Detections
Analytics

SUSE SLES15: cluster-md-kmp-azure / dlm-kmp-azure / gfs2-kmp-azure / etc (SUSE-SU-2022:4503-1)

high Nessus Plugin ID 168888

Language:

Synopsis

The remote SUSE host is missing one or more security updates.

Description

The remote SUSE Linux SLES15 / SLES_SAP15 / openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2022:4503-1 advisory.

 The SUSE Linux Enterprise 15 SP3 Azure kernel was updated to receive various security and bugfixes.


 The following security bugs were fixed:

 - CVE-2022-4378: Fixed stack overflow in __do_proc_dointvec (bsc#1206207).
 - CVE-2022-3635: Fixed a use-after-free in the tst_timer() of the file drivers/atm/idt77252.c of the component IPsec (bsc#1204631).
 - CVE-2022-41850: Fixed a race condition in roccat_report_event() in drivers/hid/hid-roccat.c (bsc#1203960).
 - CVE-2022-45934: Fixed a integer wraparound via L2CAP_CONF_REQ packets in l2cap_config_req in net/bluetooth/l2cap_core.c (bsc#1205796).
 - CVE-2022-3628: Fixed potential buffer overflow in brcmf_fweh_event_worker() in wifi/brcmfmac (bsc#1204868).
 - CVE-2022-3567: Fixed a to race condition in inet6_stream_ops()/inet6_dgram_ops() of the component IPv6 Handler (bsc#1204414).
 - CVE-2022-41858: Fixed a denial of service in sl_tx_timeout() in drivers/net/slip (bsc#1205671).
 - CVE-2022-43945: Fixed a buffer overflow in the NFSD implementation (bsc#1205128).
 - CVE-2022-4095: Fixed a use-after-free in rtl8712 driver (bsc#1205514).
 - CVE-2022-3903: Fixed a denial of service with the Infrared Transceiver USB driver (bsc#1205220).
 - CVE-2022-2602: Fixed a local privilege escalation vulnerability involving Unix socket Garbage Collection and io_uring (bsc#1204228).
 - CVE-2022-4139: Fixed an issue with the i915 driver that allowed the GPU to access any physical memory (bsc#1205700).
 - CVE-2022-4129: Fixed a denial of service with the Layer 2 Tunneling Protocol (L2TP). A missing lock when clearing sk_user_data can lead to a race condition and NULL pointer dereference. (bsc#1205711)
 - CVE-2022-42895: Fixed an information leak in the net/bluetooth/l2cap_core.c's l2cap_parse_conf_req() which can be used to leak kernel pointers remotely (bsc#1205705).
 - CVE-2022-42896: Fixed a use-after-free vulnerability in the net/bluetooth/l2cap_core.c's l2cap_connect() and l2cap_le_connect_req() which may have allowed code execution and leaking kernel memory (respectively) remotely via Bluetooth (bsc#1205709).
 - CVE-2022-3707: Fixed a double free in the Intel GVT-g graphics driver (bsc#1204780).


Tenable has extracted the preceding description block directly from the SUSE security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

Solution

Update the affected packages.

