SUSE SLES15 / openSUSE 15 Security Update : kernel (SUSE-SU-2024:4316-1)

high Nessus Plugin ID 213015

Synopsis

The remote SUSE host is missing one or more security updates.

Description

The remote SUSE Linux SLES15 / SLES_SAP15 / openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2024:4316-1 advisory.

The SUSE Linux Enterprise 15 SP6 Azure kernel was updated to receive various security bugfixes.

The following security bugs were fixed:

- CVE-2023-52778: mptcp: deal with large GSO size (bsc#1224948).
- CVE-2023-52920: bpf: support non-r10 register spill/fill to/from stack in precision tracking (bsc#1232823).
- CVE-2024-26596: net: dsa: fix netdev_priv() dereference before check on non-DSA netdevice events (bsc#1220355).
- CVE-2024-26741: dccp/tcp: Unhash sk from ehash for tb2 alloc failure after check_estalblished() (bsc#1222587).
- CVE-2024-26782: mptcp: fix double-free on socket dismantle (bsc#1222590).
- CVE-2024-26953: net: esp: fix bad handling of pages from page_pool (bsc#1223656).
- CVE-2024-27017: netfilter: nft_set_pipapo: walk over current view on netlink dump (bsc#1223733).
- CVE-2024-35888: erspan: make sure erspan_base_hdr is present in skb->head (bsc#1224518).
- CVE-2024-36000: mm/hugetlb: fix missing hugetlb_lock for resv uncharge (bsc#1224548).
- CVE-2024-36883: net: fix out-of-bounds access in ops_init (bsc#1225725).
- CVE-2024-36886: tipc: fix UAF in error path (bsc#1225730).
- CVE-2024-36905: tcp: defer shutdown(SEND_SHUTDOWN) for TCP_SYN_RECV sockets (bsc#1225742).
- CVE-2024-36927: ipv4: Fix uninit-value access in __ip_make_skb() (bsc#1225813).
- CVE-2024-36954: tipc: fix a possible memleak in tipc_buf_append (bsc#1225764).
- CVE-2024-36968: Bluetooth: L2CAP: Fix div-by-zero in l2cap_le_flowctl_init() (bsc#1226130).
- CVE-2024-38589: netrom: fix possible dead-lock in nr_rt_ioctl() (bsc#1226748).
- CVE-2024-40914: mm/huge_memory: do not unpoison huge_zero_folio (bsc#1227842).
- CVE-2024-41023: sched/deadline: Fix task_struct reference leak (bsc#1228430).
- CVE-2024-42102: Revert 'mm/writeback: fix possible divide-by-zero in wb_dirty_limits(), again' (bsc#1233132).
- CVE-2024-44995: net: hns3: fix a deadlock problem when config TC during resetting (bsc#1230231).
- CVE-2024-46680: Bluetooth: btnxpuart: Fix random crash seen while removing driver (bsc#1230557).
- CVE-2024-46681: pktgen: use cpus_read_lock() in pg_net_init() (bsc#1230558).
- CVE-2024-46765: ice: protect XDP configuration with a mutex (bsc#1230807).
- CVE-2024-46800: sch/netem: fix use after free in netem_dequeue (bsc#1230827).
- CVE-2024-47679: vfs: fix race between evice_inodes() and find_inode()&iput() (bsc#1231930).
- CVE-2024-47701: ext4: avoid OOB when system.data xattr changes underneath the filesystem (bsc#1231920).
- CVE-2024-47703: bpf, lsm: add check for BPF LSM return value (bsc#1231946).
- CVE-2024-49868: btrfs: fix a NULL pointer dereference when failed to start a new trasacntion (bsc#1232272).
- CVE-2024-49888: bpf: Fix a sdiv overflow issue (bsc#1232208).
- CVE-2024-49899: drm/amd/display: Initialize denominators' default to 1 (bsc#1232358).
- CVE-2024-49911: drm/amd/display: Add NULL check for function pointer in dcn20_set_output_transfer_func (bsc#1232366).
- CVE-2024-49912: drm/amd/display: Handle null 'stream_status' in 'planes_changed_for_existing_stream' (bsc#1232367).
- CVE-2024-49921: drm/amd/display: Check null pointers before used (bsc#1232371).
- CVE-2024-49922: drm/amd/display: Check null pointers before using them (bsc#1232374).
