openSUSE 15 Security Update : kernel (openSUSE-SU-2022:1039-1)

high Nessus Plugin ID 159460

Language:

Synopsis

The remote openSUSE host is missing one or more security updates.

Description

The remote openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as referenced in the openSUSE-SU-2022:1039-1 advisory.

The SUSE Linux Enterprise 15 SP3 kernel was updated to receive various security and bugfixes.


The following security bugs were fixed:

- CVE-2022-25636: Fixed an issue which allowed a local users to gain privileges because of a heap out-of- bounds write in nf_dup_netdev.c, related to nf_tables_offload (bsc#1196299).
- CVE-2022-26490: Fixed a buffer overflow in the st21nfca driver. An attacker with adjacent NFC access could trigger crash the system or corrupt system memory (bsc#1196830).
- CVE-2022-0487: A use-after-free vulnerability was found in rtsx_usb_ms_drv_remove() in drivers/memstick/host/rtsx_usb_ms.c (bsc#1194516).
- CVE-2022-24448: Fixed an issue if an application sets the O_DIRECTORY flag, and tries to open a regular file, nfs_atomic_open() performs a regular lookup. If a regular file is found, ENOTDIR should have occured, but the server instead returned uninitialized data in the file descriptor (bsc#1195612).
- CVE-2022-0617: Fixed a null pointer dereference in UDF file system functionality. A local user could crash the system by triggering udf_file_write_iter() via a malicious UDF image. (bsc#1196079)
- CVE-2022-0644: Fixed a denial of service by a local user. A assertion failure could be triggered in kernel_read_file_from_fd(). (bsc#1196155)
- CVE-2022-25258: The USB Gadget subsystem lacked certain validation of interface OS descriptor requests, which could have lead to memory corruption (bsc#1196096).
- CVE-2022-24958: drivers/usb/gadget/legacy/inode.c mishandled dev->buf release (bsc#1195905).
- CVE-2022-24959: Fixed a memory leak in yam_siocdevprivate() in drivers/net/hamradio/yam.c (bsc#1195897).
- CVE-2021-44879: In gc_data_segment() in fs/f2fs/gc.c, special files were not considered, which lead to a move_data_page NULL pointer dereference (bsc#1195987).
- CVE-2021-0920: Fixed a local privilege escalation due to a use-after-free vulnerability in unix_scm_to_skb of af_unix (bsc#1193731).
- CVE-2021-39657: Fixed an information leak in the Universal Flash Storage subsystem (bsc#1193864).
- CVE-2022-26966: Fixed an issue in drivers/net/usb/sr9700.c, which allowed attackers to obtain sensitive information from heap memory via crafted frame lengths from a device (bsc#1196836).
- CVE-2021-39698: Fixed a possible memory corruption due to a use after free in aio_poll_complete_work.
This could lead to local escalation of privilege with no additional execution privileges needed.
(bsc#1196956)
- CVE-2021-45402: The check_alu_op function in kernel/bpf/verifier.c did not properly update bounds while handling the mov32 instruction, which allowed local users to obtain potentially sensitive address information (bsc#1196130).
- CVE-2022-23036,CVE-2022-23037,CVE-2022-23038,CVE-2022-23039,CVE-2022-23040,CVE-2022-23041,CVE-2022-23042:
Fixed multiple issues which could have lead to read/write access to memory pages or denial of service.
These issues are related to the Xen PV device frontend drivers. (bsc#1196488)


Tenable has extracted the preceding description block directly from the SUSE security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

Solution

Update the affected packages.

