Detections
Analytics

SUSE SLES15 Security Update : kernel (SUSE-SU-2022:2723-1)

medium Nessus Plugin ID 163996

Language:

Synopsis

The remote SUSE host is missing one or more security updates.

Description

The remote SUSE Linux SLES15 / SLES_SAP15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2022:2723-1 advisory.

 - A race condition in the Linux kernel before 5.6.2 between the VT_DISALLOCATE ioctl and closing/opening of ttys could lead to a use-after-free. (CVE-2020-36557)

 - A race condition in the Linux kernel before 5.5.7 involving VT_RESIZEX could lead to a NULL pointer dereference and general protection fault. (CVE-2020-36558)

 - Some AMD CPUs may transiently execute beyond unconditional direct branches, which may potentially result in data leakage. (CVE-2021-26341)

 - When sending malicous data to kernel by ioctl cmd FBIOPUT_VSCREENINFO,kernel will write memory out of bounds. (CVE-2021-33655)

 - When setting font with malicous data by ioctl cmd PIO_FONT,kernel will write memory out of bounds.
 (CVE-2021-33656)

 - An out-of-bounds read flaw was found in the Linux kernel's TeleTYpe subsystem. The issue occurs in how a user triggers a race condition using ioctls TIOCSPTLCK and TIOCGPTPEER and TIOCSTI and TCXONC with leakage of memory in the flush_to_ldisc function. This flaw allows a local user to crash the system or read unauthorized random data from memory. (CVE-2022-1462)

 - In various methods of kernel base drivers, there is a possible out of bounds write due to a heap buffer overflow. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID:
 A-182388481References: Upstream kernel (CVE-2022-20166)

 - nfqnl_mangle in net/netfilter/nfnetlink_queue.c in the Linux kernel through 5.18.14 allows remote attackers to cause a denial of service (panic) because, in the case of an nf_queue verdict with a one-byte nfta_payload attribute, an skb_pull can encounter a negative skb->len. (CVE-2022-36946)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

Solution

Update the affected packages.

See Also

https://bugzilla.suse.com/1195775

https://bugzilla.suse.com/1195926

https://bugzilla.suse.com/1198484

https://bugzilla.suse.com/1198829

https://bugzilla.suse.com/1200442

https://bugzilla.suse.com/1200598

https://bugzilla.suse.com/1200910

https://bugzilla.suse.com/1201050

https://bugzilla.suse.com/1201429

https://bugzilla.suse.com/1201635

https://bugzilla.suse.com/1201636

https://bugzilla.suse.com/1201926

https://bugzilla.suse.com/1201930

https://bugzilla.suse.com/1201940

https://www.suse.com/security/cve/CVE-2020-36557

https://www.suse.com/security/cve/CVE-2020-36558

https://www.suse.com/security/cve/CVE-2021-26341

https://www.suse.com/security/cve/CVE-2021-33655

https://www.suse.com/security/cve/CVE-2021-33656

https://www.suse.com/security/cve/CVE-2022-1462

https://www.suse.com/security/cve/CVE-2022-20166

https://www.suse.com/security/cve/CVE-2022-36946

http://www.nessus.org/u?71801a09

Plugin Details

Severity: Medium

ID: 163996

File Name: suse_SU-2022-2723-1.nasl

Version: 1.6

Type: local

Agent: unix

Published: 8/10/2022

Updated: 7/14/2023

Supported Sensors: Agentless Assessment, Frictionless Assessment Agent, Frictionless Assessment AWS, Frictionless Assessment Azure, Nessus Agent, Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 6.7

CVSS v2

Risk Factor: Medium

Base Score: 4.6

Temporal Score: 3.6

Vector: CVSS2#AV:L/AC:L/Au:N/C:P/I:P/A:P

CVSS Score Source: CVE-2022-20166

CVSS v3

Risk Factor: Medium

Base Score: 6.8

Temporal Score: 6.1

Vector: CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Temporal Vector: CVSS:3.0/E:P/RL:O/RC:C

CVSS Score Source: CVE-2021-33656

Vulnerability Information

CPE: p-cpe:/a:novell:suse_linux:cluster-md-kmp-default, p-cpe:/a:novell:suse_linux:dlm-kmp-default, p-cpe:/a:novell:suse_linux:gfs2-kmp-default, p-cpe:/a:novell:suse_linux:kernel-default, p-cpe:/a:novell:suse_linux:kernel-default-base, p-cpe:/a:novell:suse_linux:kernel-default-devel, p-cpe:/a:novell:suse_linux:kernel-default-livepatch, p-cpe:/a:novell:suse_linux:kernel-default-man, p-cpe:/a:novell:suse_linux:kernel-devel, p-cpe:/a:novell:suse_linux:kernel-livepatch-4_12_14-150000_150_98-default, p-cpe:/a:novell:suse_linux:kernel-macros, p-cpe:/a:novell:suse_linux:kernel-obs-build, p-cpe:/a:novell:suse_linux:kernel-source, p-cpe:/a:novell:suse_linux:kernel-syms, p-cpe:/a:novell:suse_linux:kernel-vanilla-base, p-cpe:/a:novell:suse_linux:ocfs2-kmp-default, p-cpe:/a:novell:suse_linux:reiserfs-kmp-default, cpe:/o:novell:suse_linux:15

Required KB Items: Host/local_checks_enabled, Host/cpu, Host/SuSE/release, Host/SuSE/rpm-list

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 8/9/2022

Vulnerability Publication Date: 3/11/2022

Reference Information

CVE: CVE-2020-36557, CVE-2020-36558, CVE-2021-26341, CVE-2021-33655, CVE-2021-33656, CVE-2022-1462, CVE-2022-20166, CVE-2022-36946

SuSE: SUSE-SU-2022:2723-1