages.

See Also

https://bugzilla.suse.com/1082555

https://bugzilla.suse.com/1190317

https://bugzilla.suse.com/1196516

https://bugzilla.suse.com/1205462

https://bugzilla.suse.com/1210629

https://bugzilla.suse.com/1214285

https://bugzilla.suse.com/1216834

https://bugzilla.suse.com/1221252

https://bugzilla.suse.com/1222335

https://bugzilla.suse.com/1222387

https://bugzilla.suse.com/1222808

https://bugzilla.suse.com/1223074

https://bugzilla.suse.com/1223803

https://bugzilla.suse.com/1224479

https://bugzilla.suse.com/1224579

https://bugzilla.suse.com/1224640

https://bugzilla.suse.com/1224896

https://bugzilla.suse.com/1224923

https://bugzilla.suse.com/1224984

https://bugzilla.suse.com/1225190

https://bugzilla.suse.com/1225223

https://bugzilla.suse.com/1225483

https://bugzilla.suse.com/1225508

https://bugzilla.suse.com/1225578

https://bugzilla.suse.com/1226323

https://bugzilla.suse.com/1226629

https://bugzilla.suse.com/1226653

https://bugzilla.suse.com/1226754

https://bugzilla.suse.com/1226798

https://bugzilla.suse.com/1226801

https://bugzilla.suse.com/1226885

https://bugzilla.suse.com/1227069

https://bugzilla.suse.com/1227623

https://bugzilla.suse.com/1227820

https://bugzilla.suse.com/1227996

https://bugzilla.suse.com/1228065

https://bugzilla.suse.com/1228247

https://bugzilla.suse.com/1228410

https://bugzilla.suse.com/1228427

https://bugzilla.suse.com/1228449

https://bugzilla.suse.com/1228466

https://bugzilla.suse.com/1228467

https://bugzilla.suse.com/1228482

https://bugzilla.suse.com/1228485

https://bugzilla.suse.com/1228487

https://bugzilla.suse.com/1228493

https://bugzilla.suse.com/1228495

https://bugzilla.suse.com/1228501

https://bugzilla.suse.com/1228513

https://bugzilla.suse.com/1228516

https://bugzilla.suse.com/1228576

https://bugzilla.suse.com/1228579

https://bugzilla.suse.com/1228667

https://bugzilla.suse.com/1228706

https://bugzilla.suse.com/1228709

https://bugzilla.suse.com/1228720

https://bugzilla.suse.com/1228727

https://bugzilla.suse.com/1228733

https://bugzilla.suse.com/1228801

https://bugzilla.suse.com/1228850

https://bugzilla.suse.com/1228959

https://bugzilla.suse.com/1228964

https://bugzilla.suse.com/1228966

https://bugzilla.suse.com/1228967

https://bugzilla.suse.com/1228982

https://bugzilla.suse.com/1228989

https://bugzilla.suse.com/1229154

https://bugzilla.suse.com/1229156

https://bugzilla.suse.com/1229222

https://bugzilla.suse.com/1229229

https://bugzilla.suse.com/1229290

https://bugzilla.suse.com/1229292

https://www.suse.com/security/cve/CVE-2024-43831

https://www.suse.com/security/cve/CVE-2024-43839

https://www.suse.com/security/cve/CVE-2024-43853

https://www.suse.com/security/cve/CVE-2024-43854

https://www.suse.com/security/cve/CVE-2024-43856

https://www.suse.com/security/cve/CVE-2024-43861

https://www.suse.com/security/cve/CVE-2024-43863

https://www.suse.com/security/cve/CVE-2024-43866

https://www.suse.com/security/cve/CVE-2024-43871

https://www.suse.com/security/cve/CVE-2024-43872

https://www.suse.com/security/cve/CVE-2024-43879

https://www.suse.com/security/cve/CVE-2024-43882

https://www.suse.com/security/cve/CVE-2024-43883

https://www.suse.com/security/cve/CVE-2024-43892

https://www.suse.com/security/cve/CVE-2024-43893

