SUSE SLES15 / openSUSE 15 Security Update : kernel (SUSE-SU-2024:3983-1)

critical Nessus Plugin ID 210933

Language:

Synopsis

The remote SUSE host is missing one or more security updates.

Description

The remote SUSE Linux SLES15 / SLES_SAP15 / openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2024:3983-1 advisory.

The SUSE Linux Enterprise 15 SP5 Azure kernel was updated to receive various security bugfixes.

The following security bugs were fixed:

- CVE-2022-48879: efi: fix NULL-deref in init error path (bsc#1229556).
- CVE-2022-48956: ipv6: avoid use-after-free in ip6_fragment() (bsc#1231893).
- CVE-2022-48957: dpaa2-switch: Fix memory leak in dpaa2_switch_acl_entry_add() and dpaa2_switch_acl_entry_remove() (bsc#1231973).
- CVE-2022-48958: ethernet: aeroflex: fix potential skb leak in greth_init_rings() (bsc#1231889).
- CVE-2022-48959: net: dsa: sja1105: fix memory leak in sja1105_setup_devlink_regions() (bsc#1231976).
- CVE-2022-48960: net: hisilicon: Fix potential use-after-free in hix5hd2_rx() (bsc#1231979).
- CVE-2022-48962: net: hisilicon: Fix potential use-after-free in hisi_femac_rx() (bsc#1232286).
- CVE-2022-48966: net: mvneta: Fix an out of bounds check (bsc#1232191).
- CVE-2022-48980: net: dsa: sja1105: avoid out of bounds access in sja1105_init_l2_policing() (bsc#1232233).
- CVE-2022-48991: mm/khugepaged: fix collapse_pte_mapped_thp() to allow anon_vma (bsc#1232070 git-fix prerequisity).
- CVE-2022-49015: net: hsr: Fix potential use-after-free (bsc#1231938).
- CVE-2022-49017: tipc: re-fetch skb cb after tipc_msg_validate (bsc#1232004).
- CVE-2022-49020: net/9p: Fix a potential socket leak in p9_socket_open (bsc#1232175).
- CVE-2024-36244: net/sched: taprio: extend minimum interval restriction to entire cycle too (bsc#1226797).
- CVE-2024-36957: octeontx2-af: avoid off-by-one read from userspace (bsc#1225762).
- CVE-2024-39476: md/raid5: fix deadlock that raid5d() wait for itself to clear MD_SB_CHANGE_PENDING (bsc#1227437).
- CVE-2024-40965: i2c: lpi2c: Avoid calling clk_get_rate during transfer (bsc#1227885).
- CVE-2024-42226: Prevent potential failure in handle_tx_event() for Transfer events without TRB (bsc#1228709).
- CVE-2024-42253: gpio: pca953x: fix pca953x_irq_bus_sync_unlock race (bsc#1229005 stable-fixes).
- CVE-2024-44931: gpio: prevent potential speculation leaks in gpio_device_get_desc() (bsc#1229837 stable- fixes).
- CVE-2024-44958: sched/smt: Fix unbalance sched_smt_present dec/inc (bsc#1230179).
- CVE-2024-45016: netem: fix return value if duplicate enqueue fails (bsc#1230429).
- CVE-2024-45025: fix bitmap corruption on close_range() with CLOSE_RANGE_UNSHARE (bsc#1230456).
- CVE-2024-46716: dmaengine: altera-msgdma: properly free descriptor in msgdma_free_descriptor (bsc#1230715).
- CVE-2024-46754: bpf: Remove tst_run from lwt_seg6local_prog_ops (bsc#1230801).
- CVE-2024-46777: udf: Avoid excessive partition lengths (bsc#1230773).
- CVE-2024-46809: drm/amd/display: Check BIOS images before it is used (bsc#1231148).
- CVE-2024-46811: drm/amd/display: Fix index may exceed array range within fpu_update_bw_bounding_box (bsc#1231179).
- CVE-2024-46813: drm/amd/display: Check link_index before accessing dc->links (bsc#1231191).
- CVE-2024-46814: drm/amd/display: Check msg_id before processing transcation (bsc#1231193).
- CVE-2024-46815: drm/amd/display: Check num_valid_sets before accessing reader_wm_sets (bsc#1231195).
- CVE-2024-46816: drm/amd/display: Stop amdgpu_dm initialize when link nums greater than max_links (bsc#1231197).
- CVE-2024-46817: drm/amd/display: Stop amdgpu_dm initialize when stream nums greater than 6 (bsc#1231200).
- CVE-2024-46818: drm/amd/display: Check gpio_id before used as array index (bsc#1231203).
- CVE-2024-46828: uprobes: fix kernel info leak via '[uprobes]' vma (bsc#1231114).
- CVE-2024-46834: ethtool: fail closed if we can't get max channel used in indirection tables (bsc#1231096).
- CVE-2024-46840: btrfs: clean up our handling of refs == 0 in snapshot delete (bsc#1231105).
- CVE-2024-46841: btrfs: do not BUG_ON on ENOMEM from btrfs_lookup_extent_info() in walk_down_proc() (bsc#1231094).
