Detections
Analytics

SUSE SLES15 Security Update : kernel (SUSE-SU-2022:2177-1)

high Nessus Plugin ID 162531

Language:

Synopsis

The remote SUSE host is missing one or more security updates.

Description

The remote SUSE Linux SLES15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2022:2177-1 advisory.

 - In the Linux kernel 5.0.21, mounting a crafted btrfs filesystem image, performing some operations, and unmounting can lead to a use-after-free in btrfs_queue_work in fs/btrfs/async-thread.c. (CVE-2019-19377)

 - The Linux kernel through 5.8.13 does not properly enforce the Secure Boot Forbidden Signature Database (aka dbx) protection mechanism. This affects certs/blacklist.c and certs/system_keyring.c.
 (CVE-2020-26541)

 - Insufficient control flow management for the Intel(R) 82599 Ethernet Controllers and Adapters may allow an authenticated user to potentially enable denial of service via local access. (CVE-2021-33061)

 - A denial of service (DOS) issue was found in the Linux kernel's smb2_ioctl_query_info function in the fs/cifs/smb2ops.c Common Internet File System (CIFS) due to an incorrect return from the memdup_user function. This flaw allows a local, privileged (CAP_SYS_ADMIN) attacker to crash the system.
 (CVE-2022-0168)

 - A use-after-free flaw was found in fs/ext4/namei.c:dx_insert_block() in the Linux kernel's filesystem sub- component. This flaw allows a local attacker with a user privilege to cause a denial of service.
 (CVE-2022-1184)

 - Linux Kernel could allow a local attacker to execute arbitrary code on the system, caused by a concurrency use-after-free flaw in the bad_flp_intr function. By executing a specially-crafted program, an attacker could exploit this vulnerability to execute arbitrary code or cause a denial of service condition on the system. (CVE-2022-1652)

 - A race condition was found the Linux kernel in perf_event_open() which can be exploited by an unprivileged user to gain root privileges. The bug allows to build several exploit primitives such as kernel address information leak, arbitrary execution, etc. (CVE-2022-1729)

 - A use-after-free flaw was found in the Linux kernel's NFC core functionality due to a race condition between kobject creation and delete. This vulnerability allows a local attacker with CAP_NET_ADMIN privilege to leak kernel information. (CVE-2022-1974)

 - There is a sleep-in-atomic bug in /net/nfc/netlink.c that allows an attacker to crash the Linux kernel by simulating a nfc device from user-space. (CVE-2022-1975)

 - In mmc_blk_read_single of block.c, there is a possible way to read kernel heap memory due to uninitialized data. This could lead to local information disclosure if reading from an SD card that triggers errors, with no additional execution privileges needed. User interaction is not needed for exploitation.Product:
 AndroidVersions: Android kernelAndroid ID: A-216481035References: Upstream kernel (CVE-2022-20008)

 - In ip_check_mc_rcu of igmp.c, there is a possible use after free due to improper locking. This could lead to local escalation of privilege when opening and closing inet sockets with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-112551163References: Upstream kernel (CVE-2022-20141)

 - Incomplete cleanup of multi-core shared buffers for some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via local access. (CVE-2022-21123)

 - Incomplete cleanup of microarchitectural fill buffers on some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via local access. (CVE-2022-21125)

 - Incomplete cleanup in specific special register read operations for some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via local access. (CVE-2022-21127)

 - Incomplete cleanup in specific special register write operations for some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via local access. (CVE-2022-21166)

 - Improper input validation for some Intel(R) Processors may allow an authenticated user to potentially cause a denial of service via local access. (CVE-2022-21180)

 - The Linux kernel before 5.17.2 mishandles seccomp permissions. The PTRACE_SEIZE code path allows attackers to bypass intended restrictions on setting the PT_SUSPEND_SECCOMP flag. (CVE-2022-30594)

 - net/netfilter/nf_tables_api.c in the Linux kernel through 5.18.1 allows a local user (able to create user/net namespaces) to escalate privileges to root because an incorrect NFT_STATEFUL_EXPR check leads to a use-after-free. (CVE-2022-32250)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

Solution

Update the affected packages.

