SUSE SLES15: cluster-md-kmp-default / dlm-kmp-default / gfs2-kmp-default / etc (SUSE-SU-2022:0197-1)

high Nessus Plugin ID 157144

Language:

Synopsis

The remote SUSE host is missing one or more security updates.

Description

The remote SUSE Linux SLES15 / SLES_SAP15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2022:0197-1 advisory.

The SUSE Linux Enterprise 15 SP2 LTSS kernel was updated to receive various security and bugfixes.

The following security bugs were fixed:

- CVE-2022-0185: Incorrect param length parsing in legacy_parse_param which could have led to a local privilege escalation (bsc#1194517).
- CVE-2022-0322: Fixed a denial of service in SCTP sctp_addto_chunk (bsc#1194985).
- CVE-2021-44733: Fixed a use-after-free exists in drivers/tee/tee_shm.c in the TEE subsystem in the Linux kernel that occured because of a race condition in tee_shm_get_from_id during an attempt to free a shared memory object (bnc#1193767).
- CVE-2021-4197: Fixed a cgroup issue where lower privileged processes could write to fds of lower privileged ones that could lead to privilege escalation (bsc#1194302).
- CVE-2021-4135: Fixed an information leak in the nsim_bpf_map_alloc function (bsc#1193927).
- CVE-2021-4202: Fixed a race condition during NFC device remove which could lead to a use-after-free memory corruption (bsc#1194529)
- CVE-2021-4083: A read-after-free memory flaw was found in the Linux kernel's garbage collection for Unix domain socket file handlers in the way users call close() and fget() simultaneously and can potentially trigger a race condition. This flaw allowed a local user to crash the system or escalate their privileges on the system. (bnc#1193727).
- CVE-2021-4149: Fixed a locking condition in btrfs which could lead to system deadlocks (bsc#1194001).
- CVE-2021-45485: The IPv6 implementation in net/ipv6/output_core.c had an information leak because of certain use of a hash table which, although big, doesn't properly consider that IPv6-based attackers can typically choose among many IPv6 source addresses (bnc#1194094).
- CVE-2021-45486: The IPv4 implementation in net/ipv4/route.c had an information leak because the hash table is very small (bnc#1194087).
- CVE-2021-4001: A race condition was found in the Linux kernel's ebpf verifier between bpf_map_update_elem and bpf_map_freeze due to a missing lock in kernel/bpf/syscall.c. In this flaw, a local user with a special privilege (cap_sys_admin or cap_bpf) can modify the frozen mapped address space.
(bnc#1192990).
- CVE-2021-28715: Guest can force Linux netback driver to hog large amounts of kernel memory. Incoming data packets for a guest in the Linux kernel's netback driver are buffered until the guest is ready to process them. There are some measures taken for avoiding to pile up too much data, but those can be bypassed by the guest: There was a timeout how long the client side of an interface can stop consuming new packets before it is assumed to have stalled, but this timeout is rather long (60 seconds by default).
Using a UDP connection on a fast interface can easily accumulate gigabytes of data in that time.
(CVE-2021-28715) The timeout could even never trigger if the guest manages to have only one free slot in its RX queue ring page and the next package would require more than one free slot, which may be the case when using GSO, XDP, or software hashing. ()
- CVE-2021-28714: Guest can force Linux netback driver to hog large amounts of kernel memory. Incoming data packets for a guest in the Linux kernel's netback driver are buffered until the guest is ready to process them. There are some measures taken for avoiding to pile up too much data, but those can be bypassed by the guest: There was a timeout how long the client side of an interface can stop consuming new packets before it is assumed to have stalled, but this timeout is rather long (60 seconds by default).
Using a UDP connection on a fast interface can easily accumulate gigabytes of data in that time.
(CVE-2021-28715) The timeout could even never trigger if the guest manages to have only one free slot in its RX queue ring page and the next package would require more than one free slot, which may be the case when using GSO, XDP, or software hashing (bnc#1193442).
- CVE-2021-28713: Rogue backends can cause DoS of guests via high frequency events. Xen offers the ability to run PV backends in regular unprivileged guests, typically referred to as 'driver domains'. Running PV backends in driver domains has one primary security advantage: if a driver domain gets compromised, it doesn't have the privileges to take over the system. However, a malicious driver domain could try to attack other guests via sending events at a high frequency leading to a Denial of Service in the guest due to trying to service interrupts for elongated amounts of time. (bsc#1193440)
- CVE-2021-28712: Rogue backends can cause DoS of guests via high frequency events. Xen offers the ability to run PV backends in regular unprivileged guests, typically referred to as 'driver domains'. Running PV backends in driver domains has one primary security advantage: if a driver domain gets compromised, it doesn't have the privileges to take over the system. However, a malicious driver domain could try to attack other guests via sending events at a high frequency leading to a Denial of Service in the guest due to trying to service interrupts for elongated amounts of time. (bsc#1193440)
- CVE-2021-28711: Rogue backends can cause DoS of guests via high frequency events. Xen offers the ability to run PV backends in regular unprivileged guests, typically referred to as 'driver domains'. Running PV backends in driver domains has one primary security advantage: if a driver domain gets compromised, it doesn't have the privileges to take over the system. However, a malicious driver domain could try to attack other guests via sending events at a high frequency leading to a Denial of Service in the guest due to trying to service interrupts for elongated amounts of time (bnc#1193440).
- CVE-2020-27825: A use-after-free flaw was found in kernel/trace/ring_buffer.c. There was a race problem in trace_open and resize of cpu buffer running parallely on different cpus, may cause a denial of service problem (DOS). This flaw could even allow a local attacker with special user privilege to a kernel information leak threat (bnc#1179960).
- CVE-2021-43975: hw_atl_utils_fw_rpc_wait in drivers/net/ethernet/aquantia/atlantic/hw_atl/hw_atl_utils.c allowed an attacker (who can introduce a crafted device) to trigger an out-of-bounds write via a crafted length value (bnc#1192845).
- CVE-2021-33098: Improper input validation in the Intel(R) Ethernet ixgbe driver for Linux before version 3.17.3 may have allowed an authenticated user to potentially enable denial of service via local access (bnc#1192877).
- CVE-2021-43976: mwifiex_usb_recv in drivers/net/wireless/marvell/mwifiex/usb.c allowed an attacker (who can connect a crafted USB device) to cause a denial of service (skb_over_panic) (bnc#1192847).
- CVE-2021-4002: Incorrect TLBs flushing after huge_pmd_unshare could lead to exposing hugepages to other users (bsc#1192946).
- CVE-2020-27820: A use-after-frees in nouveau's postclose() handler could happen if removing device (that is not common to remove video card physically without power-off, but same happens if 'unbind' the driver) (bnc#1179599).


