SUSE SLES15 Security Update : kernel (SUSE-SU-2021:1571-1)

medium Nessus Plugin ID 149457

Language:

Synopsis

The remote SUSE host is missing one or more security updates.

Description

The SUSE Linux Enterprise 15 SP2 RT kernel was updated to receive various security and bugfixes.

The following security bugs were fixed :

CVE-2021-29650: Fixed an issue with the netfilter subsystem that allowed attackers to cause a denial of service (panic) because net/netfilter/x_tables.c and include/linux/netfilter/x_tables.h lack a full memory barrier upon the assignment of a new table value (bnc#1184208).

CVE-2021-29155: Fixed an issue that was discovered in kernel/bpf/verifier.c that performs undesirable out-of-bounds speculation on pointer arithmetic, leading to side-channel attacks that defeat Spectre mitigations and obtain sensitive information from kernel memory. Specifically, for sequences of pointer arithmetic operations, the pointer modification performed by the first operation was not correctly accounted for when restricting subsequent operations (bnc#1184942).

The update package also includes non-security fixes. See advisory for details.

Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

Solution

To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or 'zypper patch'.

Alternatively you can run the command listed for your product :

SUSE Linux Enterprise Module for Realtime 15-SP2 :

zypper in -t patch SUSE-SLE-Module-RT-15-SP2-2021-1571=1

See Also

https://bugzilla.suse.com/show_bug.cgi?id=1043990

https://bugzilla.suse.com/show_bug.cgi?id=1055117

https://bugzilla.suse.com/show_bug.cgi?id=1065729

https://bugzilla.suse.com/show_bug.cgi?id=1152457

https://bugzilla.suse.com/show_bug.cgi?id=1152489

https://bugzilla.suse.com/show_bug.cgi?id=1155518

https://bugzilla.suse.com/show_bug.cgi?id=1156395

https://bugzilla.suse.com/show_bug.cgi?id=1167260

https://bugzilla.suse.com/show_bug.cgi?id=1167574

https://bugzilla.suse.com/show_bug.cgi?id=1168838

https://bugzilla.suse.com/show_bug.cgi?id=1174416

https://bugzilla.suse.com/show_bug.cgi?id=1174426

https://bugzilla.suse.com/show_bug.cgi?id=1175995

https://bugzilla.suse.com/show_bug.cgi?id=1178089

https://bugzilla.suse.com/show_bug.cgi?id=1179243

https://bugzilla.suse.com/show_bug.cgi?id=1179851

https://bugzilla.suse.com/show_bug.cgi?id=1180846

https://bugzilla.suse.com/show_bug.cgi?id=1181161

https://bugzilla.suse.com/show_bug.cgi?id=1182613

https://bugzilla.suse.com/show_bug.cgi?id=1183063

https://bugzilla.suse.com/show_bug.cgi?id=1183203

https://bugzilla.suse.com/show_bug.cgi?id=1183289

https://bugzilla.suse.com/show_bug.cgi?id=1184208

https://bugzilla.suse.com/show_bug.cgi?id=1184209

https://bugzilla.suse.com/show_bug.cgi?id=1184436

https://bugzilla.suse.com/show_bug.cgi?id=1184485

https://bugzilla.suse.com/show_bug.cgi?id=1184514

https://bugzilla.suse.com/show_bug.cgi?id=1184585

https://bugzilla.suse.com/show_bug.cgi?id=1184650

https://bugzilla.suse.com/show_bug.cgi?id=1184724

https://bugzilla.suse.com/show_bug.cgi?id=1184728

https://bugzilla.suse.com/show_bug.cgi?id=1184730

https://bugzilla.suse.com/show_bug.cgi?id=1184731

https://bugzilla.suse.com/show_bug.cgi?id=1184736

https://bugzilla.suse.com/show_bug.cgi?id=1184737

