SUSE SLES15: cluster-md-kmp-default / dlm-kmp-default / gfs2-kmp-default / etc (SUSE-SU-2023:2151-1)

high Nessus Plugin ID 175552

Language:

Synopsis

The remote SUSE host is missing one or more security updates.

Description

The remote SUSE Linux SLES15 / SLES_SAP15 / openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2023:2151-1 advisory.

The SUSE Linux Enterprise 15 SP1 kernel was updated to receive various security and bugfixes.


The following security bugs were fixed:

- CVE-2023-2124: Fixed an out of bound access in the XFS subsystem that could have lead to denial-of- service or potentially privilege escalation (bsc#1210498).
- CVE-2023-1670: Fixed a use after free in the Xircom 16-bit PCMCIA Ethernet driver. A local user could use this flaw to crash the system or potentially escalate their privileges on the system (bsc#1209871).
- CVE-2023-2162: Fixed an use-after-free flaw in iscsi_sw_tcp_session_create (bsc#1210647).
- CVE-2023-1998: Fixed a use after free during login when accessing the shost ipaddress (bsc#1210506).
- CVE-2023-30772: Fixed a race condition and resultant use-after-free in da9150_charger_remove (bsc#1210329).
- CVE-2023-1855: Fixed a use after free in xgene_hwmon_remove (bsc#1210202).
- CVE-2023-1989: Fixed a use after free in btsdio_remove (bsc#1210336).
- CVE-2023-1990: Fixed a use after free in ndlc_remove (bsc#1210337).
- CVE-2022-43945: Fixed a buffer overflow in the NFSD implementation (bsc#1205128).
- CVE-2023-1611: Fixed an use-after-free flaw in btrfs_search_slot (bsc#1209687).
- CVE-2020-36691: Fixed a denial of service vulnerability via a nested Netlink policy with a back reference (bsc#1209777).


Tenable has extracted the preceding description block directly from the SUSE security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

Solution

Update the affected packages.

See Also

https://bugzilla.suse.com/1202353

https://bugzilla.suse.com/1205128

https://bugzilla.suse.com/1209613

https://bugzilla.suse.com/1209687

https://bugzilla.suse.com/1209777

https://bugzilla.suse.com/1209871

https://bugzilla.suse.com/1209887

https://bugzilla.suse.com/1210202

https://bugzilla.suse.com/1210301

https://bugzilla.suse.com/1210329

https://bugzilla.suse.com/1210336

https://bugzilla.suse.com/1210337

https://bugzilla.suse.com/1210469

https://bugzilla.suse.com/1210498

https://bugzilla.suse.com/1210506

https://bugzilla.suse.com/1210647

https://lists.suse.com/pipermail/sle-updates/2023-May/029294.html

https://www.suse.com/security/cve/CVE-2020-36691

https://www.suse.com/security/cve/CVE-2022-43945

https://www.suse.com/security/cve/CVE-2023-1611

https://www.suse.com/security/cve/CVE-2023-1670

https://www.suse.com/security/cve/CVE-2023-1855

https://www.suse.com/security/cve/CVE-2023-1989

https://www.suse.com/security/cve/CVE-2023-1990

https://www.suse.com/security/cve/CVE-2023-1998

https://www.suse.com/security/cve/CVE-2023-2124

https://www.suse.com/security/cve/CVE-2023-2162

https://www.suse.com/security/cve/CVE-2023-30772

Plugin Details

Severity: High

ID: 175552

File Name: suse_SU-2023-2151-1.nasl

Version: 1.4

Type: Local

Agent: unix

Published: 5/13/2023

Updated: 6/25/2026

Supported Sensors: Agentless Assessment, Continuous Assessment, Frictionless Assessment Agent, Frictionless Assessment AWS, Frictionless Assessment Azure, Nessus Agent, Tenable Cloud Security, Tenable Self-Hosted Container Security, Nessus

Risk Information

VPR

Risk Factor: High

Score: 7.6

Percentile: 98.67

CVSS v2

Risk Factor: Medium

Base Score: 6.8

Temporal Score: 5.3

Vector: CVSS2#AV:L/AC:L/Au:S/C:C/I:C/A:C

CVSS Score Source: CVE-2023-2124

CVSS v3

Risk Factor: High

Base Score: 7.8

Temporal Score: 7

Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Temporal Vector: CVSS:3.0/E:P/RL:O/RC:C

Vulnerability Information

CPE: cpe:/o:novell:suse_linux:15, p-cpe:/a:novell:suse_linux:kernel-default, p-cpe:/a:novell:suse_linux:kernel-source, p-cpe:/a:novell:suse_linux:kernel-syms, p-cpe:/a:novell:suse_linux:kernel-default-base, p-cpe:/a:novell:suse_linux:kernel-default-devel, p-cpe:/a:novell:suse_linux:kernel-default-man, p-cpe:/a:novell:suse_linux:kernel-obs-build, p-cpe:/a:novell:suse_linux:reiserfs-kmp-default, p-cpe:/a:novell:suse_linux:kernel-default-livepatch, p-cpe:/a:novell:suse_linux:cluster-md-kmp-default, p-cpe:/a:novell:suse_linux:dlm-kmp-default, p-cpe:/a:novell:suse_linux:gfs2-kmp-default, p-cpe:/a:novell:suse_linux:kernel-devel, p-cpe:/a:novell:suse_linux:kernel-macros, p-cpe:/a:novell:suse_linux:ocfs2-kmp-default, p-cpe:/a:novell:suse_linux:kernel-default-livepatch-devel, p-cpe:/a:novell:suse_linux:kernel-livepatch-4_12_14-150100_197_145-default

Required KB Items: Host/local_checks_enabled, Host/cpu, Host/SuSE/release, Host/SuSE/rpm-list

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 5/9/2023

Vulnerability Publication Date: 11/4/2022

Reference Information

CVE: CVE-2020-36691, CVE-2022-43945, CVE-2023-1611, CVE-2023-1670, CVE-2023-1855, CVE-2023-1989, CVE-2023-1990, CVE-2023-1998, CVE-2023-2124, CVE-2023-2162, CVE-2023-30772

SuSE: SUSE-SU-2023:2151-1