SUSE SLES15: cluster-md-kmp-rt / dlm-kmp-rt / gfs2-kmp-rt / kernel-devel-rt / etc (SUSE-SU-2022:0079-1)

high Nessus Plugin ID 156760

Language:

Synopsis

The remote SUSE host is missing one or more security updates.

Description

The remote SUSE Linux SLES15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2022:0079-1 advisory.

The SUSE Linux Enterprise 15 SP3 RT kernel was updated to receive various security and bugfixes.

The following security bugs were fixed:

- CVE-2020-24504: Fixed an uncontrolled resource consumption in some Intel(R) Ethernet E810 Adapter drivers that may have allowed an authenticated user to potentially enable denial of service via local access. (bnc#1182404)
- CVE-2020-27820: Fixed a vulnerability where a use-after-frees in nouveau's postclose() handler could happen if removing device. (bnc#1179599)
- CVE-2021-4001: Fixed a race condition when the EBPF map is frozen. (bsc#1192990)
- CVE-2021-4002: Added a missing TLB flush that could lead to leak or corruption of data in hugetlbfs.
(bsc#1192946)
- CVE-2021-28711: Fixed a rogue backends that could cause DoS of guests via high frequency events by hardening blkfront against event channel storms. (bsc#1193440)
- CVE-2021-28712: Fixed a rogue backends that could cause DoS of guests via high frequency events by hardening netfront against event channel storms. (bsc#1193440)
- CVE-2021-28713: Fixed a rogue backends that could cause DoS of guests via high frequency events by hardening hvc_xen against event channel storms. (bsc#1193440)
- CVE-2021-28714: Fixed an issue where a guest could force Linux netback driver to hog large amounts of kernel memory by fixing rx queue stall detection. (bsc#1193442)
- CVE-2021-28715: Fixed an issue where a guest could force Linux netback driver to hog large amounts of kernel memory by do not queueing unlimited number of packages. (bsc#1193442)
- CVE-2021-33098: Fixed improper input validation in the Intel(R) Ethernet ixgbe driver that could allow an authenticate user to cause a denial of service (bnc#1192877).
- CVE-2021-43975: Fixed a flaw in hw_atl_utils_fw_rpc_wait that could allow an attacker (who can introduce a crafted device) to trigger an out-of-bounds write via a crafted length value. (bnc#1192845)
- CVE-2021-43976: Fixed a flaw that could allow an attacker (who can connect a crafted USB device) to cause a denial of service. (bnc#1192847)
- CVE-2021-45485: Fixed an information leak because of certain use of a hash table which use IPv6 source addresses. (bsc#1194094)
- CVE-2021-45486: Fixed an information leak because the hash table is very small in net/ipv4/route.c.
(bnc#1194087).


Tenable has extracted the preceding description block directly from the SUSE security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

Solution

Update the affected packages.

