SUSE SLED12 / SLES12 Security Update : kernel (SUSE-SU-2024:3559-1)

high Nessus Plugin ID 208665

Synopsis

The remote SUSE host is missing one or more security updates.

Description

The remote SUSE Linux SLED12 / SLED_SAP12 / SLES12 / SLES_SAP12 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2024:3559-1 advisory.

The SUSE Linux Enterprise 12 SP5 kernel was updated to receive various security bugfixes.


The following security bugs were fixed:

- CVE-2021-47387: cpufreq: schedutil: Destroy mutex before kobject_put() frees the memory (bsc#1225316).
- CVE-2022-48788: nvme-rdma: fix possible use-after-free in transport error_recovery work (bsc#1227952).
- CVE-2022-48789: nvme-tcp: fix possible use-after-free in transport error_recovery work (bsc#1228000).
- CVE-2022-48790: nvme: fix a possible use-after-free in controller reset during load (bsc#1227941).
- CVE-2022-48791: Fix use-after-free for aborted TMF sas_task (bsc#1228002)
- CVE-2022-48799: perf: Fix list corruption in perf_cgroup_switch() (bsc#1227953).
- CVE-2022-48844: Bluetooth: hci_core: Fix leaking sent_cmd skb (bsc#1228068).
- CVE-2022-48911: kabi: add __nf_queue_get_refs() for kabi compliance. (bsc#1229633).
- CVE-2022-48943: KVM: x86/mmu: make apf token non-zero to fix bug (bsc#1229645).
- CVE-2022-48945: media: vivid: fix compose size exceed boundary (bsc#1230398).
- CVE-2023-52915: media: dvb-usb-v2: af9035: fix missing unlock (bsc#1230270).
- CVE-2024-38596: af_unix: Fix data races in unix_release_sock/unix_stream_sendmsg (bsc#1226846).
- CVE-2024-41073: nvme: avoid double free special payload (bsc#1228635).
- CVE-2024-41079: nvmet: always initialize cqe.result (bsc#1228615).
- CVE-2024-41082: nvme-fabrics: use reserved tag for reg read/write command (bsc#1228620 CVE-2024-41082).
- CVE-2024-42154: tcp_metrics: validate source addr length (bsc#1228507).
- CVE-2024-42265: protect the fetch of ->fd[fd] in do_dup2() from mispredictions (bsc#1229334).
- CVE-2024-42305: ext4: check dot and dotdot of dx_root before making dir indexed (bsc#1229363).
- CVE-2024-42306: udf: Avoid using corrupted block bitmap buffer (bsc#1229362).
- CVE-2024-43884: Add error handling to pair_device() (bsc#1229739)
- CVE-2024-43890: tracing: Fix overflow in get_free_elt() (bsc#1229764).
- CVE-2024-43898: ext4: sanity check for NULL pointer after ext4_force_shutdown (bsc#1229753).
- CVE-2024-43912: wifi: nl80211: disallow setting special AP channel widths (bsc#1229830)
- CVE-2024-43914: md/raid5: avoid BUG_ON() while continue reshape after reassembling (bsc#1229790).
- CVE-2024-44946: kcm: Serialise kcm_sendmsg() for the same socket (bsc#1230015).
- CVE-2024-44948: x86/mtrr: Check if fixed MTRRs exist before saving them (bsc#1230174).
- CVE-2024-44950: serial: sc16is7xx: fix invalid FIFO access with special register set (bsc#1230180).
- CVE-2024-44952: driver core: Fix uevent_show() vs driver detach race (bsc#1230178).
- CVE-2024-44954: ALSA: line6: Fix racy access to midibuf (bsc#1230176).
- CVE-2024-44969: s390/sclp: Prevent release of buffer in I/O (bsc#1230200).
