SUSE SLES15 Security Update : kernel (SUSE-SU-2022:4617-1)

high Nessus Plugin ID 169292

Language:

Synopsis

The remote SUSE host is missing one or more security updates.

Description

The remote SUSE Linux SLES15 / SLES_SAP15 host has a package installed that is affected by multiple vulnerabilities as referenced in the SUSE-SU-2022:4617-1 advisory.

The SUSE Linux Enterprise 15 SP4 RT kernel was updated to receive various security and bugfixes.

The following security bugs were fixed:

- CVE-2022-4378: Fixed stack overflow in __do_proc_dointvec (bsc#1206207).
- CVE-2022-42328: Guests could trigger denial of service via the netback driver (bsc#1206114).
- CVE-2022-42329: Guests could trigger denial of service via the netback driver (bsc#1206113).
- CVE-2022-3643: Guests could trigger NIC interface reset/abort/crash via netback driver (bsc#1206113).
- CVE-2022-3633: Fixed a memory leak in j1939_session_destroy of the file net/can/j1939/transport.c (bsc#1204650).
- CVE-2022-3114: Fixed a denial of service in imx_register_uart_clocks() in drivers/clk/imx/clk.c (bsc#1206391).
- CVE-2022-3619: Fixed a memory leak in l2cap_recv_acldata of the file net/bluetooth/l2cap_core.c (bsc#1204569).
- CVE-2022-3635: Fixed a use-after-free in the tst_timer() of the file drivers/atm/idt77252.c (bsc#1204631).
- CVE-2022-41850: Fixed a race condition in roccat_report_event() in drivers/hid/hid-roccat.c (bsc#1203960).
- CVE-2022-45934: Fixed a integer wraparound via L2CAP_CONF_REQ packets in l2cap_config_req in net/bluetooth/l2cap_core.c (bsc#1205796).
- CVE-2022-3567: Fixed a to race condition in inet6_stream_ops()/inet6_dgram_ops() (bsc#1204414).
- CVE-2022-41858: Fixed a denial of service in sl_tx_timeout() in drivers/net/slip (bsc#1205671).
- CVE-2022-43945: Fixed a buffer overflow in the NFSD implementation (bsc#1205128).
- CVE-2022-4095: Fixed a use-after-free in rtl8712 driver (bsc#1205514).
- CVE-2022-3903: Fixed a denial of service with the Infrared Transceiver USB driver (bsc#1205220).
- CVE-2022-42896: Fixed a use-after-free vulnerability in the net/bluetooth/l2cap_core.c's l2cap_connect() and l2cap_le_connect_req() which may have allowed code execution and leaking kernel memory (respectively) remotely via Bluetooth (bsc#1205709).
- CVE-2022-42895: Fixed an information leak in the net/bluetooth/l2cap_core.c's l2cap_parse_conf_req() which can be used to leak kernel pointers remotely (bsc#1205705).
- CVE-2022-3424: Fixed use-after-free in gru_set_context_option(), gru_fault() and gru_handle_user_call_os() that could lead to kernel panic (bsc#1204166).
- CVE-2022-3628: Fixed potential buffer overflow in brcmf_fweh_event_worker() in wifi/brcmfmac (bsc#1204868).
- CVE-2022-2964: Fixed memory corruption issues in ax88179_178a devices (bsc#1202686).
- CVE-2021-4037: Fixed function logic vulnerability that allowed local users to create files for the XFS file-system with an unintended group ownership and with group execution and SGID permission bits set (bsc#1198702).
- CVE-2022-43750: Fixed vulnerability in usbmon that allowed a user-space client to corrupt the monitor's internal memory (bsc#1204653).
- CVE-2022-3542: Fixed memory leak in bnx2x_tpa_stop() in drivers/net/ethernet/broadcom/bnx2x/bnx2x_cmn.c (bsc#1204402).
- CVE-2022-3629: Fixed memory leak in vsock_connect() in net/vmw_vsock/af_vsock.c (bsc#1204635).
- CVE-2022-3646: Fixed memory leak in nilfs_attach_log_writer() in fs/nilfs2/segment.c (bsc#1204646).
- CVE-2022-3649: Fixed use-after-free in nilfs_new_inode() in fs/nilfs2/inode.c (bsc#1204647).
- CVE-2022-3621: Fixed null pointer dereference in nilfs_bmap_lookup_at_level() in fs/nilfs2/inode.c (bsc#1204574).
- CVE-2022-3594: Fixed excessive data logging in intr_callback() in drivers/net/usb/r8152.c (bsc#1204479).
- CVE-2022-3586: Fixed use-after-free in socket buffer (SKB) that could allow a local unprivileged user to cause a denial of service (bsc#1204439).
- CVE-2022-3565: Fixed use-after-free in del_timer() in drivers/isdn/mISDN/l1oip_core.c (bsc#1204431).
- CVE-2022-3524: Fixed memory leak in ipv6_renew_options() in the IPv6 handler (bsc#1204354).
- CVE-2022-40768: Fixed information leak in the scsi driver which allowed local users to obtain sensitive information from kernel memory (bsc#1203514).
