Detections
Analytics

SUSE SLES15 Security Update : kernel (SUSE-SU-2022:1669-1)

high Nessus Plugin ID 161225

Language:

Synopsis

The remote SUSE host is missing one or more security updates.

Description

The remote SUSE Linux SLES15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2022:1669-1 advisory.

 - A use after free in the Linux kernel infiniband hfi1 driver in versions prior to 5.10-rc6 was found in the way user calls Ioctl after open dev file and fork. A local user could use this flaw to crash the system.
 (CVE-2020-27835)

 - In dma_buf_release of dma-buf.c, there is a possible memory corruption due to a use after free. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-155756045References:
 Upstream kernel (CVE-2021-0707)

 - There is a flaw reported in the Linux kernel in versions before 5.9 in drivers/gpu/drm/nouveau/nouveau_sgdma.c in nouveau_sgdma_create_ttm in Nouveau DRM subsystem. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker with a local account with a root privilege, can leverage this vulnerability to escalate privileges and execute code in the context of the kernel. (CVE-2021-20292)

 - A race condition accessing file object in the Linux kernel OverlayFS subsystem was found in the way users do rename in specific way with OverlayFS. A local user could use this flaw to crash the system.
 (CVE-2021-20321)

 - net/nfc/llcp_sock.c in the Linux kernel before 5.12.10 allows local unprivileged users to cause a denial of service (NULL pointer dereference and BUG) by making a getsockname call after a certain type of failure of a bind call. (CVE-2021-38208)

 - A use-after-free flaw was found in cgroup1_parse_param in kernel/cgroup/cgroup-v1.c in the Linux kernel's cgroup v1 parser. A local attacker with a user privilege could cause a privilege escalation by exploiting the fsconfig syscall parameter leading to a container breakout and a denial of service on the system.
 (CVE-2021-4154)

 - An information leak flaw was found in NFS over RDMA in the net/sunrpc/xprtrdma/rpc_rdma.c in the Linux Kernel. This flaw allows an attacker with normal user privileges to leak kernel information.
 (CVE-2022-0812)

 - A flaw was found in KVM. When updating a guest's page table entry, vm_pgoff was improperly used as the offset to get the page's pfn. As vaddr and vm_pgoff are controllable by user-mode processes, this flaw allows unprivileged local users on the host to write outside the userspace region and potentially corrupt the kernel, resulting in a denial of service condition. (CVE-2022-1158)

 - A use-after-free vulnerability was found in drm_lease_held in drivers/gpu/drm/drm_lease.c in the Linux kernel due to a race problem. This flaw allows a local user privilege attacker to cause a denial of service (DoS) or a kernel information leak. (CVE-2022-1280)

 - A vulnerability was found in the pfkey_register function in net/key/af_key.c in the Linux kernel. This flaw allows a local, unprivileged user to gain access to kernel memory, leading to a system crash or a leak of internal kernel information. (CVE-2022-1353)

 - The root cause of this vulnerability is that the ioctl$DRM_IOCTL_MODE_DESTROY_DUMB can decrease refcount of *drm_vgem_gem_object *(created in *vgem_gem_dumb_create*) concurrently, and *vgem_gem_dumb_create *will access the freed drm_vgem_gem_object. (CVE-2022-1419)

 - A NULL pointer dereference flaw was found in the Linux kernel's X.25 set of standardized network protocols functionality in the way a user terminates their session using a simulated Ethernet card and continued usage of this connection. This flaw allows a local user to crash the system. (CVE-2022-1516)

 - In the Linux kernel before 5.17.1, a refcount leak bug was found in net/llc/af_llc.c. (CVE-2022-28356)

 - The SUNRPC subsystem in the Linux kernel through 5.17.2 can call xs_xprt_free before ensuring that sockets are in the intended state. (CVE-2022-28893)

 - drivers/infiniband/ulp/rtrs/rtrs-clt.c in the Linux kernel before 5.16.12 has a double free related to rtrs_clt_dev_release. (CVE-2022-29156)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

Solution

Update the affected packages.

