SUSE SLES12 Security Update : kernel (SUSE-SU-2023:0747-1)

high Nessus Plugin ID 172597

Language:

Synopsis

The remote SUSE host is missing one or more security updates.

Description

The remote SUSE Linux SLES12 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2023:0747-1 advisory.

- A use-after-free read flaw was found in sock_getsockopt() in net/core/sock.c due to SO_PEERCRED and SO_PEERGROUPS race with listen() (and connect()) in the Linux kernel. In this flaw, an attacker with a user privileges may crash the system or leak internal kernel information. (CVE-2021-4203)

- A NULL pointer dereference vulnerability was found in vmwgfx driver in drivers/gpu/vmxgfx/vmxgfx_execbuf.c in GPU component of Linux kernel with device file '/dev/dri/renderD128 (or Dxxx)'. This flaw allows a local attacker with a user account on the system to gain privilege, causing a denial of service(DoS).
(CVE-2022-38096)

- A flaw was found in the Linux kernel's Layer 2 Tunneling Protocol (L2TP). A missing lock when clearing sk_user_data can lead to a race condition and NULL pointer dereference. A local user could use this flaw to potentially crash the system causing a denial of service. (CVE-2022-4129)

- A flaw possibility of memory leak in the Linux kernel cpu_entry_area mapping of X86 CPU data to memory was found in the way user can guess location of exception stack(s) or other important data. A local user could use this flaw to get access to some important data with expected location in memory. (CVE-2023-0597)

- A flaw use after free in the Linux kernel integrated infrared receiver/transceiver driver was found in the way user detaching rc device. A local user could use this flaw to crash the system or potentially escalate their privileges on the system. (CVE-2023-1118)

- In rndis_query_oid in drivers/net/wireless/rndis_wlan.c in the Linux kernel through 6.1.5, there is an integer overflow in an addition. (CVE-2023-23559)

- In the Linux kernel before 6.1.13, there is a double free in net/mpls/af_mpls.c upon an allocation failure (for registering the sysctl table under a new location) during the renaming of a device. (CVE-2023-26545)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

Solution

Update the affected packages.

See Also

https://bugzilla.suse.com/1065729

https://bugzilla.suse.com/1194535

https://bugzilla.suse.com/1198438

https://bugzilla.suse.com/1203200

https://bugzilla.suse.com/1203331

https://bugzilla.suse.com/1205711

https://bugzilla.suse.com/1206103

https://bugzilla.suse.com/1207051

https://bugzilla.suse.com/1207201

https://bugzilla.suse.com/1207845

https://bugzilla.suse.com/1208179

https://bugzilla.suse.com/1208541

https://bugzilla.suse.com/1208542

https://bugzilla.suse.com/1208570

https://bugzilla.suse.com/1208700

https://bugzilla.suse.com/1208837

https://bugzilla.suse.com/1209008

https://bugzilla.suse.com/1209188

https://www.suse.com/security/cve/CVE-2021-4203

https://www.suse.com/security/cve/CVE-2022-38096

https://www.suse.com/security/cve/CVE-2022-4129

https://www.suse.com/security/cve/CVE-2023-0597

https://www.suse.com/security/cve/CVE-2023-1118

https://www.suse.com/security/cve/CVE-2023-23559

https://www.suse.com/security/cve/CVE-2023-26545

http://www.nessus.org/u?03439398

Plugin Details

Severity: High

ID: 172597

File Name: suse_SU-2023-0747-1.nasl

Version: 1.2

Type: local

Agent: unix

Published: 3/16/2023

Updated: 7/14/2023

Supported Sensors: Frictionless Assessment AWS, Frictionless Assessment Azure, Frictionless Assessment Agent, Nessus Agent, Agentless Assessment, Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 6.7

CVSS v2

Risk Factor: Medium

Base Score: 4.9

Temporal Score: 3.8

Vector: CVSS2#AV:N/AC:M/Au:S/C:P/I:N/A:P

CVSS Score Source: CVE-2021-4203

CVSS v3

Risk Factor: High

Base Score: 7.8

Temporal Score: 7

Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Temporal Vector: CVSS:3.0/E:P/RL:O/RC:C

CVSS Score Source: CVE-2023-23559

Vulnerability Information

CPE: p-cpe:/a:novell:suse_linux:cluster-md-kmp-rt, p-cpe:/a:novell:suse_linux:dlm-kmp-rt, p-cpe:/a:novell:suse_linux:gfs2-kmp-rt, p-cpe:/a:novell:suse_linux:kernel-devel-rt, p-cpe:/a:novell:suse_linux:kernel-rt, p-cpe:/a:novell:suse_linux:kernel-rt-base, p-cpe:/a:novell:suse_linux:kernel-rt-devel, p-cpe:/a:novell:suse_linux:kernel-rt_debug, p-cpe:/a:novell:suse_linux:kernel-rt_debug-devel, p-cpe:/a:novell:suse_linux:kernel-source-rt, p-cpe:/a:novell:suse_linux:kernel-syms-rt, p-cpe:/a:novell:suse_linux:ocfs2-kmp-rt, cpe:/o:novell:suse_linux:12

Required KB Items: Host/local_checks_enabled, Host/cpu, Host/SuSE/release, Host/SuSE/rpm-list

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 3/15/2023

Vulnerability Publication Date: 3/25/2022

Reference Information

CVE: CVE-2021-4203, CVE-2022-38096, CVE-2022-4129, CVE-2023-0597, CVE-2023-1118, CVE-2023-23559, CVE-2023-26545

SuSE: SUSE-SU-2023:0747-1