See Also

https://bugzilla.suse.com/1176447

https://bugzilla.suse.com/1176774

https://bugzilla.suse.com/1178134

https://bugzilla.suse.com/1179439

https://bugzilla.suse.com/1181147

https://bugzilla.suse.com/1191428

https://bugzilla.suse.com/1192273

https://bugzilla.suse.com/1193731

https://bugzilla.suse.com/1193787

https://bugzilla.suse.com/1193864

https://bugzilla.suse.com/1194463

https://bugzilla.suse.com/1194516

https://bugzilla.suse.com/1194943

https://bugzilla.suse.com/1195051

https://bugzilla.suse.com/1195211

https://bugzilla.suse.com/1195254

https://bugzilla.suse.com/1195353

https://bugzilla.suse.com/1195403

https://bugzilla.suse.com/1195612

https://bugzilla.suse.com/1195897

https://bugzilla.suse.com/1195905

https://bugzilla.suse.com/1195939

https://bugzilla.suse.com/1195949

https://bugzilla.suse.com/1195987

https://bugzilla.suse.com/1196079

https://bugzilla.suse.com/1196095

https://bugzilla.suse.com/1196130

https://bugzilla.suse.com/1196132

https://bugzilla.suse.com/1196155

https://bugzilla.suse.com/1196299

https://bugzilla.suse.com/1196301

https://bugzilla.suse.com/1196433

https://bugzilla.suse.com/1196468

https://bugzilla.suse.com/1196472

https://bugzilla.suse.com/1196488

https://bugzilla.suse.com/1196627

https://bugzilla.suse.com/1196723

https://bugzilla.suse.com/1196779

https://bugzilla.suse.com/1196830

https://bugzilla.suse.com/1196836

https://bugzilla.suse.com/1196866

https://bugzilla.suse.com/1196868

https://bugzilla.suse.com/1196956

https://bugzilla.suse.com/1196959

http://www.nessus.org/u?09812907

https://www.suse.com/security/cve/CVE-2021-0920

https://www.suse.com/security/cve/CVE-2021-39657

https://www.suse.com/security/cve/CVE-2021-39698

https://www.suse.com/security/cve/CVE-2021-44879

https://www.suse.com/security/cve/CVE-2021-45402

https://www.suse.com/security/cve/CVE-2022-0487

https://www.suse.com/security/cve/CVE-2022-0617

https://www.suse.com/security/cve/CVE-2022-23036

https://www.suse.com/security/cve/CVE-2022-23037

https://www.suse.com/security/cve/CVE-2022-23038

https://www.suse.com/security/cve/CVE-2022-23039

https://www.suse.com/security/cve/CVE-2022-23040

https://www.suse.com/security/cve/CVE-2022-23041

https://www.suse.com/security/cve/CVE-2022-23042

https://www.suse.com/security/cve/CVE-2022-24448

https://www.suse.com/security/cve/CVE-2022-24958

https://www.suse.com/security/cve/CVE-2022-24959

https://www.suse.com/security/cve/CVE-2022-25258

https://www.suse.com/security/cve/CVE-2022-25636

https://www.suse.com/security/cve/CVE-2022-26490

https://www.suse.com/security/cve/CVE-2022-26966

Plugin Details

Severity: High

ID: 159460

File Name: openSUSE-2022-1039-1.nasl

Version: 1.8

Type: local

Agent: unix

Published: 4/1/2022

Updated: 9/24/2025

Supported Sensors: Frictionless Assessment AWS, Frictionless Assessment Azure, Frictionless Assessment Agent, Nessus Agent, Continuous Assessment, Nessus

Risk Information

VPR

Risk Factor: High

Score: 8.9

CVSS v2

Risk Factor: High

Base Score: 7.2

Temporal Score: 6.3

Vector: CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C

CVSS Score Source: CVE-2021-39698

CVSS v3

Risk Factor: High

Base Score: 7.8

Temporal Score: 7.5

Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Temporal Vector: CVSS:3.0/E:H/RL:O/RC:C

