SUSE SLES15 Security Update : kernel (SUSE-SU-2023:0749-1)

high Nessus Plugin ID 172654

Language:

Synopsis

The remote SUSE host is missing one or more security updates.

Description

The remote SUSE Linux SLES15 host has a package installed that is affected by multiple vulnerabilities as referenced in the SUSE-SU-2023:0749-1 advisory.

The SUSE Linux Enterprise 15 SP4 RT kernel was updated to receive various security and bugfixes.

- CVE-2022-3523: Fixed use after free related to device private page handling (bsc#1204363).
- CVE-2022-38096: Fixed NULL-ptr deref in vmw_cmd_dx_define_query() (bsc#1203331).
- CVE-2023-0461: Fixed use-after-free in icsk_ulp_data (bsc#1208787).
- CVE-2023-0597: Fixed lack of randomization of per-cpu entry area in x86/mm (bsc#1207845).
- CVE-2023-1118: Fixed a use-after-free bugs caused by ene_tx_irqsim() in media/rc (bsc#1208837).
- CVE-2023-22995: Fixed lacks of certain platform_device_put and kfree in drivers/usb/dwc3/dwc3-qcom.c (bsc#1208741).
- CVE-2023-22998: Fixed misinterpretation of the irtio_gpu_object_shmem_init() return value (bsc#1208776).
- CVE-2023-23000: Fixed return value of tegra_xusb_find_port_node function phy/tegra (bsc#1208816).
- CVE-2023-23004: Fixed misinterpretation of the get_sg_table return value in arm/malidp_planes.c (bsc#1208843).
- CVE-2023-23559: Fixed integer overflow in rndis_wlan that leads to a buffer overflow (bsc#1207051).
- CVE-2023-25012: Fixed a use-After-Free in bigben_set_led() in hid (bsc#1207560).
- CVE-2023-26545: Fixed double free in net/mpls/af_mpls.c upon an allocation failure (bsc#1208700).


Tenable has extracted the preceding description block directly from the SUSE security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

Solution

Update the affected kernel-livepatch-5_14_21-150400_15_14-rt package.

See Also

https://bugzilla.suse.com/1177529

https://bugzilla.suse.com/1193629

https://bugzilla.suse.com/1197534

https://bugzilla.suse.com/1198438

https://bugzilla.suse.com/1200054

https://bugzilla.suse.com/1202633

https://bugzilla.suse.com/1203331

https://bugzilla.suse.com/1204363

https://bugzilla.suse.com/1204993

https://bugzilla.suse.com/1205544

https://bugzilla.suse.com/1205846

https://bugzilla.suse.com/1206103

https://bugzilla.suse.com/1206232

https://bugzilla.suse.com/1206935

https://bugzilla.suse.com/1207051

https://bugzilla.suse.com/1207270

https://bugzilla.suse.com/1207560

https://bugzilla.suse.com/1207845

https://bugzilla.suse.com/1207846

https://bugzilla.suse.com/1208212

https://bugzilla.suse.com/1208420

https://bugzilla.suse.com/1208449

https://bugzilla.suse.com/1208534

https://bugzilla.suse.com/1208541

https://bugzilla.suse.com/1208542

https://bugzilla.suse.com/1208570

https://bugzilla.suse.com/1208607

https://bugzilla.suse.com/1208628

https://bugzilla.suse.com/1208700

https://bugzilla.suse.com/1208741

https://bugzilla.suse.com/1208759

https://bugzilla.suse.com/1208776

https://bugzilla.suse.com/1208784

https://bugzilla.suse.com/1208787

https://bugzilla.suse.com/1208816

https://bugzilla.suse.com/1208837

https://bugzilla.suse.com/1208843

https://www.suse.com/security/cve/CVE-2022-3523

https://www.suse.com/security/cve/CVE-2022-38096

https://www.suse.com/security/cve/CVE-2023-0461

https://www.suse.com/security/cve/CVE-2023-0597

https://www.suse.com/security/cve/CVE-2023-1118

https://www.suse.com/security/cve/CVE-2023-22995

https://www.suse.com/security/cve/CVE-2023-22998

https://www.suse.com/security/cve/CVE-2023-23000

https://www.suse.com/security/cve/CVE-2023-23004

https://www.suse.com/security/cve/CVE-2023-23559

https://www.suse.com/security/cve/CVE-2023-25012

https://www.suse.com/security/cve/CVE-2023-26545

http://www.nessus.org/u?cbbe6237

Plugin Details

Severity: High

ID: 172654

File Name: suse_SU-2023-0749-1.nasl

Version: 1.4

Type: Local

Agent: unix

Published: 3/17/2023

Updated: 6/26/2026

Supported Sensors: Frictionless Assessment AWS, Frictionless Assessment Azure, Frictionless Assessment Agent, Nessus Agent, Agentless Assessment, Continuous Assessment, Tenable Cloud Security, Tenable Self-Hosted Container Security, Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 4.9

Percentile: 57.12

CVSS v2

Risk Factor: Medium

Base Score: 6.8

Temporal Score: 5.3

Vector: CVSS2#AV:L/AC:L/Au:S/C:C/I:C/A:C

CVSS Score Source: CVE-2023-23559

CVSS v3

Risk Factor: High

Base Score: 7.8

Temporal Score: 7

Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Temporal Vector: CVSS:3.0/E:P/RL:O/RC:C

Vulnerability Information

CPE: cpe:/o:novell:suse_linux:15, p-cpe:/a:novell:suse_linux:kernel-livepatch-5_14_21-150400_15_14-rt

Required KB Items: Host/local_checks_enabled, Host/cpu, Host/SuSE/release, Host/SuSE/rpm-list

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 3/20/2023

Vulnerability Publication Date: 9/9/2022

Reference Information

CVE: CVE-2022-3523, CVE-2022-38096, CVE-2023-0461, CVE-2023-0597, CVE-2023-1118, CVE-2023-22995, CVE-2023-22998, CVE-2023-23000, CVE-2023-23004, CVE-2023-23559, CVE-2023-25012, CVE-2023-26545

SuSE: SUSE-SU-2023:0749-1