SUSE SLES12 Security Update : kernel (SUSE-SU-2024:4100-1)

critical Nessus Plugin ID 212567

Synopsis

The remote SUSE host is missing one or more security updates.

Description

The remote SUSE Linux SLES12 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2024:4100-1 advisory.

The SUSE Linux Enterprise 12 SP5 kernel was updated to receive various security bugfixes.

The Linux Enterprise 12 SP5 kernel turned LTSS (Extended Security)

The following security bugs were fixed:

- CVE-2021-46936: Fixed use-after-free in tw_timer_handler() (bsc#1220439).
- CVE-2021-47163: kABI fix for tipc: wait and exit until all work queues are done (bsc#1221980).
- CVE-2021-47612: nfc: fix segfault in nfc_genl_dump_devices_done (bsc#1226585).
- CVE-2022-48809: net: fix a memleak when uncloning an skb dst and its metadata (bsc#1227947).
- CVE-2022-48951: ASoC: ops: Correct bounds check for second channel on SX controls (bsc#1231929).
- CVE-2022-48956: ipv6: avoid use-after-free in ip6_fragment() (bsc#1231893).
- CVE-2022-48958: ethernet: aeroflex: fix potential skb leak in greth_init_rings() (bsc#1231889).
- CVE-2022-48960: net: hisilicon: Fix potential use-after-free in hix5hd2_rx() (bsc#1231979).
- CVE-2022-48962: net: hisilicon: Fix potential use-after-free in hisi_femac_rx() (bsc#1232286).
- CVE-2022-48966: net: mvneta: Fix an out of bounds check (bsc#1232191).
- CVE-2022-48967: NFC: nci: Bounds check struct nfc_target arrays (bsc#1232304).
- CVE-2022-48971: Bluetooth: Fix not cleanup led when bt_init fails (bsc#1232037).
- CVE-2022-48972: mac802154: fix missing INIT_LIST_HEAD in ieee802154_if_add() (bsc#1232025).
- CVE-2022-48973: gpio: amd8111: Fix PCI device reference count leak (bsc#1232039).
- CVE-2022-48978: HID: core: fix shift-out-of-bounds in hid_report_raw_event (bsc#1232038).
- CVE-2022-48991: mm/khugepaged: invoke MMU notifiers in shmem/file collapse paths (bsc#1232070).
- CVE-2022-48992: ASoC: soc-pcm: Add NULL check in BE reparenting (bsc#1232071).
- CVE-2022-49000: iommu/vt-d: Fix PCI device refcount leak in has_external_pci() (bsc#1232123).
- CVE-2022-49002: iommu/vt-d: Fix PCI device refcount leak in dmar_dev_scope_init() (bsc#1232133).
- CVE-2022-49010: hwmon: (coretemp) Check for null before removing sysfs attrs (bsc#1232172).
- CVE-2022-49011: hwmon: (coretemp) fix pci device refcount leak in nv1a_ram_new() (bsc#1232006).
- CVE-2022-49014: net: tun: Fix use-after-free in tun_detach() (bsc#1231890).
- CVE-2022-49015: net: hsr: Fix potential use-after-free (bsc#1231938).
- CVE-2022-49020: net/9p: Fix a potential socket leak in p9_socket_open (bsc#1232175).
- CVE-2022-49021: net: phy: fix null-ptr-deref while probe() failed (bsc#1231939).
- CVE-2022-49026: e100: Fix possible use after free in e100_xmit_prepare (bsc#1231997).
- CVE-2022-49027: iavf: Fix error handling in iavf_init_module() (bsc#1232007).
- CVE-2022-49028: ixgbevf: Fix resource leak in ixgbevf_init_module() (bsc#1231996).
- CVE-2022-49029: hwmon: (ibmpex) Fix possible UAF when ibmpex_register_bmc() fails (bsc#1231995).