- CVE-2024-44982: drm/msm/dpu: cleanup FB if dpu_format_populate_layout fails (bsc#1230204).
- CVE-2024-44987: ipv6: prevent UAF in ip6_send_skb() (bsc#1230185).
- CVE-2024-44998: atm: idt77252: prevent use after free in dequeue_rx() (bsc#1230171).
- CVE-2024-44999: gtp: pull network headers in gtp_dev_xmit() (bsc#1230233).
- CVE-2024-45008: Input: MT - limit max slots (bsc#1230248).
- CVE-2024-46673: scsi: aacraid: Fix double-free on probe failure (bsc#1230506).
- CVE-2024-46675: usb: dwc3: core: Prevent USB core invalid event buffer address access (bsc#1230533).
- CVE-2024-46676: nfc: pn533: Add poll mod list filling check (bsc#1230535).
- CVE-2024-46677: gtp: fix a potential NULL pointer dereference (bsc#1230549).
- CVE-2024-46679: ethtool: check device is present when getting link settings (bsc#1230556).
- CVE-2024-46685: pinctrl: single: fix potential NULL dereference in pcs_get_function() (bsc#1230515)
- CVE-2024-46686: smb/client: avoid dereferencing rdata=NULL in smb2_new_read_req() (bsc#1230517).
- CVE-2024-46702: thunderbolt: Mark XDomain as unplugged when router is removed (bsc#1230589)
- CVE-2024-46707: KVM: arm64: Make ICC_*SGI*_EL1 undef in the absence of a vGICv3 (bsc#1230582).
- CVE-2024-46715: driver: iio: add missing checks on iio_info's callback access (bsc#1230700).
- CVE-2024-46721: pparmor: fix possible NULL pointer dereference (bsc#1230710)
- CVE-2024-46722: drm/amdgpu: fix mc_data out-of-bounds read warning (bsc#1230712).
- CVE-2024-46723: drm/amdgpu: fix ucode out-of-bounds read warning (bsc#1230702).
- CVE-2024-46731: drm/amd/pm: fix the Out-of-bounds read warning (bsc#1230709).
- CVE-2024-46738: VMCI: Fix use-after-free when removing resource in vmci_resource_remove() (bsc#1230731).
- CVE-2024-46743: of/irq: Prevent device address out-of-bounds read in interrupt map walk (bsc#1230756).
- CVE-2024-46744: Squashfs: sanity check symbolic link size (bsc#1230747).
- CVE-2024-46745: Input: uinput - reject requests with unreasonable number of slots (bsc#1230748).
- CVE-2024-46750: PCI: Add missing bridge lock to pci_bus_lock() (bsc#1230783).
- CVE-2024-46753: btrfs: handle errors from btrfs_dec_ref() properly (bsc#1230796).
- CVE-2024-46759: hwmon: (adc128d818) Fix underflows seen when writing limit attributes (bsc#1230814).
- CVE-2024-46761: pci/hotplug/pnv_php: Fix hotplug driver crash on Powernv (bsc#1230761).
- CVE-2024-46770: ice: Add netif_device_attach/detach into PF reset flow (bsc#1230763).
- CVE-2024-46783: tcp_bpf: fix return value of tcp_bpf_sendmsg() (bsc#1230810).
- CVE-2024-46787: userfaultfd: fix checks for huge PMDs (bsc#1230815).
- CVE-2024-46822: arm64: acpi: Harden get_cpu_for_acpi_id() against missing CPU entry (bsc#1231120).
- CVE-2024-46853: spi: nxp-fspi: fix the KASAN report out-of-bounds bug (bsc#1231083).
- CVE-2024-46854: net: dpaa: Pad packets to ETH_ZLEN (bsc#1231084).
- CVE-2024-46859: platform/x86: panasonic-laptop: Fix SINF array out of bounds accesses (bsc#1231089).


Tenable has extracted the preceding description block directly from the SUSE security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

Solution

Update the affected packages.

