SUSE SLES15 Security Update : kernel (SUSE-SU-2022:2104-1)

high Nessus Plugin ID 162379

Language:

Synopsis

The remote SUSE host is missing one or more security updates.

Description

The remote SUSE Linux SLES15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2022:2104-1 advisory.

 - In the Linux kernel 5.0.21, mounting a crafted btrfs filesystem image, performing some operations, and unmounting can lead to a use-after-free in btrfs_queue_work in fs/btrfs/async-thread.c. (CVE-2019-19377)

 - The Linux kernel through 5.8.13 does not properly enforce the Secure Boot Forbidden Signature Database (aka dbx) protection mechanism. This affects certs/blacklist.c and certs/system_keyring.c.
 (CVE-2020-26541)

 - A race condition accessing file object in the Linux kernel OverlayFS subsystem was found in the way users do rename in specific way with OverlayFS. A local user could use this flaw to crash the system.
 (CVE-2021-20321)

 - Insufficient control flow management for the Intel(R) 82599 Ethernet Controllers and Adapters may allow an authenticated user to potentially enable denial of service via local access. (CVE-2021-33061)

 - A denial of service (DOS) issue was found in the Linux kernel's smb2_ioctl_query_info function in the fs/cifs/smb2ops.c Common Internet File System (CIFS) due to an incorrect return from the memdup_user function. This flaw allows a local, privileged (CAP_SYS_ADMIN) attacker to crash the system.
 (CVE-2022-0168)

 - A use-after-free flaw was found in the Linux kernel's FUSE filesystem in the way a user triggers write().
 This flaw allows a local user to gain unauthorized access to data from the FUSE filesystem, resulting in privilege escalation. (CVE-2022-1011)

 - A flaw was found in KVM. When updating a guest's page table entry, vm_pgoff was improperly used as the offset to get the page's pfn. As vaddr and vm_pgoff are controllable by user-mode processes, this flaw allows unprivileged local users on the host to write outside the userspace region and potentially corrupt the kernel, resulting in a denial of service condition. (CVE-2022-1158)

 - A use-after-free flaw was found in fs/ext4/namei.c:dx_insert_block() in the Linux kernel's filesystem sub- component. This flaw allows a local attacker with a user privilege to cause a denial of service.
 (CVE-2022-1184)

 - A vulnerability was found in the pfkey_register function in net/key/af_key.c in the Linux kernel. This flaw allows a local, unprivileged user to gain access to kernel memory, leading to a system crash or a leak of internal kernel information. (CVE-2022-1353)

 - A NULL pointer dereference flaw was found in the Linux kernel's X.25 set of standardized network protocols functionality in the way a user terminates their session using a simulated Ethernet card and continued usage of this connection. This flaw allows a local user to crash the system. (CVE-2022-1516)

 - Linux Kernel could allow a local attacker to execute arbitrary code on the system, caused by a concurrency use-after-free flaw in the bad_flp_intr function. By executing a specially-crafted program, an attacker could exploit this vulnerability to execute arbitrary code or cause a denial of service condition on the system. (CVE-2022-1652)

 - A race condition was found the Linux kernel in perf_event_open() which can be exploited by an unprivileged user to gain root privileges. The bug allows to build several exploit primitives such as kernel address information leak, arbitrary execution, etc. (CVE-2022-1729)

 - A flaw in Linux Kernel found in nfcmrvl_nci_unregister_dev() in drivers/nfc/nfcmrvl/main.c can lead to use after free both read or write when non synchronized between cleanup routine and firmware download routine.
 (CVE-2022-1734)

 - A use-after-free flaw was found in the Linux kernel's NFC core functionality due to a race condition between kobject creation and delete. This vulnerability allows a local attacker with CAP_NET_ADMIN privilege to leak kernel information. (CVE-2022-1974)

 - There is a sleep-in-atomic bug in /net/nfc/netlink.c that allows an attacker to crash the Linux kernel by simulating a nfc device from user-space. (CVE-2022-1975)

 - Incomplete cleanup of multi-core shared buffers for some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via local access. (CVE-2022-21123)