- CVE-2022-42703: Fixed use-after-free in mm/rmap.c related to leaf anon_vma double reuse (bsc#1204168).
- CVE-2022-3169: Fixed an denial of service though request to NVME_IOCTL_RESET and NVME_IOCTL_SUBSYS_RESET (bsc#1203290).
- CVE-2022-3545: Fixed a use-after-free vulnerability is area_cache_get() of the file drivers/net/ethernet/netronome/nfp/nfpcore/nfp_cppcore.c (bsc#1204415).
- CVE-2022-3521: Fixed a race condition in kcm_tx_work() of the file net/kcm/kcmsock.c (bsc#1204355).
- CVE-2022-2153: Fixed a NULL pointer dereference in KVM when attempting to set a SynIC IRQ (bsc#1200788).
- CVE-2022-33981: Fixed a denial of service, because of a concurrency use-after-free flaw after deallocating raw_cmd in the raw_cmd_ioctl function (bsc#1200692).
- CVE-2022-45869: Fixed a race condition in the x86 KVM subsystem which could cause a denial of service (bsc#1205882).
- CVE-2022-45888: Fixed a use-after-free during physical removal of a USB devices when using drivers/char/xillybus/xillyusb.c (bsc#1205764).
- CVE-2022-4139: Fixed an issue with the i915 driver that allowed the GPU to access any physical memory (bsc#1205700).
- CVE-2022-4129: Fixed a denial of service with the Layer 2 Tunneling Protocol (L2TP). A missing lock when clearing sk_user_data can lead to a race condition and NULL pointer dereference. (bsc#1205711)
- CVE-2022-3566: Fixed a race condition in the functions tcp_getsockopt/tcp_setsockopt. The manipulation leads to a race condition (bsc#1204405).
- CVE-2022-2602: Fixed a local privilege escalation vulnerability involving Unix socket Garbage Collection and io_uring (bsc#1204228).
- CVE-2022-3176: Fixed a use-after-free in io_uring related to signalfd_poll() and binder_poll() (bsc#1203391).
- CVE-2022-3707: Fixed a double free in the Intel GVT-g graphics driver (bsc#1204780).
- CVE-2022-3625: Fixed a user-after-free vulnerability in devlink_param_set/devlink_param_get of the file net/core/devlink.c (bsc#1204637).
- CVE-2022-3535: Fixed a memory leak in mvpp2_dbgfs_port_init of the file drivers/net/ethernet/marvell/mvpp2/mvpp2_debugfs.c (bsc#1204417).
- CVE-2022-39189: Fixed an issue were an unprivileged guest users can compromise the guest kernel because TLB flush operations were mishandled in certain KVM_VCPU_PREEMPTED situations (bsc#1203066).
- CVE-2022-3577: Fixed an out-of-bounds memory write in bigben_probe of drivers/hid/hid-bigbenff.c (bsc#1204470).
- CVE-2022-2978: Fixed a use-after-free in the NILFS file system (bsc#1202700).
- CVE-2022-1184: Fixed a use-after-free and memory errors in ext4 when mounting and operating on a corrupted image (bsc#1198577).
- CVE-2022-1263: Fixed a NULL pointer dereference issue was found in KVM when releasing a vCPU with dirty ring support enabled. This flaw allowed an unprivileged local attacker on the host to issue specific ioctl calls, causing a kernel oops condition that results in a denial of service (bsc#1198189).
- CVE-2022-1882: Fixed a use-after-free flaw in free_pipe_info() that could allow a local user to crash or potentially escalate their privileges on the system (bsc#1199904).
- CVE-2022-20369: Fixed possible out of bounds write due to improper input validation in v4l2_m2m_querybuf of v4l2-mem2mem.c (bsc#1202347).
- CVE-2022-2586: Fixed a use-after-free which can be triggered when a nft table is deleted (bsc#1202095).
- CVE-2022-2588: Fixed use-after-free in cls_route (bsc#1202096).
- CVE-2022-26373: Fixed CPU information leak via post-barrier RSB predictions (bsc#1201726).
- CVE-2022-2639: Fixed integer underflow that could lead to out-of-bounds write in reserve_sfa_size() (bsc#1202154).
- CVE-2022-2663: Fixed an issue which allowed a firewall to be bypassed when users are using unencrypted IRC with nf_conntrack_irc configured (bsc#1202097).
- CVE-2022-20368: Fixed slab-out-of-bounds access in packet_recvmsg() (bsc#1202346).
- CVE-2022-28356: Fixed a refcount bug in llc_ui_bind and llc_ui_autobind which could allow an unprivileged user to execute a denial of service. (bsc#1197391)
- CVE-2022-2873: Fixed an out-of-bounds memory access flaw that was found in iSMT SMBus host controller driver (bsc#1202558).
