The remote SUSE Linux SLES15 / SLES_SAP15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2022:2079-1 advisory.

  - In the Linux kernel 5.0.21, mounting a crafted btrfs filesystem image, performing some operations, and     unmounting can lead to a use-after-free in btrfs_queue_work in fs/btrfs/async-thread.c. (CVE-2019-19377)

  - Insufficient control flow management for the Intel(R) 82599 Ethernet Controllers and Adapters may allow an     authenticated user to potentially enable denial of service via local access. (CVE-2021-33061)

  - A denial of service (DOS) issue was found in the Linux kernel's smb2_ioctl_query_info function in the     fs/cifs/smb2ops.c Common Internet File System (CIFS) due to an incorrect return from the memdup_user     function. This flaw allows a local, privileged (CAP_SYS_ADMIN) attacker to crash the system.
    (CVE-2022-0168)

  - A use-after-free flaw was found in fs/ext4/namei.c:dx_insert_block() in the Linux kernel's filesystem sub-     component. This flaw allows a local attacker with a user privilege to cause a denial of service.
    (CVE-2022-1184)

  - Linux Kernel could allow a local attacker to execute arbitrary code on the system, caused by a concurrency     use-after-free flaw in the bad_flp_intr function. By executing a specially-crafted program, an attacker     could exploit this vulnerability to execute arbitrary code or cause a denial of service condition on the     system. (CVE-2022-1652)

  - A race condition was found the Linux kernel in perf_event_open() which can be exploited by an unprivileged     user to gain root privileges. The bug allows to build several exploit primitives such as kernel address     information leak, arbitrary execution, etc. (CVE-2022-1729)

  - In mmc_blk_read_single of block.c, there is a possible way to read kernel heap memory due to uninitialized     data. This could lead to local information disclosure if reading from an SD card that triggers errors,     with no additional execution privileges needed. User interaction is not needed for exploitation.Product:
    AndroidVersions: Android kernelAndroid ID: A-216481035References: Upstream kernel (CVE-2022-20008)

  - Incomplete cleanup of multi-core shared buffers for some Intel(R) Processors may allow an authenticated     user to potentially enable information disclosure via local access. (CVE-2022-21123)

  - Incomplete cleanup of microarchitectural fill buffers on some Intel(R) Processors may allow an     authenticated user to potentially enable information disclosure via local access. (CVE-2022-21125)

  - Incomplete cleanup in specific special register read operations for some Intel(R) Processors may allow an     authenticated user to potentially enable information disclosure via local access. (CVE-2022-21127)

  - Incomplete cleanup in specific special register write operations for some Intel(R) Processors may allow an     authenticated user to potentially enable information disclosure via local access. (CVE-2022-21166)

  - Improper input validation for some Intel(R) Processors may allow an authenticated user to potentially     cause a denial of service via local access. (CVE-2022-21180)

  - An issue was discovered in fs/nfs/dir.c in the Linux kernel before 5.16.5. If an application sets the     O_DIRECTORY flag, and tries to open a regular file, nfs_atomic_open() performs a regular lookup. If a     regular file is found, ENOTDIR should occur, but the server instead returns uninitialized data in the file     descriptor. (CVE-2022-24448)

  - The Linux kernel before 5.17.2 mishandles seccomp permissions. The PTRACE_SEIZE code path allows attackers     to bypass intended restrictions on setting the PT_SUSPEND_SECCOMP flag. (CVE-2022-30594)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

Detections

Analytics

SUSE SLES15 Security Update : kernel (SUSE-SU-2022:2079-1)

high Nessus Plugin ID 162233

Version 1.7

Version 1.6

Version 1.5

Version 1.4

Version 1.3

Version 1.7 Jul 14, 2023, 5:13 AM CVSS temporal metrics ("CVSSv2 temporal vector" set to "CVSS2#E:F/RL:OF/RC:C". "CVSSv3 temporal vector" set to "CVSS:3.0/E:F/RL:O/RC:C") Detection Plugin metadata Plugin Feed: 202307140513
Version 1.6 Jul 12, 2023, 5:37 PM Detection Plugin Feed: 202307121737
Version 1.5 Feb 8, 2023, 11:19 PM Logic Changes (Updated openSUSE package checks in SUSE plugins) Plugin Feed: 202302082319
Version 1.4 Jan 21, 2023, 5:26 AM Logic Changes (Added package checks for openSuSE) Plugin Feed: 202301210526
Version 1.3 Jan 6, 2023, 4:14 PM Exploit attributes ("Exploitability ease" changed from "No known exploits are available" to "Exploits are available") CVSS temporal metrics ("CVSSv2 temporal score" set to "5.6") CVSS temporal metrics ("CVSSv2 temporal vector" set to "CVSS2#E:POC/RL:OF/RC:C") CVSS temporal metrics ("CVSSv3 temporal score" set to "7.0") CVSS temporal metrics ("CVSSv3 temporal vector" set to "CVSS:3.0/E:P/RL:O/RC:C") Exploit attributes ("Exploit available" set to "True") Plugin Feed: 202301061614