SUSE SLED15: cluster-md-kmp-64kb / cluster-md-kmp-default / dlm-kmp-64kb / etc (SUSE-SU-2022:3293-1)

high Nessus Plugin ID 165230

Language:

Synopsis

The remote SUSE host is missing one or more security updates.

Description

The remote SUSE Linux SLED15 / SLED_SAP15 / SLES15 / SLES_SAP15 / openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2022:3293-1 advisory.

The SUSE Linux Enterprise 15 SP4 kernel was updated to receive various security and bugfixes.


The following security bugs were fixed:

- CVE-2022-39190: Fixed an issue that was discovered in net/netfilter/nf_tables_api.c and could cause a denial of service upon binding to an already bound chain (bnc#1203117).
- CVE-2022-39188: Fixed race condition in include/asm-generic/tlb.h where a device driver can free a page while it still has stale TLB entries (bnc#1203107).
- CVE-2022-2663: Fixed an issue that was found in nf_conntrack_irc where the message handling could be confused and incorrectly matches the message (bnc#1202097).
- CVE-2022-3078: Fixed a lack of check after calling vzalloc() and lack of free after allocation in drivers/media/test-drivers/vidtv/vidtv_s302m.c (bnc#1203041).
- CVE-2022-28356: Fixed a refcount leak bug that was found in net/llc/af_llc.c (bnc#1197391).
- CVE-2022-3028: Fixed race condition that was found in the IP framework for transforming packets (XFRM subsystem) (bnc#1202898).
- CVE-2022-2905: Fixed tnum_range usage on array range checking for poke descriptors (bsc#1202564, bsc#1202860).
- CVE-2022-2977: Fixed reference counting for struct tpm_chip (bsc#1202672).
- CVE-2022-2938: Fixed a flaw that was found inside the Pressure Stall Information implementation that could have been used to allow an attacker to crash the system or have other memory-corruption side effects (bnc#1202623).
- CVE-2022-28693: Fixed x86/speculation behavior by disabling RRSBA (bsc#1201455).
- CVE-2021-33135: Fixed uncontrolled resource consumption inside Intel(R) SGX that may have allowed an authenticated user to potentially enable denial of service via local access (bnc#1199515).
- CVE-2022-2588: Fixed use-after-free in cls_route (bsc#1202096).
- CVE-2022-2959: Fixed a race condition that was found inside the watch queue due to a missing lock in pipe_resize_ring() (bnc#1202681 bnc#1202685).
- CVE-2022-36946: Fixed a denial of service (panic) inside nfqnl_mangle in net/netfilter/nfnetlink_queue.c (bnc#1201940 bnc#1201941 bnc#1202312 bnc#1202874).
- CVE-2021-4037: Fixed function logic vulnerability that allowed local users to create files for the XFS file-system with an unintended group ownership and with group execution and SGID permission bits set (bnc#1198702).
- CVE-2022-2873: Fixed an out-of-bounds memory access flaw that was found in iSMT SMBus host controller driver (bnc#1202558).
- CVE-2022-36879: Fixed an issue in xfrm_expand_policies in net/xfrm/xfrm_policy.c where a refcount could be dropped twice (bnc#1201948).
- CVE-2022-20368: Fixed slab-out-of-bounds access in packet_recvmsg() (bsc#1202346).
- CVE-2022-20369: Fixed out of bounds write in v4l2_m2m_querybuf of v4l2-mem2mem.c (bnc#1202347).
- CVE-2016-3695: Fixed an issue inside the einj_error_inject function in drivers/acpi/apei/einj.c that allowed users to simulate hardware errors and consequently cause a denial of service (bnc#1023051).
- CVE-2022-2639: Fixed an integer coercion error that was found in the openvswitch kernel module (bnc#1202154).
- CVE-2020-36516: Fixed an issue in the mixed IPID assignment method where an attacker was able to inject data into or terminate a victim's TCP session (bnc#1196616).
- CVE-2022-32250: Fixed a privilege escalation issue in net/netfilter/nf_tables_api.c that allowed a local user to became root (bnc#1200015).



Tenable has extracted the preceding description block directly from the SUSE security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

Solution

Update the affected packages.