- CVE-2022-2905: Fixed tnum_range usage on array range checking for poke descriptors (bsc#1202860).
- CVE-2022-2938: Fixed a flaw that was found inside the Pressure Stall Information implementation that could have been used to allow an attacker to crash the system or have other memory-corruption side effects (bsc#1202623).
- CVE-2022-2959: Fixed a race condition that was found inside the watch queue due to a missing lock in pipe_resize_ring() (bsc#1202681).
- CVE-2022-2977: Fixed reference counting for struct tpm_chip (bsc#1202672).
- CVE-2022-3028: Fixed a race condition that was found in the IP framework for transforming packets (XFRM subsystem) when multiple calls to xfrm_probe_algs occurred simultaneously (bsc#1202898).
- CVE-2022-3078: Fixed a lack of check after calling vzalloc() and lack of free after allocation in drivers/media/test-drivers/vidtv/vidtv_s302m.c (bsc#1203041).
- CVE-2022-3202: Fixed a NULL pointer dereference flaw in Journaled File System. This could allow a local attacker to crash the system or leak kernel internal information (bsc#1203389).
- CVE-2022-32250: Fixed user-after-free in net/netfilter/nf_tables_api.c that could allow local privilege escalation (bsc#1200015).
- CVE-2022-32296: Fixed vulnerability where TCP servers were allowed to identify clients by observing what source ports are used (bsc#1200288).
- CVE-2022-3239: Fixed an use-after-free in the video4linux driver that could lead a local user to able to crash the system or escalate their privileges (bsc#1203552).
- CVE-2022-3303: Fixed a race condition in the sound subsystem due to improper locking (bsc#1203769).
- CVE-2022-3435: Fixed an out-of-bounds read in fib_nh_match() of the file net/ipv4/fib_semantics.c (bsc#1204171).
- CVE-2022-3526: Fixed a memory leak in macvlan_handle_frame() from drivers/net/macvlan.c (bsc#1204353).
- CVE-2022-3640: Fixed use-after-free in l2cap_conn_del() in net/bluetooth/l2cap_core.c (bsc#1204619).
- CVE-2022-36879: Fixed an issue in xfrm_expand_policies in net/xfrm/xfrm_policy.c where a refcount could be dropped twice (bsc#1201948).
- CVE-2022-36946: Fixed a denial of service inside nfqnl_mangle in net/netfilter/nfnetlink_queue.c (bsc#1201940).
- CVE-2022-39188: Fixed race condition in include/asm-generic/tlb.h where a device driver can free a page while it still has stale TLB entries (bsc#1203107).
- CVE-2022-39190: Fixed an issue that was discovered in net/netfilter/nf_tables_api.c and could cause a denial of service upon binding to an already bound chain (bsc#1203117).
- CVE-2022-40476: Fixed a null pointer dereference in fs/io_uring.c (bsc#1203435).
- CVE-2022-41218: Fixed an use-after-free caused by refcount races in drivers/media/dvb-core/dmxdev.c (bsc#1202960).
- CVE-2022-41674: Fixed a DoS issue where kernel can crash on the reception of specific WiFi Frames (bsc#1203770).
- CVE-2022-41848: Fixed a race condition and resultant use-after-free if a physically proximate attacker removes a PCMCIA device while calling ioctl (bsc#1203987).
- CVE-2022-41849: Fixed a race condition and resultant use-after-free if a physically proximate attacker removes a USB device while calling open (bsc#1203992).
- CVE-2022-42719: Fixed remote code execution with wlan frames when parsing a multi-BSSID element (bsc#1204051).
- CVE-2022-42720: Fixed remote code execution due to refcounting bugs (bsc#1204059).
- CVE-2022-42721: Fixed remote code execution due list corruption in the wlan stack (bsc#1204060).
- CVE-2022-42722: Fixed crash in beacon protection for P2P-device. (bsc#1204125)
- CVE-2021-33135: Fixed uncontrolled resource consumption inside Intel(R) SGX that may have allowed an authenticated user to potentially enable denial of service via local access (bsc#1199515).
- CVE-2020-16119: Fixed a use-after-free vulnerability exploitable by a local attacker due to reuse of a DCCP socket. (bsc#1177471)
- CVE-2020-36516: Fixed an issue in the mixed IPID assignment method where an attacker was able to inject data into or terminate a victim's TCP session (bsc#1196616).
- CVE-2016-3695: Fixed an issue inside the einj_error_inject function in drivers/acpi/apei/einj.c that allowed users to simulate hardware errors and consequently cause a denial of service (bsc#1023051).