https://www.suse.com/security/cve/CVE-2024-43900

https://www.suse.com/security/cve/CVE-2024-43902

https://www.suse.com/security/cve/CVE-2024-43905

https://www.suse.com/security/cve/CVE-2024-43907

https://bugzilla.suse.com/1229301

https://bugzilla.suse.com/1229309

https://bugzilla.suse.com/1229327

https://bugzilla.suse.com/1229345

https://bugzilla.suse.com/1229346

https://bugzilla.suse.com/1229347

https://bugzilla.suse.com/1229357

https://bugzilla.suse.com/1229358

https://bugzilla.suse.com/1229359

https://bugzilla.suse.com/1229381

https://bugzilla.suse.com/1229382

https://bugzilla.suse.com/1229386

https://bugzilla.suse.com/1229388

https://bugzilla.suse.com/1229392

https://bugzilla.suse.com/1229395

https://bugzilla.suse.com/1229398

https://bugzilla.suse.com/1229399

https://bugzilla.suse.com/1229400

https://bugzilla.suse.com/1229407

https://bugzilla.suse.com/1229457

https://bugzilla.suse.com/1229462

https://bugzilla.suse.com/1229482

https://bugzilla.suse.com/1229489

https://bugzilla.suse.com/1229490

https://bugzilla.suse.com/1229495

https://bugzilla.suse.com/1229497

https://bugzilla.suse.com/1229500

https://bugzilla.suse.com/1229503

https://bugzilla.suse.com/1229516

https://bugzilla.suse.com/1229526

https://bugzilla.suse.com/1229531

https://bugzilla.suse.com/1229535

https://bugzilla.suse.com/1229536

https://bugzilla.suse.com/1229540

https://bugzilla.suse.com/1229604

https://bugzilla.suse.com/1229623

https://bugzilla.suse.com/1229624

https://bugzilla.suse.com/1229630

https://bugzilla.suse.com/1229632

https://bugzilla.suse.com/1229657

https://bugzilla.suse.com/1229658

https://bugzilla.suse.com/1229664

https://bugzilla.suse.com/1229707

https://bugzilla.suse.com/1229756

https://bugzilla.suse.com/1229759

https://bugzilla.suse.com/1229761

https://bugzilla.suse.com/1229767

https://bugzilla.suse.com/1229784

https://bugzilla.suse.com/1229787

https://bugzilla.suse.com/1229851

http://www.nessus.org/u?8f946235

https://www.suse.com/security/cve/CVE-2021-4440

https://www.suse.com/security/cve/CVE-2021-47257

https://www.suse.com/security/cve/CVE-2021-47289

https://www.suse.com/security/cve/CVE-2021-47341

https://www.suse.com/security/cve/CVE-2021-47373

https://www.suse.com/security/cve/CVE-2021-47425

https://www.suse.com/security/cve/CVE-2021-47549

https://www.suse.com/security/cve/CVE-2022-48751

https://www.suse.com/security/cve/CVE-2022-48769

https://www.suse.com/security/cve/CVE-2022-48786

https://www.suse.com/security/cve/CVE-2022-48822

https://www.suse.com/security/cve/CVE-2022-48865

https://www.suse.com/security/cve/CVE-2022-48875

https://www.suse.com/security/cve/CVE-2022-48896

https://www.suse.com/security/cve/CVE-2022-48899

https://www.suse.com/security/cve/CVE-2022-48905

https://www.suse.com/security/cve/CVE-2022-48910

https://www.suse.com/security/cve/CVE-2022-48919

https://www.suse.com/security/cve/CVE-2022-48920

https://www.suse.com/security/cve/CVE-2022-48925

https://www.suse.com/security/cve/CVE-2022-48930

https://www.suse.com/security/cve/CVE-2022-48931

https://www.suse.com/security/cve/CVE-2022-48938

https://www.suse.com/security/cve/CVE-2023-2176

https://www.suse.com/security/cve/CVE-2023-52708

https://www.suse.com/security/cve/CVE-2023-52893

https://www.suse.com/security/cve/CVE-2023-52901