- CVE-2024-46848: perf/x86/intel: Limit the period on Haswell (bsc#1231072).
- CVE-2024-46849: ASoC: meson: axg-card: fix 'use-after-free' (bsc#1231073).
- CVE-2024-47660: fsnotify: clear PARENT_WATCHED flags lazily (bsc#1231439).
- CVE-2024-47661: drm/amd/display: Avoid overflow from uint32_t to uint8_t (bsc#1231496).
- CVE-2024-47664: spi: hisi-kunpeng: Add verification for the max_frequency provided by the firmware (bsc#1231442).
- CVE-2024-47668: lib/generic-radix-tree.c: Fix rare race in __genradix_ptr_alloc() (bsc#1231502).
- CVE-2024-47672: wifi: iwlwifi: mvm: do not wait for tx queues if firmware is dead (bsc#1231540).
- CVE-2024-47673: wifi: iwlwifi: mvm: pause TCM when the firmware is stopped (bsc#1231539).
- CVE-2024-47674: mm: avoid leaving partial pfn mappings around in error case (bsc#1231673).
- CVE-2024-47684: tcp: check skb is non-NULL in tcp_rto_delta_us() (bsc#1231987).
- CVE-2024-47685: netfilter: nf_reject_ipv6: fix nf_reject_ip6_tcphdr_put() (bsc#1231998).
- CVE-2024-47692: nfsd: return -EINVAL when namelen is 0 (bsc#1231857).
- CVE-2024-47704: drm/amd/display: Check link_res->hpo_dp_link_enc before using it (bsc#1231944).
- CVE-2024-47705: block: fix potential invalid pointer dereference in blk_add_partition (bsc#1231872).
- CVE-2024-47706: block, bfq: fix possible UAF for bfqq->bic with merge chain (bsc#1231942).
- CVE-2024-47707: ipv6: avoid possible NULL deref in rt6_uncached_list_flush_dev() (bsc#1231935).
- CVE-2024-47710: sock_map: Add a cond_resched() in sock_hash_free() (bsc#1232049).
- CVE-2024-47720: drm/amd/display: Add null check for set_output_gamma in dcn30_set_output_transfer_func (bsc#1232043).
- CVE-2024-47727: x86/tdx: Fix 'in-kernel MMIO' check (bsc#1232116).
- CVE-2024-47730: crypto: hisilicon/qm - inject error before stopping queue (bsc#1232075).
- CVE-2024-47738: wifi: mac80211: do not use rate mask for offchannel TX either (bsc#1232114).
- CVE-2024-47739: padata: use integer wrap around to prevent deadlock on seq_nr overflow (bsc#1232124).
- CVE-2024-47745: mm: split critical region in remap_file_pages() and invoke LSMs in between (bsc#1232135).
- CVE-2024-47747: net: seeq: Fix use after free vulnerability in ether3 Driver Due to Race Condition (bsc#1232145).
- CVE-2024-47748: vhost_vdpa: assign irq bypass producer token correctly (bsc#1232174).
- CVE-2024-49860: ACPI: sysfs: validate return type of _STR method (bsc#1231861).
- CVE-2024-49866: tracing/timerlat: Fix a race during cpuhp processing (bsc#1232259).
- CVE-2024-49881: ext4: update orig_path in ext4_find_extent() (bsc#1232201).
- CVE-2024-49882: ext4: fix double brelse() the buffer of the extents path (bsc#1232200).
- CVE-2024-49883: ext4: aovid use-after-free in ext4_ext_insert_extent() (bsc#1232199).
- CVE-2024-49886: platform/x86: ISST: Fix the KASAN report slab-out-of-bounds bug (bsc#1232196).
- CVE-2024-49890: drm/amd/pm: ensure the fw_info is not null before using it (bsc#1232217).
- CVE-2024-49892: drm/amd/display: Initialize get_bytes_per_element's default to 1 (bsc#1232220).
- CVE-2024-49896: drm/amd/display: Check stream before comparing them (bsc#1232221).
- CVE-2024-49897: drm/amd/display: Check phantom_stream before it is used (bsc#1232355).
- CVE-2024-49899: drm/amd/display: Initialize denominators' default to 1 (bsc#1232358).
- CVE-2024-49901: drm/msm/adreno: Assign msm_gpu->pdev earlier to avoid nullptrs (bsc#1232305).
- CVE-2024-49906: drm/amd/display: Check null pointer before try to access it (bsc#1232332).
- CVE-2024-49909: drm/amd/display: Add NULL check for function pointer in dcn32_set_output_transfer_func (bsc#1232337).
- CVE-2024-49911: drm/amd/display: Add NULL check for function pointer in dcn20_set_output_transfer_func (bsc#1232366).
- CVE-2024-49914: drm/amd/display: Add null check for pipe_ctx->plane_state in (bsc#1232369).
- CVE-2024-49917: drm/amd/display: Add NULL check for clk_mgr and clk_mgr->funcs in dcn30_init_hw (bsc#1231965).
- CVE-2024-49918: drm/amd/display: Add null check for head_pipe in dcn32_acquire_idle_pipe_for_head_pipe_in_layer (bsc#1231967).
- CVE-2024-49919: drm/amd/display: Add null check for head_pipe in dcn201_acquire_free_pipe_for_layer (bsc#1231968).