See Also

https://bugzilla.suse.com/1055117

https://bugzilla.suse.com/1061840

https://bugzilla.suse.com/1065729

https://bugzilla.suse.com/1103269

https://bugzilla.suse.com/1118212

https://bugzilla.suse.com/1153274

https://bugzilla.suse.com/1154353

https://bugzilla.suse.com/1156395

https://bugzilla.suse.com/1158266

https://bugzilla.suse.com/1167773

https://bugzilla.suse.com/1176447

https://bugzilla.suse.com/1177282

https://bugzilla.suse.com/1178134

https://bugzilla.suse.com/1180100

https://bugzilla.suse.com/1183405

https://bugzilla.suse.com/1188885

https://bugzilla.suse.com/1195826

https://bugzilla.suse.com/1196426

https://bugzilla.suse.com/1196478

https://bugzilla.suse.com/1196570

https://bugzilla.suse.com/1196840

https://bugzilla.suse.com/1197446

https://bugzilla.suse.com/1197472

https://bugzilla.suse.com/1197601

https://bugzilla.suse.com/1197675

https://bugzilla.suse.com/1198438

https://bugzilla.suse.com/1198577

https://bugzilla.suse.com/1198971

https://bugzilla.suse.com/1198989

https://bugzilla.suse.com/1199035

https://bugzilla.suse.com/1199052

https://bugzilla.suse.com/1199063

https://bugzilla.suse.com/1199114

https://bugzilla.suse.com/1199314

https://bugzilla.suse.com/1199365

https://bugzilla.suse.com/1199505

https://bugzilla.suse.com/1199507

https://bugzilla.suse.com/1199564

https://bugzilla.suse.com/1199626

https://bugzilla.suse.com/1199631

https://bugzilla.suse.com/1199650

https://bugzilla.suse.com/1199670

https://bugzilla.suse.com/1199839

https://bugzilla.suse.com/1200015

https://bugzilla.suse.com/1200019

https://bugzilla.suse.com/1200045

https://bugzilla.suse.com/1200046

https://bugzilla.suse.com/1200143

https://bugzilla.suse.com/1200144

https://bugzilla.suse.com/1200192

https://bugzilla.suse.com/1200206

https://bugzilla.suse.com/1200207

https://bugzilla.suse.com/1200216

https://bugzilla.suse.com/1200249

https://bugzilla.suse.com/1200259

https://bugzilla.suse.com/1200263

https://bugzilla.suse.com/1200529

https://bugzilla.suse.com/1200549

https://bugzilla.suse.com/1200604

https://www.suse.com/security/cve/CVE-2019-19377

https://www.suse.com/security/cve/CVE-2020-26541

https://www.suse.com/security/cve/CVE-2021-33061

https://www.suse.com/security/cve/CVE-2022-0168

https://www.suse.com/security/cve/CVE-2022-1184

https://www.suse.com/security/cve/CVE-2022-1652

https://www.suse.com/security/cve/CVE-2022-1729

https://www.suse.com/security/cve/CVE-2022-1972

https://www.suse.com/security/cve/CVE-2022-1974

https://www.suse.com/security/cve/CVE-2022-1975

https://www.suse.com/security/cve/CVE-2022-20008

https://www.suse.com/security/cve/CVE-2022-20141

https://www.suse.com/security/cve/CVE-2022-21123

https://www.suse.com/security/cve/CVE-2022-21125

https://www.suse.com/security/cve/CVE-2022-21127

https://www.suse.com/security/cve/CVE-2022-21166

https://www.suse.com/security/cve/CVE-2022-21180

https://www.suse.com/security/cve/CVE-2022-30594

https://www.suse.com/security/cve/CVE-2022-32250

http://www.nessus.org/u?84c0117c

Plugin Details

Severity: High

ID: 162531

File Name: suse_SU-2022-2177-1.nasl

Version: 1.6

Type: local

Agent: unix

Published: 6/25/2022

Updated: 1/16/2024

Supported Sensors: Frictionless Assessment AWS, Frictionless Assessment Azure, Frictionless Assessment Agent, Nessus Agent, Agentless Assessment, Nessus

Risk Information

VPR

Risk Factor: Critical

Score: 9.6

CVSS v2

Risk Factor: High

Base Score: 7.2

Temporal Score: 6.3

Vector: CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C

CVSS Score Source: CVE-2022-32250

CVSS v3

Risk Factor: High

Base Score: 7.8

Temporal Score: 7.5

Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Temporal Vector: CVSS:3.0/E:H/RL:O/RC:C

Vulnerability Information

CPE: p-cpe:/a:novell:suse_linux:cluster-md-kmp-rt, p-cpe:/a:novell:suse_linux:dlm-kmp-rt, p-cpe:/a:novell:suse_linux:gfs2-kmp-rt, p-cpe:/a:novell:suse_linux:kernel-devel-rt, p-cpe:/a:novell:suse_linux:kernel-rt, p-cpe:/a:novell:suse_linux:kernel-rt-devel, p-cpe:/a:novell:suse_linux:kernel-rt_debug-devel, p-cpe:/a:novell:suse_linux:kernel-source-rt, p-cpe:/a:novell:suse_linux:kernel-syms-rt, p-cpe:/a:novell:suse_linux:ocfs2-kmp-rt, cpe:/o:novell:suse_linux:15

Required KB Items: Host/local_checks_enabled, Host/cpu, Host/SuSE/release, Host/SuSE/rpm-list

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 6/24/2022

Vulnerability Publication Date: 11/29/2019

Reference Information

CVE: CVE-2019-19377, CVE-2020-26541, CVE-2021-33061, CVE-2022-0168, CVE-2022-1184, CVE-2022-1652, CVE-2022-1729, CVE-2022-1972, CVE-2022-1974, CVE-2022-1975, CVE-2022-20008, CVE-2022-20141, CVE-2022-21123, CVE-2022-21125, CVE-2022-21127, CVE-2022-21166, CVE-2022-21180, CVE-2022-30594, CVE-2022-32250

SuSE: SUSE-SU-2022:2177-1