SUSE SLES15 Security Update : kernel (SUSE-SU-2022:3288-1)

high Nessus Plugin ID 165235

Language:

Synopsis

The remote SUSE host is missing one or more security updates.

Description

The remote SUSE Linux SLES15 / SLES_SAP15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2022:3288-1 advisory.

- The einj_error_inject function in drivers/acpi/apei/einj.c in the Linux kernel allows local users to simulate hardware errors and consequently cause a denial of service by leveraging failure to disable APEI error injection through EINJ when securelevel is set. (CVE-2016-3695)

- An issue was discovered in the Linux kernel through 5.16.11. The mixed IPID assignment method with the hash-based IPID assignment policy allows an off-path attacker to inject data into a victim's TCP session or terminate that session. (CVE-2020-36516)

- Uncontrolled resource consumption in the Linux kernel drivers for Intel(R) SGX may allow an authenticated user to potentially enable denial of service via local access. (CVE-2021-33135)

- A vulnerability was found in the fs/inode.c:inode_init_owner() function logic of the LInux kernel that allows local users to create files for the XFS file-system with an unintended group ownership and with group execution and SGID permission bits set, in a scenario where a directory is SGID and belongs to a certain group and is writable by a user who is not a member of this group. This can lead to excessive permissions granted in case when they should not. This vulnerability is similar to the previous CVE-2018-13405 and adds the missed fix for the XFS. (CVE-2021-4037)

- A use-after-free flaw was found in fs/ext4/namei.c:dx_insert_block() in the Linux kernel's filesystem sub- component. This flaw allows a local attacker with a user privilege to cause a denial of service.
(CVE-2022-1184)

- Product: AndroidVersions: Android kernelAndroid ID: A-224546354References: Upstream kernel (CVE-2022-20368)

- In v4l2_m2m_querybuf of v4l2-mem2mem.c, there is a possible out of bounds write due to improper input validation. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID:
A-223375145References: Upstream kernel (CVE-2022-20369)

- kernel: posix cpu timer use-after-free may lead to local privilege escalation (CVE-2022-2585)

- kernel: a use-after-free in cls_route filter implementation may lead to privilege escalation (CVE-2022-2588)

- Non-transparent sharing of return predictor targets between contexts in some Intel(R) Processors may allow an authorized user to potentially enable information disclosure via local access. (CVE-2022-26373)

- An integer coercion error was found in the openvswitch kernel module. Given a sufficiently large number of actions, while copying and reserving memory for a new action of a new flow, the reserve_sfa_size() function does not return -EMSGSIZE as expected, potentially leading to an out-of-bounds write access. This flaw allows a local user to crash or potentially escalate their privileges on the system. (CVE-2022-2639)

- An issue was found in the Linux kernel in nf_conntrack_irc where the message handling can be confused and incorrectly matches the message. A firewall may be able to be bypassed when users are using unencrypted IRC with nf_conntrack_irc configured. (CVE-2022-2663)

- In the Linux kernel before 5.17.1, a refcount leak bug was found in net/llc/af_llc.c. (CVE-2022-28356)

- A flaw was found in hw. Mis-trained branch predictions for return instructions may allow arbitrary speculative code execution under certain microarchitecture-dependent conditions. (CVE-2022-23816) (CVE-2022-28693)

- An out-of-bounds memory access flaw was found in the Linux kernel Intel's iSMT SMBus host controller driver in the way a user triggers the I2C_SMBUS_BLOCK_DATA (with the ioctl I2C_SMBUS) with malicious input data. This flaw allows a local user to crash the system. (CVE-2022-2873)

- An out-of-bounds memory read flaw was found in the Linux kernel's BPF subsystem in how a user calls the bpf_tail_call function with a key larger than the max_entries of the map. This flaw allows a local user to gain unauthorized access to data. (CVE-2022-2905)

- A flaw was found in the Linux kernel's implementation of Pressure Stall Information. While the feature is disabled by default, it could allow an attacker to crash the system or have other memory-corruption side effects. (CVE-2022-2938)

- A race condition was found in the Linux kernel's watch queue due to a missing lock in pipe_resize_ring().
The specific flaw exists within the handling of pipe buffers. The issue results from the lack of proper locking when performing operations on an object. This flaw allows a local user to crash the system or escalate their privileges on the system. (CVE-2022-2959)

- A flaw was found in the Linux kernel implementation of proxied virtualized TPM devices. On a system where virtualized TPM devices are configured (this is not the default) a local attacker can create a use-after- free and create a situation where it may be possible to escalate privileges on the system. (CVE-2022-2977)

- A race condition was found in the Linux kernel's IP framework for transforming packets (XFRM subsystem) when multiple calls to xfrm_probe_algs occurred simultaneously. This flaw could allow a local attacker to potentially trigger an out-of-bounds write or leak kernel heap memory by performing an out-of-bounds read and copying it into a socket. (CVE-2022-3028)