 - Incomplete cleanup of microarchitectural fill buffers on some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via local access. (CVE-2022-21125)

 - Incomplete cleanup in specific special register read operations for some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via local access. (CVE-2022-21127)

 - Incomplete cleanup in specific special register write operations for some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via local access. (CVE-2022-21166)

 - Improper input validation for some Intel(R) Processors may allow an authenticated user to potentially cause a denial of service via local access. (CVE-2022-21180)

 - The SUNRPC subsystem in the Linux kernel through 5.17.2 can call xs_xprt_free before ensuring that sockets are in the intended state. (CVE-2022-28893)

 - The Linux kernel before 5.17.2 mishandles seccomp permissions. The PTRACE_SEIZE code path allows attackers to bypass intended restrictions on setting the PT_SUSPEND_SECCOMP flag. (CVE-2022-30594)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

Solution

Update the affected packages.

See Also

https://bugzilla.suse.com/1065729

https://bugzilla.suse.com/1071995

https://bugzilla.suse.com/1196433

https://bugzilla.suse.com/1196514

https://bugzilla.suse.com/1195926

https://bugzilla.suse.com/1197343

https://www.suse.com/security/cve/CVE-2022-1011

https://bugzilla.suse.com/1196114

https://bugzilla.suse.com/1196367

https://bugzilla.suse.com/1196942

https://www.suse.com/security/cve/CVE-2022-1158

https://bugzilla.suse.com/1028340

https://bugzilla.suse.com/1191647

https://bugzilla.suse.com/1198400

https://bugzilla.suse.com/1198516

https://bugzilla.suse.com/1198660

https://bugzilla.suse.com/1198687

https://bugzilla.suse.com/1198825

https://bugzilla.suse.com/1199012

https://www.suse.com/security/cve/CVE-2021-20321

https://www.suse.com/security/cve/CVE-2022-1353

https://www.suse.com/security/cve/CVE-2022-1516

https://bugzilla.suse.com/1195651

https://bugzilla.suse.com/1197157

https://bugzilla.suse.com/1197656

https://bugzilla.suse.com/1197660

https://bugzilla.suse.com/1198330

https://bugzilla.suse.com/1198484

https://www.suse.com/security/cve/CVE-2022-28893

https://www.suse.com/security/cve/CVE-2022-30594

https://bugzilla.suse.com/1158266

https://bugzilla.suse.com/1196426

https://bugzilla.suse.com/1198577

https://bugzilla.suse.com/1199063

https://bugzilla.suse.com/1199314

https://bugzilla.suse.com/1199505

https://bugzilla.suse.com/1199507

https://bugzilla.suse.com/1199605

https://bugzilla.suse.com/1199650

https://bugzilla.suse.com/1200143

https://bugzilla.suse.com/1200144

https://bugzilla.suse.com/1200249

https://www.suse.com/security/cve/CVE-2019-19377

https://www.suse.com/security/cve/CVE-2021-33061

https://www.suse.com/security/cve/CVE-2022-1184

https://www.suse.com/security/cve/CVE-2022-1652

https://www.suse.com/security/cve/CVE-2022-1729

https://www.suse.com/security/cve/CVE-2022-1734

https://www.suse.com/security/cve/CVE-2022-1974

https://www.suse.com/security/cve/CVE-2022-1975

https://www.suse.com/security/cve/CVE-2022-21123

https://www.suse.com/security/cve/CVE-2022-21125

https://www.suse.com/security/cve/CVE-2022-21127

https://www.suse.com/security/cve/CVE-2022-21166

https://www.suse.com/security/cve/CVE-2022-21180

https://bugzilla.suse.com/1196570

https://bugzilla.suse.com/1197472

https://www.suse.com/security/cve/CVE-2022-0168

https://bugzilla.suse.com/1200015

https://www.suse.com/security/cve/CVE-2022-1966

https://bugzilla.suse.com/1177282

https://bugzilla.suse.com/1197895

https://bugzilla.suse.com/1198778

https://bugzilla.suse.com/1199918

http://www.nessus.org/u?03ca89ed

https://www.suse.com/security/cve/CVE-2020-26541

Plugin Details

Severity: High

ID: 162379

File Name: suse_SU-2022-2104-1.nasl

Version: 1.4

Type: local

Agent: unix

Published: 6/17/2022

Updated: 3/10/2023

Supported Sensors: Frictionless Assessment AWS, Frictionless Assessment Azure, Frictionless Assessment Agent, Nessus Agent, Agentless Assessment

