Detections
Analytics

SUSE SLES12: cluster-md-kmp-default / dlm-kmp-default / gfs2-kmp-default / etc (SUSE-SU-2021:1891-1)

high Nessus Plugin ID 150396

Language:

Synopsis

The remote SUSE host is missing one or more security updates.

Description

The remote SUSE Linux SLES12 / SLES_SAP12 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2021:1891-1 advisory.

 The SUSE Linux Enterprise 12 SP4 kernel was updated to receive various security and bugfixes.


 The following security bugs were fixed:

 - CVE-2021-33200: Enforcing incorrect limits for pointer arithmetic operations by the BPF verifier could be abused to perform out-of-bounds reads and writes in kernel memory (bsc#1186484).
 - CVE-2021-33034: Fixed a use-after-free when destroying an hci_chan. This could lead to writing an arbitrary values. (bsc#1186111)
 - CVE-2020-26139: Fixed a denial-of-service when an Access Point (AP) forwards EAPOL frames to other clients even though the sender has not yet successfully authenticated to the AP. (bnc#1186062)
 - CVE-2021-23134: A Use After Free vulnerability in nfc sockets allowed local attackers to elevate their privileges. (bnc#1186060)
 - CVE-2021-23133: Fixed a race condition in SCTP sockets, which could lead to privilege escalation from the context of a network service or an unprivileged process. (bnc#1184675)
 - CVE-2021-3491: Fixed a potential heap overflow in mem_rw(). This vulnerability is related to the PROVIDE_BUFFERS operation, which allowed the MAX_RW_COUNT limit to be bypassed (bsc#1185642).
 - CVE-2021-32399: Fixed a race condition when removing the HCI controller (bnc#1184611).
 - CVE-2020-24586: The 802.11 standard that underpins Wi-Fi Protected Access (WPA, WPA2, and WPA3) and Wired Equivalent Privacy (WEP) doesn't require that received fragments be cleared from memory after (re)connecting to a network. Under the right circumstances this can be abused to inject arbitrary network packets and/or exfiltrate user data (bnc#1185859).
 - CVE-2020-24587: The 802.11 standard that underpins Wi-Fi Protected Access (WPA, WPA2, and WPA3) and Wired Equivalent Privacy (WEP) doesn't require that all fragments of a frame are encrypted under the same key. An adversary can abuse this to decrypt selected fragments when another device sends fragmented frames and the WEP, CCMP, or GCMP encryption key is periodically renewed (bnc#1185859 bnc#1185862).
 - CVE-2020-26147: The WEP, WPA, WPA2, and WPA3 implementations reassemble fragments, even though some of them were sent in plaintext. This vulnerability can be abused to inject packets and/or exfiltrate selected fragments when another device sends fragmented frames and the WEP, CCMP, or GCMP data-confidentiality protocol is used (bnc#1185859).
 - CVE-2020-26145: An issue was discovered with Samsung Galaxy S3 i9305 4.4.4 devices. The WEP, WPA, WPA2, and WPA3 implementations accept second (or subsequent) broadcast fragments even when sent in plaintext and process them as full unfragmented frames. An adversary can abuse this to inject arbitrary network packets independent of the network configuration. (bnc#1185860)
 - CVE-2020-26141: An issue was discovered in the ALFA driver for AWUS036H, where the Message Integrity Check (authenticity) of fragmented TKIP frames was not verified. An adversary can abuse this to inject and possibly decrypt packets in WPA or WPA2 networks that support the TKIP data-confidentiality protocol.
 (bnc#1185987)


Tenable has extracted the preceding description block directly from the SUSE security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

Solution

Update the affected packages.

