SUSE SLED12 / SLES12 Security Update : kernel (SUSE-SU-2022:4272-1)

high Nessus Plugin ID 168291

Language:

Synopsis

The remote SUSE host is missing one or more security updates.

Description

The remote SUSE Linux SLED12 / SLED_SAP12 / SLES12 / SLES_SAP12 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2022:4272-1 advisory.

The SUSE Linux Enterprise 12 SP5 kernel was updated to receive various security and bugfixes.

The following security bugs were fixed:

- CVE-2021-4037: Fixed function logic vulnerability that allowed local users to create files for the XFS file-system with an unintended group ownership and with group execution and SGID permission bits set (bnc#1198702).
- CVE-2022-2153: Fixed vulnerability in KVM that could allow an unprivileged local attacker on the host to cause DoS (bnc#1200788).
- CVE-2022-2964: Fixed memory corruption issues in ax88179_178a devices (bnc#1202686).
- CVE-2022-3169: Fixed a denial of service flaw which occurs when consecutive requests to NVME_IOCTL_RESET and the NVME_IOCTL_SUBSYS_RESET are sent (bnc#1203290).
- CVE-2022-3521: Fixed race condition in kcm_tx_work() in net/kcm/kcmsock.c (bnc#1204355).
- CVE-2022-3524: Fixed memory leak in ipv6_renew_options() in the IPv6 handler (bnc#1204354).
- CVE-2022-3542: Fixed memory leak in bnx2x_tpa_stop() in drivers/net/ethernet/broadcom/bnx2x/bnx2x_cmn.c (bnc#1204402).
- CVE-2022-3545: Fixed use-after-free in area_cache_get() in drivers/net/ethernet/netronome/nfp/nfpcore/nfp_cppcore.c (bnc#1204415).
- CVE-2022-3565: Fixed use-after-free in del_timer() in drivers/isdn/mISDN/l1oip_core.c (bnc#1204431).
- CVE-2022-3586: Fixed use-after-free in socket buffer (SKB) that could allow a local unprivileged user to cause a denial of service (bnc#1204439).
- CVE-2022-3594: Fixed excessive data logging in intr_callback() in drivers/net/usb/r8152.c (bnc#1204479).
- CVE-2022-3621: Fixed null pointer dereference in nilfs_bmap_lookup_at_level() in fs/nilfs2/inode.c (bnc#1204574).
- CVE-2022-3629: Fixed memory leak in vsock_connect() in net/vmw_vsock/af_vsock.c (bnc#1204635).
- CVE-2022-3646: Fixed memory leak in nilfs_attach_log_writer() in fs/nilfs2/segment.c (bnc#1204646).
- CVE-2022-3649: Fixed use-after-free in nilfs_new_inode() in fs/nilfs2/inode.c (bnc#1204647).
- CVE-2022-40307: Fixed a race condition that could had been exploited to trigger a use-after-free in the efi firmware capsule-loader.c (bnc#1203322).
- CVE-2022-40768: Fixed information leak in the scsi driver which allowed local users to obtain sensitive information from kernel memory (bnc#1203514).
- CVE-2022-42703: Fixed use-after-free in mm/rmap.c related to leaf anon_vma double reuse (bnc#1204168).
- CVE-2022-43750: Fixed vulnerability in usbmon that allowed a user-space client to corrupt the monitor's internal memory (bnc#1204653).


Tenable has extracted the preceding description block directly from the SUSE security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

Solution

Update the affected packages.

