The remote SUSE Linux SLES12 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2022:2721-1 advisory.

  - In the Linux kernel 4.4 through 5.7.6, usbtest_disconnect in drivers/usb/misc/usbtest.c has a memory leak,     aka CID-28ebeb8db770. (CVE-2020-15393)

  - A race condition in the Linux kernel before 5.6.2 between the VT_DISALLOCATE ioctl and closing/opening of     ttys could lead to a use-after-free. (CVE-2020-36557)

  - A race condition in the Linux kernel before 5.5.7 involving VT_RESIZEX could lead to a NULL pointer     dereference and general protection fault. (CVE-2020-36558)

  - When sending malicous data to kernel by ioctl cmd FBIOPUT_VSCREENINFO,kernel will write memory out of     bounds. (CVE-2021-33655)

  - When setting font with malicous data by ioctl cmd PIO_FONT,kernel will write memory out of bounds.
    (CVE-2021-33656)

  - Product: AndroidVersions: Android kernelAndroid ID: A-173788806References: Upstream kernel     (CVE-2021-39713)

  - An out-of-bounds read flaw was found in the Linux kernel's TeleTYpe subsystem. The issue occurs in how a     user triggers a race condition using ioctls TIOCSPTLCK and TIOCGPTPEER and TIOCSTI and TCXONC with leakage     of memory in the flush_to_ldisc function. This flaw allows a local user to crash the system or read     unauthorized random data from memory. (CVE-2022-1462)

  - In various methods of kernel base drivers, there is a possible out of bounds write due to a heap buffer     overflow. This could lead to local escalation of privilege with System execution privileges needed. User     interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID:
    A-182388481References: Upstream kernel (CVE-2022-20166)

  - There are use-after-free vulnerabilities caused by timer handler in net/rose/rose_timer.c of linux that     allow attackers to crash linux kernel without any privileges. (CVE-2022-2318)

  - Linux disk/nic frontends data leaks T[his CNA information record relates to multiple CVEs; the text     explains which aspects/vulnerabilities correspond to which CVE.] Linux Block and Network PV device     frontends don't zero memory regions before sharing them with the backend (CVE-2022-26365, CVE-2022-33740).
    Additionally the granularity of the grant table doesn't allow sharing less than a 4K page, leading to     unrelated data residing in the same 4K page as data shared with a backend being accessible by such backend     (CVE-2022-33741, CVE-2022-33742). (CVE-2022-26365, CVE-2022-33740, CVE-2022-33741, CVE-2022-33742)

  - nfqnl_mangle in net/netfilter/nfnetlink_queue.c in the Linux kernel through 5.18.14 allows remote     attackers to cause a denial of service (panic) because, in the case of an nf_queue verdict with a one-byte     nfta_payload attribute, an skb_pull can encounter a negative skb->len. (CVE-2022-36946)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

Detections

Analytics

SUSE SLES12 Security Update : kernel (SUSE-SU-2022:2721-1)

high Nessus Plugin ID 163994

Version 1.6

Version 1.5

Version 1.5

Version 1.4

Version 1.3

Version 1.6 Jul 14, 2023, 7:08 AM CVSS temporal metrics ("CVSSv2 temporal vector" set to "CVSS2#E:POC/RL:OF/RC:C". "CVSSv3 temporal vector" set to "CVSS:3.0/E:P/RL:O/RC:C") Plugin metadata Plugin Feed: 202307140708
Version 1.5 Jul 12, 2023, 5:37 PM Detection Plugin Feed: 202307121737
Version 1.5 Jul 14, 2023, 5:13 AM CVSS temporal metrics ("CVSSv2 temporal vector" set to "CVSS2#E:POC/RL:OF/RC:C") CVSS temporal metrics ("CVSSv3 temporal vector" set to "CVSS:3.0/E:P/RL:O/RC:C") Plugin metadata Plugin Feed: 202307140513
Version 1.4 Mar 10, 2023, 5:10 PM Logic Changes (Added support for additional SUSE Platforms) Plugin Feed: 202303101710
Version 1.3 Oct 19, 2022, 5:06 PM CVSSv3 score source (Changed from None to CVE-2022-33742) CVSSv2 severity (Based on CVE-2021-39713 severity decreased from High to Medium) CVSS metrics Plugin Feed: 202210191706