Detections
Analytics

SUSE SLES12: cluster-md-kmp-rt / dlm-kmp-rt / gfs2-kmp-rt / kernel-devel-rt / etc (SUSE-SU-2021:1899-1)

high Nessus Plugin ID 150687

Language:

Synopsis

The remote SUSE host is missing one or more security updates.

Description

The remote SUSE Linux SLES12 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2021:1899-1 advisory.

 The SUSE Linux Enterprise 12 SP5 RT kernel was updated to receive various security and bugfixes.


 The following security bugs were fixed:

 - CVE-2021-33200: Enforcing incorrect limits for pointer arithmetic operations by the BPF verifier could be abused to perform out-of-bounds reads and writes in kernel memory (bsc#1186484).
 - CVE-2021-33034: Fixed a use-after-free when destroying an hci_chan. This could lead to writing an arbitrary values. (bsc#1186111)
 - CVE-2020-26139: Fixed a denial-of-service when an Access Point (AP) forwards EAPOL frames to other clients even though the sender has not yet successfully authenticated to the AP. (bnc#1186062)
 - CVE-2021-23134: A Use After Free vulnerability in nfc sockets allowed local attackers to elevate their privileges. (bnc#1186060)
 - CVE-2021-3491: Fixed a potential heap overflow in mem_rw(). This vulnerability is related to the PROVIDE_BUFFERS operation, which allowed the MAX_RW_COUNT limit to be bypassed (bsc#1185642).
 - CVE-2021-32399: Fixed a race condition when removing the HCI controller (bnc#1184611).
 - CVE-2020-24586: The 802.11 standard that underpins Wi-Fi Protected Access (WPA, WPA2, and WPA3) and Wired Equivalent Privacy (WEP) doesn't require that received fragments be cleared from memory after (re)connecting to a network. Under the right circumstances this can be abused to inject arbitrary network packets and/or exfiltrate user data (bnc#1185859).
 - CVE-2020-24587: The 802.11 standard that underpins Wi-Fi Protected Access (WPA, WPA2, and WPA3) and Wired Equivalent Privacy (WEP) doesn't require that all fragments of a frame are encrypted under the same key. An adversary can abuse this to decrypt selected fragments when another device sends fragmented frames and the WEP, CCMP, or GCMP encryption key is periodically renewed (bnc#1185859 bnc#1185862).
 - CVE-2020-26147: The WEP, WPA, WPA2, and WPA3 implementations reassemble fragments, even though some of them were sent in plaintext. This vulnerability can be abused to inject packets and/or exfiltrate selected fragments when another device sends fragmented frames and the WEP, CCMP, or GCMP data-confidentiality protocol is used (bnc#1185859).
 - CVE-2020-26145: An issue was discovered with Samsung Galaxy S3 i9305 4.4.4 devices. The WEP, WPA, WPA2, and WPA3 implementations accept second (or subsequent) broadcast fragments even when sent in plaintext and process them as full unfragmented frames. An adversary can abuse this to inject arbitrary network packets independent of the network configuration. (bnc#1185860)
 - CVE-2020-26141: An issue was discovered in the ALFA driver for AWUS036H, where the Message Integrity Check (authenticity) of fragmented TKIP frames was not verified. An adversary can abuse this to inject and possibly decrypt packets in WPA or WPA2 networks that support the TKIP data-confidentiality protocol.
 (bnc#1185987)
 - CVE-2021-23133: Fixed a race condition in SCTP sockets, which could lead to privilege escalation from the context of a network service or an unprivileged process. (bnc#1184675)


Tenable has extracted the preceding description block directly from the SUSE security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

Solution

Update the affected packages.

