Detections
Analytics
SUSE SLES11 Security Update : kernel (SUSE-SU-2021:14849-1)
high Nessus Plugin ID 155814
Language:
Synopsis
The remote SUSE host is missing one or more security updates.Description
The remote SUSE Linux SLES11 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2021:14849-1 advisory.The SUSE Linux Enterprise 11 SP4 LTSS kernel was updated to receive various security and bugfixes.
The following security bugs were fixed:
- CVE-2021-37159: hso_free_net_device in drivers/net/usb/hso.c called unregister_netdev without checking for the NETREG_REGISTERED state, leading to a use-after-free and a double free (bnc#1188601).
- CVE-2021-3772: Fixed sctp vtag check in sctp_sf_ootb (bsc#1190351).
- CVE-2021-3655: Missing size validations on inbound SCTP packets may have allowed the kernel to read uninitialized memory (bnc#1188563 bnc#1192267).
- CVE-2014-7841: The sctp_process_param function in net/sctp/sm_make_chunk.c in the SCTP implementation, when ASCONF is used, allowed remote attackers to cause a denial of service (NULL pointer dereference and system crash) via a malformed INIT chunk (bnc#904899 bnc#905100).
- CVE-2021-20265: A flaw was found in the way memory resources were freed in the unix_stream_recvmsg function when a signal was pending. This flaw allowed an unprivileged local user to crash the system by exhausting available memory. The highest threat from this vulnerability is to system availability (bnc#1183089).
- CVE-2021-42739: The firewire subsystem had a buffer overflow related to drivers/media/firewire/firedtv- avc.c and drivers/media/firewire/firedtv-ci.c, because avc_ca_pmt mishandled bounds checking (bnc#1184673 bnc#1192036).
- CVE-2021-33033: The Linux kernel has a use-after-free in cipso_v4_genopt in net/ipv4/cipso_ipv4.c because the CIPSO and CALIPSO refcounting for the DOI definitions is mishandled, aka CID-ad5d07f4a9cd.
This leads to writing an arbitrary value (bnc#1186109 bnc#1188876).
- CVE-2021-43389: There was an array-index-out-of-bounds flaw in the detach_capi_ctr function in drivers/isdn/capi/kcapi.c (bnc#1191958).
- CVE-2021-42008: The decode_data function in drivers/net/hamradio/6pack.c had a slab out-of-bounds write.
Input from a process that has the CAP_NET_ADMIN capability can lead to root access (bnc#1191315).
- CVE-2021-38160: Data corruption or loss could be triggered by an untrusted device that supplies a buf->len value exceeding the buffer size in drivers/char/virtio_console.c (bsc#1190117)
- CVE-2021-3640: Fixed a Use-After-Free vulnerability in function sco_sock_sendmsg() in the bluetooth stack (bsc#1188172).
- CVE-2021-38198: arch/x86/kvm/mmu/paging_tmpl.h incorrectly computed the access permissions of a shadow page, leading to a missing guest protection page fault (bnc#1189262).
- CVE-2021-3653: A flaw was found in the KVM's AMD code for supporting SVM nested virtualization. The flaw occurs when processing the VMCB (virtual machine control block) provided by the L1 guest to spawn/handle a nested guest (L2). Due to improper validation of the 'int_ctl' field, this issue could allow a malicious L1 to enable AVIC support (Advanced Virtual Interrupt Controller) for the L2 guest. As a result, the L2 guest would be allowed to read/write physical pages of the host, resulting in a crash of the entire system, leak of sensitive data or potential guest-to-host escape. (bnc#1189399).
- CVE-2021-3679: A lack of CPU resource in the Linux kernel tracing module functionality was found in the way user uses trace ring buffer in a specific way. Only privileged local users (with CAP_SYS_ADMIN capability) could use this flaw to starve the resources causing denial of service (bnc#1189057).
- CVE-2021-3609: A potential local privilege escalation in the CAN BCM networking protocol was fixed (bsc#1187215).
- CVE-2020-36385: drivers/infiniband/core/ucma.c has a use-after-free because the ctx is reached via the ctx_list in some ucma_migrate_id situations where ucma_close is called, aka CID-f5449e74802c (bnc#1187050).
Tenable has extracted the preceding description block directly from the SUSE security advisory.
Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.