- CVE-2023-52898: xhci: Fix null pointer dereference when host dies (bsc#1229568).
- CVE-2023-52918: media: pci: cx23885: check cx23885_vdev_init() return (bsc#1232047).
- CVE-2024-26804: net: ip_tunnel: prevent perpetual headroom growth (bsc#1222629).
- CVE-2024-38538: net: bridge: xmit: make sure we have at least eth header len bytes (bsc#1226606).
- CVE-2024-39476: md/raid5: fix deadlock that raid5d() wait for itself to clear MD_SB_CHANGE_PENDING (bsc#1227437).
- CVE-2024-40965: i2c: lpi2c: Avoid calling clk_get_rate during transfer (bsc#1227885).
- CVE-2024-41082: nvme-fabrics: use reserved tag for reg read/write command (bsc#1228620).
- CVE-2024-42114: netlink: extend policy range validation (bsc#1228564 prerequisite).
- CVE-2024-42253: gpio: pca953x: fix pca953x_irq_bus_sync_unlock race (bsc#1229005 stable-fixes).
- CVE-2024-44931: gpio: prevent potential speculation leaks in gpio_device_get_desc() (bsc#1229837 stable- fixes).
- CVE-2024-44958: sched/smt: Fix unbalance sched_smt_present dec/inc (bsc#1230179).
- CVE-2024-46724: drm/amdgpu: Fix out-of-bounds read of df_v1_7_channel_number (bsc#1230725).
- CVE-2024-46755: wifi: mwifiex: Do not return unused priv in mwifiex_get_priv_by_id() (bsc#1230802).
- CVE-2024-46802: drm/amd/display: added NULL check at start of dc_validate_stream (bsc#1231111).
- CVE-2024-46809: drm/amd/display: Check BIOS images before it is used (bsc#1231148).
- CVE-2024-46813: drm/amd/display: Check link_index before accessing dc->links (bsc#1231191).
- CVE-2024-46816: drm/amd/display: Stop amdgpu_dm initialize when link nums greater than max_links (bsc#1231197).
- CVE-2024-46818: drm/amd/display: Check gpio_id before used as array index (bsc#1231203).
- CVE-2024-46826: ELF: fix kernel.randomize_va_space double read (bsc#1231115).
- CVE-2024-46834: ethtool: fail closed if we can't get max channel used in indirection tables (bsc#1231096).
- CVE-2024-46840: btrfs: clean up our handling of refs == 0 in snapshot delete (bsc#1231105).
- CVE-2024-46841: btrfs: do not BUG_ON on ENOMEM from btrfs_lookup_extent_info() in walk_down_proc() (bsc#1231094).
- CVE-2024-46848: perf/x86/intel: Limit the period on Haswell (bsc#1231072).
- CVE-2024-47672: wifi: iwlwifi: mvm: do not wait for tx queues if firmware is dead (bsc#1231540).
- CVE-2024-47673: wifi: iwlwifi: mvm: pause TCM when the firmware is stopped (bsc#1231539).
- CVE-2024-47674: mm: avoid leaving partial pfn mappings around in error case (bsc#1231673).
- CVE-2024-47684: tcp: check skb is non-NULL in tcp_rto_delta_us() (bsc#1231987).
- CVE-2024-47685: netfilter: nf_reject_ipv6: fix nf_reject_ip6_tcphdr_put() (bsc#1231998).
- CVE-2024-47697: drivers: media: dvb-frontends/rtl2830: fix an out-of-bounds write error (bsc#1231858).
- CVE-2024-47698: drivers: media: dvb-frontends/rtl2832: fix an out-of-bounds write error (bsc#1231859).
- CVE-2024-47706: block, bfq: fix possible UAF for bfqq->bic with merge chain (bsc#1231942).
- CVE-2024-47707: ipv6: avoid possible NULL deref in rt6_uncached_list_flush_dev() (bsc#1231935).
- CVE-2024-47713: wifi: mac80211: use two-phase skb reclamation in ieee80211_do_stop() (bsc#1232016).