See Also

https://bugzilla.suse.com/1023051

https://bugzilla.suse.com/1032323

https://bugzilla.suse.com/1065729

https://bugzilla.suse.com/1156395

https://bugzilla.suse.com/1190497

https://bugzilla.suse.com/1194592

https://bugzilla.suse.com/1194869

https://bugzilla.suse.com/1194904

https://bugzilla.suse.com/1195480

https://bugzilla.suse.com/1195917

https://bugzilla.suse.com/1196616

https://bugzilla.suse.com/1197158

https://bugzilla.suse.com/1197391

https://bugzilla.suse.com/1197755

https://bugzilla.suse.com/1197756

https://bugzilla.suse.com/1197757

https://bugzilla.suse.com/1197763

https://bugzilla.suse.com/1198410

https://bugzilla.suse.com/1198971

https://bugzilla.suse.com/1199086

https://bugzilla.suse.com/1199364

https://bugzilla.suse.com/1199670

https://bugzilla.suse.com/1200313

https://bugzilla.suse.com/1200431

https://bugzilla.suse.com/1200465

https://bugzilla.suse.com/1200544

https://bugzilla.suse.com/1200845

https://bugzilla.suse.com/1200868

https://bugzilla.suse.com/1200869

https://bugzilla.suse.com/1200870

https://bugzilla.suse.com/1200871

https://bugzilla.suse.com/1200872

https://bugzilla.suse.com/1200873

https://bugzilla.suse.com/1201019

https://bugzilla.suse.com/1201308

https://bugzilla.suse.com/1201427

https://bugzilla.suse.com/1201442

https://bugzilla.suse.com/1201455

https://bugzilla.suse.com/1201489

https://bugzilla.suse.com/1201610

https://bugzilla.suse.com/1201675

https://bugzilla.suse.com/1201725

https://bugzilla.suse.com/1201768

https://bugzilla.suse.com/1201940

https://bugzilla.suse.com/1201956

https://bugzilla.suse.com/1201958

https://bugzilla.suse.com/1202096

https://bugzilla.suse.com/1202097

https://bugzilla.suse.com/1202113

https://bugzilla.suse.com/1202131

https://bugzilla.suse.com/1202154

https://bugzilla.suse.com/1202262

https://bugzilla.suse.com/1202265

https://bugzilla.suse.com/1202312

https://bugzilla.suse.com/1202346

https://bugzilla.suse.com/1202347

https://bugzilla.suse.com/1202385

https://bugzilla.suse.com/1202393

https://bugzilla.suse.com/1202447

https://bugzilla.suse.com/1202471

https://bugzilla.suse.com/1202558

https://bugzilla.suse.com/1202564

https://bugzilla.suse.com/1202623

https://bugzilla.suse.com/1202636

https://bugzilla.suse.com/1202672

https://bugzilla.suse.com/1202681

https://bugzilla.suse.com/1202710

https://bugzilla.suse.com/1202711

https://bugzilla.suse.com/1202712

https://bugzilla.suse.com/1202713

https://bugzilla.suse.com/1202715

https://bugzilla.suse.com/1202716

https://bugzilla.suse.com/1202757

https://bugzilla.suse.com/1202758

https://bugzilla.suse.com/1202759

https://bugzilla.suse.com/1202761

https://bugzilla.suse.com/1202762

https://bugzilla.suse.com/1202763

https://bugzilla.suse.com/1202764

https://bugzilla.suse.com/1202765

https://bugzilla.suse.com/1202766

https://bugzilla.suse.com/1202767

https://bugzilla.suse.com/1202768

https://bugzilla.suse.com/1202769

https://bugzilla.suse.com/1202770

https://bugzilla.suse.com/1202771

https://bugzilla.suse.com/1202773

https://bugzilla.suse.com/1202774

https://bugzilla.suse.com/1202775

https://bugzilla.suse.com/1202776

https://bugzilla.suse.com/1202778

https://bugzilla.suse.com/1202779

https://bugzilla.suse.com/1202780

https://bugzilla.suse.com/1202781

https://bugzilla.suse.com/1202782

https://bugzilla.suse.com/1202783

https://bugzilla.suse.com/1202822

https://bugzilla.suse.com/1202823

https://bugzilla.suse.com/1202824

https://bugzilla.suse.com/1202860

https://bugzilla.suse.com/1202867

https://bugzilla.suse.com/1202874

https://bugzilla.suse.com/1202898

https://bugzilla.suse.com/1203036

https://bugzilla.suse.com/1203041

https://bugzilla.suse.com/1203063

https://bugzilla.suse.com/1203107

