Detections
Analytics
SUSE SLES12 Security Update : kernel (SUSE-SU-2023:0407-1)
high Nessus Plugin ID 171488
Language:
Synopsis
The remote SUSE host is missing one or more security updates.Description
The remote SUSE Linux SLES12 / SLES_SAP12 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2023:0407-1 advisory.- A vulnerability classified as critical was found in Linux Kernel. Affected by this vulnerability is the function l2cap_reassemble_sdu of the file net/bluetooth/l2cap_core.c of the component Bluetooth. The manipulation leads to use after free. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-211087. (CVE-2022-3564)
- A flaw incorrect access control in the Linux kernel USB core subsystem was found in the way user attaches usb device. A local user could use this flaw to crash the system. (CVE-2022-4662)
- In the Linux kernel before 6.1.6, a NULL pointer dereference bug in the traffic control subsystem allows an unprivileged user to trigger a denial of service (system crash) via a crafted traffic control configuration that is set up with tc qdisc and tc class commands. This affects qdisc_graft in net/sched/sch_api.c. (CVE-2022-47929)
- cbq_classify in net/sched/sch_cbq.c in the Linux kernel through 6.1.4 allows attackers to cause a denial of service (slab-out-of-bounds read) because of type confusion (non-negative numbers can sometimes indicate a TC_ACT_SHOT condition rather than valid classification results). (CVE-2023-23454)
Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.
Solution
Update the affected packages.See Also
https://bugzilla.suse.com/1203693
https://bugzilla.suse.com/1205149
https://bugzilla.suse.com/1206073
https://bugzilla.suse.com/1206664
https://bugzilla.suse.com/1206677
https://bugzilla.suse.com/1206784
https://bugzilla.suse.com/1207036
https://bugzilla.suse.com/1207186
https://bugzilla.suse.com/1207237
https://www.suse.com/security/cve/CVE-2022-3564
https://www.suse.com/security/cve/CVE-2022-4662
https://www.suse.com/security/cve/CVE-2022-47929
Plugin Details
Severity: High
ID: 171488
File Name: suse_SU-2023-0407-1.nasl
Version: 1.4
Type: local
Agent: unix
Family: SuSE Local Security Checks
Published: 2/15/2023
Updated: 7/14/2023
Supported Sensors: Frictionless Assessment AWS, Frictionless Assessment Azure, Frictionless Assessment Agent, Nessus Agent, Agentless Assessment, Nessus
Risk Information
VPR
Risk Factor: Medium
Score: 6.7
CVSS v2
Risk Factor: Medium
Base Score: 6.5
Temporal Score: 5.1
Vector: CVSS2#AV:A/AC:H/Au:S/C:C/I:C/A:C
CVSS Score Source: CVE-2022-3564
CVSS v3
Risk Factor: High
Base Score: 7.1
Temporal Score: 6.4
Vector: CVSS:3.0/AV:A/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
Temporal Vector: CVSS:3.0/E:P/RL:O/RC:C
Vulnerability Information
CPE: p-cpe:/a:novell:suse_linux:cluster-md-kmp-default, p-cpe:/a:novell:suse_linux:dlm-kmp-default, p-cpe:/a:novell:suse_linux:gfs2-kmp-default, p-cpe:/a:novell:suse_linux:kernel-default, p-cpe:/a:novell:suse_linux:kernel-default-base, p-cpe:/a:novell:suse_linux:kernel-default-devel, p-cpe:/a:novell:suse_linux:kernel-default-kgraft, p-cpe:/a:novell:suse_linux:kernel-default-kgraft-devel, p-cpe:/a:novell:suse_linux:kernel-default-man, p-cpe:/a:novell:suse_linux:kernel-devel, p-cpe:/a:novell:suse_linux:kernel-macros, p-cpe:/a:novell:suse_linux:kernel-source, p-cpe:/a:novell:suse_linux:kernel-syms, p-cpe:/a:novell:suse_linux:kgraft-patch-4_12_14-95_117-default, p-cpe:/a:novell:suse_linux:ocfs2-kmp-default, cpe:/o:novell:suse_linux:12
Required KB Items: Host/local_checks_enabled, Host/cpu, Host/SuSE/release, Host/SuSE/rpm-list
Exploit Available: true
Exploit Ease: Exploits are available
Patch Publication Date: 2/14/2023
Vulnerability Publication Date: 10/17/2022
Reference Information
CVE: CVE-2022-3564, CVE-2022-4662, CVE-2022-47929, CVE-2023-23454
SuSE: SUSE-SU-2023:0407-1