See Also

https://bugzilla.suse.com/1032323

https://bugzilla.suse.com/1065729

https://bugzilla.suse.com/1198702

https://bugzilla.suse.com/1200788

https://bugzilla.suse.com/1202686

https://bugzilla.suse.com/1202972

https://bugzilla.suse.com/1203098

https://bugzilla.suse.com/1203142

https://bugzilla.suse.com/1203198

https://bugzilla.suse.com/1203254

https://bugzilla.suse.com/1203290

https://bugzilla.suse.com/1203322

https://bugzilla.suse.com/1203387

https://bugzilla.suse.com/1203514

https://bugzilla.suse.com/1203802

https://bugzilla.suse.com/1204166

https://bugzilla.suse.com/1204168

https://bugzilla.suse.com/1204241

https://bugzilla.suse.com/1204354

https://bugzilla.suse.com/1204355

https://bugzilla.suse.com/1204402

https://bugzilla.suse.com/1204415

https://bugzilla.suse.com/1204431

https://bugzilla.suse.com/1204439

https://bugzilla.suse.com/1204479

https://bugzilla.suse.com/1204574

https://bugzilla.suse.com/1204635

https://bugzilla.suse.com/1204646

https://bugzilla.suse.com/1204647

https://bugzilla.suse.com/1204653

https://bugzilla.suse.com/1204755

http://www.nessus.org/u?41b23478

https://www.suse.com/security/cve/CVE-2021-4037

https://www.suse.com/security/cve/CVE-2022-2153

https://www.suse.com/security/cve/CVE-2022-2964

https://www.suse.com/security/cve/CVE-2022-3169

https://www.suse.com/security/cve/CVE-2022-3424

https://www.suse.com/security/cve/CVE-2022-3521

https://www.suse.com/security/cve/CVE-2022-3524

https://www.suse.com/security/cve/CVE-2022-3545

https://www.suse.com/security/cve/CVE-2022-3565

https://www.suse.com/security/cve/CVE-2022-3586

https://www.suse.com/security/cve/CVE-2022-3594

https://www.suse.com/security/cve/CVE-2022-3621

https://www.suse.com/security/cve/CVE-2022-3629

https://www.suse.com/security/cve/CVE-2022-3646

https://www.suse.com/security/cve/CVE-2022-3649

https://www.suse.com/security/cve/CVE-2022-40307

https://www.suse.com/security/cve/CVE-2022-40768

https://www.suse.com/security/cve/CVE-2022-42703

https://www.suse.com/security/cve/CVE-2022-43750

Plugin Details

Severity: High

ID: 168291

File Name: suse_SU-2022-4272-1.nasl

Version: 1.8

Type: local

Agent: unix

Published: 11/30/2022

Updated: 9/25/2025

Supported Sensors: Frictionless Assessment AWS, Frictionless Assessment Azure, Frictionless Assessment Agent, Nessus Agent, Agentless Assessment, Continuous Assessment, Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 6.7

CVSS v2

Risk Factor: Medium

Base Score: 6.8

Temporal Score: 5.3

Vector: CVSS2#AV:L/AC:L/Au:S/C:C/I:C/A:C

CVSS Score Source: CVE-2022-3565

CVSS v3

Risk Factor: High

Base Score: 7.8

Temporal Score: 7

Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Temporal Vector: CVSS:3.0/E:P/RL:O/RC:C

Vulnerability Information

CPE: p-cpe:/a:novell:suse_linux:dlm-kmp-default, p-cpe:/a:novell:suse_linux:cluster-md-kmp-default, p-cpe:/a:novell:suse_linux:kernel-default-extra, p-cpe:/a:novell:suse_linux:ocfs2-kmp-default, cpe:/o:novell:suse_linux:12, p-cpe:/a:novell:suse_linux:gfs2-kmp-default

Required KB Items: Host/local_checks_enabled, Host/cpu, Host/SuSE/release, Host/SuSE/rpm-list

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 11/29/2022

Vulnerability Publication Date: 3/7/2022

Reference Information

CVE: CVE-2021-4037, CVE-2022-2153, CVE-2022-2964, CVE-2022-3169, CVE-2022-3424, CVE-2022-3521, CVE-2022-3524, CVE-2022-3545, CVE-2022-3565, CVE-2022-3586, CVE-2022-3594, CVE-2022-3621, CVE-2022-3629, CVE-2022-3646, CVE-2022-3649, CVE-2022-40307, CVE-2022-40768, CVE-2022-42703, CVE-2022-43750

SuSE: SUSE-SU-2022:4272-1