Detections
Analytics

SUSE SLES15 Security Update : kernel (SUSE-SU-2022:1669-1)

high Nessus Plugin ID 161225

Language:

Synopsis

The remote SUSE host is missing one or more security updates.

Description

The remote SUSE Linux SLES15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2022:1669-1 advisory.

 The SUSE Linux Enterprise 15 SP3 RT kernel was updated to receive various security and bugfixes.


 The following security bugs were fixed:

 - CVE-2022-29156: Fixed a double free related to rtrs_clt_dev_release (bnc#1198515).
 - CVE-2022-28893: Ensuring that sockets are in the intended state inside the SUNRPC subsystem (bnc#1198330).
 - CVE-2022-28748: Fixed memory lead over the network by ax88179_178a devices (bsc#1196018).
 - CVE-2022-28356: Fixed a refcount leak bug found in net/llc/af_llc.c (bnc#1197391).
 - CVE-2022-1516: Fixed null-ptr-deref caused by x25_disconnect (bsc#1199012).
 - CVE-2022-1419: Fixed a concurrency use-after-free in vgem_gem_dumb_create (bsc#1198742).
 - CVE-2022-1353: Fixed access controll to kernel memory in the pfkey_register function in net/key/af_key.c (bnc#1198516).
 - CVE-2022-1280: Fixed a use-after-free vulnerability in drm_lease_held in drivers/gpu/drm/drm_lease.c (bnc#1197914).
 - CVE-2022-1158: Fixed KVM x86/mmu compare-and-exchange of gPTE via the user address (bsc#1197660).
 - CVE-2022-0812: Fixed random memory leakage inside NFS/RDMA (bsc#1196639).
 - CVE-2021-4154: Fixed a use-after-free flaw inside cgroup1_parse_param in kernel/cgroup/cgroup-v1.c. A local attacker with a user privilege could cause a privilege escalation by exploiting the fsconfig syscall parameter leading to a container breakout and a denial of service on the system (bnc#1193842).
 - CVE-2021-38208: Fixed a denial of service (NULL pointer dereference and BUG) by making a getsockname call after a certain type of failure of a bind call (bnc#1187055).
 - CVE-2021-20321: Fixed a race condition accessing file object in the OverlayFS subsystem in the way users do rename in specific way with OverlayFS. A local user could have used this flaw to crash the system (bnc#1191647).
 - CVE-2021-20292: Fixed object validation prior to performing operations on the object in nouveau_sgdma_create_ttm in Nouveau DRM subsystem (bnc#1183723).
 - CVE-2021-0707: Fixed possible memory corruption due to a use after free inside dma_buf_releas e of dma- buf.c (bnc#1198437).
 - CVE-2020-27835: Fixed use after free in infiniband hfi1 driver in the way user calls Ioctl after open dev file and fork. A local user could use this flaw to crash the system (bnc#1179878).



Tenable has extracted the preceding description block directly from the SUSE security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

Solution

Update the affected packages.