See Also

https://bugzilla.suse.com/1139944

https://bugzilla.suse.com/1151927

https://bugzilla.suse.com/1152489

https://bugzilla.suse.com/1153275

https://bugzilla.suse.com/1154353

https://bugzilla.suse.com/1154355

https://bugzilla.suse.com/1161907

https://bugzilla.suse.com/1164565

https://bugzilla.suse.com/1166780

https://bugzilla.suse.com/1169514

https://bugzilla.suse.com/1176242

https://bugzilla.suse.com/1176447

https://bugzilla.suse.com/1176536

https://bugzilla.suse.com/1176544

https://bugzilla.suse.com/1176545

https://bugzilla.suse.com/1176546

https://bugzilla.suse.com/1176548

https://bugzilla.suse.com/1176558

https://bugzilla.suse.com/1176559

https://bugzilla.suse.com/1176774

https://bugzilla.suse.com/1176940

https://bugzilla.suse.com/1176956

https://bugzilla.suse.com/1177440

https://bugzilla.suse.com/1178134

https://bugzilla.suse.com/1178270

https://bugzilla.suse.com/1179211

https://bugzilla.suse.com/1179426

https://bugzilla.suse.com/1179427

https://bugzilla.suse.com/1179599

https://bugzilla.suse.com/1181148

https://bugzilla.suse.com/1181507

https://bugzilla.suse.com/1181710

https://bugzilla.suse.com/1182404

https://bugzilla.suse.com/1183534

https://bugzilla.suse.com/1183540

https://bugzilla.suse.com/1183897

https://bugzilla.suse.com/1184318

https://bugzilla.suse.com/1185726

https://bugzilla.suse.com/1185902

https://bugzilla.suse.com/1186332

https://bugzilla.suse.com/1187541

https://bugzilla.suse.com/1189126

https://bugzilla.suse.com/1191793

https://bugzilla.suse.com/1191876

https://bugzilla.suse.com/1192267

https://bugzilla.suse.com/1192320

https://bugzilla.suse.com/1192507

https://bugzilla.suse.com/1192511

https://bugzilla.suse.com/1192569

https://bugzilla.suse.com/1192606

https://bugzilla.suse.com/1192845

https://bugzilla.suse.com/1192847

https://bugzilla.suse.com/1192877

https://bugzilla.suse.com/1192946

https://bugzilla.suse.com/1192969

https://bugzilla.suse.com/1192987

https://bugzilla.suse.com/1192990

https://bugzilla.suse.com/1192998

https://bugzilla.suse.com/1193002

https://bugzilla.suse.com/1193042

https://bugzilla.suse.com/1193139

https://bugzilla.suse.com/1193169

https://bugzilla.suse.com/1193306

https://bugzilla.suse.com/1193318

https://bugzilla.suse.com/1193349

https://bugzilla.suse.com/1193440

https://bugzilla.suse.com/1193442

https://bugzilla.suse.com/1193655

https://bugzilla.suse.com/1193993

https://bugzilla.suse.com/1194087

https://bugzilla.suse.com/1194094

https://bugzilla.suse.com/1194266

https://www.suse.com/security/cve/CVE-2020-24504

https://www.suse.com/security/cve/CVE-2020-27820

https://www.suse.com/security/cve/CVE-2021-28711

https://www.suse.com/security/cve/CVE-2021-28712

https://www.suse.com/security/cve/CVE-2021-28713

https://www.suse.com/security/cve/CVE-2021-28714

https://www.suse.com/security/cve/CVE-2021-28715

https://www.suse.com/security/cve/CVE-2021-33098

https://www.suse.com/security/cve/CVE-2021-4001

https://www.suse.com/security/cve/CVE-2021-4002

https://www.suse.com/security/cve/CVE-2021-43975

https://www.suse.com/security/cve/CVE-2021-43976

https://www.suse.com/security/cve/CVE-2021-45485

https://www.suse.com/security/cve/CVE-2021-45486

http://www.nessus.org/u?4c5c71a6

Plugin Details

Severity: High

ID: 156760

File Name: suse_SU-2022-0079-1.nasl

Version: 1.5

Type: Local

Agent: unix

Published: 1/15/2022

Updated: 6/26/2026

Supported Sensors: Frictionless Assessment AWS, Frictionless Assessment Azure, Frictionless Assessment Agent, Nessus Agent, Agentless Assessment, Continuous Assessment, Tenable Cloud Security, Tenable Self-Hosted Container Security, Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 5

Percentile: 94.76

CVSS v2

Risk Factor: Medium

Base Score: 5

Temporal Score: 3.9

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N

CVSS Score Source: CVE-2021-45485

CVSS v3

Risk Factor: High

Base Score: 7.5

Temporal Score: 6.7

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Temporal Vector: CVSS:3.0/E:P/RL:O/RC:C

Vulnerability Information

CPE: p-cpe:/a:novell:suse_linux:dlm-kmp-rt, p-cpe:/a:novell:suse_linux:kernel-rt-devel, p-cpe:/a:novell:suse_linux:kernel-source-rt, p-cpe:/a:novell:suse_linux:gfs2-kmp-rt, p-cpe:/a:novell:suse_linux:kernel-syms-rt, p-cpe:/a:novell:suse_linux:cluster-md-kmp-rt, p-cpe:/a:novell:suse_linux:kernel-rt_debug-devel, cpe:/o:novell:suse_linux:15, p-cpe:/a:novell:suse_linux:kernel-rt, p-cpe:/a:novell:suse_linux:ocfs2-kmp-rt, p-cpe:/a:novell:suse_linux:kernel-devel-rt

Required KB Items: Host/local_checks_enabled, Host/cpu, Host/SuSE/release, Host/SuSE/rpm-list

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 1/14/2022

Vulnerability Publication Date: 2/17/2021

Reference Information

CVE: CVE-2020-24504, CVE-2020-27820, CVE-2021-28711, CVE-2021-28712, CVE-2021-28713, CVE-2021-28714, CVE-2021-28715, CVE-2021-33098, CVE-2021-4001, CVE-2021-4002, CVE-2021-43975, CVE-2021-43976, CVE-2021-45485, CVE-2021-45486

SuSE: SUSE-SU-2022:0079-1