The remote SUSE Linux SLED12 / SLES12 / SLES_SAP12 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2022:0364-1 advisory.

  - The vgacon subsystem in the Linux kernel before 5.8.10 mishandles software scrollback. There is a     vgacon_scrolldelta out-of-bounds read, aka CID-973c096f6a85. (CVE-2020-28097)

  - A flaw double-free memory corruption in the Linux kernel HCI device initialization subsystem was found in     the way user attach malicious HCI TTY Bluetooth device. A local user could use this flaw to crash the     system. This flaw affects all the Linux kernel versions starting from 3.13. (CVE-2021-3564)

  - In gadget_dev_desc_UDC_show of configfs.c, there is a possible disclosure of kernel heap memory due to a     race condition. This could lead to local information disclosure with System execution privileges needed.
    User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID:
    A-160822094References: Upstream kernel (CVE-2021-39648)

  - In ufshcd_eh_device_reset_handler of ufshcd.c, there is a possible out of bounds read due to a missing     bounds check. This could lead to local information disclosure with System execution privileges needed.
    User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID:
    A-194696049References: Upstream kernel (CVE-2021-39657)

  - A read-after-free memory flaw was found in the Linux kernel's garbage collection for Unix domain socket     file handlers in the way users call close() and fget() simultaneously and can potentially trigger a race     condition. This flaw allows a local user to crash the system or escalate their privileges on the system.
    This flaw affects Linux kernel versions prior to 5.16-rc4. (CVE-2021-4083)

  - A memory leak vulnerability was found in the Linux kernel's eBPF for the Simulated networking device     driver in the way user uses BPF for the device such that function nsim_map_alloc_elem being called. A     local user could use this flaw to get unauthorized access to some data. (CVE-2021-4135)

  - A vulnerability was found in btrfs_alloc_tree_b in fs/btrfs/extent-tree.c in the Linux kernel due to an     improper lock operation in btrfs. In this flaw, a user with a local privilege may cause a denial of     service (DOS) due to a deadlock problem. (CVE-2021-4149)

  - An unprivileged write to the file handler flaw in the Linux kernel's control groups and namespaces     subsystem was found in the way users have access to some less privileged process that are controlled by     cgroups and have higher privileged parent process. It is actually both for cgroup2 and cgroup1 versions of     control groups. A local user could use this flaw to crash the system or escalate their privileges on the     system. (CVE-2021-4197)

  - A use-after-free flaw was found in nci_request in net/nfc/nci/core.c in NFC Controller Interface (NCI) in     the Linux kernel. This flaw could allow a local attacker with user privileges to cause a data race problem     while the device is getting removed, leading to a privilege escalation problem. (CVE-2021-4202)

  - A use-after-free exists in drivers/tee/tee_shm.c in the TEE subsystem in the Linux kernel through 5.15.11.
    This occurs because of a race condition in tee_shm_get_from_id during an attempt to free a shared memory     object. (CVE-2021-44733)

  - A flaw was found in the sctp_make_strreset_req function in net/sctp/sm_make_chunk.c in the SCTP network     protocol in the Linux kernel with a local user privilege access. In this flaw, an attempt to use more     buffer than is allocated triggers a BUG_ON issue, leading to a denial of service (DOS). (CVE-2022-0322)

  - A random memory access flaw was found in the Linux kernel's GPU i915 kernel driver functionality in the     way a user may run malicious code on the GPU. This flaw allows a local user to crash the system or     escalate their privileges on the system. (CVE-2022-0330)

  - A stack overflow flaw was found in the Linux kernel's TIPC protocol functionality in the way a user sends     a packet with malicious content where the number of domain member nodes is higher than the 64 allowed.
    This flaw allows a remote user to crash the system or possibly escalate their privileges if they have     access to the TIPC network. (CVE-2022-0435)

  - kernel: failing usercopy allows for use-after-free exploitation (CVE-2022-22942)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

Detections

Analytics

SUSE SLED12 / SLES12 Security Update : kernel (SUSE-SU-2022:0364-1)

high Nessus Plugin ID 157899

Version 1.9