SUSE SLES15 Security Update : kernel (SUSE-SU-2022:2111-1)

high Nessus Plugin ID 162399

Language:

Synopsis

The remote SUSE host is missing one or more security updates.

Description

The remote SUSE Linux SLES15 / SLES_SAP15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2022:2111-1 advisory.

The SUSE Linux Enterprise 15 SP1 kernel was updated.

The following security bugs were fixed:

- CVE-2022-21127: Fixed a stale MMIO data transient which can be exploited to speculatively/transiently disclose information via spectre like attacks. (bsc#1199650)
- CVE-2022-21123: Fixed a stale MMIO data transient which can be exploited to speculatively/transiently disclose information via spectre like attacks. (bsc#1199650)
- CVE-2022-21125: Fixed a stale MMIO data transient which can be exploited to speculatively/transiently disclose information via spectre like attacks. (bsc#1199650)
- CVE-2022-21180: Fixed a stale MMIO data transient which can be exploited to speculatively/transiently disclose information via spectre like attacks. (bsc#1199650)
- CVE-2022-21166: Fixed a stale MMIO data transient which can be exploited to speculatively/transiently disclose information via spectre like attacks. (bsc#1199650)
- CVE-2019-19377: Fixed an user-after-free that could be triggered when an attacker mounts a crafted btrfs filesystem image. (bnc#1158266)
- CVE-2022-1184: Fixed an use-after-free and memory errors in ext4 when mounting and operating on a corrupted image. (bsc#1198577)
- CVE-2017-13695: Fixed a bug that caused a stack dump allowing local users to obtain sensitive information from kernel memory and bypass the KASLR protection mechanism via a crafted ACPI table.
(bnc#1055710)
- CVE-2022-1729: Fixed a sys_perf_event_open() race condition against self (bsc#1199507).
- CVE-2022-1652: Fixed a statically allocated error counter inside the floppy kernel module (bsc#1199063).
- CVE-2021-39711: In bpf_prog_test_run_skb of test_run.c, there is a possible out of bounds read due to Incorrect Size Value. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation (bnc#1197219).
- CVE-2022-30594: Fixed restriction bypass on setting the PT_SUSPEND_SECCOMP flag (bnc#1199505).
- CVE-2021-33061: Fixed insufficient control flow management for the Intel(R) 82599 Ethernet Controllers and Adapters that may have allowed an authenticated user to potentially enable denial of service via local access (bnc#1196426).
- CVE-2022-1516: Fixed null-ptr-deref caused by x25_disconnect (bsc#1199012).
- CVE-2021-20321: Fixed a race condition accessing file object in the OverlayFS subsystem in the way users do rename in specific way with OverlayFS. A local user could have used this flaw to crash the system (bnc#1191647).
- CVE-2019-20811: Fixed issue in rx_queue_add_kobject() and netdev_queue_add_kobject() in net/core/net- sysfs.c, where a reference count is mishandled (bnc#1172456).
- CVE-2022-28748: Fixed memory lead over the network by ax88179_178a devices (bsc#1196018).
- CVE-2018-7755: Fixed an issue in the fd_locked_ioctl function in drivers/block/floppy.c. The floppy driver will copy a kernel pointer to user memory in response to the FDGETPRM ioctl. An attacker can send the FDGETPRM ioctl and use the obtained kernel pointer to discover the location of kernel code and data and bypass kernel security protections such as KASLR (bnc#1084513).
- CVE-2022-22942: Fixed stale file descriptors on failed usercopy (bsc#1195065).
- CVE-2022-1419: Fixed a concurrency use-after-free in vgem_gem_dumb_create (bsc#1198742).
- CVE-2021-43389: Fixed an array-index-out-of-bounds flaw in the detach_capi_ctr function in drivers/isdn/capi/kcapi.c (bnc#1191958).
- CVE-2021-38208: Fixed a denial of service (NULL pointer dereference and BUG) by making a getsockname call after a certain type of failure of a bind call (bnc#1187055).
- CVE-2022-1353: Fixed access controll to kernel memory in the pfkey_register function in net/key/af_key.c (bnc#1198516).
- CVE-2021-20292: Fixed object validation prior to performing operations on the object in nouveau_sgdma_create_ttm in Nouveau DRM subsystem (bnc#1183723).
- CVE-2022-1011: Fixed an use-after-free vulnerability which could allow a local attacker to retireve (partial) /etc/shadow hashes or any other data from filesystem when he can mount a FUSE filesystems.
(bnc#1197343)
- CVE-2022-1974: Fixed an use-after-free that could causes kernel crash by simulating an nfc device from user-space. (bsc#1200144).
- CVE-2020-26541: Enforce the secure boot forbidden signature database (aka dbx) protection mechanism.
(bnc#1177282)
- CVE-2022-1975: Fixed a bug that allows an attacker to crash the linux kernel by simulating nfc device from user-space. (bsc#1200143)
- CVE-2022-21499: Reinforce the kernel lockdown feature, until now it's been trivial to break out of it with kgdb or kdb. (bsc#1199426)
- CVE-2022-1734: Fixed a r/w use-after-free when non synchronized between cleanup routine and firmware download routine. (bnc#1199605).