Tenable has extracted the preceding description block directly from the SUSE security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

Solution

Update the affected packages.

See Also

https://bugzilla.suse.com/1071995

https://bugzilla.suse.com/1139944

https://bugzilla.suse.com/1151927

https://bugzilla.suse.com/1152489

https://bugzilla.suse.com/1153275

https://bugzilla.suse.com/1154353

https://bugzilla.suse.com/1154355

https://bugzilla.suse.com/1161907

https://bugzilla.suse.com/1164565

https://bugzilla.suse.com/1166780

https://bugzilla.suse.com/1169514

https://bugzilla.suse.com/1176242

https://bugzilla.suse.com/1176536

https://bugzilla.suse.com/1176544

https://bugzilla.suse.com/1176545

https://bugzilla.suse.com/1176546

https://bugzilla.suse.com/1176548

https://bugzilla.suse.com/1176558

https://bugzilla.suse.com/1176559

https://bugzilla.suse.com/1176940

https://bugzilla.suse.com/1176956

https://bugzilla.suse.com/1177440

https://bugzilla.suse.com/1178270

https://bugzilla.suse.com/1179211

https://bugzilla.suse.com/1179424

https://bugzilla.suse.com/1179426

https://bugzilla.suse.com/1179427

https://bugzilla.suse.com/1179599

https://bugzilla.suse.com/1179960

https://bugzilla.suse.com/1181148

https://bugzilla.suse.com/1181507

https://bugzilla.suse.com/1181710

https://bugzilla.suse.com/1183534

https://bugzilla.suse.com/1183540

https://bugzilla.suse.com/1183897

https://bugzilla.suse.com/1184209

https://bugzilla.suse.com/1185726

https://bugzilla.suse.com/1185902

https://bugzilla.suse.com/1187541

https://bugzilla.suse.com/1189126

https://bugzilla.suse.com/1189158

https://bugzilla.suse.com/1191271

https://bugzilla.suse.com/1191793

https://bugzilla.suse.com/1191876

https://bugzilla.suse.com/1192267

https://bugzilla.suse.com/1192507

https://bugzilla.suse.com/1192511

https://bugzilla.suse.com/1192569

https://bugzilla.suse.com/1192606

https://bugzilla.suse.com/1192845

https://bugzilla.suse.com/1192847

https://bugzilla.suse.com/1192877

https://bugzilla.suse.com/1192946

https://bugzilla.suse.com/1192969

https://bugzilla.suse.com/1192987

https://bugzilla.suse.com/1192990

https://bugzilla.suse.com/1192998

https://bugzilla.suse.com/1193002

https://bugzilla.suse.com/1193042

https://bugzilla.suse.com/1193169

https://bugzilla.suse.com/1193255

https://bugzilla.suse.com/1193306

https://bugzilla.suse.com/1193318

https://bugzilla.suse.com/1193349

https://bugzilla.suse.com/1193440

https://bugzilla.suse.com/1193442

https://bugzilla.suse.com/1193660

https://bugzilla.suse.com/1193669

https://bugzilla.suse.com/1193727

https://bugzilla.suse.com/1193767

https://bugzilla.suse.com/1193901

https://bugzilla.suse.com/1193927

https://bugzilla.suse.com/1194001

https://bugzilla.suse.com/1194087

https://bugzilla.suse.com/1194094

https://bugzilla.suse.com/1194302

https://bugzilla.suse.com/1194516

https://bugzilla.suse.com/1194517

https://bugzilla.suse.com/1194529

https://bugzilla.suse.com/1194888

https://bugzilla.suse.com/1194985

https://www.suse.com/security/cve/CVE-2020-27820

https://www.suse.com/security/cve/CVE-2020-27825

https://www.suse.com/security/cve/CVE-2021-28711

https://www.suse.com/security/cve/CVE-2021-28712

https://www.suse.com/security/cve/CVE-2021-28713

