The remote SUSE Linux SLED15 / SLED_SAP15 / SLES15 / SLES_SAP15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2022:2875-1 advisory.

  - An issue was discovered in the Linux kernel through 5.16.11. The mixed IPID assignment method with the     hash-based IPID assignment policy allows an off-path attacker to inject data into a victim's TCP session     or terminate that session. (CVE-2020-36516)

  - A race condition in the Linux kernel before 5.6.2 between the VT_DISALLOCATE ioctl and closing/opening of     ttys could lead to a use-after-free. (CVE-2020-36557)

  - A race condition in the Linux kernel before 5.5.7 involving VT_RESIZEX could lead to a NULL pointer     dereference and general protection fault. (CVE-2020-36558)

  - When sending malicous data to kernel by ioctl cmd FBIOPUT_VSCREENINFO,kernel will write memory out of     bounds. (CVE-2021-33655)

  - When setting font with malicous data by ioctl cmd PIO_FONT,kernel will write memory out of bounds.
    (CVE-2021-33656)

  - Integer Overflow or Wraparound vulnerability in io_uring of Linux Kernel allows local attacker to cause     memory corruption and escalate privileges to root. This issue affects: Linux Kernel versions prior to     5.4.189; version 5.4.24 and later versions. (CVE-2022-1116)

  - An out-of-bounds read flaw was found in the Linux kernel's TeleTYpe subsystem. The issue occurs in how a     user triggers a race condition using ioctls TIOCSPTLCK and TIOCGPTPEER and TIOCSTI and TCXONC with leakage     of memory in the flush_to_ldisc function. This flaw allows a local user to crash the system or read     unauthorized random data from memory. (CVE-2022-1462)

  - In various methods of kernel base drivers, there is a possible out of bounds write due to a heap buffer     overflow. This could lead to local escalation of privilege with System execution privileges needed. User     interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID:
    A-182388481References: Upstream kernel (CVE-2022-20166)

  - A bug in the IMA subsystem was discovered which would incorrectly allow kexec to be used when kernel     lockdown was enabled (CVE-2022-21505) (CVE-2022-21505)

  - There are use-after-free vulnerabilities caused by timer handler in net/rose/rose_timer.c of linux that     allow attackers to crash linux kernel without any privileges. (CVE-2022-2318)

  - Linux disk/nic frontends data leaks T[his CNA information record relates to multiple CVEs; the text     explains which aspects/vulnerabilities correspond to which CVE.] Linux Block and Network PV device     frontends don't zero memory regions before sharing them with the backend (CVE-2022-26365, CVE-2022-33740).
    Additionally the granularity of the grant table doesn't allow sharing less than a 4K page, leading to     unrelated data residing in the same 4K page as data shared with a backend being accessible by such backend     (CVE-2022-33741, CVE-2022-33742). (CVE-2022-26365, CVE-2022-33740, CVE-2022-33741, CVE-2022-33742)

  - An integer coercion error was found in the openvswitch kernel module. Given a sufficiently large number of     actions, while copying and reserving memory for a new action of a new flow, the reserve_sfa_size()     function does not return -EMSGSIZE as expected, potentially leading to an out-of-bounds write access. This     flaw allows a local user to crash or potentially escalate their privileges on the system. (CVE-2022-2639)

  - Improper Update of Reference Count vulnerability in net/sched of Linux Kernel allows local attacker to     cause privilege escalation to root. This issue affects: Linux Kernel versions prior to 5.18; version 4.14     and later versions. (CVE-2022-29581)

  - net/netfilter/nf_tables_api.c in the Linux kernel through 5.18.1 allows a local user (able to create     user/net namespaces) to escalate privileges to root because an incorrect NFT_STATEFUL_EXPR check leads to     a use-after-free. (CVE-2022-32250)

  - nfqnl_mangle in net/netfilter/nfnetlink_queue.c in the Linux kernel through 5.18.14 allows remote     attackers to cause a denial of service (panic) because, in the case of an nf_queue verdict with a one-byte     nfta_payload attribute, an skb_pull can encounter a negative skb->len. (CVE-2022-36946)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

Detections

Analytics

SUSE SLED15 / SLES15 Security Update : kernel (SUSE-SU-2022:2875-1)

high Nessus Plugin ID 164373

Version 1.9

Version 1.8

Version 1.8

Version 1.7

Version 1.6

Version 1.5

Version 1.4

Version 1.3

Version 1.9 Jul 14, 2023, 7:08 AM Detection Exploit attributes ("Exploited by malware" set to "True") Plugin metadata Plugin Feed: 202307140708
Version 1.8 Jul 12, 2023, 5:37 PM Detection Plugin Feed: 202307121737
Version 1.8 Jul 14, 2023, 5:13 AM Detection Exploit attributes ("Exploited by malware" set to "True") Plugin metadata Plugin Feed: 202307140513
Version 1.7 Mar 10, 2023, 5:10 PM Logic Changes (Added support for additional SUSE Platforms) Plugin Feed: 202303101710
Version 1.6 Feb 8, 2023, 11:19 PM Logic Changes (Updated openSUSE package checks in SUSE plugins) Plugin Feed: 202302082319
Version 1.5 Feb 4, 2023, 12:45 AM Logic Changes (Added missing service packs to plugin checks) Plugin Feed: 202302040045
Version 1.4 Jan 21, 2023, 5:26 AM Logic Changes (Added package checks for openSuSE) Plugin Feed: 202301210526
Version 1.3 Dec 13, 2022, 2:03 PM CVSS temporal metrics ("CVSSv2 temporal vector" set to "CVSS2#E:H/RL:OF/RC:C") CVSS temporal metrics ("CVSSv3 temporal vector" set to "CVSS:3.0/E:H/RL:O/RC:C") Exploit attributes ("Exploit available" set to "True") Exploit attributes ("Exploitability ease" changed from "No known exploits are available" to "Exploits are available") Exploit attributes ("Exploited by malware" set to "True") Plugin Feed: 202212131403