SUSE SLES12: cluster-md-kmp-rt / dlm-kmp-rt / gfs2-kmp-rt / kernel-devel-rt / etc (SUSE-SU-2022:0090-1)

high Nessus Plugin ID 156777

Language:

Synopsis

The remote SUSE host is missing one or more security updates.

Description

The remote SUSE Linux SLES12 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2022:0090-1 advisory.

The SUSE Linux Enterprise 12 SP5 RT kernel was updated to receive various security and bugfixes.

The following security bugs were fixed:

- CVE-2019-15126: Fixed a vulnerability in Broadcom and Cypress Wi-Fi chips, used in RPi family of devices aka 'Kr00k'. (bsc#1167162)
- CVE-2020-27820: Fixed a vulnerability where a use-after-frees in nouveau's postclose() handler could happen if removing device. (bsc#1179599)
- CVE-2021-0920: Fixed a local privilege escalation due to an use after free bug in unix_gc. (bsc#1193731)
- CVE-2021-0935: Fixed out of bounds write due to a use after free which could lead to local escalation of privilege with System execution privileges needed in ip6_xmit. (bsc#1192032)
- CVE-2021-4002: Added a missing TLB flush that could lead to leak or corruption of data in hugetlbfs.
(bsc#1192946)
- CVE-2021-28711: Fixed a rogue backends that could cause DoS of guests via high frequency events by hardening blkfront against event channel storms. (bsc#1193440)
- CVE-2021-28712: Fixed a rogue backends that could cause DoS of guests via high frequency events by hardening netfront against event channel storms. (bsc#1193440)
- CVE-2021-28713: Fixed a rogue backends that could cause DoS of guests via high frequency events by hardening hvc_xen against event channel storms. (bsc#1193440)
- CVE-2021-28714: Fixed an issue where a guest could force Linux netback driver to hog large amounts of kernel memory by fixing rx queue stall detection. (bsc#1193442)
- CVE-2021-28715: Fixed an issue where a guest could force Linux netback driver to hog large amounts of kernel memory by do not queueing unlimited number of packages. (bsc#1193442)
- CVE-2021-33098: Fixed a potential denial of service in Intel(R) Ethernet ixgbe driver due to improper input validation. (bsc#1192877)
- CVE-2021-43975: Fixed a flaw in hw_atl_utils_fw_rpc_wait that could allow an attacker (who can introduce a crafted device) to trigger an out-of-bounds write via a crafted length value. (bsc#1192845)
- CVE-2021-43976: Fixed a flaw that could allow an attacker (who can connect a crafted USB device) to cause a denial of service. (bsc#1192847)
- CVE-2021-45485: Fixed an information leak because of certain use of a hash table which use IPv6 source addresses. (bsc#1194094)
- CVE-2021-45486: Fixed an information leak because the hash table is very small in net/ipv4/route.c.
(bsc#1194087)


Tenable has extracted the preceding description block directly from the SUSE security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

Solution

Update the affected packages.