Tenable has extracted the preceding description block directly from the SUSE security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

Solution

Update the affected kernel-livepatch-5_14_21-150400_15_5-rt package.

Plugin Details

Severity: High

ID: 169292

File Name: suse_SU-2022-4617-1.nasl

Version: 1.11

Type: local

Agent: unix

Family: SuSE Local Security Checks

Published: 12/24/2022

Updated: 9/25/2025

Supported Sensors: Frictionless Assessment AWS, Frictionless Assessment Azure, Frictionless Assessment Agent, Nessus Agent, Agentless Assessment, Continuous Assessment, Nessus

Risk Information

VPR

Risk Factor: Critical

Score: 9.5

CVSS v2

Risk Factor: High

Base Score: 7.2

Temporal Score: 6.3

Vector: CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C

CVSS Score Source: CVE-2022-32250

CVSS v3

Risk Factor: High

Base Score: 8.8

Temporal Score: 8.4

Vector: CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Temporal Vector: CVSS:3.0/E:H/RL:O/RC:C

CVSS Score Source: CVE-2022-42896

Vulnerability Information

CPE: p-cpe:/a:novell:suse_linux:kernel-livepatch-5_14_21-150400_15_5-rt, cpe:/o:novell:suse_linux:15

Required KB Items: Host/local_checks_enabled, Host/cpu, Host/SuSE/release, Host/SuSE/rpm-list

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 12/23/2022

Vulnerability Publication Date: 12/29/2017

CISA Known Exploited Vulnerability Due Dates: 7/17/2024

Exploitable With

Core Impact

Reference Information

CVE: CVE-2016-3695, CVE-2020-16119, CVE-2020-36516, CVE-2021-33135, CVE-2021-4037, CVE-2022-1184, CVE-2022-1263, CVE-2022-1882, CVE-2022-20368, CVE-2022-20369, CVE-2022-2153, CVE-2022-2586, CVE-2022-2588, CVE-2022-2602, CVE-2022-26373, CVE-2022-2639, CVE-2022-2663, CVE-2022-28356, CVE-2022-28693, CVE-2022-2873, CVE-2022-2905, CVE-2022-2938, CVE-2022-2959, CVE-2022-2964, CVE-2022-2977, CVE-2022-2978, CVE-2022-3028, CVE-2022-3078, CVE-2022-3114, CVE-2022-3169, CVE-2022-3176, CVE-2022-3202, CVE-2022-32250, CVE-2022-32296, CVE-2022-3239, CVE-2022-3303, CVE-2022-33981, CVE-2022-3424, CVE-2022-3435, CVE-2022-3521, CVE-2022-3524, CVE-2022-3526, CVE-2022-3545, CVE-2022-3565, CVE-2022-3566, CVE-2022-3567, CVE-2022-3577, CVE-2022-3586, CVE-2022-3594, CVE-2022-3619, CVE-2022-3621, CVE-2022-3625, CVE-2022-3628, CVE-2022-3629, CVE-2022-3633, CVE-2022-3635, CVE-2022-3640, CVE-2022-3643, CVE-2022-3646, CVE-2022-3649, CVE-2022-36879, CVE-2022-36946, CVE-2022-3707, CVE-2022-3903, CVE-2022-39188, CVE-2022-39189, CVE-2022-39190, CVE-2022-40476, CVE-2022-40768, CVE-2022-4095, CVE-2022-41218, CVE-2022-4129, CVE-2022-4139, CVE-2022-41674, CVE-2022-41848, CVE-2022-41849, CVE-2022-41850, CVE-2022-41858, CVE-2022-42328, CVE-2022-42329, CVE-2022-42703, CVE-2022-42719, CVE-2022-42720, CVE-2022-42721, CVE-2022-42722, CVE-2022-42895, CVE-2022-42896, CVE-2022-43750, CVE-2022-4378, CVE-2022-43945, CVE-2022-45869, CVE-2022-45888, CVE-2022-45934

SuSE: SUSE-SU-2022:4617-1

Detections

Analytics