SUSE SLED15 / SLES15 / openSUSE 15 Security Update : kernel (SUSE-SU-2023:0796-1)

high Nessus Plugin ID 172665

Language:

Synopsis

The remote SUSE host is missing one or more security updates.

Description

The remote SUSE Linux SLED15 / SLES15 / openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2023:0796-1 advisory.

- An out-of-bounds(OOB) memory access vulnerability was found in vmwgfx driver in drivers/gpu/vmxgfx/vmxgfx_kms.c in GPU component in the Linux kernel with device file '/dev/dri/renderD128 (or Dxxx)'. This flaw allows a local attacker with a user account on the system to gain privilege, causing a denial of service(DoS). (CVE-2022-36280)

- A NULL pointer dereference vulnerability was found in vmwgfx driver in drivers/gpu/vmxgfx/vmxgfx_execbuf.c in GPU component of Linux kernel with device file '/dev/dri/renderD128 (or Dxxx)'. This flaw allows a local attacker with a user account on the system to gain privilege, causing a denial of service(DoS).
(CVE-2022-38096)

- A flaw was found in the Linux kernel's Layer 2 Tunneling Protocol (L2TP). A missing lock when clearing sk_user_data can lead to a race condition and NULL pointer dereference. A local user could use this flaw to potentially crash the system causing a denial of service. (CVE-2022-4129) (CVE-2023-0045)

- There is a use-after-free vulnerability in the Linux Kernel which can be exploited to achieve local privilege escalation. To reach the vulnerability kernel configuration flag CONFIG_TLS or CONFIG_XFRM_ESPINTCP has to be configured, but the operation does not require any privilege. There is a use-after-free bug of icsk_ulp_data of a struct inet_connection_sock. When CONFIG_TLS is enabled, user can install a tls context (struct tls_context) on a connected tcp socket. The context is not cleared if this socket is disconnected and reused as a listener. If a new socket is created from the listener, the context is inherited and vulnerable. The setsockopt TCP_ULP operation does not require any privilege. We recommend upgrading past commit 2c02d41d71f90a5168391b6a5f2954112ba2307c (CVE-2023-0461)

- A flaw possibility of memory leak in the Linux kernel cpu_entry_area mapping of X86 CPU data to memory was found in the way user can guess location of exception stack(s) or other important data. A local user could use this flaw to get access to some important data with expected location in memory. (CVE-2023-0597)

- In the Linux kernel before 5.17, an error path in dwc3_qcom_acpi_register_core in drivers/usb/dwc3/dwc3-qcom.c lacks certain platform_device_put and kfree calls. (CVE-2023-22995)

- In rndis_query_oid in drivers/net/wireless/rndis_wlan.c in the Linux kernel through 6.1.5, there is an integer overflow in an addition. (CVE-2023-23559)

- In the Linux kernel before 6.1.13, there is a double free in net/mpls/af_mpls.c upon an allocation failure (for registering the sysctl table under a new location) during the renaming of a device. (CVE-2023-26545)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

Solution

Update the affected packages.