- CVE-2024-49920: drm/amd/display: Check null pointers before multiple uses (bsc#1232313).
- CVE-2024-49922: drm/amd/display: Check null pointers before using them (bsc#1232374).
- CVE-2024-49923: drm/amd/display: Pass non-null to dcn20_validate_apply_pipe_split_flags (bsc#1232361).
- CVE-2024-49929: wifi: iwlwifi: mvm: avoid NULL pointer dereference (bsc#1232253).
- CVE-2024-49930: wifi: ath11k: fix array out-of-bound access in SoC stats (bsc#1232260).
- CVE-2024-49933: blk_iocost: fix more out of bound shifts (bsc#1232368).
- CVE-2024-49936: net/xen-netback: prevent UAF in xenvif_flush_hash() (bsc#1232424).
- CVE-2024-49939: wifi: rtw89: avoid to add interface to list twice when SER (bsc#1232381).
- CVE-2024-49946: ppp: do not assume bh is held in ppp_channel_bridge_input() (bsc#1232164).
- CVE-2024-49949: net: avoid potential underflow in qdisc_pkt_len_init() with UFO (bsc#1232160).
- CVE-2024-49954: static_call: Replace pointless WARN_ON() in static_call_module_notify() (bsc#1232155).
- CVE-2024-49955: ACPI: battery: Fix possible crash when unregistering a battery hook (bsc#1232154).
- CVE-2024-49958: ocfs2: reserve space for inline xattr before attaching reflink tree (bsc#1232151).
- CVE-2024-49959: jbd2: stop waiting for space when jbd2_cleanup_journal_tail() returns error (bsc#1232149).
- CVE-2024-49960: ext4: fix timer use-after-free on failed mount (bsc#1232395).
- CVE-2024-49967: ext4: no need to continue when the number of entries is 1 (bsc#1232140).
- CVE-2024-49969: drm/amd/display: Fix index out of bounds in DCN30 color transformation (bsc#1232519).
- CVE-2024-49973: r8169: add tally counter fields added with RTL8125 (bsc#1232105).
- CVE-2024-49974: NFSD: Force all NFSv4.2 COPY requests to be synchronous (bsc#1232383).
- CVE-2024-49975: uprobes: fix kernel info leak via '[uprobes]' vma (bsc#1232104).
- CVE-2024-49991: drm/amdkfd: amdkfd_free_gtt_mem clear the correct pointer (bsc#1232282).
- CVE-2024-49993: iommu/vt-d: Fix potential lockup if qi_submit_sync called with 0 count (bsc#1232316).
- CVE-2024-49995: tipc: guard against string buffer overrun (bsc#1232432).
- CVE-2024-49996: cifs: Fix buffer overflow when parsing NFS reparse points (bsc#1232089).
- CVE-2024-50000: net/mlx5e: Fix NULL deref in mlx5e_tir_builder_alloc() (bsc#1232085).
- CVE-2024-50001: net/mlx5: Fix error path in multi-packet WQE transmit (bsc#1232084).
- CVE-2024-50002: static_call: Handle module init failure correctly in static_call_del_module() (bsc#1232083).
- CVE-2024-50006: ext4: fix i_data_sem unlock order in ext4_ind_migrate() (bsc#1232442).
- CVE-2024-50014: ext4: fix access to uninitialised lock in fc replay path (bsc#1232446).
- CVE-2024-50019: kthread: unpark only parked kthread (bsc#1231990).
- CVE-2024-50024: net: Fix an unsafe loop on the list (bsc#1231954).
- CVE-2024-50028: thermal: core: Reference count the zone in thermal_zone_get_by_id() (bsc#1231950).
- CVE-2024-50033: slip: make slhc_remember() more robust against malicious packets (bsc#1231914).
- CVE-2024-50035: ppp: fix ppp_async_encode() illegal access (bsc#1232392).
- CVE-2024-50041: i40e: Fix macvlan leak by synchronizing access to mac_filter_hash (bsc#1231907).
- CVE-2024-50045: netfilter: br_netfilter: fix panic with metadata_dst skb (bsc#1231903).
- CVE-2024-50046: kabi fix for NFSv4: Prevent NULL-pointer dereference in nfs42_complete_copies() (bsc#1231902).
- CVE-2024-50047: smb: client: fix UAF in async decryption (bsc#1232418).
- CVE-2024-50048: fbcon: Fix a NULL pointer dereference issue in fbcon_putcs (bsc#1232310).
- CVE-2024-50055: driver core: bus: Fix double free in driver API bus_register() (bsc#1232329).
- CVE-2024-50058: serial: protect uart_port_dtr_rts() in uart_shutdown() too (bsc#1232285).
- CVE-2024-50059: ntb: ntb_hw_switchtec: Fix use after free vulnerability in switchtec_ntb_remove due to race condition (bsc#1232345).
- CVE-2024-50061: i3c: master: cdns: Fix use after free vulnerability in cdns_i3c_master Driver Due to Race Condition (bsc#1232263).
- CVE-2024-50063: kABI: bpf: struct bpf_map kABI workaround (bsc#1232435).
- CVE-2024-50081: blk-mq: setup queue ->tag_set before initializing hctx (bsc#1232501).