https://bugzilla.suse.com/1203117

https://bugzilla.suse.com/1203138

https://bugzilla.suse.com/1203139

https://bugzilla.suse.com/1203159

https://www.suse.com/security/cve/CVE-2016-3695

https://www.suse.com/security/cve/CVE-2020-36516

https://www.suse.com/security/cve/CVE-2021-33135

https://www.suse.com/security/cve/CVE-2021-4037

https://www.suse.com/security/cve/CVE-2022-20368

https://www.suse.com/security/cve/CVE-2022-20369

https://www.suse.com/security/cve/CVE-2022-2588

https://www.suse.com/security/cve/CVE-2022-2639

https://www.suse.com/security/cve/CVE-2022-2663

https://www.suse.com/security/cve/CVE-2022-28356

https://www.suse.com/security/cve/CVE-2022-28693

https://www.suse.com/security/cve/CVE-2022-2873

https://www.suse.com/security/cve/CVE-2022-2905

https://www.suse.com/security/cve/CVE-2022-2938

https://www.suse.com/security/cve/CVE-2022-2959

https://www.suse.com/security/cve/CVE-2022-2977

https://www.suse.com/security/cve/CVE-2022-3028

https://www.suse.com/security/cve/CVE-2022-3078

https://www.suse.com/security/cve/CVE-2022-32250

https://www.suse.com/security/cve/CVE-2022-36879

https://www.suse.com/security/cve/CVE-2022-36946

https://www.suse.com/security/cve/CVE-2022-39188

https://www.suse.com/security/cve/CVE-2022-39190

http://www.nessus.org/u?c794ce97

Plugin Details

Severity: High

ID: 165230

File Name: suse_SU-2022-3293-1.nasl

Version: 1.11

Type: Local

Agent: unix

Published: 9/17/2022

Updated: 6/25/2026

Supported Sensors: Agentless Assessment, Continuous Assessment, Frictionless Assessment Agent, Frictionless Assessment AWS, Frictionless Assessment Azure, Nessus Agent, Tenable Cloud Security, Tenable Self-Hosted Container Security, Nessus

Risk Information

VPR

Risk Factor: Critical

Score: 9.5

Percentile: 99.86

CVSS v2

Risk Factor: High

Base Score: 7.2

Temporal Score: 6.3

Vector: CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C

CVSS Score Source: CVE-2022-32250

CVSS v3

Risk Factor: High

Base Score: 7.8

Temporal Score: 7.5

Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Temporal Vector: CVSS:3.0/E:H/RL:O/RC:C

Vulnerability Information

CPE: cpe:/o:novell:suse_linux:15, p-cpe:/a:novell:suse_linux:kernel-default, p-cpe:/a:novell:suse_linux:kernel-source, p-cpe:/a:novell:suse_linux:kernel-syms, p-cpe:/a:novell:suse_linux:kernel-default-base, p-cpe:/a:novell:suse_linux:kernel-default-devel, p-cpe:/a:novell:suse_linux:kernel-default-extra, p-cpe:/a:novell:suse_linux:kernel-obs-build, p-cpe:/a:novell:suse_linux:reiserfs-kmp-default, p-cpe:/a:novell:suse_linux:kernel-zfcpdump, p-cpe:/a:novell:suse_linux:kernel-default-livepatch, p-cpe:/a:novell:suse_linux:cluster-md-kmp-default, p-cpe:/a:novell:suse_linux:dlm-kmp-default, p-cpe:/a:novell:suse_linux:gfs2-kmp-default, p-cpe:/a:novell:suse_linux:kernel-devel, p-cpe:/a:novell:suse_linux:kernel-macros, p-cpe:/a:novell:suse_linux:ocfs2-kmp-default, p-cpe:/a:novell:suse_linux:kernel-default-livepatch-devel, p-cpe:/a:novell:suse_linux:kernel-64kb, p-cpe:/a:novell:suse_linux:kernel-64kb-devel, p-cpe:/a:novell:suse_linux:kernel-livepatch-5_14_21-150400_24_21-default

Required KB Items: Host/local_checks_enabled, Host/cpu, Host/SuSE/release, Host/SuSE/rpm-list

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 9/16/2022

Vulnerability Publication Date: 12/29/2017

Exploitable With

Core Impact

Reference Information

CVE: CVE-2016-3695, CVE-2020-36516, CVE-2021-33135, CVE-2021-4037, CVE-2022-20368, CVE-2022-20369, CVE-2022-2588, CVE-2022-2639, CVE-2022-2663, CVE-2022-28356, CVE-2022-28693, CVE-2022-2873, CVE-2022-2905, CVE-2022-2938, CVE-2022-2959, CVE-2022-2977, CVE-2022-3028, CVE-2022-3078, CVE-2022-32250, CVE-2022-36879, CVE-2022-36946, CVE-2022-39188, CVE-2022-39190

SuSE: SUSE-SU-2022:3293-1