See Also

https://bugzilla.suse.com/1166486

https://bugzilla.suse.com/1177529

https://bugzilla.suse.com/1203331

https://bugzilla.suse.com/1203332

https://bugzilla.suse.com/1204993

https://bugzilla.suse.com/1205544

https://bugzilla.suse.com/1206224

https://bugzilla.suse.com/1206232

https://bugzilla.suse.com/1206459

https://bugzilla.suse.com/1206640

https://bugzilla.suse.com/1206876

https://bugzilla.suse.com/1206877

https://bugzilla.suse.com/1206878

https://bugzilla.suse.com/1206880

https://bugzilla.suse.com/1206881

https://bugzilla.suse.com/1206882

https://bugzilla.suse.com/1206883

https://bugzilla.suse.com/1206884

https://bugzilla.suse.com/1206885

https://bugzilla.suse.com/1206886

https://bugzilla.suse.com/1206889

https://bugzilla.suse.com/1206894

https://bugzilla.suse.com/1207051

https://bugzilla.suse.com/1207270

https://bugzilla.suse.com/1207328

https://bugzilla.suse.com/1207588

https://bugzilla.suse.com/1207589

https://bugzilla.suse.com/1207590

https://bugzilla.suse.com/1207591

https://bugzilla.suse.com/1207592

https://bugzilla.suse.com/1207593

https://bugzilla.suse.com/1207594

https://bugzilla.suse.com/1207603

https://bugzilla.suse.com/1207605

https://bugzilla.suse.com/1207606

https://bugzilla.suse.com/1207607

https://bugzilla.suse.com/1207608

https://bugzilla.suse.com/1207609

https://bugzilla.suse.com/1207610

https://bugzilla.suse.com/1207613

https://bugzilla.suse.com/1207615

https://bugzilla.suse.com/1207617

https://bugzilla.suse.com/1207618

https://bugzilla.suse.com/1207619

https://bugzilla.suse.com/1207620

https://bugzilla.suse.com/1207621

https://bugzilla.suse.com/1207623

https://bugzilla.suse.com/1207624

https://bugzilla.suse.com/1207625

https://bugzilla.suse.com/1207626

https://bugzilla.suse.com/1207628

https://bugzilla.suse.com/1207630

https://bugzilla.suse.com/1207631

https://bugzilla.suse.com/1207632

https://bugzilla.suse.com/1207634

https://bugzilla.suse.com/1207635

https://bugzilla.suse.com/1207636

https://bugzilla.suse.com/1207638

https://bugzilla.suse.com/1207639

https://bugzilla.suse.com/1207641

https://bugzilla.suse.com/1207642

https://bugzilla.suse.com/1207643

https://bugzilla.suse.com/1207644

https://bugzilla.suse.com/1207645

https://bugzilla.suse.com/1207646

https://bugzilla.suse.com/1207647

https://bugzilla.suse.com/1207648

https://bugzilla.suse.com/1207651

https://bugzilla.suse.com/1207653

https://bugzilla.suse.com/1207770

https://bugzilla.suse.com/1207773

https://bugzilla.suse.com/1207845

https://bugzilla.suse.com/1207875

https://bugzilla.suse.com/1208149

https://bugzilla.suse.com/1208153

https://bugzilla.suse.com/1208183

https://bugzilla.suse.com/1208212

https://bugzilla.suse.com/1208290

https://bugzilla.suse.com/1208420

https://bugzilla.suse.com/1208428

https://bugzilla.suse.com/1208429

https://bugzilla.suse.com/1208449

https://bugzilla.suse.com/1208534

https://bugzilla.suse.com/1208541

https://bugzilla.suse.com/1208570

https://bugzilla.suse.com/1208607

https://bugzilla.suse.com/1208628

https://bugzilla.suse.com/1208700

https://bugzilla.suse.com/1208741

https://bugzilla.suse.com/1208759

https://bugzilla.suse.com/1208784

https://bugzilla.suse.com/1208787

https://bugzilla.suse.com/1209188

http://www.nessus.org/u?e6951a3b

https://www.suse.com/security/cve/CVE-2022-36280

https://www.suse.com/security/cve/CVE-2022-38096

https://www.suse.com/security/cve/CVE-2023-0045

https://www.suse.com/security/cve/CVE-2023-0461

https://www.suse.com/security/cve/CVE-2023-0597

https://www.suse.com/security/cve/CVE-2023-22995

https://www.suse.com/security/cve/CVE-2023-23559

https://www.suse.com/security/cve/CVE-2023-26545

Plugin Details

Severity: High

ID: 172665

File Name: suse_SU-2023-0796-1.nasl

Version: 1.0

Type: local

Agent: unix

Published: 3/18/2023

Updated: 3/18/2023

Supported Sensors: Agentless Assessment, Frictionless Assessment Agent, Frictionless Assessment AWS, Frictionless Assessment Azure, Nessus Agent

Risk Information

VPR

Risk Factor: Medium

Score: 6.7

CVSS v2

Risk Factor: Medium

Base Score: 6.8

Temporal Score: 5

Vector: AV:L/AC:L/Au:S/C:C/I:C/A:C

Temporal Vector: E:U/RL:OF/RC:C

CVSS Score Source: CVE-2023-26545

CVSS v3

Risk Factor: High

Base Score: 7.8

Temporal Score: 6.8

Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Temporal Vector: E:U/RL:O/RC:C

Vulnerability Information

CPE: p-cpe:/a:novell:suse_linux:cluster-md-kmp-default, p-cpe:/a:novell:suse_linux:dlm-kmp-default, p-cpe:/a:novell:suse_linux:gfs2-kmp-default, p-cpe:/a:novell:suse_linux:kernel-64kb, p-cpe:/a:novell:suse_linux:kernel-64kb-devel, p-cpe:/a:novell:suse_linux:kernel-default, p-cpe:/a:novell:suse_linux:kernel-default-base, p-cpe:/a:novell:suse_linux:kernel-default-devel, p-cpe:/a:novell:suse_linux:kernel-default-extra, p-cpe:/a:novell:suse_linux:kernel-default-livepatch, p-cpe:/a:novell:suse_linux:kernel-default-livepatch-devel, p-cpe:/a:novell:suse_linux:kernel-devel, p-cpe:/a:novell:suse_linux:kernel-livepatch-5_14_21-150400_24_49-default, p-cpe:/a:novell:suse_linux:kernel-macros, p-cpe:/a:novell:suse_linux:kernel-obs-build, p-cpe:/a:novell:suse_linux:kernel-source, p-cpe:/a:novell:suse_linux:kernel-syms, p-cpe:/a:novell:suse_linux:kernel-zfcpdump, p-cpe:/a:novell:suse_linux:ocfs2-kmp-default, p-cpe:/a:novell:suse_linux:reiserfs-kmp-default, cpe:/o:novell:suse_linux:15

Required KB Items: Host/local_checks_enabled, Host/cpu, Host/SuSE/release, Host/SuSE/rpm-list

Exploit Ease: No known exploits are available

Patch Publication Date: 3/17/2023

Vulnerability Publication Date: 9/9/2022

Reference Information

CVE: CVE-2022-36280, CVE-2022-38096, CVE-2023-0045, CVE-2023-0461, CVE-2023-0597, CVE-2023-22995, CVE-2023-23559, CVE-2023-26545

SuSE: SUSE-SU-2023:0796-1