CVSS Score Source: CVE-2022-26490

Vulnerability Information

CPE: p-cpe:/a:novell:opensuse:ocfs2-kmp-64kb, p-cpe:/a:novell:opensuse:dtb-exynos, p-cpe:/a:novell:opensuse:dtb-al, p-cpe:/a:novell:opensuse:gfs2-kmp-preempt, p-cpe:/a:novell:opensuse:kernel-64kb-extra, p-cpe:/a:novell:opensuse:kernel-debug-livepatch-devel, p-cpe:/a:novell:opensuse:dtb-amd, p-cpe:/a:novell:opensuse:kernel-preempt, p-cpe:/a:novell:opensuse:kernel-default-base-rebuild, p-cpe:/a:novell:opensuse:kernel-obs-qa, p-cpe:/a:novell:opensuse:kernel-source, p-cpe:/a:novell:opensuse:kernel-default, p-cpe:/a:novell:opensuse:dtb-zte, p-cpe:/a:novell:opensuse:dtb-qcom, p-cpe:/a:novell:opensuse:kernel-obs-build, p-cpe:/a:novell:opensuse:kselftests-kmp-default, p-cpe:/a:novell:opensuse:kernel-default-optional, p-cpe:/a:novell:opensuse:ocfs2-kmp-default, p-cpe:/a:novell:opensuse:gfs2-kmp-64kb, p-cpe:/a:novell:opensuse:kernel-preempt-devel, p-cpe:/a:novell:opensuse:kernel-64kb-optional, p-cpe:/a:novell:opensuse:dtb-hisilicon, p-cpe:/a:novell:opensuse:dlm-kmp-64kb, p-cpe:/a:novell:opensuse:reiserfs-kmp-preempt, p-cpe:/a:novell:opensuse:kernel-64kb-livepatch-devel, p-cpe:/a:novell:opensuse:dtb-allwinner, p-cpe:/a:novell:opensuse:cluster-md-kmp-64kb, p-cpe:/a:novell:opensuse:kselftests-kmp-64kb, p-cpe:/a:novell:opensuse:ocfs2-kmp-preempt, p-cpe:/a:novell:opensuse:dtb-sprd, p-cpe:/a:novell:opensuse:kernel-64kb-devel, p-cpe:/a:novell:opensuse:kernel-kvmsmall-devel, p-cpe:/a:novell:opensuse:dtb-freescale, p-cpe:/a:novell:opensuse:dtb-altera, p-cpe:/a:novell:opensuse:kernel-default-extra, p-cpe:/a:novell:opensuse:kernel-debug, p-cpe:/a:novell:opensuse:dtb-xilinx, p-cpe:/a:novell:opensuse:cluster-md-kmp-preempt, p-cpe:/a:novell:opensuse:dtb-arm, p-cpe:/a:novell:opensuse:kselftests-kmp-preempt, p-cpe:/a:novell:opensuse:kernel-source-vanilla, p-cpe:/a:novell:opensuse:dtb-cavium, p-cpe:/a:novell:opensuse:dtb-lg, p-cpe:/a:novell:opensuse:kernel-preempt-livepatch-devel, p-cpe:/a:novell:opensuse:kernel-kvmsmall, p-cpe:/a:novell:opensuse:kernel-default-livepatch, p-cpe:/a:novell:opensuse:dtb-amlogic, p-cpe:/a:novell:opensuse:dlm-kmp-default, p-cpe:/a:novell:opensuse:dtb-socionext, p-cpe:/a:novell:opensuse:kernel-macros, p-cpe:/a:novell:opensuse:dtb-apm, p-cpe:/a:novell:opensuse:dtb-nvidia, p-cpe:/a:novell:opensuse:dtb-rockchip, p-cpe:/a:novell:opensuse:kernel-preempt-extra, p-cpe:/a:novell:opensuse:kernel-zfcpdump, p-cpe:/a:novell:opensuse:kernel-default-devel, p-cpe:/a:novell:opensuse:reiserfs-kmp-64kb, p-cpe:/a:novell:opensuse:kernel-kvmsmall-livepatch-devel, p-cpe:/a:novell:opensuse:dtb-marvell, p-cpe:/a:novell:opensuse:kernel-devel, cpe:/o:novell:opensuse:15.3, p-cpe:/a:novell:opensuse:kernel-preempt-optional, p-cpe:/a:novell:opensuse:gfs2-kmp-default, p-cpe:/a:novell:opensuse:kernel-default-base, p-cpe:/a:novell:opensuse:reiserfs-kmp-default, p-cpe:/a:novell:opensuse:kernel-debug-devel, p-cpe:/a:novell:opensuse:dtb-broadcom, p-cpe:/a:novell:opensuse:kernel-syms, p-cpe:/a:novell:opensuse:cluster-md-kmp-default, p-cpe:/a:novell:opensuse:dtb-mediatek, p-cpe:/a:novell:opensuse:dlm-kmp-preempt, p-cpe:/a:novell:opensuse:dtb-renesas, p-cpe:/a:novell:opensuse:kernel-default-livepatch-devel, p-cpe:/a:novell:opensuse:kernel-64kb

Required KB Items: Host/local_checks_enabled, Host/cpu, Host/SuSE/release, Host/SuSE/rpm-list

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 3/30/2022

Vulnerability Publication Date: 12/15/2021

CISA Known Exploited Vulnerability Due Dates: 6/13/2022

Exploitable With

Core Impact

Reference Information

CVE: CVE-2021-0920, CVE-2021-39657, CVE-2021-39698, CVE-2021-44879, CVE-2021-45402, CVE-2022-0487, CVE-2022-0617, CVE-2022-23036, CVE-2022-23037, CVE-2022-23038, CVE-2022-23039, CVE-2022-23040, CVE-2022-23041, CVE-2022-23042, CVE-2022-24448, CVE-2022-24958, CVE-2022-24959, CVE-2022-25258, CVE-2022-25636, CVE-2022-26490, CVE-2022-26966