- An issue was discovered in the Linux kernel through 5.16-rc6. There is a lack of check after calling vzalloc() and lack of free after allocation in drivers/media/test-drivers/vidtv/vidtv_s302m.c.
(CVE-2022-3078)

- An issue was discovered in the Linux kernel through 5.18.14. xfrm_expand_policies in net/xfrm/xfrm_policy.c can cause a refcount to be dropped twice. (CVE-2022-36879)

- nfqnl_mangle in net/netfilter/nfnetlink_queue.c in the Linux kernel through 5.18.14 allows remote attackers to cause a denial of service (panic) because, in the case of an nf_queue verdict with a one-byte nfta_payload attribute, an skb_pull can encounter a negative skb->len. (CVE-2022-36946)

- An issue was discovered in include/asm-generic/tlb.h in the Linux kernel before 5.19. Because of a race condition (unmap_mapping_range versus munmap), a device driver can free a page while it still has stale TLB entries. This only occurs in situations with VM_PFNMAP VMAs. (CVE-2022-39188)

- An issue was discovered in net/netfilter/nf_tables_api.c in the Linux kernel before 5.19.6. A denial of service can occur upon binding to an already bound chain. (CVE-2022-39190)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

Solution

Update the affected packages.

See Also

https://bugzilla.suse.com/1023051

https://bugzilla.suse.com/1032323

https://bugzilla.suse.com/1065729

https://bugzilla.suse.com/1156395

https://bugzilla.suse.com/1189999

https://bugzilla.suse.com/1190497

https://bugzilla.suse.com/1192968

https://bugzilla.suse.com/1194592

https://bugzilla.suse.com/1194869

https://bugzilla.suse.com/1194904

https://bugzilla.suse.com/1195480

https://bugzilla.suse.com/1195917

https://bugzilla.suse.com/1196616

https://bugzilla.suse.com/1197158

https://bugzilla.suse.com/1197391

https://bugzilla.suse.com/1197755

https://bugzilla.suse.com/1197756

https://bugzilla.suse.com/1197757

https://bugzilla.suse.com/1197763

https://bugzilla.suse.com/1198410

https://bugzilla.suse.com/1198577

https://bugzilla.suse.com/1198702

https://bugzilla.suse.com/1198971

https://bugzilla.suse.com/1199356

https://bugzilla.suse.com/1199515

https://bugzilla.suse.com/1200301

https://bugzilla.suse.com/1200313

https://bugzilla.suse.com/1200431

https://bugzilla.suse.com/1200544

https://bugzilla.suse.com/1200845

https://bugzilla.suse.com/1200868

https://bugzilla.suse.com/1200869

https://bugzilla.suse.com/1200870

https://bugzilla.suse.com/1200871

https://bugzilla.suse.com/1200872

https://bugzilla.suse.com/1200873

https://bugzilla.suse.com/1201019

https://bugzilla.suse.com/1201308

https://bugzilla.suse.com/1201361

https://bugzilla.suse.com/1201442

https://bugzilla.suse.com/1201455

https://bugzilla.suse.com/1201489

https://bugzilla.suse.com/1201610

https://bugzilla.suse.com/1201726

https://bugzilla.suse.com/1201768

https://bugzilla.suse.com/1201865

https://bugzilla.suse.com/1201940

https://bugzilla.suse.com/1201948

https://bugzilla.suse.com/1201956

https://bugzilla.suse.com/1202094

https://bugzilla.suse.com/1202096

https://bugzilla.suse.com/1202097

https://bugzilla.suse.com/1202113

https://bugzilla.suse.com/1202131

https://bugzilla.suse.com/1202154

https://bugzilla.suse.com/1202262

https://bugzilla.suse.com/1202265

https://bugzilla.suse.com/1202346

https://bugzilla.suse.com/1202347

https://bugzilla.suse.com/1202385

https://bugzilla.suse.com/1202393

https://bugzilla.suse.com/1202447

https://bugzilla.suse.com/1202471

https://bugzilla.suse.com/1202558

https://bugzilla.suse.com/1202564

https://bugzilla.suse.com/1202623

https://bugzilla.suse.com/1202636

https://bugzilla.suse.com/1202672

https://bugzilla.suse.com/1202681

https://bugzilla.suse.com/1202710

https://bugzilla.suse.com/1202711

https://bugzilla.suse.com/1202712

https://bugzilla.suse.com/1202713

https://bugzilla.suse.com/1202715

https://bugzilla.suse.com/1202716

https://bugzilla.suse.com/1202757

https://bugzilla.suse.com/1202758

https://bugzilla.suse.com/1202759

https://bugzilla.suse.com/1202761

https://bugzilla.suse.com/1202762

https://bugzilla.suse.com/1202763

https://bugzilla.suse.com/1202764

