SUSE SLES15 Security Update : kernel (SUSE-SU-2022:0365-1)

high Nessus Plugin ID 157897

Language:

Synopsis

The remote SUSE host is missing one or more security updates.

Description

The remote SUSE Linux SLES15 / SLES_SAP15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2022:0365-1 advisory.

- A double free bug in packet_set_ring() in net/packet/af_packet.c can be exploited by a local user through crafted syscalls to escalate privileges or deny service. We recommend upgrading kernel past the effected versions or rebuilding past ec6af094ea28f0f2dda1a6a33b14cd57e36a9755 (CVE-2021-22600)

- In gadget_dev_desc_UDC_show of configfs.c, there is a possible disclosure of kernel heap memory due to a race condition. This could lead to local information disclosure with System execution privileges needed.
User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID:
A-160822094References: Upstream kernel (CVE-2021-39648)

- In ufshcd_eh_device_reset_handler of ufshcd.c, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed.
User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID:
A-194696049References: Upstream kernel (CVE-2021-39657)

- pep_sock_accept in net/phonet/pep.c in the Linux kernel through 5.15.8 has a refcount leak.
(CVE-2021-45095)

- A random memory access flaw was found in the Linux kernel's GPU i915 kernel driver functionality in the way a user may run malicious code on the GPU. This flaw allows a local user to crash the system or escalate their privileges on the system. (CVE-2022-0330)

- A stack overflow flaw was found in the Linux kernel's TIPC protocol functionality in the way a user sends a packet with malicious content where the number of domain member nodes is higher than the 64 allowed.
This flaw allows a remote user to crash the system or possibly escalate their privileges if they have access to the TIPC network. (CVE-2022-0435)

- kernel: failing usercopy allows for use-after-free exploitation (CVE-2022-22942)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

Solution

Update the affected packages.

See Also

https://bugzilla.suse.com/1177599

https://bugzilla.suse.com/1183405

https://bugzilla.suse.com/1185377

https://bugzilla.suse.com/1188605

https://bugzilla.suse.com/1193096

https://bugzilla.suse.com/1193506

https://bugzilla.suse.com/1193861

https://bugzilla.suse.com/1193864

https://bugzilla.suse.com/1193867

https://bugzilla.suse.com/1194048

https://bugzilla.suse.com/1194227

https://bugzilla.suse.com/1194880

https://bugzilla.suse.com/1195009

https://bugzilla.suse.com/1195065

https://bugzilla.suse.com/1195184

https://bugzilla.suse.com/1195254

https://www.suse.com/security/cve/CVE-2021-22600

https://www.suse.com/security/cve/CVE-2021-39648

https://www.suse.com/security/cve/CVE-2021-39657

https://www.suse.com/security/cve/CVE-2021-45095

https://www.suse.com/security/cve/CVE-2022-0330

https://www.suse.com/security/cve/CVE-2022-0435

https://www.suse.com/security/cve/CVE-2022-22942

http://www.nessus.org/u?41395285

Plugin Details

Severity: High

ID: 157897

File Name: suse_SU-2022-0365-1.nasl

Version: 1.9

Type: local

Agent: unix

Published: 2/11/2022

Updated: 7/13/2023

Supported Sensors: Agentless Assessment, Frictionless Assessment Agent, Frictionless Assessment AWS, Frictionless Assessment Azure, Nessus Agent, Nessus

Risk Information

VPR

Risk Factor: Critical

Score: 9.2

CVSS v2

Risk Factor: High

Base Score: 9

Temporal Score: 7.8

Vector: CVSS2#AV:N/AC:L/Au:S/C:C/I:C/A:C

CVSS Score Source: CVE-2022-0435

CVSS v3

Risk Factor: High

Base Score: 8.8

Temporal Score: 8.4

Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Temporal Vector: CVSS:3.0/E:H/RL:O/RC:C

Vulnerability Information

CPE: p-cpe:/a:novell:suse_linux:cluster-md-kmp-default, p-cpe:/a:novell:suse_linux:kernel-default-livepatch-devel, p-cpe:/a:novell:suse_linux:kernel-syms, p-cpe:/a:novell:suse_linux:dlm-kmp-default, p-cpe:/a:novell:suse_linux:kernel-default-livepatch, p-cpe:/a:novell:suse_linux:reiserfs-kmp-default, p-cpe:/a:novell:suse_linux:ocfs2-kmp-default, p-cpe:/a:novell:suse_linux:kernel-source, p-cpe:/a:novell:suse_linux:kernel-preempt-devel, p-cpe:/a:novell:suse_linux:kernel-macros, p-cpe:/a:novell:suse_linux:kernel-default-devel, p-cpe:/a:novell:suse_linux:kernel-preempt, p-cpe:/a:novell:suse_linux:kernel-default-base, p-cpe:/a:novell:suse_linux:kernel-default, p-cpe:/a:novell:suse_linux:kernel-livepatch-5_3_18-24_102-default, p-cpe:/a:novell:suse_linux:gfs2-kmp-default, cpe:/o:novell:suse_linux:15, p-cpe:/a:novell:suse_linux:kernel-devel, p-cpe:/a:novell:suse_linux:kernel-obs-build

Required KB Items: Host/local_checks_enabled, Host/cpu, Host/SuSE/release, Host/SuSE/rpm-list

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 2/10/2022

Vulnerability Publication Date: 2/16/2021

CISA Known Exploited Vulnerability Due Dates: 5/2/2022

Exploitable With

Metasploit (vmwgfx Driver File Descriptor Handling Priv Esc)

Reference Information

CVE: CVE-2021-22600, CVE-2021-39648, CVE-2021-39657, CVE-2021-45095, CVE-2022-0330, CVE-2022-0435, CVE-2022-22942

SuSE: SUSE-SU-2022:0365-1