The remote SUSE Linux SLES12 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2022:3930-1 advisory.

    The SUSE Linux Enterprise 12 SP5 kernel RT was updated.

    The following security bugs were fixed:

    - CVE-2022-3628: Fixed potential buffer overflow in  brcmf_fweh_event_worker() in wifi/brcmfmac     (bsc#1204868).
    - CVE-2021-4037: Fixed function logic vulnerability that allowed local users to create files for the XFS     file-system with an unintended group ownership and with group execution and SGID permission bits set     (bnc#1198702).
    - CVE-2022-2153: Fixed vulnerability in KVM that could allow an unprivileged local attacker on the host to     cause DoS (bnc#1200788).
    - CVE-2022-2964, CVE-2022-28748: Fixed memory corruption issues in ax88179_178a devices (bnc#1202686     bsc#1196018).
    - CVE-2022-3521: Fixed race condition in kcm_tx_work() in net/kcm/kcmsock.c (bnc#1204355).
    - CVE-2022-3524: Fixed memory leak in ipv6_renew_options() in the IPv6 handler (bnc#1204354).
    - CVE-2022-3542: Fixed memory leak in bnx2x_tpa_stop() in drivers/net/ethernet/broadcom/bnx2x/bnx2x_cmn.c     (bnc#1204402).
    - CVE-2022-3545: Fixed use-after-free in area_cache_get() in     drivers/net/ethernet/netronome/nfp/nfpcore/nfp_cppcore.c (bnc#1204415).
    - CVE-2022-3565: Fixed use-after-free in del_timer() in drivers/isdn/mISDN/l1oip_core.c (bnc#1204431).
    - CVE-2022-3586: Fixed use-after-free in socket buffer (SKB) that could allow a local unprivileged user to     cause a denial of service (bnc#1204439).
    - CVE-2022-3594: Fixed excessive data logging in intr_callback() in drivers/net/usb/r8152.c (bnc#1204479).
    - CVE-2022-3621: Fixed null pointer dereference in nilfs_bmap_lookup_at_level() in fs/nilfs2/inode.c     (bnc#1204574).
    - CVE-2022-3629: Fixed memory leak in vsock_connect() in net/vmw_vsock/af_vsock.c (bnc#1204635).
    - CVE-2022-3646: Fixed memory leak in nilfs_attach_log_writer() in fs/nilfs2/segment.c (bnc#1204646).
    - CVE-2022-3649: Fixed use-after-free in nilfs_new_inode() in fs/nilfs2/inode.c (bnc#1204647).
    - CVE-2022-43750: Fixed vulnerability in usbmon that allowed a user-space client to corrupt the monitor's     internal memory (bnc#1204653).


Tenable has extracted the preceding description block directly from the SUSE security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

Detections

Analytics

SUSE SLES12 Security Update : kernel (SUSE-SU-2022:3930-1)

high Nessus Plugin ID 167336

Version 1.10