See Also

https://bugzilla.suse.com/1054914

https://bugzilla.suse.com/1065729

https://bugzilla.suse.com/1207341

https://bugzilla.suse.com/1225316

https://bugzilla.suse.com/1226846

https://bugzilla.suse.com/1226860

https://bugzilla.suse.com/1226878

https://bugzilla.suse.com/1227487

https://bugzilla.suse.com/1227941

https://bugzilla.suse.com/1227952

https://bugzilla.suse.com/1227953

https://bugzilla.suse.com/1228000

https://bugzilla.suse.com/1228002

https://bugzilla.suse.com/1228068

https://bugzilla.suse.com/1228507

https://bugzilla.suse.com/1228615

https://bugzilla.suse.com/1228620

https://bugzilla.suse.com/1228635

https://bugzilla.suse.com/1229334

https://bugzilla.suse.com/1229362

https://bugzilla.suse.com/1229363

https://bugzilla.suse.com/1229456

https://bugzilla.suse.com/1229457

https://bugzilla.suse.com/1229633

https://bugzilla.suse.com/1229645

https://bugzilla.suse.com/1229739

https://bugzilla.suse.com/1229753

https://bugzilla.suse.com/1229764

https://bugzilla.suse.com/1229790

https://bugzilla.suse.com/1229830

https://bugzilla.suse.com/1230015

https://bugzilla.suse.com/1230151

https://bugzilla.suse.com/1230171

https://bugzilla.suse.com/1230174

https://bugzilla.suse.com/1230176

https://bugzilla.suse.com/1230178

https://bugzilla.suse.com/1230180

https://bugzilla.suse.com/1230185

https://bugzilla.suse.com/1230200

https://bugzilla.suse.com/1230204

https://bugzilla.suse.com/1230233

https://bugzilla.suse.com/1230248

https://bugzilla.suse.com/1230270

https://bugzilla.suse.com/1230398

https://bugzilla.suse.com/1230506

https://bugzilla.suse.com/1230515

https://bugzilla.suse.com/1230517

https://bugzilla.suse.com/1230533

https://bugzilla.suse.com/1230535

https://bugzilla.suse.com/1230549

https://bugzilla.suse.com/1230556

https://bugzilla.suse.com/1230582

https://bugzilla.suse.com/1230589

https://bugzilla.suse.com/1230700

https://bugzilla.suse.com/1230702

https://bugzilla.suse.com/1230709

https://bugzilla.suse.com/1230710

https://bugzilla.suse.com/1230712

https://bugzilla.suse.com/1230730

https://bugzilla.suse.com/1230731

https://bugzilla.suse.com/1230732

https://bugzilla.suse.com/1230747

https://bugzilla.suse.com/1230748

https://bugzilla.suse.com/1230756

https://bugzilla.suse.com/1230761

https://bugzilla.suse.com/1230763

https://bugzilla.suse.com/1230767

https://bugzilla.suse.com/1230771

https://bugzilla.suse.com/1230783

https://bugzilla.suse.com/1230796

https://bugzilla.suse.com/1230810

https://bugzilla.suse.com/1230814

https://bugzilla.suse.com/1230815

https://bugzilla.suse.com/1230826

https://bugzilla.suse.com/1231083

https://bugzilla.suse.com/1231084

https://bugzilla.suse.com/1231089

https://bugzilla.suse.com/1231120

https://bugzilla.suse.com/1231146

https://bugzilla.suse.com/1231184

https://lists.suse.com/pipermail/sle-updates/2024-October/037179.html

https://www.suse.com/security/cve/CVE-2021-47387

https://www.suse.com/security/cve/CVE-2022-48788

https://www.suse.com/security/cve/CVE-2022-48789

https://www.suse.com/security/cve/CVE-2022-48790

https://www.suse.com/security/cve/CVE-2022-48791

https://www.suse.com/security/cve/CVE-2022-48799

https://www.suse.com/security/cve/CVE-2022-48844

https://www.suse.com/security/cve/CVE-2022-48911

https://www.suse.com/security/cve/CVE-2022-48943

https://www.suse.com/security/cve/CVE-2022-48945