Solution
Update the affected packages.See Also
https://bugzilla.suse.com/904899
https://bugzilla.suse.com/905100
https://bugzilla.suse.com/1183089
https://bugzilla.suse.com/1184673
https://bugzilla.suse.com/1186109
https://bugzilla.suse.com/1187050
https://bugzilla.suse.com/1187215
https://bugzilla.suse.com/1188172
https://bugzilla.suse.com/1188563
https://bugzilla.suse.com/1188601
https://bugzilla.suse.com/1188876
https://bugzilla.suse.com/1189057
https://bugzilla.suse.com/1189262
https://bugzilla.suse.com/1189399
https://bugzilla.suse.com/1190117
https://bugzilla.suse.com/1190351
https://bugzilla.suse.com/1191315
https://bugzilla.suse.com/1191660
https://bugzilla.suse.com/1191958
https://bugzilla.suse.com/1192036
https://bugzilla.suse.com/1192267
http://www.nessus.org/u?baa8927b
https://www.suse.com/security/cve/CVE-2014-7841
https://www.suse.com/security/cve/CVE-2020-36385
https://www.suse.com/security/cve/CVE-2021-3609
https://www.suse.com/security/cve/CVE-2021-3640
https://www.suse.com/security/cve/CVE-2021-3653
https://www.suse.com/security/cve/CVE-2021-3655
https://www.suse.com/security/cve/CVE-2021-3679
https://www.suse.com/security/cve/CVE-2021-3772
https://www.suse.com/security/cve/CVE-2021-20265
https://www.suse.com/security/cve/CVE-2021-33033
https://www.suse.com/security/cve/CVE-2021-37159
https://www.suse.com/security/cve/CVE-2021-38160
https://www.suse.com/security/cve/CVE-2021-38198
https://www.suse.com/security/cve/CVE-2021-42008
Plugin Details
Severity: High
ID: 155814
File Name: suse_SU-2021-14849-1.nasl
Version: 1.6
Type: local
Agent: unix
Family: SuSE Local Security Checks
Published: 12/2/2021
Updated: 9/24/2025
Supported Sensors: Frictionless Assessment AWS, Frictionless Assessment Azure, Frictionless Assessment Agent, Nessus Agent, Agentless Assessment, Continuous Assessment, Nessus
Risk Information
VPR
Risk Factor: High
Score: 7.4
CVSS v2
Risk Factor: High
Base Score: 7.2
Temporal Score: 5.6
Vector: CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C
CVSS Score Source: CVE-2021-38160
CVSS v3
Risk Factor: High
Base Score: 8.8
Temporal Score: 7.9
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
Temporal Vector: CVSS:3.0/E:P/RL:O/RC:C
CVSS Score Source: CVE-2021-3653
Vulnerability Information
CPE: p-cpe:/a:novell:suse_linux:kernel-xen-base, p-cpe:/a:novell:suse_linux:kernel-syms, p-cpe:/a:novell:suse_linux:kernel-pae-base, p-cpe:/a:novell:suse_linux:kernel-trace-base, p-cpe:/a:novell:suse_linux:kernel-ppc64, p-cpe:/a:novell:suse_linux:kernel-ppc64-base, p-cpe:/a:novell:suse_linux:kernel-pae-devel, p-cpe:/a:novell:suse_linux:kernel-source, p-cpe:/a:novell:suse_linux:kernel-ec2, p-cpe:/a:novell:suse_linux:kernel-default-man, p-cpe:/a:novell:suse_linux:kernel-ec2-base, p-cpe:/a:novell:suse_linux:kernel-ec2-devel, p-cpe:/a:novell:suse_linux:kernel-trace-devel, p-cpe:/a:novell:suse_linux:kernel-ppc64-devel, p-cpe:/a:novell:suse_linux:kernel-bigmem, p-cpe:/a:novell:suse_linux:kernel-default-base, p-cpe:/a:novell:suse_linux:kernel-bigmem-devel, p-cpe:/a:novell:suse_linux:kernel-xen-devel, p-cpe:/a:novell:suse_linux:kernel-default-devel, p-cpe:/a:novell:suse_linux:kernel-bigmem-base, p-cpe:/a:novell:suse_linux:kernel-trace, p-cpe:/a:novell:suse_linux:kernel-xen, p-cpe:/a:novell:suse_linux:kernel-default, p-cpe:/a:novell:suse_linux:kernel-pae, cpe:/o:novell:suse_linux:11
Required KB Items: Host/local_checks_enabled, Host/cpu, Host/SuSE/release, Host/SuSE/rpm-list
Exploit Available: true
Exploit Ease: Exploits are available
Patch Publication Date: 12/1/2021
Vulnerability Publication Date: 11/13/2014
Reference Information
CVE: CVE-2014-7841, CVE-2020-36385, CVE-2021-20265, CVE-2021-33033, CVE-2021-3609, CVE-2021-3640, CVE-2021-3653, CVE-2021-3655, CVE-2021-3679, CVE-2021-37159, CVE-2021-3772, CVE-2021-38160, CVE-2021-38198, CVE-2021-42008, CVE-2021-42739, CVE-2021-43389
SuSE: SUSE-SU-2021:14849-1