See Also

https://bugzilla.suse.com/1114648

https://bugzilla.suse.com/1124431

https://bugzilla.suse.com/1167162

https://bugzilla.suse.com/1179599

https://bugzilla.suse.com/1183678

https://bugzilla.suse.com/1183897

https://bugzilla.suse.com/1184804

https://bugzilla.suse.com/1185727

https://bugzilla.suse.com/1185762

https://bugzilla.suse.com/1187167

https://bugzilla.suse.com/1189126

https://bugzilla.suse.com/1189305

https://bugzilla.suse.com/1189841

https://bugzilla.suse.com/1190358

https://bugzilla.suse.com/1191229

https://bugzilla.suse.com/1191384

https://bugzilla.suse.com/1192032

https://bugzilla.suse.com/1192145

https://bugzilla.suse.com/1192267

https://bugzilla.suse.com/1192740

https://bugzilla.suse.com/1192845

https://bugzilla.suse.com/1192847

https://bugzilla.suse.com/1192877

https://bugzilla.suse.com/1192946

https://bugzilla.suse.com/1192974

https://bugzilla.suse.com/1193231

https://bugzilla.suse.com/1193306

https://bugzilla.suse.com/1193318

https://bugzilla.suse.com/1193440

https://bugzilla.suse.com/1193442

https://bugzilla.suse.com/1193731

https://bugzilla.suse.com/1194087

https://bugzilla.suse.com/1194094

https://www.suse.com/security/cve/CVE-2019-15126

https://www.suse.com/security/cve/CVE-2020-27820

https://www.suse.com/security/cve/CVE-2021-0920

https://www.suse.com/security/cve/CVE-2021-0935

https://www.suse.com/security/cve/CVE-2021-28711

https://www.suse.com/security/cve/CVE-2021-28712

https://www.suse.com/security/cve/CVE-2021-28713

https://www.suse.com/security/cve/CVE-2021-28714

https://www.suse.com/security/cve/CVE-2021-28715

https://www.suse.com/security/cve/CVE-2021-33098

https://www.suse.com/security/cve/CVE-2021-4002

https://www.suse.com/security/cve/CVE-2021-43975

https://www.suse.com/security/cve/CVE-2021-43976

https://www.suse.com/security/cve/CVE-2021-45485

https://www.suse.com/security/cve/CVE-2021-45486

http://www.nessus.org/u?52285dcb

Plugin Details

Severity: High

ID: 156777

File Name: suse_SU-2022-0090-1.nasl

Version: 1.10

Type: Local

Agent: unix

Published: 1/18/2022

Updated: 6/26/2026

Supported Sensors: Frictionless Assessment AWS, Frictionless Assessment Azure, Frictionless Assessment Agent, Nessus Agent, Agentless Assessment, Continuous Assessment, Tenable Cloud Security, Tenable Self-Hosted Container Security, Nessus

Risk Information

VPR

Risk Factor: High

Score: 7.6

Percentile: 98.54

CVSS v2

Risk Factor: High

Base Score: 7.2

Temporal Score: 6

Vector: CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C

CVSS Score Source: CVE-2021-0935

CVSS v3

Risk Factor: High

Base Score: 7.5

Temporal Score: 7

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Temporal Vector: CVSS:3.0/E:F/RL:O/RC:C

CVSS Score Source: CVE-2021-45485

Vulnerability Information

CPE: p-cpe:/a:novell:suse_linux:dlm-kmp-rt, p-cpe:/a:novell:suse_linux:kernel-rt-devel, p-cpe:/a:novell:suse_linux:kernel-source-rt, cpe:/o:novell:suse_linux:12, p-cpe:/a:novell:suse_linux:kernel-rt-base, p-cpe:/a:novell:suse_linux:gfs2-kmp-rt, p-cpe:/a:novell:suse_linux:kernel-syms-rt, p-cpe:/a:novell:suse_linux:cluster-md-kmp-rt, p-cpe:/a:novell:suse_linux:kernel-rt_debug-devel, p-cpe:/a:novell:suse_linux:kernel-rt_debug, p-cpe:/a:novell:suse_linux:kernel-rt, p-cpe:/a:novell:suse_linux:ocfs2-kmp-rt, p-cpe:/a:novell:suse_linux:kernel-devel-rt

Required KB Items: Host/local_checks_enabled, Host/cpu, Host/SuSE/release, Host/SuSE/rpm-list

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 1/17/2022

Vulnerability Publication Date: 2/5/2020

CISA Known Exploited Vulnerability Due Dates: 6/13/2022

Reference Information

CVE: CVE-2019-15126, CVE-2020-27820, CVE-2021-0920, CVE-2021-0935, CVE-2021-28711, CVE-2021-28712, CVE-2021-28713, CVE-2021-28714, CVE-2021-28715, CVE-2021-33098, CVE-2021-4002, CVE-2021-43975, CVE-2021-43976, CVE-2021-45485, CVE-2021-45486

SuSE: SUSE-SU-2022:0090-1