openSUSE 15 Security Update : kernel (openSUSE-SU-2021:0873-1)

medium Nessus Plugin ID 151080

Language:

Synopsis

The remote SUSE host is missing one or more security updates.

Description

The remote SUSE Linux SUSE15 host has packages installed that are affected by multiple vulnerabilities as referenced in the openSUSE-SU-2021:0873-1 advisory.

- An issue was discovered in the Linux kernel through 5.11.x. kernel/bpf/verifier.c performs undesirable out-of-bounds speculation on pointer arithmetic, leading to side-channel attacks that defeat Spectre mitigations and obtain sensitive information from kernel memory. Specifically, for sequences of pointer arithmetic operations, the pointer modification performed by the first operation is not correctly accounted for when restricting subsequent operations. (CVE-2021-29155)

- An issue was discovered in the Linux kernel before 5.11.11. The netfilter subsystem allows attackers to cause a denial of service (panic) because net/netfilter/x_tables.c and include/linux/netfilter/x_tables.h lack a full memory barrier upon the assignment of a new table value, aka CID-175e476b8cdf.
(CVE-2021-29650)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

Solution

Update the affected packages.

See Also

https://bugzilla.suse.com/1043990

https://bugzilla.suse.com/1055117

https://bugzilla.suse.com/1065729

https://bugzilla.suse.com/1152457

https://bugzilla.suse.com/1152489

https://bugzilla.suse.com/1155518

https://bugzilla.suse.com/1156395

https://bugzilla.suse.com/1167260

https://bugzilla.suse.com/1167574

https://bugzilla.suse.com/1168838

https://bugzilla.suse.com/1174416

https://bugzilla.suse.com/1174426

https://bugzilla.suse.com/1175995

https://bugzilla.suse.com/1178089

https://bugzilla.suse.com/1179243

https://bugzilla.suse.com/1179851

https://bugzilla.suse.com/1180846

https://bugzilla.suse.com/1181161

https://bugzilla.suse.com/1182613

https://bugzilla.suse.com/1183063

https://bugzilla.suse.com/1183203

https://bugzilla.suse.com/1183289

https://bugzilla.suse.com/1184208

https://bugzilla.suse.com/1184209

https://bugzilla.suse.com/1184436

https://bugzilla.suse.com/1184485

https://bugzilla.suse.com/1184514

https://bugzilla.suse.com/1184585

https://bugzilla.suse.com/1184650

https://bugzilla.suse.com/1184724

https://bugzilla.suse.com/1184728

https://bugzilla.suse.com/1184730

https://bugzilla.suse.com/1184731

https://bugzilla.suse.com/1184736

https://bugzilla.suse.com/1184737

https://bugzilla.suse.com/1184738

https://bugzilla.suse.com/1184740

https://bugzilla.suse.com/1184741

https://bugzilla.suse.com/1184742

https://bugzilla.suse.com/1184760

https://bugzilla.suse.com/1184811

https://bugzilla.suse.com/1184893

https://bugzilla.suse.com/1184934

https://bugzilla.suse.com/1184942

https://bugzilla.suse.com/1184957

https://bugzilla.suse.com/1184969

https://bugzilla.suse.com/1184984

https://bugzilla.suse.com/1185041

https://bugzilla.suse.com/1185113

https://bugzilla.suse.com/1185233

https://bugzilla.suse.com/1185244

https://bugzilla.suse.com/1185269

https://bugzilla.suse.com/1185365

https://bugzilla.suse.com/1185454

https://bugzilla.suse.com/1185472

https://bugzilla.suse.com/1185491

https://bugzilla.suse.com/1185549

https://bugzilla.suse.com/1185586

https://bugzilla.suse.com/1185587

http://www.nessus.org/u?ec9148fd

https://www.suse.com/security/cve/CVE-2021-29155

https://www.suse.com/security/cve/CVE-2021-29650

Plugin Details

Severity: Medium

ID: 151080

File Name: openSUSE-2021-873.nasl

Version: 1.3

Type: local

Agent: unix

Published: 6/28/2021

Updated: 12/12/2023

Supported Sensors: Frictionless Assessment AWS, Frictionless Assessment Azure, Frictionless Assessment Agent, Nessus Agent, Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 4.4

CVSS v2

Risk Factor: Low

Base Score: 2.1

Temporal Score: 1.6

Vector: CVSS2#AV:L/AC:L/Au:N/C:P/I:N/A:N

CVSS Score Source: CVE-2021-29155

CVSS v3

Risk Factor: Medium

Base Score: 5.5

Temporal Score: 5

Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Temporal Vector: CVSS:3.0/E:P/RL:O/RC:C

Vulnerability Information

CPE: p-cpe:/a:novell:opensuse:cluster-md-kmp-rt, p-cpe:/a:novell:opensuse:cluster-md-kmp-rt_debug, p-cpe:/a:novell:opensuse:dlm-kmp-rt, p-cpe:/a:novell:opensuse:dlm-kmp-rt_debug, p-cpe:/a:novell:opensuse:gfs2-kmp-rt, p-cpe:/a:novell:opensuse:gfs2-kmp-rt_debug, p-cpe:/a:novell:opensuse:kernel-devel-rt, p-cpe:/a:novell:opensuse:kernel-rt, p-cpe:/a:novell:opensuse:kernel-rt-devel, p-cpe:/a:novell:opensuse:kernel-rt-extra, p-cpe:/a:novell:opensuse:kernel-rt_debug, p-cpe:/a:novell:opensuse:kernel-rt_debug-devel, p-cpe:/a:novell:opensuse:kernel-rt_debug-extra, p-cpe:/a:novell:opensuse:kernel-source-rt, p-cpe:/a:novell:opensuse:kernel-syms-rt, p-cpe:/a:novell:opensuse:kselftests-kmp-rt, p-cpe:/a:novell:opensuse:kselftests-kmp-rt_debug, p-cpe:/a:novell:opensuse:ocfs2-kmp-rt, p-cpe:/a:novell:opensuse:ocfs2-kmp-rt_debug, p-cpe:/a:novell:opensuse:reiserfs-kmp-rt, p-cpe:/a:novell:opensuse:reiserfs-kmp-rt_debug, cpe:/o:novell:opensuse:15.2

Required KB Items: Host/local_checks_enabled, Host/cpu, Host/SuSE/release, Host/SuSE/rpm-list

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 6/16/2021

Vulnerability Publication Date: 3/30/2021

Reference Information

CVE: CVE-2021-29155, CVE-2021-29650