The remote SUSE Linux SLES12 / SLES_SAP12 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2022:4273-1 advisory.

  - A vulnerability was found in the fs/inode.c:inode_init_owner() function logic of the LInux kernel that     allows local users to create files for the XFS file-system with an unintended group ownership and with     group execution and SGID permission bits set, in a scenario where a directory is SGID and belongs to a     certain group and is writable by a user who is not a member of this group. This can lead to excessive     permissions granted in case when they should not. This vulnerability is similar to the previous     CVE-2018-13405 and adds the missed fix for the XFS. (CVE-2021-4037)

  - A flaw was found in the Linux kernel's KVM when attempting to set a SynIC IRQ. This issue makes it     possible for a misbehaving VMM to write to SYNIC/STIMER MSRs, causing a NULL pointer dereference. This     flaw allows an unprivileged local attacker on the host to issue specific ioctl calls, causing a kernel     oops condition that results in a denial of service. (CVE-2022-2153)

  - A flaw was found in the Linux kernel's driver for the ASIX AX88179_178A-based USB 2.0/3.0 Gigabit Ethernet     Devices. The vulnerability contains multiple out-of-bounds reads and possible out-of-bounds writes.
    (CVE-2022-2964)

  - A flaw was found in the Linux kernel. A denial of service flaw may occur if there is a consecutive request     of the NVME_IOCTL_RESET and the NVME_IOCTL_SUBSYS_RESET through the device file of the driver, resulting     in a PCIe link disconnect. (CVE-2022-3169)

  - A use-after-free flaw was found in the Linux kernel's SGI GRU driver in the way the first     gru_file_unlocked_ioctl function is called by the user, where a fail pass occurs in the     gru_check_chiplet_assignment function. This flaw allows a local user to crash or potentially escalate     their privileges on the system. (CVE-2022-3424)

  - A vulnerability has been found in Linux Kernel and classified as problematic. This vulnerability affects     the function kcm_tx_work of the file net/kcm/kcmsock.c of the component kcm. The manipulation leads to     race condition. It is recommended to apply a patch to fix this issue. VDB-211018 is the identifier     assigned to this vulnerability. (CVE-2022-3521)

  - A vulnerability was found in Linux Kernel. It has been declared as problematic. Affected by this     vulnerability is the function ipv6_renew_options of the component IPv6 Handler. The manipulation leads to     memory leak. The attack can be launched remotely. It is recommended to apply a patch to fix this issue.
    The identifier VDB-211021 was assigned to this vulnerability. (CVE-2022-3524)

  - A vulnerability has been found in Linux Kernel and classified as critical. Affected by this vulnerability     is the function area_cache_get of the file drivers/net/ethernet/netronome/nfp/nfpcore/nfp_cppcore.c of the     component IPsec. The manipulation leads to use after free. It is recommended to apply a patch to fix this     issue. The identifier VDB-211045 was assigned to this vulnerability. (CVE-2022-3545)

  - A vulnerability, which was classified as critical, has been found in Linux Kernel. Affected by this issue     is the function del_timer of the file drivers/isdn/mISDN/l1oip_core.c of the component Bluetooth. The     manipulation leads to use after free. It is recommended to apply a patch to fix this issue. The identifier     of this vulnerability is VDB-211088. (CVE-2022-3565)

  - A flaw was found in the Linux kernel's networking code. A use-after-free was found in the way the sch_sfb     enqueue function used the socket buffer (SKB) cb field after the same SKB had been enqueued (and freed)     into a child qdisc. This flaw allows a local, unprivileged user to crash the system, causing a denial of     service. (CVE-2022-3586)

  - A vulnerability was found in Linux Kernel. It has been declared as problematic. Affected by this     vulnerability is the function intr_callback of the file drivers/net/usb/r8152.c of the component BPF. The     manipulation leads to logging of excessive data. The attack can be launched remotely. It is recommended to     apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-211363.
    (CVE-2022-3594)