https://www.suse.com/security/cve/CVE-2021-28714

https://www.suse.com/security/cve/CVE-2021-28715

https://www.suse.com/security/cve/CVE-2021-33098

https://www.suse.com/security/cve/CVE-2021-4001

https://www.suse.com/security/cve/CVE-2021-4002

https://www.suse.com/security/cve/CVE-2021-4083

https://www.suse.com/security/cve/CVE-2021-4135

https://www.suse.com/security/cve/CVE-2021-4149

https://www.suse.com/security/cve/CVE-2021-4197

https://www.suse.com/security/cve/CVE-2021-4202

https://www.suse.com/security/cve/CVE-2021-43975

https://www.suse.com/security/cve/CVE-2021-43976

https://www.suse.com/security/cve/CVE-2021-44733

https://www.suse.com/security/cve/CVE-2021-45485

https://www.suse.com/security/cve/CVE-2021-45486

https://www.suse.com/security/cve/CVE-2022-0185

https://www.suse.com/security/cve/CVE-2022-0322

http://www.nessus.org/u?fcf10ff9

Plugin Details

Severity: High

ID: 157144

File Name: suse_SU-2022-0197-1.nasl

Version: 1.10

Type: Local

Agent: unix

Published: 1/27/2022

Updated: 6/26/2026

Supported Sensors: Agentless Assessment, Continuous Assessment, Frictionless Assessment Agent, Frictionless Assessment AWS, Frictionless Assessment Azure, Nessus Agent, Tenable Cloud Security, Tenable Self-Hosted Container Security, Nessus

Risk Information

VPR

Risk Factor: High

Score: 7.9

Percentile: 99.36

CVSS v2

Risk Factor: High

Base Score: 7.2

Temporal Score: 6

Vector: CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C

CVSS Score Source: CVE-2022-0185

CVSS v3

Risk Factor: High

Base Score: 8.4

Temporal Score: 7.8

Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Temporal Vector: CVSS:3.0/E:F/RL:O/RC:C

Vulnerability Information

CPE: cpe:/o:novell:suse_linux:15, p-cpe:/a:novell:suse_linux:kernel-default, p-cpe:/a:novell:suse_linux:kernel-source, p-cpe:/a:novell:suse_linux:kernel-syms, p-cpe:/a:novell:suse_linux:kernel-default-base, p-cpe:/a:novell:suse_linux:kernel-default-devel, p-cpe:/a:novell:suse_linux:kernel-obs-build, p-cpe:/a:novell:suse_linux:kernel-preempt, p-cpe:/a:novell:suse_linux:kernel-preempt-devel, p-cpe:/a:novell:suse_linux:reiserfs-kmp-default, p-cpe:/a:novell:suse_linux:kernel-default-livepatch, p-cpe:/a:novell:suse_linux:cluster-md-kmp-default, p-cpe:/a:novell:suse_linux:dlm-kmp-default, p-cpe:/a:novell:suse_linux:gfs2-kmp-default, p-cpe:/a:novell:suse_linux:kernel-devel, p-cpe:/a:novell:suse_linux:kernel-macros, p-cpe:/a:novell:suse_linux:ocfs2-kmp-default, p-cpe:/a:novell:suse_linux:kernel-default-livepatch-devel, p-cpe:/a:novell:suse_linux:kernel-livepatch-5_3_18-24_99-default

Required KB Items: Host/local_checks_enabled, Host/cpu, Host/SuSE/release, Host/SuSE/rpm-list

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 1/26/2022

Vulnerability Publication Date: 12/11/2020

CISA Known Exploited Vulnerability Due Dates: 9/11/2024

Exploitable With

Core Impact

Reference Information

CVE: CVE-2020-27820, CVE-2020-27825, CVE-2021-28711, CVE-2021-28712, CVE-2021-28713, CVE-2021-28714, CVE-2021-28715, CVE-2021-33098, CVE-2021-4001, CVE-2021-4002, CVE-2021-4083, CVE-2021-4135, CVE-2021-4149, CVE-2021-4197, CVE-2021-4202, CVE-2021-43975, CVE-2021-43976, CVE-2021-44733, CVE-2021-45485, CVE-2021-45486, CVE-2022-0185, CVE-2022-0322

SuSE: SUSE-SU-2022:0197-1