Tenable has extracted the preceding description block directly from the SUSE security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

Solution

Update the affected packages.

Plugin Details

Severity: Critical

ID: 210933

File Name: suse_SU-2024-3983-1.nasl

Version: 1.2

Type: local

Agent: unix

Family: SuSE Local Security Checks

Published: 11/14/2024

Updated: 11/15/2024

Supported Sensors: Frictionless Assessment AWS, Frictionless Assessment Azure, Frictionless Assessment Agent, Nessus Agent, Agentless Assessment, Continuous Assessment, Nessus

Risk Information

VPR

Risk Factor: High

Score: 7.4

CVSS v2

Risk Factor: High

Base Score: 9.4

Temporal Score: 7.4

Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:N/A:C

CVSS Score Source: CVE-2024-47685

CVSS v3

Risk Factor: Critical

Base Score: 9.1

Temporal Score: 8.2

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H

Temporal Vector: CVSS:3.0/E:P/RL:O/RC:C

Vulnerability Information

CPE: p-cpe:/a:novell:suse_linux:kernel-source-azure, p-cpe:/a:novell:suse_linux:kernel-syms-azure, p-cpe:/a:novell:suse_linux:kernel-azure-devel, p-cpe:/a:novell:suse_linux:kernel-devel-azure, p-cpe:/a:novell:suse_linux:kernel-azure, cpe:/o:novell:suse_linux:15

Required KB Items: Host/local_checks_enabled, Host/cpu, Host/SuSE/release, Host/SuSE/rpm-list

