Detections
Analytics

SUSE SLED12 / SLES12 Security Update : kernel (SUSE-SU-2023:2163-1)

high Nessus Plugin ID 175417

Language:

Synopsis

The remote SUSE host is missing one or more security updates.

Description

The remote SUSE Linux SLED12 / SLED_SAP12 / SLES12 / SLES_SAP12 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2023:2163-1 advisory.

 The SUSE Linux Enterprise 12 SP5 kernel was updated to receive various security and bugfixes.


 The following security bugs were fixed:

 - CVE-2023-2483: Fixed a use after free bug in emac_remove due caused by a race condition (bsc#1211037).
 - CVE-2023-2124: Fixed an out of bound access in the XFS subsystem that could have lead to denial-of- service or potentially privilege escalation (bsc#1210498).
 - CVE-2023-1670: Fixed a use after free in the Xircom 16-bit PCMCIA Ethernet driver. A local user could use this flaw to crash the system or potentially escalate their privileges on the system (bsc#1209871).
 - CVE-2023-2162: Fixed an use-after-free flaw in iscsi_sw_tcp_session_create (bsc#1210647).
 - CVE-2023-1998: Fixed a use after free during login when accessing the shost ipaddress (bsc#1210506).
 - CVE-2023-30772: Fixed a race condition and resultant use-after-free in da9150_charger_remove (bsc#1210329).
 - CVE-2023-1855: Fixed a use after free in xgene_hwmon_remove (bsc#1210202).
 - CVE-2023-1989: Fixed a use after free in btsdio_remove (bsc#1210336).
 - CVE-2023-1990: Fixed a use after free in ndlc_remove (bsc#1210337).
 - CVE-2022-43945: Fixed a buffer overflow in the NFSD implementation (bsc#1205128).
 - CVE-2023-1611: Fixed an use-after-free flaw in btrfs_search_slot (bsc#1209687).
 - CVE-2020-36691: Fixed a denial of service vulnerability via a nested Netlink policy with a back reference (bsc#1209777).


Tenable has extracted the preceding description block directly from the SUSE security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

Solution

Update the affected packages.

See Also

https://bugzilla.suse.com/1190544

https://www.suse.com/security/cve/CVE-2022-43945

https://bugzilla.suse.com/1205128

https://bugzilla.suse.com/1202353

https://bugzilla.suse.com/1209887

https://bugzilla.suse.com/1142926

https://bugzilla.suse.com/1209687

https://bugzilla.suse.com/1209777

https://www.suse.com/security/cve/CVE-2020-36691

https://www.suse.com/security/cve/CVE-2023-1611

https://bugzilla.suse.com/1142685

https://bugzilla.suse.com/1174777

https://bugzilla.suse.com/1207088

https://bugzilla.suse.com/1209342

https://bugzilla.suse.com/1209871

https://bugzilla.suse.com/1209969

https://bugzilla.suse.com/1209999

https://bugzilla.suse.com/1210202

https://bugzilla.suse.com/1210301

https://bugzilla.suse.com/1210329

https://bugzilla.suse.com/1210336

https://bugzilla.suse.com/1210337

https://bugzilla.suse.com/1210430

https://bugzilla.suse.com/1210460

https://bugzilla.suse.com/1210466

https://bugzilla.suse.com/1210469

https://bugzilla.suse.com/1210498

https://bugzilla.suse.com/1210506

https://bugzilla.suse.com/1210534

https://bugzilla.suse.com/1210647

https://bugzilla.suse.com/1210827

https://bugzilla.suse.com/1211037

https://lists.suse.com/pipermail/sle-updates/2023-May/029351.html

https://www.suse.com/security/cve/CVE-2023-1670

https://www.suse.com/security/cve/CVE-2023-1855

https://www.suse.com/security/cve/CVE-2023-1989

https://www.suse.com/security/cve/CVE-2023-1990

https://www.suse.com/security/cve/CVE-2023-1998

https://www.suse.com/security/cve/CVE-2023-2124

https://www.suse.com/security/cve/CVE-2023-2162

https://www.suse.com/security/cve/CVE-2023-30772

Plugin Details

Severity: High

ID: 175417

File Name: suse_SU-2023-2163-1.nasl

Version: 1.4

Type: local

Agent: unix

Published: 5/12/2023

Updated: 9/24/2025

Supported Sensors: Frictionless Assessment AWS, Frictionless Assessment Azure, Frictionless Assessment Agent, Nessus Agent, Agentless Assessment, Continuous Assessment, Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 6.7

CVSS v2

Risk Factor: Medium

Base Score: 6.8

Temporal Score: 5.3

Vector: CVSS2#AV:L/AC:L/Au:S/C:C/I:C/A:C

CVSS Score Source: CVE-2023-2124

CVSS v3

Risk Factor: High

Base Score: 7.8

Temporal Score: 7

Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Temporal Vector: CVSS:3.0/E:P/RL:O/RC:C

Vulnerability Information

CPE: cpe:/o:novell:suse_linux:12, p-cpe:/a:novell:suse_linux:kernel-default-base, p-cpe:/a:novell:suse_linux:kernel-default-kgraft-devel, p-cpe:/a:novell:suse_linux:kernel-macros, p-cpe:/a:novell:suse_linux:kernel-default-devel, p-cpe:/a:novell:suse_linux:cluster-md-kmp-default, p-cpe:/a:novell:suse_linux:gfs2-kmp-default, p-cpe:/a:novell:suse_linux:kernel-default, p-cpe:/a:novell:suse_linux:kernel-devel, p-cpe:/a:novell:suse_linux:kernel-default-extra, p-cpe:/a:novell:suse_linux:kernel-obs-build, p-cpe:/a:novell:suse_linux:kernel-syms, p-cpe:/a:novell:suse_linux:kgraft-patch-4_12_14-122_159-default, p-cpe:/a:novell:suse_linux:kernel-default-kgraft, p-cpe:/a:novell:suse_linux:dlm-kmp-default, p-cpe:/a:novell:suse_linux:kernel-source, p-cpe:/a:novell:suse_linux:ocfs2-kmp-default, p-cpe:/a:novell:suse_linux:kernel-default-man

Required KB Items: Host/local_checks_enabled, Host/cpu, Host/SuSE/release, Host/SuSE/rpm-list

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 5/10/2023

Vulnerability Publication Date: 11/4/2022

Reference Information

CVE: CVE-2020-36691, CVE-2022-43945, CVE-2023-1611, CVE-2023-1670, CVE-2023-1855, CVE-2023-1989, CVE-2023-1990, CVE-2023-1998, CVE-2023-2124, CVE-2023-2162, CVE-2023-30772

SuSE: SUSE-SU-2023:2163-1