https://www.suse.com/security/cve/CVE-2023-52907

https://www.suse.com/security/cve/CVE-2024-26668

https://www.suse.com/security/cve/CVE-2024-26677

https://www.suse.com/security/cve/CVE-2024-26812

https://www.suse.com/security/cve/CVE-2024-26851

https://www.suse.com/security/cve/CVE-2024-27011

https://www.suse.com/security/cve/CVE-2024-35915

https://www.suse.com/security/cve/CVE-2024-35933

https://www.suse.com/security/cve/CVE-2024-35965

https://www.suse.com/security/cve/CVE-2024-36013

https://www.suse.com/security/cve/CVE-2024-36270

https://www.suse.com/security/cve/CVE-2024-36286

https://www.suse.com/security/cve/CVE-2024-38618

https://www.suse.com/security/cve/CVE-2024-38662

https://www.suse.com/security/cve/CVE-2024-39489

https://www.suse.com/security/cve/CVE-2024-40984

https://www.suse.com/security/cve/CVE-2024-41012

https://www.suse.com/security/cve/CVE-2024-41016

https://www.suse.com/security/cve/CVE-2024-41020

https://www.suse.com/security/cve/CVE-2024-41035

https://www.suse.com/security/cve/CVE-2024-41062

https://www.suse.com/security/cve/CVE-2024-41068

https://www.suse.com/security/cve/CVE-2024-41087

https://www.suse.com/security/cve/CVE-2024-41097

https://www.suse.com/security/cve/CVE-2024-41098

https://www.suse.com/security/cve/CVE-2024-42077

https://www.suse.com/security/cve/CVE-2024-42082

https://www.suse.com/security/cve/CVE-2024-42090

https://www.suse.com/security/cve/CVE-2024-42101

https://www.suse.com/security/cve/CVE-2024-42106

https://www.suse.com/security/cve/CVE-2024-42110

https://www.suse.com/security/cve/CVE-2024-42148

https://www.suse.com/security/cve/CVE-2024-42155

https://www.suse.com/security/cve/CVE-2024-42157

https://www.suse.com/security/cve/CVE-2024-42158

https://www.suse.com/security/cve/CVE-2024-42162

https://www.suse.com/security/cve/CVE-2024-42226

https://www.suse.com/security/cve/CVE-2024-42228

https://www.suse.com/security/cve/CVE-2024-42232

https://www.suse.com/security/cve/CVE-2024-42236

https://www.suse.com/security/cve/CVE-2024-42240

https://www.suse.com/security/cve/CVE-2024-42244

https://www.suse.com/security/cve/CVE-2024-42246

https://www.suse.com/security/cve/CVE-2024-42259

https://www.suse.com/security/cve/CVE-2024-42271

https://www.suse.com/security/cve/CVE-2024-42280

https://www.suse.com/security/cve/CVE-2024-42281

https://www.suse.com/security/cve/CVE-2024-42284

https://www.suse.com/security/cve/CVE-2024-42285

https://www.suse.com/security/cve/CVE-2024-42286

https://www.suse.com/security/cve/CVE-2024-42287

https://www.suse.com/security/cve/CVE-2024-42288

https://www.suse.com/security/cve/CVE-2024-42289

https://www.suse.com/security/cve/CVE-2024-42301

https://www.suse.com/security/cve/CVE-2024-42309

https://www.suse.com/security/cve/CVE-2024-42310

https://www.suse.com/security/cve/CVE-2024-42312

https://www.suse.com/security/cve/CVE-2024-42322

https://www.suse.com/security/cve/CVE-2024-43819

Plugin Details

Severity: High

ID: 207332

File Name: suse_SU-2024-3252-1.nasl

Version: 1.1

Type: local

Agent: unix

Published: 9/17/2024

Updated: 9/17/2024

Supported Sensors: Agentless Assessment, Continuous Assessment, Frictionless Assessment Agent, Frictionless Assessment AWS, Frictionless Assessment Azure, Nessus Agent, Nessus