- CVE-2024-49923: drm/amd/display: Pass non-null to dcn20_validate_apply_pipe_split_flags (bsc#1232361).
- CVE-2024-49925: fbdev: efifb: Register sysfs groups through driver core (bsc#1232224)
- CVE-2024-49933: blk_iocost: fix more out of bound shifts (bsc#1232368).
- CVE-2024-49934: fs/inode: Prevent dump_mapping() accessing invalid dentry.d_name.name (bsc#1232387).
- CVE-2024-49944: sctp: set sk_state back to CLOSED if autobind fails in sctp_listen_start (bsc#1232166).
- CVE-2024-49945: net/ncsi: Disable the ncsi work before freeing the associated structure (bsc#1232165).
- CVE-2024-49952: netfilter: nf_tables: prevent nf_skb_duplicated corruption (bsc#1232157).
- CVE-2024-49968: ext4: filesystems without casefold feature cannot be mounted with siphash (bsc#1232264).
- CVE-2024-49983: ext4: drop ppath from ext4_ext_replay_update_ex() to avoid double-free (bsc#1232096).
- CVE-2024-49987: bpftool: Fix undefined behavior in qsort(NULL, 0, ...) (bsc#1232258).
- CVE-2024-49989: drm/amd/display: fix double free issue during amdgpu module unload (bsc#1232483).
- CVE-2024-50003: drm/amd/display: Fix system hang while resume with TBT monitor (bsc#1232385).
- CVE-2024-50004: drm/amd/display: update DML2 policy EnhancedPrefetchScheduleAccelerationFinal DCN35 (bsc#1232396).
- CVE-2024-50006: ext4: fix i_data_sem unlock order in ext4_ind_migrate() (bsc#1232442).
- CVE-2024-50009: cpufreq: amd-pstate: add check for cpufreq_cpu_get's return value (bsc#1232318).
- CVE-2024-50012: cpufreq: Avoid a bad reference count on CPU node (bsc#1232386).
- CVE-2024-50014: ext4: fix access to uninitialised lock in fc replay path (bsc#1232446).
- CVE-2024-50082: blk-rq-qos: fix crash on rq_qos_wait vs. rq_qos_wake_function race (bsc#1232500).
- CVE-2024-50084: net: microchip: vcap api: Fix memory leaks in vcap_api_encode_rule_test() (bsc#1232494).
- CVE-2024-50087: btrfs: fix uninitialized pointer free on read_alloc_one_name() error (bsc#1232499).
- CVE-2024-50088: btrfs: fix uninitialized pointer free in add_inode_ref() (bsc#1232498).
- CVE-2024-50098: scsi: ufs: core: Set SDEV_OFFLINE when UFS is shut down (bsc#1232881).
- CVE-2024-50110: xfrm: fix one more kernel-infoleak in algo dumping (bsc#1232885).
- CVE-2024-50115: KVM: nSVM: Ignore nCR3[4:0] when loading PDPTEs from memory (bsc#1232919).
- CVE-2024-50124: Bluetooth: ISO: Fix UAF on iso_sock_timeout (bsc#1232926).
- CVE-2024-50125: Bluetooth: SCO: Fix UAF on sco_sock_timeout (bsc#1232928).
- CVE-2024-50127: net: sched: fix use-after-free in taprio_change() (bsc#1232907).
- CVE-2024-50128: net: wwan: fix global oob in wwan_rtnl_policy (bsc#1232905).
- CVE-2024-50130: netfilter: bpf: must hold reference on net namespace (bsc#1232894).
- CVE-2024-50138: bpf: Use raw_spinlock_t in ringbuf (bsc#1232935).
- CVE-2024-50139: KVM: arm64: Fix shift-out-of-bounds bug (bsc#1233062).
- CVE-2024-50145: octeon_ep: add SKB allocation failures handling in __octep_oq_process_rx() (bsc#1233044).
- CVE-2024-50153: scsi: target: core: Fix null-ptr-deref in target_alloc_device() (bsc#1233061).
- CVE-2024-50154: tcp/dccp: Do not use timer_pending() in reqsk_queue_unlink() (bsc#1233070).
- CVE-2024-50166: fsl/fman: Fix refcount handling of fman-related devices (bsc#1233050).
- CVE-2024-50167: be2net: fix potential memory leak in be_xmit() (bsc#1233049).
- CVE-2024-50169: vsock: Update rx_bytes on read_skb() (bsc#1233320).