https://www.suse.com/security/cve/CVE-2023-52915

https://www.suse.com/security/cve/CVE-2024-38381

https://www.suse.com/security/cve/CVE-2024-38596

https://www.suse.com/security/cve/CVE-2024-38632

https://www.suse.com/security/cve/CVE-2024-41073

https://www.suse.com/security/cve/CVE-2024-41079

https://www.suse.com/security/cve/CVE-2024-41082

https://www.suse.com/security/cve/CVE-2024-42154

https://www.suse.com/security/cve/CVE-2024-42265

https://www.suse.com/security/cve/CVE-2024-42305

https://www.suse.com/security/cve/CVE-2024-42306

https://www.suse.com/security/cve/CVE-2024-43884

https://www.suse.com/security/cve/CVE-2024-43890

https://www.suse.com/security/cve/CVE-2024-43898

https://www.suse.com/security/cve/CVE-2024-43912

https://www.suse.com/security/cve/CVE-2024-43914

https://www.suse.com/security/cve/CVE-2024-44946

https://www.suse.com/security/cve/CVE-2024-44947

https://www.suse.com/security/cve/CVE-2024-44948

https://www.suse.com/security/cve/CVE-2024-44950

https://www.suse.com/security/cve/CVE-2024-44952

https://www.suse.com/security/cve/CVE-2024-44954

https://www.suse.com/security/cve/CVE-2024-44969

https://www.suse.com/security/cve/CVE-2024-44982

https://www.suse.com/security/cve/CVE-2024-44987

https://www.suse.com/security/cve/CVE-2024-44998

https://www.suse.com/security/cve/CVE-2024-44999

https://www.suse.com/security/cve/CVE-2024-45008

https://www.suse.com/security/cve/CVE-2024-46673

https://www.suse.com/security/cve/CVE-2024-46675

https://www.suse.com/security/cve/CVE-2024-46676

https://www.suse.com/security/cve/CVE-2024-46677

https://www.suse.com/security/cve/CVE-2024-46679

https://www.suse.com/security/cve/CVE-2024-46685

https://www.suse.com/security/cve/CVE-2024-46686

https://www.suse.com/security/cve/CVE-2024-46702

https://www.suse.com/security/cve/CVE-2024-46707

https://www.suse.com/security/cve/CVE-2024-46715

https://www.suse.com/security/cve/CVE-2024-46721

https://www.suse.com/security/cve/CVE-2024-46722

https://www.suse.com/security/cve/CVE-2024-46723

https://www.suse.com/security/cve/CVE-2024-46731

https://www.suse.com/security/cve/CVE-2024-46737

https://www.suse.com/security/cve/CVE-2024-46738

https://www.suse.com/security/cve/CVE-2024-46739

https://www.suse.com/security/cve/CVE-2024-46743

https://www.suse.com/security/cve/CVE-2024-46744

https://www.suse.com/security/cve/CVE-2024-46745

https://www.suse.com/security/cve/CVE-2024-46750

https://www.suse.com/security/cve/CVE-2024-46753

https://www.suse.com/security/cve/CVE-2024-46759

https://www.suse.com/security/cve/CVE-2024-46761

https://www.suse.com/security/cve/CVE-2024-46770

https://www.suse.com/security/cve/CVE-2024-46774

https://www.suse.com/security/cve/CVE-2024-46783

https://www.suse.com/security/cve/CVE-2024-46784

https://www.suse.com/security/cve/CVE-2024-46787

https://www.suse.com/security/cve/CVE-2024-46822

https://www.suse.com/security/cve/CVE-2024-46853

https://www.suse.com/security/cve/CVE-2024-46854

https://www.suse.com/security/cve/CVE-2024-46859

Plugin Details

Severity: High

ID: 208665

File Name: suse_SU-2024-3559-1.nasl

Version: 1.1

Type: local

Agent: unix

Published: 10/10/2024

Updated: 10/10/2024

Supported Sensors: Agentless Assessment, Continuous Assessment, Frictionless Assessment Agent, Frictionless Assessment AWS, Frictionless Assessment Azure, Nessus Agent, Nessus