See Also

https://bugzilla.suse.com/1176081

https://bugzilla.suse.com/1180846

https://bugzilla.suse.com/1183947

https://bugzilla.suse.com/1184611

https://bugzilla.suse.com/1184675

https://bugzilla.suse.com/1185642

https://bugzilla.suse.com/1185677

https://bugzilla.suse.com/1185680

https://bugzilla.suse.com/1185724

https://bugzilla.suse.com/1185859

https://bugzilla.suse.com/1185860

https://bugzilla.suse.com/1185862

https://bugzilla.suse.com/1185863

https://bugzilla.suse.com/1185898

https://bugzilla.suse.com/1185899

https://bugzilla.suse.com/1185901

https://bugzilla.suse.com/1185938

https://bugzilla.suse.com/1185950

https://bugzilla.suse.com/1185987

https://bugzilla.suse.com/1186060

https://bugzilla.suse.com/1186061

https://bugzilla.suse.com/1186062

https://bugzilla.suse.com/1186111

https://bugzilla.suse.com/1186285

https://bugzilla.suse.com/1186390

https://bugzilla.suse.com/1186484

https://bugzilla.suse.com/1186498

https://www.suse.com/security/cve/CVE-2020-24586

https://www.suse.com/security/cve/CVE-2020-24587

https://www.suse.com/security/cve/CVE-2020-26139

https://www.suse.com/security/cve/CVE-2020-26141

https://www.suse.com/security/cve/CVE-2020-26145

https://www.suse.com/security/cve/CVE-2020-26147

https://www.suse.com/security/cve/CVE-2021-23133

https://www.suse.com/security/cve/CVE-2021-23134

https://www.suse.com/security/cve/CVE-2021-32399

https://www.suse.com/security/cve/CVE-2021-33034

https://www.suse.com/security/cve/CVE-2021-33200

https://www.suse.com/security/cve/CVE-2021-3491

http://www.nessus.org/u?59b0ae69

Plugin Details

Severity: High

ID: 150396

File Name: suse_SU-2021-1891-1.nasl

Version: 1.6

Type: Local

Agent: unix

Published: 6/9/2021

Updated: 6/25/2026

Supported Sensors: Frictionless Assessment AWS, Frictionless Assessment Azure, Frictionless Assessment Agent, Nessus Agent, Agentless Assessment, Continuous Assessment, Nessus

Risk Information

VPR

Risk Factor: High

Score: 7.4

CVSS v2

Risk Factor: High

Base Score: 7.2

Temporal Score: 5.6

Vector: CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C

CVSS Score Source: CVE-2021-3491

CVSS v3

Risk Factor: High

Base Score: 8.8

Temporal Score: 7.9

Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H

Temporal Vector: CVSS:3.0/E:P/RL:O/RC:C

Vulnerability Information

CPE: p-cpe:/a:novell:suse_linux:kernel-default-man, p-cpe:/a:novell:suse_linux:kgraft-patch-4_12_14-95_77-default, p-cpe:/a:novell:suse_linux:cluster-md-kmp-default, p-cpe:/a:novell:suse_linux:kernel-syms, p-cpe:/a:novell:suse_linux:dlm-kmp-default, p-cpe:/a:novell:suse_linux:kernel-source, p-cpe:/a:novell:suse_linux:ocfs2-kmp-default, p-cpe:/a:novell:suse_linux:kernel-macros, p-cpe:/a:novell:suse_linux:kernel-default-base, p-cpe:/a:novell:suse_linux:kernel-default-kgraft-devel, p-cpe:/a:novell:suse_linux:kernel-default, p-cpe:/a:novell:suse_linux:kernel-default-devel, cpe:/o:novell:suse_linux:12, p-cpe:/a:novell:suse_linux:kernel-devel, p-cpe:/a:novell:suse_linux:kernel-default-kgraft, p-cpe:/a:novell:suse_linux:gfs2-kmp-default

Required KB Items: Host/local_checks_enabled, Host/cpu, Host/SuSE/release, Host/SuSE/rpm-list

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 6/8/2021

Vulnerability Publication Date: 4/22/2021

Reference Information

CVE: CVE-2020-24586, CVE-2020-24587, CVE-2020-26139, CVE-2020-26141, CVE-2020-26145, CVE-2020-26147, CVE-2021-23133, CVE-2021-23134, CVE-2021-32399, CVE-2021-33034, CVE-2021-33200, CVE-2021-3491

SuSE: SUSE-SU-2021:1891-1