  - A vulnerability was found in Linux Kernel. It has been classified as problematic. Affected is the function     nilfs_bmap_lookup_at_level of the file fs/nilfs2/inode.c of the component nilfs2. The manipulation leads     to null pointer dereference. It is possible to launch the attack remotely. It is recommended to apply a     patch to fix this issue. The identifier of this vulnerability is VDB-211920. (CVE-2022-3621)

  - A vulnerability was found in Linux Kernel. It has been declared as problematic. This vulnerability affects     the function vsock_connect of the file net/vmw_vsock/af_vsock.c. The manipulation leads to memory leak. It     is recommended to apply a patch to fix this issue. VDB-211930 is the identifier assigned to this     vulnerability. (CVE-2022-3629)

  - A vulnerability, which was classified as problematic, has been found in Linux Kernel. This issue affects     the function nilfs_attach_log_writer of the file fs/nilfs2/segment.c of the component BPF. The     manipulation leads to memory leak. The attack may be initiated remotely. It is recommended to apply a     patch to fix this issue. The identifier VDB-211961 was assigned to this vulnerability. (CVE-2022-3646)

  - A vulnerability was found in Linux Kernel. It has been classified as problematic. Affected is the function     nilfs_new_inode of the file fs/nilfs2/inode.c of the component BPF. The manipulation leads to use after     free. It is possible to launch the attack remotely. It is recommended to apply a patch to fix this issue.
    The identifier of this vulnerability is VDB-211992. (CVE-2022-3649)

  - An issue was discovered in the Linux kernel through 5.19.8. drivers/firmware/efi/capsule-loader.c has a     race condition with a resultant use-after-free. (CVE-2022-40307)

  - drivers/scsi/stex.c in the Linux kernel through 5.19.9 allows local users to obtain sensitive information     from kernel memory because stex_queuecommand_lck lacks a memset for the PASSTHRU_CMD case.
    (CVE-2022-40768)

  - mm/rmap.c in the Linux kernel before 5.19.7 has a use-after-free related to leaf anon_vma double reuse.
    (CVE-2022-42703)

  - drivers/usb/mon/mon_bin.c in usbmon in the Linux kernel before 5.19.15 and 6.x before 6.0.1 allows a user-     space client to corrupt the monitor's internal memory. (CVE-2022-43750)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

Detections

Analytics

SUSE SLES12 Security Update : kernel (SUSE-SU-2022:4273-1)

high Nessus Plugin ID 168308

Version 1.6

Version 1.5

Version 1.4

Version 1.3

Version 1.2

Version 1.6 Jul 14, 2023, 4:28 PM CVSS temporal metrics ("CVSSv2 temporal vector" set to "CVSS2#E:POC/RL:OF/RC:C". "CVSSv3 temporal vector" set to "CVSS:3.0/E:P/RL:O/RC:C") Detection Plugin Feed: 202307141628
Version 1.5 Jul 12, 2023, 5:37 PM Detection Plugin Feed: 202307121737
Version 1.4 Mar 22, 2023, 4:37 PM CVSS metrics ("CVSSv2 score" changed from "10.0" to "6.8". "CVSSv2 score" changed from "10.0" to "6.8". "CVSSv2 score" changed from "10.0" to "6.8". "CVSSv2 vector" changed from "CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C" to "CVSS2#AV:L/AC:L/Au:S/C:C/I:C/A:C". "CVSSv3 vector" changed from "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" to "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H". "CVSSv3 score" changed from "9.8" to "7.8". "CVSSv2 vector" changed from "CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C" to "CVSS2#AV:L/AC:L/Au:S/C:C/I:C/A:C". "CVSSv3 vector" changed from "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" to "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H". "CVSSv3 score" changed from "9.8" to "7.8") CVSSv2 score source (changed from "CVE-2022-3649" to "CVE-2022-3565") CVSSv2 severity (based on CVE-2022-3565, severity decreased from "High" to "Medium") CVSSv3 score source (set to "CVE-2022-3565") Plugin Feed: 202303221637
Version 1.3 Mar 10, 2023, 5:10 PM Logic Changes (Added support for additional SUSE Platforms) Plugin Feed: 202303101710
Version 1.2 Nov 30, 2022, 1:54 PM New Plugin Feed: 202211301354