- CVE-2024-50171: net: systemport: fix potential memory leak in bcm_sysport_xmit() (bsc#1233057).
- CVE-2024-50177: drm/amd/display: fix a UBSAN warning in DML2.1 (bsc#1233115).
- CVE-2024-50182: secretmem: disable memfd_secret() if arch cannot set direct map (bsc#1233129).
- CVE-2024-50184: virtio_pmem: Check device status before requesting flush (bsc#1233135).
- CVE-2024-50186: net: explicitly clear the sk pointer, when pf->create fails (bsc#1233110).
- CVE-2024-50192: irqchip/gic-v4: Do not allow a VMOVP on a dying VPE (bsc#1233106).
- CVE-2024-50225: btrfs: fix error propagation of split bios (bsc#1233193).
- CVE-2024-50228: mm: shmem: fix data-race in shmem_getattr() (bsc#1233204).
- CVE-2024-50230: nilfs2: fix kernel bug due to missing clearing of checked flag (bsc#1233206).
- CVE-2024-50245: fs/ntfs3: Fix possible deadlock in mi_read (bsc#1233203).
- CVE-2024-50246: fs/ntfs3: Add rough attr alloc_size check (bsc#1233207).
- CVE-2024-50248: ntfs3: add bounds checking to mi_enum_attr() (bsc#1233219).
- CVE-2024-50250: fsdax: dax_unshare_iter needs to copy entire blocks (bsc#1233226).
- CVE-2024-50252: mlxsw: spectrum_ipip: Fix memory leak when changing remote IPv6 address (bsc#1233201).
- CVE-2024-50257: netfilter: Fix use-after-free in get_info() (bsc#1233244).
- CVE-2024-50261: macsec: Fix use-after-free while sending the offloading packet (bsc#1233253).
- CVE-2024-50264: vsock/virtio: Initialization of the dangling pointer occurring in vsk->trans (bsc#1233453).
- CVE-2024-50271: signal: restore the override_rlimit logic (bsc#1233460).
- CVE-2024-50273: btrfs: reinitialize delayed ref list after deleting it from the list (bsc#1233462).
- CVE-2024-50274: idpf: avoid vport access in idpf_get_link_ksettings (bsc#1233463).
- CVE-2024-50275: arm64/sve: Discard stale CPU state when handling SVE traps (bsc#1233464).
- CVE-2024-50276: net: vertexcom: mse102x: Fix possible double free of TX skb (bsc#1233465).
- CVE-2024-50279: dm cache: fix out-of-bounds access to the dirty bitset when resizing (bsc#1233468).
- CVE-2024-50289: media: av7110: fix a spectre vulnerability (bsc#1233478).
- CVE-2024-50295: net: arc: fix the device for dma_map_single/dma_unmap_single (bsc#1233484).
- CVE-2024-50296: net: hns3: fix kernel crash when uninstalling driver (bsc#1233485).
- CVE-2024-50298: net: enetc: allocate vf_state during PF probes (bsc#1233487).
- CVE-2024-53042: ipv4: ip_tunnel: Fix suspicious RCU usage warning in ip_tunnel_init_flow() (bsc#1233540).
- CVE-2024-53043: mctp i2c: handle NULL header address (bsc#1233523).
- CVE-2024-53048: ice: fix crash on probe for DPLL enabled E810 LOM (bsc#1233721).
- CVE-2024-53051: drm/i915/hdcp: Add encoder check in intel_hdcp_get_capability (bsc#1233547).
- CVE-2024-53055: wifi: iwlwifi: mvm: fix 6 GHz scan construction (bsc#1233550).
- CVE-2024-53056: drm/mediatek: Fix potential NULL dereference in mtk_crtc_destroy() (bsc#1233568).
- CVE-2024-53058: net: stmmac: TSO: Fix unbalanced DMA map/unmap for non-paged SKB data (bsc#1233552).
- CVE-2024-53079: mm/thp: fix deferred split unqueue naming and locking (bsc#1233570).
- CVE-2024-53082: virtio_net: Add hash_key_length check (bsc#1233573).
- CVE-2024-53095: smb: client: Fix use-after-free of network namespace (bsc#1233642).
- CVE-2024-53110: vp_vdpa: fix id_table array not null terminated error (bsc#1234085).
- CVE-2024-53121: net/mlx5: fs, lock FTE when checking if active (bsc#1234078).
- CVE-2024-53138: net/mlx5e: kTLS, Fix incorrect page refcounting (bsc#1234223).