https://bugzilla.suse.com/show_bug.cgi?id=1184738

https://bugzilla.suse.com/show_bug.cgi?id=1184740

https://bugzilla.suse.com/show_bug.cgi?id=1184741

https://bugzilla.suse.com/show_bug.cgi?id=1184742

https://bugzilla.suse.com/show_bug.cgi?id=1184760

https://bugzilla.suse.com/show_bug.cgi?id=1184811

https://bugzilla.suse.com/show_bug.cgi?id=1184893

https://bugzilla.suse.com/show_bug.cgi?id=1184934

https://bugzilla.suse.com/show_bug.cgi?id=1184942

https://bugzilla.suse.com/show_bug.cgi?id=1184957

https://bugzilla.suse.com/show_bug.cgi?id=1184969

https://bugzilla.suse.com/show_bug.cgi?id=1184984

https://bugzilla.suse.com/show_bug.cgi?id=1185041

https://bugzilla.suse.com/show_bug.cgi?id=1185113

https://bugzilla.suse.com/show_bug.cgi?id=1185233

https://bugzilla.suse.com/show_bug.cgi?id=1185244

https://bugzilla.suse.com/show_bug.cgi?id=1185269

https://bugzilla.suse.com/show_bug.cgi?id=1185365

https://bugzilla.suse.com/show_bug.cgi?id=1185454

https://bugzilla.suse.com/show_bug.cgi?id=1185472

https://bugzilla.suse.com/show_bug.cgi?id=1185491

https://bugzilla.suse.com/show_bug.cgi?id=1185549

https://bugzilla.suse.com/show_bug.cgi?id=1185586

https://bugzilla.suse.com/show_bug.cgi?id=1185587

https://www.suse.com/security/cve/CVE-2021-29155/

https://www.suse.com/security/cve/CVE-2021-29650/

http://www.nessus.org/u?8b807ed5

Plugin Details

Severity: Medium

ID: 149457

File Name: suse_SU-2021-1571-1.nasl

Version: 1.3

Type: local

Agent: unix

Published: 5/13/2021

Updated: 1/2/2024

Supported Sensors: Frictionless Assessment AWS, Frictionless Assessment Azure, Frictionless Assessment Agent, Nessus Agent, Agentless Assessment, Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 4.4

CVSS v2

Risk Factor: Low

Base Score: 2.1

Temporal Score: 1.6

Vector: CVSS2#AV:L/AC:L/Au:N/C:P/I:N/A:N

CVSS Score Source: CVE-2021-29155

CVSS v3

Risk Factor: Medium

Base Score: 5.5

Temporal Score: 5

Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Temporal Vector: CVSS:3.0/E:P/RL:O/RC:C

Vulnerability Information

CPE: p-cpe:/a:novell:suse_linux:cluster-md-kmp-rt, p-cpe:/a:novell:suse_linux:cluster-md-kmp-rt-debuginfo, p-cpe:/a:novell:suse_linux:dlm-kmp-rt, p-cpe:/a:novell:suse_linux:dlm-kmp-rt-debuginfo, p-cpe:/a:novell:suse_linux:gfs2-kmp-rt, p-cpe:/a:novell:suse_linux:gfs2-kmp-rt-debuginfo, p-cpe:/a:novell:suse_linux:kernel-rt, p-cpe:/a:novell:suse_linux:kernel-rt-debuginfo, p-cpe:/a:novell:suse_linux:kernel-rt-debugsource, p-cpe:/a:novell:suse_linux:kernel-rt-devel, p-cpe:/a:novell:suse_linux:kernel-rt-devel-debuginfo, p-cpe:/a:novell:suse_linux:kernel-rt_debug, p-cpe:/a:novell:suse_linux:kernel-rt_debug-debuginfo, p-cpe:/a:novell:suse_linux:kernel-rt_debug-debugsource, p-cpe:/a:novell:suse_linux:kernel-rt_debug-devel, p-cpe:/a:novell:suse_linux:kernel-rt_debug-devel-debuginfo, p-cpe:/a:novell:suse_linux:kernel-syms-rt, p-cpe:/a:novell:suse_linux:ocfs2-kmp-rt, p-cpe:/a:novell:suse_linux:ocfs2-kmp-rt-debuginfo, cpe:/o:novell:suse_linux:15

Required KB Items: Host/local_checks_enabled, Host/cpu, Host/SuSE/release, Host/SuSE/rpm-list

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 5/12/2021

Vulnerability Publication Date: 3/30/2021

Reference Information

CVE: CVE-2021-29155, CVE-2021-29650