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 11/13/2024

Vulnerability Publication Date: 10/8/2022

Reference Information

CVE: CVE-2021-47416, CVE-2021-47534, CVE-2022-3435, CVE-2022-45934, CVE-2022-48664, CVE-2022-48879, CVE-2022-48946, CVE-2022-48947, CVE-2022-48948, CVE-2022-48949, CVE-2022-48951, CVE-2022-48953, CVE-2022-48954, CVE-2022-48955, CVE-2022-48956, CVE-2022-48957, CVE-2022-48958, CVE-2022-48959, CVE-2022-48960, CVE-2022-48961, CVE-2022-48962, CVE-2022-48966, CVE-2022-48967, CVE-2022-48968, CVE-2022-48969, CVE-2022-48970, CVE-2022-48971, CVE-2022-48972, CVE-2022-48973, CVE-2022-48975, CVE-2022-48977, CVE-2022-48978, CVE-2022-48980, CVE-2022-48981, CVE-2022-48985, CVE-2022-48987, CVE-2022-48988, CVE-2022-48991, CVE-2022-48992, CVE-2022-48994, CVE-2022-48995, CVE-2022-48997, CVE-2022-48999, CVE-2022-49000, CVE-2022-49002, CVE-2022-49003, CVE-2022-49005, CVE-2022-49006, CVE-2022-49007, CVE-2022-49010, CVE-2022-49011, CVE-2022-49012, CVE-2022-49014, CVE-2022-49015, CVE-2022-49016, CVE-2022-49017, CVE-2022-49019, CVE-2022-49020, CVE-2022-49021, CVE-2022-49022, CVE-2022-49023, CVE-2022-49024, CVE-2022-49025, CVE-2022-49026, CVE-2022-49027, CVE-2022-49028, CVE-2022-49029, CVE-2022-49031, CVE-2022-49032, CVE-2023-2166, CVE-2023-28327, CVE-2023-52766, CVE-2023-52800, CVE-2023-52881, CVE-2023-52919, CVE-2023-6270, CVE-2024-27043, CVE-2024-36244, CVE-2024-36957, CVE-2024-39476, CVE-2024-40965, CVE-2024-42145, CVE-2024-42226, CVE-2024-42253, CVE-2024-44931, CVE-2024-44947, CVE-2024-44958, CVE-2024-45016, CVE-2024-45025, CVE-2024-46716, CVE-2024-46719, CVE-2024-46754, CVE-2024-46777, CVE-2024-46809, CVE-2024-46811, CVE-2024-46813, CVE-2024-46814, CVE-2024-46815, CVE-2024-46816, CVE-2024-46817, CVE-2024-46818, CVE-2024-46828, CVE-2024-46834, CVE-2024-46840, CVE-2024-46841, CVE-2024-46848, CVE-2024-46849, CVE-2024-47660, CVE-2024-47661, CVE-2024-47664, CVE-2024-47668, CVE-2024-47672, CVE-2024-47673, CVE-2024-47674, CVE-2024-47684, CVE-2024-47685, CVE-2024-47692, CVE-2024-47704, CVE-2024-47705, CVE-2024-47706, CVE-2024-47707, CVE-2024-47710, CVE-2024-47720, CVE-2024-47727, CVE-2024-47730, CVE-2024-47738, CVE-2024-47739, CVE-2024-47745, CVE-2024-47747, CVE-2024-47748, CVE-2024-49858, CVE-2024-49860, CVE-2024-49866, CVE-2024-49867, CVE-2024-49881, CVE-2024-49882, CVE-2024-49883, CVE-2024-49886, CVE-2024-49890, CVE-2024-49892, CVE-2024-49894, CVE-2024-49895, CVE-2024-49896, CVE-2024-49897, CVE-2024-49899, CVE-2024-49901, CVE-2024-49906, CVE-2024-49908, CVE-2024-49909, CVE-2024-49911, CVE-2024-49912, CVE-2024-49913, CVE-2024-49914, CVE-2024-49917, CVE-2024-49918, CVE-2024-49919, CVE-2024-49920, CVE-2024-49922, CVE-2024-49923, CVE-2024-49929, CVE-2024-49930, CVE-2024-49933, CVE-2024-49936, CVE-2024-49939, CVE-2024-49946, CVE-2024-49949, CVE-2024-49954, CVE-2024-49955, CVE-2024-49958, CVE-2024-49959, CVE-2024-49960, CVE-2024-49962, CVE-2024-49967, CVE-2024-49969, CVE-2024-49973, CVE-2024-49974, CVE-2024-49975, CVE-2024-49982, CVE-2024-49991, CVE-2024-49993, CVE-2024-49995, CVE-2024-49996, CVE-2024-50000, CVE-2024-50001, CVE-2024-50002, CVE-2024-50006, CVE-2024-50014, CVE-2024-50019, CVE-2024-50024, CVE-2024-50028, CVE-2024-50033, CVE-2024-50035, CVE-2024-50041, CVE-2024-50045, CVE-2024-50046, CVE-2024-50047, CVE-2024-50048, CVE-2024-50049, CVE-2024-50055, CVE-2024-50058, CVE-2024-50059, CVE-2024-50061, CVE-2024-50063, CVE-2024-50081

SuSE: SUSE-SU-2024:3983-1

Detections

Analytics