See Also

https://bugzilla.suse.com/1028340

https://bugzilla.suse.com/1071995

https://bugzilla.suse.com/1137728

https://bugzilla.suse.com/1152472

https://bugzilla.suse.com/1152489

https://bugzilla.suse.com/1177028

https://bugzilla.suse.com/1179878

https://bugzilla.suse.com/1182073

https://bugzilla.suse.com/1183723

https://bugzilla.suse.com/1187055

https://bugzilla.suse.com/1191647

https://bugzilla.suse.com/1193556

https://bugzilla.suse.com/1193842

https://bugzilla.suse.com/1194625

https://bugzilla.suse.com/1195651

https://bugzilla.suse.com/1195926

https://bugzilla.suse.com/1196018

https://bugzilla.suse.com/1196114

https://bugzilla.suse.com/1196367

https://bugzilla.suse.com/1196514

https://bugzilla.suse.com/1196639

https://bugzilla.suse.com/1196942

https://bugzilla.suse.com/1197157

https://bugzilla.suse.com/1197391

https://bugzilla.suse.com/1197656

https://bugzilla.suse.com/1197660

https://bugzilla.suse.com/1197677

https://bugzilla.suse.com/1197914

https://bugzilla.suse.com/1197926

https://bugzilla.suse.com/1198077

https://bugzilla.suse.com/1198217

https://bugzilla.suse.com/1198330

https://bugzilla.suse.com/1198400

https://bugzilla.suse.com/1198413

https://bugzilla.suse.com/1198437

https://bugzilla.suse.com/1198448

https://bugzilla.suse.com/1198484

https://bugzilla.suse.com/1198515

https://bugzilla.suse.com/1198516

https://bugzilla.suse.com/1198534

https://bugzilla.suse.com/1198742

https://bugzilla.suse.com/1198825

https://bugzilla.suse.com/1198989

https://bugzilla.suse.com/1199012

https://bugzilla.suse.com/1199024

http://www.nessus.org/u?b69002cb

https://www.suse.com/security/cve/CVE-2020-27835

https://www.suse.com/security/cve/CVE-2021-0707

https://www.suse.com/security/cve/CVE-2021-4154

https://www.suse.com/security/cve/CVE-2021-20292

https://www.suse.com/security/cve/CVE-2021-20321

https://www.suse.com/security/cve/CVE-2021-38208

https://www.suse.com/security/cve/CVE-2022-0812

https://www.suse.com/security/cve/CVE-2022-1158

https://www.suse.com/security/cve/CVE-2022-1280

https://www.suse.com/security/cve/CVE-2022-1353

https://www.suse.com/security/cve/CVE-2022-1419

https://www.suse.com/security/cve/CVE-2022-1516

https://www.suse.com/security/cve/CVE-2022-28356

https://www.suse.com/security/cve/CVE-2022-28893

https://www.suse.com/security/cve/CVE-2022-29156

Plugin Details

Severity: High

ID: 161225

File Name: suse_SU-2022-1669-1.nasl

Version: 1.6

Type: local

Agent: unix

Published: 5/17/2022

Updated: 9/24/2025

Supported Sensors: Frictionless Assessment AWS, Frictionless Assessment Azure, Frictionless Assessment Agent, Nessus Agent, Agentless Assessment, Continuous Assessment, Nessus

Risk Information

VPR

Risk Factor: High

Score: 7.3

CVSS v2

Risk Factor: High

Base Score: 7.2

Temporal Score: 5.6

Vector: CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C

CVSS Score Source: CVE-2022-29156

CVSS v3

Risk Factor: High

Base Score: 8.8

Temporal Score: 7.9

Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H

Temporal Vector: CVSS:3.0/E:P/RL:O/RC:C

CVSS Score Source: CVE-2021-4154

Vulnerability Information

CPE: p-cpe:/a:novell:suse_linux:kernel-rt-devel, p-cpe:/a:novell:suse_linux:gfs2-kmp-rt, p-cpe:/a:novell:suse_linux:ocfs2-kmp-rt, p-cpe:/a:novell:suse_linux:cluster-md-kmp-rt, p-cpe:/a:novell:suse_linux:kernel-rt, p-cpe:/a:novell:suse_linux:kernel-devel-rt, p-cpe:/a:novell:suse_linux:kernel-rt_debug-devel, p-cpe:/a:novell:suse_linux:kernel-source-rt, p-cpe:/a:novell:suse_linux:kernel-syms-rt, p-cpe:/a:novell:suse_linux:release-notes-sle_rt, p-cpe:/a:novell:suse_linux:dlm-kmp-rt, cpe:/o:novell:suse_linux:15

Required KB Items: Host/local_checks_enabled, Host/cpu, Host/SuSE/release, Host/SuSE/rpm-list

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 5/16/2022

Vulnerability Publication Date: 1/7/2021

Reference Information

CVE: CVE-2020-27835, CVE-2021-0707, CVE-2021-20292, CVE-2021-20321, CVE-2021-38208, CVE-2021-4154, CVE-2022-0812, CVE-2022-1158, CVE-2022-1280, CVE-2022-1353, CVE-2022-1419, CVE-2022-1516, CVE-2022-28356, CVE-2022-28893, CVE-2022-29156

SuSE: SUSE-SU-2022:1669-1