https://bugzilla.suse.com/1202765

https://bugzilla.suse.com/1202766

https://bugzilla.suse.com/1202767

https://bugzilla.suse.com/1202768

https://bugzilla.suse.com/1202769

https://bugzilla.suse.com/1202770

https://bugzilla.suse.com/1202771

https://bugzilla.suse.com/1202773

https://bugzilla.suse.com/1202774

https://bugzilla.suse.com/1202775

https://bugzilla.suse.com/1202776

https://bugzilla.suse.com/1202778

https://bugzilla.suse.com/1202779

https://bugzilla.suse.com/1202780

https://bugzilla.suse.com/1202781

https://bugzilla.suse.com/1202782

https://bugzilla.suse.com/1202783

https://bugzilla.suse.com/1202822

https://bugzilla.suse.com/1202823

https://bugzilla.suse.com/1202824

https://bugzilla.suse.com/1202860

https://bugzilla.suse.com/1202867

https://bugzilla.suse.com/1202872

https://bugzilla.suse.com/1202898

https://bugzilla.suse.com/1202989

https://bugzilla.suse.com/1203036

https://bugzilla.suse.com/1203041

https://bugzilla.suse.com/1203063

https://bugzilla.suse.com/1203098

https://bugzilla.suse.com/1203107

https://bugzilla.suse.com/1203117

https://bugzilla.suse.com/1203138

https://bugzilla.suse.com/1203139

https://bugzilla.suse.com/1203159

https://www.suse.com/security/cve/CVE-2016-3695

https://www.suse.com/security/cve/CVE-2020-36516

https://www.suse.com/security/cve/CVE-2021-33135

https://www.suse.com/security/cve/CVE-2021-4037

https://www.suse.com/security/cve/CVE-2022-1184

https://www.suse.com/security/cve/CVE-2022-20368

https://www.suse.com/security/cve/CVE-2022-20369

https://www.suse.com/security/cve/CVE-2022-2585

https://www.suse.com/security/cve/CVE-2022-2588

https://www.suse.com/security/cve/CVE-2022-26373

https://www.suse.com/security/cve/CVE-2022-2639

https://www.suse.com/security/cve/CVE-2022-2663

https://www.suse.com/security/cve/CVE-2022-28356

https://www.suse.com/security/cve/CVE-2022-28693

https://www.suse.com/security/cve/CVE-2022-2873

https://www.suse.com/security/cve/CVE-2022-2905

https://www.suse.com/security/cve/CVE-2022-2938

https://www.suse.com/security/cve/CVE-2022-2959

https://www.suse.com/security/cve/CVE-2022-2977

https://www.suse.com/security/cve/CVE-2022-3028

https://www.suse.com/security/cve/CVE-2022-3078

https://www.suse.com/security/cve/CVE-2022-36879

https://www.suse.com/security/cve/CVE-2022-36946

https://www.suse.com/security/cve/CVE-2022-39188

https://www.suse.com/security/cve/CVE-2022-39190

http://www.nessus.org/u?23d93ad3

Plugin Details

Severity: High

ID: 165235

File Name: suse_SU-2022-3288-1.nasl

Version: 1.8

Type: local

Agent: unix

Published: 9/17/2022

Updated: 7/14/2023

Supported Sensors: Frictionless Assessment AWS, Frictionless Assessment Azure, Frictionless Assessment Agent, Nessus Agent, Agentless Assessment, Nessus

Risk Information

VPR

Risk Factor: Critical

Score: 9.5

CVSS v2

Risk Factor: Medium

Base Score: 4.9

Temporal Score: 4.3

Vector: CVSS2#AV:N/AC:M/Au:S/C:N/I:P/A:P

CVSS Score Source: CVE-2020-36516

CVSS v3

Risk Factor: High

Base Score: 7.8

Temporal Score: 7.5

Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Temporal Vector: CVSS:3.0/E:H/RL:O/RC:C

CVSS Score Source: CVE-2022-2977

Vulnerability Information

CPE: p-cpe:/a:novell:suse_linux:kernel-azure, p-cpe:/a:novell:suse_linux:kernel-azure-devel, p-cpe:/a:novell:suse_linux:kernel-devel-azure, p-cpe:/a:novell:suse_linux:kernel-source-azure, p-cpe:/a:novell:suse_linux:kernel-syms-azure, cpe:/o:novell:suse_linux:15

Required KB Items: Host/local_checks_enabled, Host/cpu, Host/SuSE/release, Host/SuSE/rpm-list

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 9/16/2022

Vulnerability Publication Date: 12/29/2017

Exploitable With

Core Impact

Reference Information

CVE: CVE-2016-3695, CVE-2020-36516, CVE-2021-33135, CVE-2021-4037, CVE-2022-1184, CVE-2022-20368, CVE-2022-20369, CVE-2022-2585, CVE-2022-2588, CVE-2022-26373, CVE-2022-2639, CVE-2022-2663, CVE-2022-28356, CVE-2022-28693, CVE-2022-2873, CVE-2022-2905, CVE-2022-2938, CVE-2022-2959, CVE-2022-2977, CVE-2022-3028, CVE-2022-3078, CVE-2022-36879, CVE-2022-36946, CVE-2022-39188, CVE-2022-39190

SuSE: SUSE-SU-2022:3288-1