- CVE-2024-47735: RDMA/hns: Fix spin_unlock_irqrestore() called with IRQs enabled (bsc#1232111).
- CVE-2024-47737: nfsd: call cache_put if xdr_reserve_space returns NULL (bsc#1232056).
- CVE-2024-47742: firmware_loader: Block path traversal (bsc#1232126).
- CVE-2024-47745: mm: split critical region in remap_file_pages() and invoke LSMs in between (bsc#1232135).
- CVE-2024-49851: tpm: Clean up TPM space after command failure (bsc#1232134).
- CVE-2024-49860: ACPI: sysfs: validate return type of _STR method (bsc#1231861).
- CVE-2024-49881: ext4: update orig_path in ext4_find_extent() (bsc#1232201).
- CVE-2024-49882: ext4: fix double brelse() the buffer of the extents path (bsc#1232200).
- CVE-2024-49883: ext4: aovid use-after-free in ext4_ext_insert_extent() (bsc#1232199).
- CVE-2024-49890: drm/amd/pm: ensure the fw_info is not null before using it (bsc#1232217).
- CVE-2024-49891: scsi: lpfc: Validate hdwq pointers before dereferencing in reset/errata paths (bsc#1232218).
- CVE-2024-49894: drm/amd/display: Fix index out of bounds in degamma hardware format translation (bsc#1232354).
- CVE-2024-49896: drm/amd/display: Check stream before comparing them (bsc#1232221).
- CVE-2024-49901: drm/msm/adreno: Assign msm_gpu->pdev earlier to avoid nullptrs (bsc#1232305).
- CVE-2024-49920: drm/amd/display: Check null pointers before multiple uses (bsc#1232313).
- CVE-2024-49929: wifi: iwlwifi: mvm: avoid NULL pointer dereference (bsc#1232253).
- CVE-2024-49936: net/xen-netback: prevent UAF in xenvif_flush_hash() (bsc#1232424).
- CVE-2024-49949: net: avoid potential underflow in qdisc_pkt_len_init() with UFO (bsc#1232160).
- CVE-2024-49958: ocfs2: reserve space for inline xattr before attaching reflink tree (bsc#1232151).
- CVE-2024-49959: jbd2: stop waiting for space when jbd2_cleanup_journal_tail() returns error (bsc#1232149).
- CVE-2024-49962: ACPICA: check null return of ACPI_ALLOCATE_ZEROED() in acpi_db_convert_to_package() (bsc#1232314).
- CVE-2024-49966: ocfs2: cancel dqi_sync_work before freeing oinfo (bsc#1232141).
- CVE-2024-49967: ext4: no need to continue when the number of entries is 1 (bsc#1232140).
- CVE-2024-49991: drm/amdkfd: amdkfd_free_gtt_mem clear the correct pointer (bsc#1232282).
- CVE-2024-49995: tipc: guard against string buffer overrun (bsc#1232432).
- CVE-2024-49996: cifs: Fix buffer overflow when parsing NFS reparse points (bsc#1232089).
- CVE-2024-50006: ext4: fix i_data_sem unlock order in ext4_ind_migrate() (bsc#1232442).
- CVE-2024-50007: ALSA: asihpi: Fix potential OOB array access (bsc#1232394).
- CVE-2024-50024: net: Fix an unsafe loop on the list (bsc#1231954).
- CVE-2024-50033: slip: make slhc_remember() more robust against malicious packets (bsc#1231914).
- CVE-2024-50035: ppp: fix ppp_async_encode() illegal access (bsc#1232392).
- CVE-2024-50045: netfilter: br_netfilter: fix panic with metadata_dst skb (bsc#1231903).
- CVE-2024-50047: smb: client: fix UAF in async decryption (bsc#1232418).
- CVE-2024-50058: serial: protect uart_port_dtr_rts() in uart_shutdown() too (bsc#1232285).

