SUSE SLES15 Security Update : kernel (SUSE-SU-2022:3408-1)

high Nessus Plugin ID 165501

Language:

Synopsis

The remote SUSE host is missing one or more security updates.

Description

The remote SUSE Linux SLES15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2022:3408-1 advisory.

- An issue was discovered in the Linux kernel through 5.16.11. The mixed IPID assignment method with the hash-based IPID assignment policy allows an off-path attacker to inject data into a victim's TCP session or terminate that session. (CVE-2020-36516)

- A use-after-free read flaw was found in sock_getsockopt() in net/core/sock.c due to SO_PEERCRED and SO_PEERGROUPS race with listen() (and connect()) in the Linux kernel. In this flaw, an attacker with a user privileges may crash the system or leak internal kernel information. (CVE-2021-4203)

- A memory leak problem was found in the TCP source port generation algorithm in net/ipv4/tcp.c due to the small table perturb size. This flaw may allow an attacker to information leak and may cause a denial of service problem. (CVE-2022-1012)

- Product: AndroidVersions: Android kernelAndroid ID: A-224546354References: Upstream kernel (CVE-2022-20368)

- In v4l2_m2m_querybuf of v4l2-mem2mem.c, there is a possible out of bounds write due to improper input validation. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID:
A-223375145References: Upstream kernel (CVE-2022-20369)

- A flaw in net_rds_alloc_sgs() in Oracle Linux kernels allows unprivileged local users to crash the machine. CVSS 3.1 Base Score 6.2 (Availability impacts). CVSS Vector (CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) (CVE-2022-21385)

- kernel: a use-after-free in cls_route filter implementation may lead to privilege escalation (CVE-2022-2588)

- Non-transparent sharing of return predictor targets between contexts in some Intel(R) Processors may allow an authorized user to potentially enable information disclosure via local access. (CVE-2022-26373)

- An integer coercion error was found in the openvswitch kernel module. Given a sufficiently large number of actions, while copying and reserving memory for a new action of a new flow, the reserve_sfa_size() function does not return -EMSGSIZE as expected, potentially leading to an out-of-bounds write access. This flaw allows a local user to crash or potentially escalate their privileges on the system. (CVE-2022-2639)

- An issue was found in the Linux kernel in nf_conntrack_irc where the message handling can be confused and incorrectly matches the message. A firewall may be able to be bypassed when users are using unencrypted IRC with nf_conntrack_irc configured. (CVE-2022-2663)

- Improper Update of Reference Count vulnerability in net/sched of Linux Kernel allows local attacker to cause privilege escalation to root. This issue affects: Linux Kernel versions prior to 5.18; version 4.14 and later versions. (CVE-2022-29581)

- A flaw was found in the Linux kernel implementation of proxied virtualized TPM devices. On a system where virtualized TPM devices are configured (this is not the default) a local attacker can create a use-after- free and create a situation where it may be possible to escalate privileges on the system. (CVE-2022-2977)

- A race condition was found in the Linux kernel's IP framework for transforming packets (XFRM subsystem) when multiple calls to xfrm_probe_algs occurred simultaneously. This flaw could allow a local attacker to potentially trigger an out-of-bounds write or leak kernel heap memory by performing an out-of-bounds read and copying it into a socket. (CVE-2022-3028)

- An issue was discovered in the Linux kernel through 5.18.14. xfrm_expand_policies in net/xfrm/xfrm_policy.c can cause a refcount to be dropped twice. (CVE-2022-36879)

- An issue was discovered in include/asm-generic/tlb.h in the Linux kernel before 5.19. Because of a race condition (unmap_mapping_range versus munmap), a device driver can free a page while it still has stale TLB entries. This only occurs in situations with VM_PFNMAP VMAs. (CVE-2022-39188)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

Solution

Update the affected packages.