Risk Information

VPR

Risk Factor: Medium

Score: 6.7

CVSS v2

Risk Factor: High

Base Score: 7.2

Temporal Score: 5.6

Vector: CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C

Temporal Vector: CVSS2#E:POC/RL:OF/RC:C

CVSS Score Source: CVE-2022-28893

CVSS v3

Risk Factor: High

Base Score: 7.8

Temporal Score: 7

Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Temporal Vector: CVSS:3.0/E:P/RL:O/RC:C

CVSS Score Source: CVE-2022-30594

Vulnerability Information

CPE: cpe:2.3:o:novell:suse_linux:15:*:*:*:*:*:*:*, p-cpe:2.3:a:novell:suse_linux:kernel-default:*:*:*:*:*:*:*, p-cpe:2.3:a:novell:suse_linux:kernel-source:*:*:*:*:*:*:*, p-cpe:2.3:a:novell:suse_linux:kernel-syms:*:*:*:*:*:*:*, p-cpe:2.3:a:novell:suse_linux:kernel-default-base:*:*:*:*:*:*:*, p-cpe:2.3:a:novell:suse_linux:kernel-default-devel:*:*:*:*:*:*:*, p-cpe:2.3:a:novell:suse_linux:kernel-obs-build:*:*:*:*:*:*:*, p-cpe:2.3:a:novell:suse_linux:kernel-preempt:*:*:*:*:*:*:*, p-cpe:2.3:a:novell:suse_linux:kernel-preempt-devel:*:*:*:*:*:*:*, p-cpe:2.3:a:novell:suse_linux:reiserfs-kmp-default:*:*:*:*:*:*:*, p-cpe:2.3:a:novell:suse_linux:kernel-default-livepatch:*:*:*:*:*:*:*, p-cpe:2.3:a:novell:suse_linux:cluster-md-kmp-default:*:*:*:*:*:*:*, p-cpe:2.3:a:novell:suse_linux:dlm-kmp-default:*:*:*:*:*:*:*, p-cpe:2.3:a:novell:suse_linux:gfs2-kmp-default:*:*:*:*:*:*:*, p-cpe:2.3:a:novell:suse_linux:kernel-devel:*:*:*:*:*:*:*, p-cpe:2.3:a:novell:suse_linux:kernel-macros:*:*:*:*:*:*:*, p-cpe:2.3:a:novell:suse_linux:ocfs2-kmp-default:*:*:*:*:*:*:*, p-cpe:2.3:a:novell:suse_linux:kernel-default-livepatch-devel:*:*:*:*:*:*:*, p-cpe:2.3:a:novell:suse_linux:kernel-livepatch-5_3_18-150200_24_115-default:*:*:*:*:*:*:*

Required KB Items: Host/local_checks_enabled, Host/cpu, Host/SuSE/release, Host/SuSE/rpm-list

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 6/16/2022

Vulnerability Publication Date: 11/29/2019

Reference Information

CVE: CVE-2019-19377, CVE-2020-26541, CVE-2021-20321, CVE-2021-33061, CVE-2022-1011, CVE-2022-0168, CVE-2022-1158, CVE-2022-28893, CVE-2022-1184, CVE-2022-1353, CVE-2022-1516, CVE-2022-1652, CVE-2022-30594, CVE-2022-21166, CVE-2022-1734, CVE-2022-1729, CVE-2022-1966, CVE-2022-1974, CVE-2022-1975, CVE-2022-21127, CVE-2022-21123, CVE-2022-21125, CVE-2022-21180

SuSE: SUSE-SU-2022:2104-1