Tenable has extracted the preceding description block directly from the SUSE security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

Solution

Update the affected packages.

Plugin Details

Severity: High

ID: 213015

File Name: suse_SU-2024-4316-1.nasl

Version: 1.1

Type: local

Agent: unix

Family: SuSE Local Security Checks

Published: 12/14/2024

Updated: 12/14/2024

Supported Sensors: Continuous Assessment, Nessus Agent, Nessus

Risk Information

VPR

Risk Factor: High

Score: 7.4

CVSS v2

Risk Factor: Medium

Base Score: 6.8

Temporal Score: 5

Vector: CVSS2#AV:L/AC:L/Au:S/C:C/I:C/A:C

CVSS Score Source: CVE-2024-53068

CVSS v3

Risk Factor: High

Base Score: 7.8

Temporal Score: 6.8

Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Temporal Vector: CVSS:3.0/E:U/RL:O/RC:C

Vulnerability Information

CPE: p-cpe:/a:novell:suse_linux:kernel-source-azure, p-cpe:/a:novell:suse_linux:kernel-azure-devel, p-cpe:/a:novell:suse_linux:kernel-devel-azure, p-cpe:/a:novell:suse_linux:kernel-syms-azure, p-cpe:/a:novell:suse_linux:kernel-azure, cpe:/o:novell:suse_linux:15

Required KB Items: Host/local_checks_enabled, Host/cpu, Host/SuSE/release, Host/SuSE/rpm-list