See Also

https://bugzilla.suse.com/1028340

https://bugzilla.suse.com/1071995

https://bugzilla.suse.com/1137728

https://bugzilla.suse.com/1152472

https://bugzilla.suse.com/1152489

https://bugzilla.suse.com/1177028

https://bugzilla.suse.com/1179878

https://bugzilla.suse.com/1182073

https://bugzilla.suse.com/1183723

https://bugzilla.suse.com/1187055

https://bugzilla.suse.com/1191647

https://bugzilla.suse.com/1193556

https://bugzilla.suse.com/1193842

https://bugzilla.suse.com/1194625

https://bugzilla.suse.com/1195651

https://bugzilla.suse.com/1195926

https://bugzilla.suse.com/1196018

https://bugzilla.suse.com/1196114

https://bugzilla.suse.com/1196367

https://bugzilla.suse.com/1196514

https://bugzilla.suse.com/1196639

https://bugzilla.suse.com/1196942

https://bugzilla.suse.com/1197157

https://bugzilla.suse.com/1197391

https://bugzilla.suse.com/1197656

https://bugzilla.suse.com/1197660

https://bugzilla.suse.com/1197677

https://bugzilla.suse.com/1197914

https://bugzilla.suse.com/1197926

https://bugzilla.suse.com/1198077

https://bugzilla.suse.com/1198217

https://bugzilla.suse.com/1198330

https://bugzilla.suse.com/1198400

https://bugzilla.suse.com/1198413

https://bugzilla.suse.com/1198437

https://bugzilla.suse.com/1198448

https://bugzilla.suse.com/1198484

https://bugzilla.suse.com/1198515

https://bugzilla.suse.com/1198516

https://bugzilla.suse.com/1198534

https://bugzilla.suse.com/1198742

https://bugzilla.suse.com/1198825

https://bugzilla.suse.com/1198989

https://bugzilla.suse.com/1199012

https://bugzilla.suse.com/1199024

https://www.suse.com/security/cve/CVE-2020-27835

https://www.suse.com/security/cve/CVE-2021-0707

https://www.suse.com/security/cve/CVE-2021-20292

https://www.suse.com/security/cve/CVE-2021-20321

https://www.suse.com/security/cve/CVE-2021-38208

https://www.suse.com/security/cve/CVE-2021-4154

https://www.suse.com/security/cve/CVE-2022-0812

https://www.suse.com/security/cve/CVE-2022-1158

https://www.suse.com/security/cve/CVE-2022-1280

https://www.suse.com/security/cve/CVE-2022-1353

https://www.suse.com/security/cve/CVE-2022-1419

https://www.suse.com/security/cve/CVE-2022-1516

https://www.suse.com/security/cve/CVE-2022-28356

https://www.suse.com/security/cve/CVE-2022-28748

https://www.suse.com/security/cve/CVE-2022-28893

https://www.suse.com/security/cve/CVE-2022-29156

http://www.nessus.org/u?b69002cb

Plugin Details

Severity: High

ID: 161225

File Name: suse_SU-2022-1669-1.nasl

Version: 1.5

Type: local

Agent: unix

Published: 5/17/2022

Updated: 7/13/2023

Supported Sensors: Agentless Assessment, Frictionless Assessment Agent, Frictionless Assessment AWS, Frictionless Assessment Azure, Nessus Agent, Nessus

Risk Information

VPR

Risk Factor: High

Score: 7.3

CVSS v2

Risk Factor: High

Base Score: 7.2

Temporal Score: 5.6

Vector: CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C

CVSS Score Source: CVE-2022-29156

CVSS v3

Risk Factor: High

Base Score: 8.8

Temporal Score: 7.9

Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H

Temporal Vector: CVSS:3.0/E:P/RL:O/RC:C

CVSS Score Source: CVE-2021-4154

Vulnerability Information

CPE: p-cpe:/a:novell:suse_linux:gfs2-kmp-rt, p-cpe:/a:novell:suse_linux:kernel-rt-devel, p-cpe:/a:novell:suse_linux:cluster-md-kmp-rt, p-cpe:/a:novell:suse_linux:kernel-rt_debug-devel, p-cpe:/a:novell:suse_linux:ocfs2-kmp-rt, p-cpe:/a:novell:suse_linux:kernel-devel-rt, p-cpe:/a:novell:suse_linux:kernel-rt, p-cpe:/a:novell:suse_linux:release-notes-sle_rt, p-cpe:/a:novell:suse_linux:kernel-source-rt, p-cpe:/a:novell:suse_linux:kernel-syms-rt, p-cpe:/a:novell:suse_linux:dlm-kmp-rt, cpe:/o:novell:suse_linux:15

Required KB Items: Host/local_checks_enabled, Host/cpu, Host/SuSE/release, Host/SuSE/rpm-list

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 5/16/2022

Vulnerability Publication Date: 1/7/2021

Reference Information

CVE: CVE-2020-27835, CVE-2021-0707, CVE-2021-20292, CVE-2021-20321, CVE-2021-38208, CVE-2021-4154, CVE-2022-0812, CVE-2022-1158, CVE-2022-1280, CVE-2022-1353, CVE-2022-1419, CVE-2022-1516, CVE-2022-28356, CVE-2022-28748, CVE-2022-28893, CVE-2022-29156

SuSE: SUSE-SU-2022:1669-1