Tenable has extracted the preceding description block directly from the SUSE security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

Solution

Update the affected packages.

Plugin Details

Severity: Critical

ID: 212567

File Name: suse_SU-2024-4100-1.nasl

Version: 1.1

Type: local

Agent: unix

Family: SuSE Local Security Checks

Published: 12/12/2024

Updated: 12/12/2024

Supported Sensors: Continuous Assessment, Nessus Agent, Nessus

Risk Information

VPR

Risk Factor: High

Score: 7.4

CVSS v2

Risk Factor: High

Base Score: 9.4

Temporal Score: 7.4

Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:N/A:C

CVSS Score Source: CVE-2024-47685

CVSS v3

Risk Factor: Critical

Base Score: 9.1

Temporal Score: 8.2

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H

Temporal Vector: CVSS:3.0/E:P/RL:O/RC:C

Vulnerability Information

CPE: cpe:/o:novell:suse_linux:12, p-cpe:/a:novell:suse_linux:kernel-default-base, p-cpe:/a:novell:suse_linux:kgraft-patch-4_12_14-122_234-default, p-cpe:/a:novell:suse_linux:kernel-default-kgraft-devel, p-cpe:/a:novell:suse_linux:kernel-macros, p-cpe:/a:novell:suse_linux:kernel-default-devel, p-cpe:/a:novell:suse_linux:cluster-md-kmp-default, p-cpe:/a:novell:suse_linux:gfs2-kmp-default, p-cpe:/a:novell:suse_linux:kernel-default, p-cpe:/a:novell:suse_linux:kernel-devel, p-cpe:/a:novell:suse_linux:kernel-syms, p-cpe:/a:novell:suse_linux:ocfs2-kmp-default, p-cpe:/a:novell:suse_linux:kernel-default-kgraft, p-cpe:/a:novell:suse_linux:dlm-kmp-default, p-cpe:/a:novell:suse_linux:kernel-source, p-cpe:/a:novell:suse_linux:kernel-default-man

Required KB Items: Host/local_checks_enabled, Host/cpu, Host/SuSE/release, Host/SuSE/rpm-list

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 11/28/2024

Vulnerability Publication Date: 1/12/2022

Reference Information

CVE: CVE-2021-46936, CVE-2021-47163, CVE-2021-47416, CVE-2021-47612, CVE-2022-48788, CVE-2022-48789, CVE-2022-48790, CVE-2022-48809, CVE-2022-48946, CVE-2022-48949, CVE-2022-48951, CVE-2022-48956, CVE-2022-48958, CVE-2022-48960, CVE-2022-48962, CVE-2022-48966, CVE-2022-48967, CVE-2022-48969, CVE-2022-48971, CVE-2022-48972, CVE-2022-48973, CVE-2022-48978, CVE-2022-48985, CVE-2022-48988, CVE-2022-48991, CVE-2022-48992, CVE-2022-48997, CVE-2022-49000, CVE-2022-49002, CVE-2022-49010, CVE-2022-49011, CVE-2022-49014, CVE-2022-49015, CVE-2022-49020, CVE-2022-49021, CVE-2022-49026, CVE-2022-49027, CVE-2022-49028, CVE-2022-49029, CVE-2023-46343, CVE-2023-52881, CVE-2023-52898, CVE-2023-52918, CVE-2023-52919, CVE-2023-6270, CVE-2024-26804, CVE-2024-27043, CVE-2024-38538, CVE-2024-39476, CVE-2024-40965, CVE-2024-41016, CVE-2024-41082, CVE-2024-42114, CVE-2024-42145, CVE-2024-42253, CVE-2024-44931, CVE-2024-44958, CVE-2024-46724, CVE-2024-46755, CVE-2024-46802, CVE-2024-46809, CVE-2024-46813, CVE-2024-46816, CVE-2024-46818, CVE-2024-46826, CVE-2024-46834, CVE-2024-46840, CVE-2024-46841, CVE-2024-46848, CVE-2024-47670, CVE-2024-47672, CVE-2024-47673, CVE-2024-47674, CVE-2024-47684, CVE-2024-47685, CVE-2024-47696, CVE-2024-47697, CVE-2024-47698, CVE-2024-47706, CVE-2024-47707, CVE-2024-47713, CVE-2024-47735, CVE-2024-47737, CVE-2024-47742, CVE-2024-47745, CVE-2024-47749, CVE-2024-49851, CVE-2024-49860, CVE-2024-49877, CVE-2024-49881, CVE-2024-49882, CVE-2024-49883, CVE-2024-49890, CVE-2024-49891, CVE-2024-49894, CVE-2024-49896, CVE-2024-49901, CVE-2024-49920, CVE-2024-49929, CVE-2024-49936, CVE-2024-49949, CVE-2024-49957, CVE-2024-49958, CVE-2024-49959, CVE-2024-49962, CVE-2024-49965, CVE-2024-49966, CVE-2024-49967, CVE-2024-49982, CVE-2024-49991, CVE-2024-49995, CVE-2024-49996, CVE-2024-50006, CVE-2024-50007, CVE-2024-50024, CVE-2024-50033, CVE-2024-50035, CVE-2024-50045, CVE-2024-50047, CVE-2024-50058

SuSE: SUSE-SU-2024:4100-1

Detections

Analytics