Exploit Ease: No known exploits are available

Patch Publication Date: 12/13/2024

Vulnerability Publication Date: 12/13/2023

Reference Information

CVE: CVE-2023-52778, CVE-2023-52920, CVE-2023-52921, CVE-2023-52922, CVE-2024-26596, CVE-2024-26703, CVE-2024-26741, CVE-2024-26782, CVE-2024-26864, CVE-2024-26953, CVE-2024-27017, CVE-2024-27407, CVE-2024-35888, CVE-2024-36000, CVE-2024-36031, CVE-2024-36484, CVE-2024-36883, CVE-2024-36886, CVE-2024-36905, CVE-2024-36920, CVE-2024-36927, CVE-2024-36954, CVE-2024-36968, CVE-2024-38589, CVE-2024-40914, CVE-2024-41023, CVE-2024-42102, CVE-2024-44995, CVE-2024-46680, CVE-2024-46681, CVE-2024-46765, CVE-2024-46788, CVE-2024-46800, CVE-2024-46828, CVE-2024-46845, CVE-2024-47666, CVE-2024-47679, CVE-2024-47701, CVE-2024-47703, CVE-2024-49868, CVE-2024-49884, CVE-2024-49888, CVE-2024-49899, CVE-2024-49905, CVE-2024-49908, CVE-2024-49911, CVE-2024-49912, CVE-2024-49921, CVE-2024-49922, CVE-2024-49923, CVE-2024-49925, CVE-2024-49933, CVE-2024-49934, CVE-2024-49944, CVE-2024-49945, CVE-2024-49952, CVE-2024-49968, CVE-2024-49975, CVE-2024-49976, CVE-2024-49983, CVE-2024-49987, CVE-2024-49989, CVE-2024-50003, CVE-2024-50004, CVE-2024-50006, CVE-2024-50009, CVE-2024-50012, CVE-2024-50014, CVE-2024-50026, CVE-2024-50067, CVE-2024-50082, CVE-2024-50084, CVE-2024-50087, CVE-2024-50088, CVE-2024-50089, CVE-2024-50093, CVE-2024-50095, CVE-2024-50096, CVE-2024-50098, CVE-2024-50099, CVE-2024-50100, CVE-2024-50101, CVE-2024-50102, CVE-2024-50103, CVE-2024-50108, CVE-2024-50110, CVE-2024-50115, CVE-2024-50116, CVE-2024-50117, CVE-2024-50121, CVE-2024-50124, CVE-2024-50125, CVE-2024-50127, CVE-2024-50128, CVE-2024-50130, CVE-2024-50131, CVE-2024-50134, CVE-2024-50135, CVE-2024-50136, CVE-2024-50138, CVE-2024-50139, CVE-2024-50141, CVE-2024-50145, CVE-2024-50146, CVE-2024-50147, CVE-2024-50148, CVE-2024-50150, CVE-2024-50153, CVE-2024-50154, CVE-2024-50155, CVE-2024-50156, CVE-2024-50157, CVE-2024-50158, CVE-2024-50159, CVE-2024-50160, CVE-2024-50166, CVE-2024-50167, CVE-2024-50169, CVE-2024-50171, CVE-2024-50172, CVE-2024-50175, CVE-2024-50176, CVE-2024-50177, CVE-2024-50179, CVE-2024-50180, CVE-2024-50181, CVE-2024-50182, CVE-2024-50183, CVE-2024-50184, CVE-2024-50186, CVE-2024-50187, CVE-2024-50188, CVE-2024-50189, CVE-2024-50192, CVE-2024-50194, CVE-2024-50195, CVE-2024-50196, CVE-2024-50198, CVE-2024-50200, CVE-2024-50201, CVE-2024-50205, CVE-2024-50208, CVE-2024-50209, CVE-2024-50210, CVE-2024-50215, CVE-2024-50216, CVE-2024-50218, CVE-2024-50221, CVE-2024-50224, CVE-2024-50225, CVE-2024-50228, CVE-2024-50229, CVE-2024-50230, CVE-2024-50231, CVE-2024-50232, CVE-2024-50233, CVE-2024-50234, CVE-2024-50235, CVE-2024-50236, CVE-2024-50237, CVE-2024-50240, CVE-2024-50245, CVE-2024-50246, CVE-2024-50248, CVE-2024-50249, CVE-2024-50250, CVE-2024-50252, CVE-2024-50255, CVE-2024-50257, CVE-2024-50261, CVE-2024-50264, CVE-2024-50265, CVE-2024-50267, CVE-2024-50268, CVE-2024-50269, CVE-2024-50271, CVE-2024-50273, CVE-2024-50274, CVE-2024-50275, CVE-2024-50276, CVE-2024-50279, CVE-2024-50282, CVE-2024-50287, CVE-2024-50289, CVE-2024-50290, CVE-2024-50292, CVE-2024-50295, CVE-2024-50296, CVE-2024-50298, CVE-2024-50301, CVE-2024-50302, CVE-2024-53042, CVE-2024-53043, CVE-2024-53045, CVE-2024-53048, CVE-2024-53051, CVE-2024-53052, CVE-2024-53055, CVE-2024-53056, CVE-2024-53058, CVE-2024-53059, CVE-2024-53060, CVE-2024-53061, CVE-2024-53063, CVE-2024-53066, CVE-2024-53068, CVE-2024-53072, CVE-2024-53074, CVE-2024-53076, CVE-2024-53079, CVE-2024-53081, CVE-2024-53082, CVE-2024-53085, CVE-2024-53088, CVE-2024-53093, CVE-2024-53094, CVE-2024-53095, CVE-2024-53096, CVE-2024-53100, CVE-2024-53101, CVE-2024-53104, CVE-2024-53106, CVE-2024-53108, CVE-2024-53110, CVE-2024-53112, CVE-2024-53114, CVE-2024-53121, CVE-2024-53138

SuSE: SUSE-SU-2024:4316-1

Detections

Analytics