Tenable has extracted the preceding description block directly from the SUSE security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

Solution

Update the affected packages.

Plugin Details

Severity: High

ID: 162399

File Name: suse_SU-2022-2111-1.nasl

Version: 1.11

Type: local

Agent: unix

Family: SuSE Local Security Checks

Published: 6/18/2022

Updated: 9/24/2025

Supported Sensors: Frictionless Assessment AWS, Frictionless Assessment Azure, Frictionless Assessment Agent, Nessus Agent, Agentless Assessment, Continuous Assessment, Nessus

Risk Information

VPR

Risk Factor: Critical

Score: 9.4

CVSS v2

Risk Factor: High

Base Score: 7.2

Temporal Score: 6.3

Vector: CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C

CVSS Score Source: CVE-2022-1652

CVSS v3

Risk Factor: High

Base Score: 7.8

Temporal Score: 7.5

Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Temporal Vector: CVSS:3.0/E:H/RL:O/RC:C

CVSS Score Source: CVE-2022-30594

Vulnerability Information

CPE: p-cpe:/a:novell:suse_linux:kernel-default-livepatch-devel, p-cpe:/a:novell:suse_linux:cluster-md-kmp-default, p-cpe:/a:novell:suse_linux:kernel-syms, p-cpe:/a:novell:suse_linux:kernel-default-livepatch, p-cpe:/a:novell:suse_linux:dlm-kmp-default, p-cpe:/a:novell:suse_linux:reiserfs-kmp-default, p-cpe:/a:novell:suse_linux:kernel-default-man, p-cpe:/a:novell:suse_linux:ocfs2-kmp-default, p-cpe:/a:novell:suse_linux:kernel-source, p-cpe:/a:novell:suse_linux:kernel-macros, p-cpe:/a:novell:suse_linux:kernel-default-base, p-cpe:/a:novell:suse_linux:kernel-livepatch-4_12_14-150100_197_114-default, p-cpe:/a:novell:suse_linux:kernel-default-devel, p-cpe:/a:novell:suse_linux:kernel-default, p-cpe:/a:novell:suse_linux:kernel-devel, p-cpe:/a:novell:suse_linux:kernel-obs-build, p-cpe:/a:novell:suse_linux:gfs2-kmp-default, cpe:/o:novell:suse_linux:15

Required KB Items: Host/local_checks_enabled, Host/cpu, Host/SuSE/release, Host/SuSE/rpm-list

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 6/17/2022

Vulnerability Publication Date: 8/25/2017

Reference Information

CVE: CVE-2017-13695, CVE-2018-7755, CVE-2019-19377, CVE-2019-20811, CVE-2020-26541, CVE-2021-20292, CVE-2021-20321, CVE-2021-33061, CVE-2021-38208, CVE-2021-39711, CVE-2021-43389, CVE-2022-1011, CVE-2022-1184, CVE-2022-1353, CVE-2022-1419, CVE-2022-1516, CVE-2022-1652, CVE-2022-1729, CVE-2022-1734, CVE-2022-1974, CVE-2022-1975, CVE-2022-21123, CVE-2022-21125, CVE-2022-21127, CVE-2022-21166, CVE-2022-21180, CVE-2022-21499, CVE-2022-22942, CVE-2022-30594

SuSE: SUSE-SU-2022:2111-1

Detections

Analytics