Detections
Analytics

SUSE SLES15 Security Update : kernel (SUSE-SU-2025:0202-1)

high Nessus Plugin ID 214453

Language:

Synopsis

The remote SUSE host is missing one or more security updates.

Description

The remote SUSE Linux SLES15 / SLES_SAP15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2025:0202-1 advisory.

 The SUSE Linux Enterprise 15 SP3 kernel was updated to receive various security bugfixes.


 The following security bugs were fixed:

 - CVE-2022-49035: media: s5p_cec: limit msg.len to CEC_MAX_MSG_SIZE (bsc#1215304).
 - CVE-2024-53146: NFSD: Prevent a potential integer overflow (bsc#1234853).
 - CVE-2024-53156: wifi: ath9k: add range check for conn_rsp_epid in htc_connect_service() (bsc#1234846).
 - CVE-2024-53173: NFSv4.0: Fix a use-after-free problem in the asynchronous open() (bsc#1234891).
 - CVE-2024-53179: smb: client: fix use-after-free of signing key (bsc#1234921).
 - CVE-2024-53214: vfio/pci: Properly hide first-in-list PCIe extended capability (bsc#1235004).
 - CVE-2024-53239: ALSA: 6fire: Release resources at card release (bsc#1235054).
 - CVE-2024-53240: xen/netfront: fix crash when removing device (bsc#1234281).
 - CVE-2024-56539: wifi: mwifiex: Fix memcpy() field-spanning write warning in mwifiex_config_scan() (bsc#1234963).
 - CVE-2024-56548: hfsplus: do not query the device logical block size multiple times (bsc#1235073).
 - CVE-2024-56604: Bluetooth: RFCOMM: avoid leaving dangling sk pointer in rfcomm_sock_alloc() (bsc#1235056).
 - CVE-2024-56605: Bluetooth: L2CAP: do not leave dangling sk pointer on error in l2cap_sock_create() (bsc#1235061).
 - CVE-2024-56631: scsi: sg: Fix slab-use-after-free read in sg_release() (bsc#1235480).
 - CVE-2024-56704: 9p/xen: fix release of IRQ (bsc#1235584).


Tenable has extracted the preceding description block directly from the SUSE security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

Solution

Update the affected packages.

See Also

https://bugzilla.suse.com/1215304

https://bugzilla.suse.com/1220927

https://bugzilla.suse.com/1220937

https://bugzilla.suse.com/1230697

https://bugzilla.suse.com/1232436

https://bugzilla.suse.com/1234281

https://bugzilla.suse.com/1234690

https://bugzilla.suse.com/1234846

https://bugzilla.suse.com/1234853

https://bugzilla.suse.com/1234891

https://bugzilla.suse.com/1234921

https://bugzilla.suse.com/1234963

https://bugzilla.suse.com/1235004

https://bugzilla.suse.com/1235054

https://bugzilla.suse.com/1235056

https://bugzilla.suse.com/1235061

https://bugzilla.suse.com/1235073

https://bugzilla.suse.com/1235246

https://bugzilla.suse.com/1235480

https://bugzilla.suse.com/1235584

http://www.nessus.org/u?86e1b74a

https://www.suse.com/security/cve/CVE-2022-49035

https://www.suse.com/security/cve/CVE-2023-52524

https://www.suse.com/security/cve/CVE-2024-53142

https://www.suse.com/security/cve/CVE-2024-53144

https://www.suse.com/security/cve/CVE-2024-53146

https://www.suse.com/security/cve/CVE-2024-53156

https://www.suse.com/security/cve/CVE-2024-53173

https://www.suse.com/security/cve/CVE-2024-53179

https://www.suse.com/security/cve/CVE-2024-53214

https://www.suse.com/security/cve/CVE-2024-53239

https://www.suse.com/security/cve/CVE-2024-53240

https://www.suse.com/security/cve/CVE-2024-56539

https://www.suse.com/security/cve/CVE-2024-56548

https://www.suse.com/security/cve/CVE-2024-56604

https://www.suse.com/security/cve/CVE-2024-56605

https://www.suse.com/security/cve/CVE-2024-56631

https://www.suse.com/security/cve/CVE-2024-56704

https://www.suse.com/security/cve/CVE-2024-8805

Plugin Details

Severity: High

ID: 214453

File Name: suse_SU-2025-0202-1.nasl

Version: 1.1

Type: local

Agent: unix

Published: 1/22/2025

Updated: 1/22/2025

Supported Sensors: Frictionless Assessment AWS, Frictionless Assessment Azure, Frictionless Assessment Agent, Nessus Agent, Agentless Assessment, Continuous Assessment, Nessus

Risk Information

VPR

Risk Factor: High

Score: 7.4

CVSS v2

Risk Factor: High

Base Score: 8.3

Temporal Score: 6.1

Vector: CVSS2#AV:A/AC:L/Au:N/C:C/I:C/A:C

CVSS Score Source: CVE-2024-8805

CVSS v3

Risk Factor: High

Base Score: 8.8

Temporal Score: 7.7

Vector: CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Temporal Vector: CVSS:3.0/E:U/RL:O/RC:C

Vulnerability Information

CPE: p-cpe:/a:novell:suse_linux:kernel-macros, p-cpe:/a:novell:suse_linux:kernel-zfcpdump, p-cpe:/a:novell:suse_linux:kernel-64kb-devel, p-cpe:/a:novell:suse_linux:kernel-preempt-devel, p-cpe:/a:novell:suse_linux:ocfs2-kmp-default, p-cpe:/a:novell:suse_linux:dlm-kmp-default, p-cpe:/a:novell:suse_linux:kernel-default-base, p-cpe:/a:novell:suse_linux:kernel-preempt, p-cpe:/a:novell:suse_linux:kernel-default-livepatch, p-cpe:/a:novell:suse_linux:kernel-default-devel, p-cpe:/a:novell:suse_linux:kernel-devel, p-cpe:/a:novell:suse_linux:gfs2-kmp-default, p-cpe:/a:novell:suse_linux:kernel-syms, p-cpe:/a:novell:suse_linux:kernel-livepatch-5_3_18-150300_59_188-default, cpe:/o:novell:suse_linux:15, p-cpe:/a:novell:suse_linux:reiserfs-kmp-default, p-cpe:/a:novell:suse_linux:kernel-default-livepatch-devel, p-cpe:/a:novell:suse_linux:cluster-md-kmp-default, p-cpe:/a:novell:suse_linux:kernel-obs-build, p-cpe:/a:novell:suse_linux:kernel-default, p-cpe:/a:novell:suse_linux:kernel-source, p-cpe:/a:novell:suse_linux:kernel-64kb

Required KB Items: Host/local_checks_enabled, Host/cpu, Host/SuSE/release, Host/SuSE/rpm-list

Exploit Ease: No known exploits are available

Patch Publication Date: 1/21/2025

Vulnerability Publication Date: 3/2/2024

Reference Information

CVE: CVE-2022-49035, CVE-2023-52524, CVE-2024-53142, CVE-2024-53144, CVE-2024-53146, CVE-2024-53156, CVE-2024-53173, CVE-2024-53179, CVE-2024-53214, CVE-2024-53239, CVE-2024-53240, CVE-2024-56539, CVE-2024-56548, CVE-2024-56604, CVE-2024-56605, CVE-2024-56631, CVE-2024-56704, CVE-2024-8805

SuSE: SUSE-SU-2025:0202-1