See Also

https://bugzilla.suse.com/1064802

https://bugzilla.suse.com/1066129

https://bugzilla.suse.com/1087082

https://bugzilla.suse.com/1101816

https://bugzilla.suse.com/1103992

https://bugzilla.suse.com/1104353

https://bugzilla.suse.com/1104427

https://bugzilla.suse.com/1104745

https://bugzilla.suse.com/1109837

https://bugzilla.suse.com/1113431

https://bugzilla.suse.com/1126390

https://bugzilla.suse.com/1133021

https://bugzilla.suse.com/1152457

https://bugzilla.suse.com/1174682

https://bugzilla.suse.com/1176081

https://bugzilla.suse.com/1177666

https://bugzilla.suse.com/1180552

https://bugzilla.suse.com/1181383

https://bugzilla.suse.com/1182256

https://bugzilla.suse.com/1183738

https://bugzilla.suse.com/1183947

https://bugzilla.suse.com/1184081

https://bugzilla.suse.com/1184082

https://bugzilla.suse.com/1184611

https://bugzilla.suse.com/1184855

https://bugzilla.suse.com/1185428

https://bugzilla.suse.com/1185481

https://bugzilla.suse.com/1185680

https://bugzilla.suse.com/1185703

https://bugzilla.suse.com/1185724

https://bugzilla.suse.com/1185758

https://bugzilla.suse.com/1185827

https://bugzilla.suse.com/1185901

https://bugzilla.suse.com/1185906

https://bugzilla.suse.com/1185938

https://bugzilla.suse.com/1186060

https://bugzilla.suse.com/1186111

https://bugzilla.suse.com/1186390

https://bugzilla.suse.com/1186416

https://bugzilla.suse.com/1186439

https://bugzilla.suse.com/1186441

https://bugzilla.suse.com/1186452

https://bugzilla.suse.com/1186460

https://bugzilla.suse.com/1186498

https://www.suse.com/security/cve/CVE-2020-24586

https://www.suse.com/security/cve/CVE-2020-24587

https://www.suse.com/security/cve/CVE-2020-26139

https://www.suse.com/security/cve/CVE-2020-26141

https://www.suse.com/security/cve/CVE-2020-26145

https://www.suse.com/security/cve/CVE-2020-26147

https://www.suse.com/security/cve/CVE-2021-23133

https://www.suse.com/security/cve/CVE-2021-23134

https://www.suse.com/security/cve/CVE-2021-32399

https://www.suse.com/security/cve/CVE-2021-33034

https://www.suse.com/security/cve/CVE-2021-33200

https://www.suse.com/security/cve/CVE-2021-3491

http://www.nessus.org/u?8a7919d0

Plugin Details

Severity: High

ID: 150687

File Name: suse_SU-2021-1899-1.nasl

Version: 1.7

Type: Local

Agent: unix

Published: 6/10/2021

Updated: 6/25/2026

Supported Sensors: Frictionless Assessment AWS, Frictionless Assessment Azure, Frictionless Assessment Agent, Nessus Agent, Agentless Assessment, Continuous Assessment, Nessus

Risk Information

VPR

Risk Factor: High

Score: 7.4

CVSS v2

Risk Factor: High

Base Score: 7.2

Temporal Score: 5.6

Vector: CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C

CVSS Score Source: CVE-2021-3491

CVSS v3

Risk Factor: High

Base Score: 8.8

Temporal Score: 7.9

Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H

Temporal Vector: CVSS:3.0/E:P/RL:O/RC:C

Vulnerability Information

CPE: p-cpe:/a:novell:suse_linux:gfs2-kmp-rt, p-cpe:/a:novell:suse_linux:kernel-rt_debug, p-cpe:/a:novell:suse_linux:kernel-rt-devel, p-cpe:/a:novell:suse_linux:kernel-rt-base, p-cpe:/a:novell:suse_linux:cluster-md-kmp-rt, p-cpe:/a:novell:suse_linux:ocfs2-kmp-rt, p-cpe:/a:novell:suse_linux:kernel-rt_debug-devel, p-cpe:/a:novell:suse_linux:kernel-rt, p-cpe:/a:novell:suse_linux:kernel-devel-rt, p-cpe:/a:novell:suse_linux:kernel-source-rt, p-cpe:/a:novell:suse_linux:kernel-syms-rt, cpe:/o:novell:suse_linux:12, p-cpe:/a:novell:suse_linux:dlm-kmp-rt

Required KB Items: Host/local_checks_enabled, Host/cpu, Host/SuSE/release, Host/SuSE/rpm-list

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 6/8/2021

Vulnerability Publication Date: 4/22/2021

Reference Information

CVE: CVE-2020-24586, CVE-2020-24587, CVE-2020-26139, CVE-2020-26141, CVE-2020-26145, CVE-2020-26147, CVE-2021-23133, CVE-2021-23134, CVE-2021-32399, CVE-2021-33034, CVE-2021-33200, CVE-2021-3491

SuSE: SUSE-SU-2021:1899-1