Risk Information

VPR

Risk Factor: High

Score: 7.4

CVSS v2

Risk Factor: Medium

Base Score: 6.8

Temporal Score: 5.3

Vector: CVSS2#AV:L/AC:L/Au:S/C:C/I:C/A:C

CVSS Score Source: CVE-2024-46859

CVSS v3

Risk Factor: High

Base Score: 7.8

Temporal Score: 7

Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Temporal Vector: CVSS:3.0/E:P/RL:O/RC:C

Vulnerability Information

CPE: cpe:/o:novell:suse_linux:12, p-cpe:/a:novell:suse_linux:kernel-default-base, p-cpe:/a:novell:suse_linux:kernel-default-kgraft-devel, p-cpe:/a:novell:suse_linux:kernel-macros, p-cpe:/a:novell:suse_linux:kernel-default-devel, p-cpe:/a:novell:suse_linux:cluster-md-kmp-default, p-cpe:/a:novell:suse_linux:gfs2-kmp-default, p-cpe:/a:novell:suse_linux:kernel-default, p-cpe:/a:novell:suse_linux:kernel-devel, p-cpe:/a:novell:suse_linux:kernel-default-extra, p-cpe:/a:novell:suse_linux:kernel-obs-build, p-cpe:/a:novell:suse_linux:kernel-syms, p-cpe:/a:novell:suse_linux:ocfs2-kmp-default, p-cpe:/a:novell:suse_linux:kernel-default-kgraft, p-cpe:/a:novell:suse_linux:dlm-kmp-default, p-cpe:/a:novell:suse_linux:kernel-source, p-cpe:/a:novell:suse_linux:kgraft-patch-4_12_14-122_231-default, p-cpe:/a:novell:suse_linux:kernel-default-man

Required KB Items: Host/local_checks_enabled, Host/cpu, Host/SuSE/release, Host/SuSE/rpm-list

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 10/9/2024

Vulnerability Publication Date: 3/7/2022

Reference Information

CVE: CVE-2021-47387, CVE-2022-48788, CVE-2022-48789, CVE-2022-48790, CVE-2022-48791, CVE-2022-48799, CVE-2022-48844, CVE-2022-48911, CVE-2022-48943, CVE-2022-48945, CVE-2023-52915, CVE-2024-38381, CVE-2024-38596, CVE-2024-38632, CVE-2024-41073, CVE-2024-41079, CVE-2024-41082, CVE-2024-42154, CVE-2024-42265, CVE-2024-42305, CVE-2024-42306, CVE-2024-43884, CVE-2024-43890, CVE-2024-43898, CVE-2024-43912, CVE-2024-43914, CVE-2024-44946, CVE-2024-44947, CVE-2024-44948, CVE-2024-44950, CVE-2024-44952, CVE-2024-44954, CVE-2024-44969, CVE-2024-44982, CVE-2024-44987, CVE-2024-44998, CVE-2024-44999, CVE-2024-45008, CVE-2024-46673, CVE-2024-46675, CVE-2024-46676, CVE-2024-46677, CVE-2024-46679, CVE-2024-46685, CVE-2024-46686, CVE-2024-46702, CVE-2024-46707, CVE-2024-46715, CVE-2024-46721, CVE-2024-46722, CVE-2024-46723, CVE-2024-46731, CVE-2024-46737, CVE-2024-46738, CVE-2024-46739, CVE-2024-46743, CVE-2024-46744, CVE-2024-46745, CVE-2024-46750, CVE-2024-46753, CVE-2024-46759, CVE-2024-46761, CVE-2024-46770, CVE-2024-46774, CVE-2024-46783, CVE-2024-46784, CVE-2024-46787, CVE-2024-46822, CVE-2024-46853, CVE-2024-46854, CVE-2024-46859

SuSE: SUSE-SU-2024:3559-1