See Also

https://bugzilla.suse.com/1177440

https://bugzilla.suse.com/1180153

https://bugzilla.suse.com/1188944

https://bugzilla.suse.com/1191881

https://bugzilla.suse.com/1194535

https://bugzilla.suse.com/1196616

https://bugzilla.suse.com/1197158

https://bugzilla.suse.com/1199482

https://bugzilla.suse.com/1199665

https://bugzilla.suse.com/1201019

https://bugzilla.suse.com/1201420

https://bugzilla.suse.com/1201705

https://bugzilla.suse.com/1201726

https://bugzilla.suse.com/1201948

https://bugzilla.suse.com/1202096

https://bugzilla.suse.com/1202097

https://bugzilla.suse.com/1202154

https://bugzilla.suse.com/1202335

https://bugzilla.suse.com/1202346

https://bugzilla.suse.com/1202347

https://bugzilla.suse.com/1202393

https://bugzilla.suse.com/1202396

https://bugzilla.suse.com/1202672

https://bugzilla.suse.com/1202897

https://bugzilla.suse.com/1202898

https://bugzilla.suse.com/1203098

https://bugzilla.suse.com/1203107

http://www.nessus.org/u?3cfce971

https://www.suse.com/security/cve/CVE-2020-36516

https://www.suse.com/security/cve/CVE-2021-4203

https://www.suse.com/security/cve/CVE-2022-1012

https://www.suse.com/security/cve/CVE-2022-20368

https://www.suse.com/security/cve/CVE-2022-20369

https://www.suse.com/security/cve/CVE-2022-21385

https://www.suse.com/security/cve/CVE-2022-2588

https://www.suse.com/security/cve/CVE-2022-26373

https://www.suse.com/security/cve/CVE-2022-2639

https://www.suse.com/security/cve/CVE-2022-2663

https://www.suse.com/security/cve/CVE-2022-29581

https://www.suse.com/security/cve/CVE-2022-2977

https://www.suse.com/security/cve/CVE-2022-3028

https://www.suse.com/security/cve/CVE-2022-36879

https://www.suse.com/security/cve/CVE-2022-39188

Plugin Details

Severity: High

ID: 165501

File Name: suse_SU-2022-3408-1.nasl

Version: 1.4

Type: local

Agent: unix

Published: 9/27/2022

Updated: 10/3/2022

Supported Sensors: Agentless Assessment, Frictionless Assessment Agent, Frictionless Assessment AWS, Frictionless Assessment Azure, Nessus Agent

Risk Information

VPR

Risk Factor: Critical

Score: 9.5

CVSS v2

Risk Factor: High

Base Score: 7.2

Temporal Score: 6.3

Vector: AV:L/AC:L/Au:N/C:C/I:C/A:C

Temporal Vector: E:H/RL:OF/RC:C

CVSS Score Source: CVE-2022-29581

CVSS v3

Risk Factor: High

Base Score: 8.2

Temporal Score: 7.8

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H

Temporal Vector: E:H/RL:O/RC:C

CVSS Score Source: CVE-2022-1012

Vulnerability Information

CPE: p-cpe:/a:novell:suse_linux:cluster-md-kmp-default, p-cpe:/a:novell:suse_linux:dlm-kmp-default, p-cpe:/a:novell:suse_linux:gfs2-kmp-default, p-cpe:/a:novell:suse_linux:kernel-default, p-cpe:/a:novell:suse_linux:kernel-default-base, p-cpe:/a:novell:suse_linux:kernel-default-devel, p-cpe:/a:novell:suse_linux:kernel-default-livepatch, p-cpe:/a:novell:suse_linux:kernel-default-livepatch-devel, p-cpe:/a:novell:suse_linux:kernel-default-man, p-cpe:/a:novell:suse_linux:kernel-devel, p-cpe:/a:novell:suse_linux:kernel-livepatch-4_12_14-150100_197_123-default, p-cpe:/a:novell:suse_linux:kernel-macros, p-cpe:/a:novell:suse_linux:kernel-obs-build, p-cpe:/a:novell:suse_linux:kernel-source, p-cpe:/a:novell:suse_linux:kernel-syms, p-cpe:/a:novell:suse_linux:ocfs2-kmp-default, p-cpe:/a:novell:suse_linux:reiserfs-kmp-default, cpe:/o:novell:suse_linux:15

Required KB Items: Host/local_checks_enabled, Host/cpu, Host/SuSE/release, Host/SuSE/rpm-list

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 9/26/2022

Vulnerability Publication Date: 2/26/2022

Reference Information

CVE: CVE-2020-36516, CVE-2021-4203, CVE-2022-1012, CVE-2022-2588, CVE-2022-2639, CVE-2022-2663, CVE-2022-2977, CVE-2022-3028, CVE-2022-20368, CVE-2022-20369, CVE-2022-21385, CVE-2022-26373, CVE-2022-29581, CVE-2022-36879, CVE-2022-39188

SuSE: SUSE-SU-2022:3408-1