See Also

https://bugzilla.suse.com/1065729

https://bugzilla.suse.com/1071995

https://bugzilla.suse.com/1156395

https://bugzilla.suse.com/1184350

https://bugzilla.suse.com/1189297

https://bugzilla.suse.com/1192761

https://bugzilla.suse.com/1200845

https://bugzilla.suse.com/1201455

https://bugzilla.suse.com/1203144

https://bugzilla.suse.com/1203746

https://bugzilla.suse.com/1203960

https://bugzilla.suse.com/1204017

https://bugzilla.suse.com/1204142

https://bugzilla.suse.com/1204215

https://bugzilla.suse.com/1204228

https://bugzilla.suse.com/1204241

https://bugzilla.suse.com/1204328

https://bugzilla.suse.com/1204446

https://bugzilla.suse.com/1204636

https://bugzilla.suse.com/1204693

https://bugzilla.suse.com/1204780

https://bugzilla.suse.com/1204791

https://bugzilla.suse.com/1204810

https://bugzilla.suse.com/1204827

https://bugzilla.suse.com/1204850

https://bugzilla.suse.com/1204868

https://bugzilla.suse.com/1204934

https://bugzilla.suse.com/1204957

https://bugzilla.suse.com/1204963

https://bugzilla.suse.com/1204967

https://bugzilla.suse.com/1205220

https://bugzilla.suse.com/1205264

https://bugzilla.suse.com/1205329

https://bugzilla.suse.com/1205330

https://bugzilla.suse.com/1205428

https://bugzilla.suse.com/1205514

https://bugzilla.suse.com/1205567

https://bugzilla.suse.com/1205617

https://bugzilla.suse.com/1205671

https://bugzilla.suse.com/1205700

https://bugzilla.suse.com/1205705

https://bugzilla.suse.com/1205709

https://bugzilla.suse.com/1205753

https://bugzilla.suse.com/1205984

https://bugzilla.suse.com/1205985

https://bugzilla.suse.com/1205986

https://bugzilla.suse.com/1205987

https://bugzilla.suse.com/1205988

https://bugzilla.suse.com/1205989

https://bugzilla.suse.com/1206207

https://www.suse.com/security/cve/CVE-2022-2602

https://www.suse.com/security/cve/CVE-2022-28693

https://www.suse.com/security/cve/CVE-2022-3567

https://www.suse.com/security/cve/CVE-2022-3628

https://www.suse.com/security/cve/CVE-2022-3635

https://www.suse.com/security/cve/CVE-2022-3707

https://www.suse.com/security/cve/CVE-2022-3903

https://www.suse.com/security/cve/CVE-2022-4095

https://www.suse.com/security/cve/CVE-2022-4129

https://www.suse.com/security/cve/CVE-2022-4139

https://www.suse.com/security/cve/CVE-2022-41850

https://www.suse.com/security/cve/CVE-2022-41858

https://www.suse.com/security/cve/CVE-2022-42895

https://www.suse.com/security/cve/CVE-2022-42896

https://www.suse.com/security/cve/CVE-2022-4378

https://www.suse.com/security/cve/CVE-2022-43945

https://www.suse.com/security/cve/CVE-2022-45934

http://www.nessus.org/u?b3b5551f

Plugin Details

Severity: High

ID: 168888

File Name: suse_SU-2022-4503-1.nasl

Version: 1.7

Type: Local

Agent: unix

Published: 12/17/2022

Updated: 6/26/2026

Supported Sensors: Frictionless Assessment AWS, Frictionless Assessment Azure, Frictionless Assessment Agent, Nessus Agent, Agentless Assessment, Continuous Assessment, tenable_cloud_security, tenable_self_hosted_container_security, Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 6.7

CVSS v2

Risk Factor: High

Base Score: 8.3

Temporal Score: 6.5

Vector: CVSS2#AV:A/AC:L/Au:N/C:C/I:C/A:C

CVSS Score Source: CVE-2022-42896

CVSS v3

Risk Factor: High

Base Score: 8.8

Temporal Score: 7.9

Vector: CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Temporal Vector: CVSS:3.0/E:P/RL:O/RC:C

Vulnerability Information

CPE: p-cpe:/a:novell:suse_linux:kernel-source-azure, p-cpe:/a:novell:suse_linux:kernel-syms-azure, p-cpe:/a:novell:suse_linux:kernel-azure-devel, p-cpe:/a:novell:suse_linux:kernel-devel-azure, p-cpe:/a:novell:suse_linux:kernel-azure, cpe:/o:novell:suse_linux:15

Required KB Items: Host/local_checks_enabled, Host/cpu, Host/SuSE/release, Host/SuSE/rpm-list

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 12/16/2022

Vulnerability Publication Date: 9/30/2022

Reference Information

CVE: CVE-2022-2602, CVE-2022-28693, CVE-2022-3567, CVE-2022-3628, CVE-2022-3635, CVE-2022-3707, CVE-2022-3903, CVE-2022-4095, CVE-2022-4129, CVE-2022-4139, CVE-2022-41850, CVE-2022-41858, CVE-2022-42895, CVE-2022-42896, CVE-2022-4378, CVE-2022-43945, CVE-2022-45934

SuSE: SUSE-SU-2022:4503-1