Risk Information

VPR

Risk Factor: High

Score: 7.4

CVSS v2

Risk Factor: Medium

Base Score: 6.8

Temporal Score: 5.3

Vector: CVSS2#AV:L/AC:L/Au:S/C:C/I:C/A:C

CVSS Score Source: CVE-2024-43900

CVSS v3

Risk Factor: High

Base Score: 7.8

Temporal Score: 7

Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Temporal Vector: CVSS:3.0/E:P/RL:O/RC:C

Vulnerability Information

CPE: cpe:/o:novell:suse_linux:12, p-cpe:/a:novell:suse_linux:kernel-source-azure, p-cpe:/a:novell:suse_linux:kernel-syms-azure, p-cpe:/a:novell:suse_linux:kernel-azure-base, p-cpe:/a:novell:suse_linux:kernel-azure-devel, p-cpe:/a:novell:suse_linux:kernel-devel-azure, p-cpe:/a:novell:suse_linux:kernel-azure

Required KB Items: Host/local_checks_enabled, Host/cpu, Host/SuSE/release, Host/SuSE/rpm-list

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 9/16/2024

Vulnerability Publication Date: 4/4/2022

Reference Information

CVE: CVE-2021-4440, CVE-2021-47257, CVE-2021-47289, CVE-2021-47341, CVE-2021-47373, CVE-2021-47425, CVE-2021-47549, CVE-2022-48751, CVE-2022-48769, CVE-2022-48786, CVE-2022-48822, CVE-2022-48865, CVE-2022-48875, CVE-2022-48896, CVE-2022-48899, CVE-2022-48905, CVE-2022-48910, CVE-2022-48919, CVE-2022-48920, CVE-2022-48925, CVE-2022-48930, CVE-2022-48931, CVE-2022-48938, CVE-2023-2176, CVE-2023-52708, CVE-2023-52893, CVE-2023-52901, CVE-2023-52907, CVE-2024-26668, CVE-2024-26677, CVE-2024-26812, CVE-2024-26851, CVE-2024-27011, CVE-2024-35915, CVE-2024-35933, CVE-2024-35965, CVE-2024-36013, CVE-2024-36270, CVE-2024-36286, CVE-2024-38618, CVE-2024-38662, CVE-2024-39489, CVE-2024-40984, CVE-2024-41012, CVE-2024-41016, CVE-2024-41020, CVE-2024-41035, CVE-2024-41062, CVE-2024-41068, CVE-2024-41087, CVE-2024-41097, CVE-2024-41098, CVE-2024-42077, CVE-2024-42082, CVE-2024-42090, CVE-2024-42101, CVE-2024-42106, CVE-2024-42110, CVE-2024-42148, CVE-2024-42155, CVE-2024-42157, CVE-2024-42158, CVE-2024-42162, CVE-2024-42226, CVE-2024-42228, CVE-2024-42232, CVE-2024-42236, CVE-2024-42240, CVE-2024-42244, CVE-2024-42246, CVE-2024-42259, CVE-2024-42271, CVE-2024-42280, CVE-2024-42281, CVE-2024-42284, CVE-2024-42285, CVE-2024-42286, CVE-2024-42287, CVE-2024-42288, CVE-2024-42289, CVE-2024-42301, CVE-2024-42309, CVE-2024-42310, CVE-2024-42312, CVE-2024-42322, CVE-2024-43819, CVE-2024-43831, CVE-2024-43839, CVE-2024-43853, CVE-2024-43854, CVE-2024-43856, CVE-2024-43861, CVE-2024-43863, CVE-2024-43866, CVE-2024-43871, CVE-2024-43872, CVE-2024-43879, CVE-2024-43882, CVE-2024-43883, CVE-2024-43892, CVE-2024-43893, CVE-2024-43900, CVE-2024-43902, CVE-2024-43905, CVE-2024-43907

SuSE: SUSE-SU-2024:3252-1