SUSE SLES12: kernel-default / kernel-default-base / kernel-default-devel / etc (SUSE-SU-2023:2805-1)

critical Nessus Plugin ID 178180

Language:

Synopsis

The remote SUSE host is missing one or more security updates.

Description

The remote SUSE Linux SLES12 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2023:2805-1 advisory.

The SUSE Linux Enterprise 12 SP2 kernel was updated to receive various security and bugfixes.


The following security bugs were fixed:

- CVE-2017-5753: Fixed spectre vulnerability in prlimit (bsc#1209256).
- CVE-2022-3566: Fixed race condition in the TCP Handler (bsc#1204405).
- CVE-2022-45884: Fixed a use-after-free in dvbdev.c, related to dvb_register_device dynamically allocating fops (bsc#1205756).
- CVE-2022-45885: Fixed a race condition in dvb_frontend.c that could cause a use-after-free when a device is disconnected (bsc#1205758).
- CVE-2022-45886: Fixed a .disconnect versus dvb_device_open race condition in dvb_net.c that lead to a use-after-free (bsc#1205760).
- CVE-2022-45887: Fixed a memory leak in ttusb_dec.c caused by the lack of a dvb_frontend_detach call (bsc#1205762).
- CVE-2022-45919: Fixed a use-after-free in dvb_ca_en50221.c that could occur if there is a disconnect after an open, because of the lack of a wait_event (bsc#1205803).
- CVE-2023-0590: Fixed race condition in qdisc_graft() (bsc#1207795).
- CVE-2023-1077: Fixed a type confusion in pick_next_rt_entity(), that could cause memory corruption (bsc#1208600).
- CVE-2023-1095: Fixed a NULL pointer dereference in nf_tables due to zeroed list head (bsc#1208777).
- CVE-2023-1118: Fixed a use-after-free bugs caused by ene_tx_irqsim() in media/rc (bsc#1208837).
- CVE-2023-1249: Fixed a use-after-free flaw in the core dump subsystem that allowed a local user to crash the system (bsc#1209039).
- CVE-2023-1380: Fixed a slab-out-of-bound read problem in brcmf_get_assoc_ies() (bsc#1209287).
- CVE-2023-1390: Fixed remote DoS vulnerability in tipc_link_xmit() (bsc#1209289).
- CVE-2023-1513: Fixed an uninitialized portions of the kvm_debugregs structure that could be copied to userspace, causing an information leak (bsc#1209532).
- CVE-2023-1611: Fixed an use-after-free flaw in btrfs_search_slot (bsc#1209687).
- CVE-2023-1670: Fixed a use after free in the Xircom 16-bit PCMCIA Ethernet driver. A local user could use this flaw to crash the system or potentially escalate their privileges on the system (bsc#1209871).
- CVE-2023-1989: Fixed a use after free in btsdio_remove (bsc#1210336).
- CVE-2023-1990: Fixed a use after free in ndlc_remove (bsc#1210337).
- CVE-2023-1998: Fixed a use after free during login when accessing the shost ipaddress (bsc#1210506).
- CVE-2023-2124: Fixed an out-of-bound access in the XFS subsystem that could have lead to denial-of- service or potentially privilege escalation (bsc#1210498).
- CVE-2023-2162: Fixed an use-after-free flaw in iscsi_sw_tcp_session_create (bsc#1210647).
- CVE-2023-2194: Fixed an out-of-bounds write vulnerability in the SLIMpro I2C device driver (bsc#1210715).
- CVE-2023-23454: Fixed a type-confusion in the CBQ network scheduler (bsc#1207036).
- CVE-2023-23455: Fixed a denial of service inside atm_tc_enqueue in net/sched/sch_atm.c because of type confusion (non-negative numbers can sometimes indicate a TC_ACT_SHOT condition rather than valid classification results) (bsc#1207125).
- CVE-2023-2513: Fixed a use-after-free vulnerability in the ext4 filesystem (bsc#1211105).
- CVE-2023-28328: Fixed a denial of service issue in az6027 driver in drivers/media/usb/dev-usb/az6027.c (bsc#1209291).
- CVE-2023-28464: Fixed user-after-free that could lead to privilege escalation in hci_conn_cleanup in net/uetooth/hci_conn.c (bsc#1209052).
- CVE-2023-28772: Fixed buffer overflow in seq_buf_putmem_hex in lib/seq_buf.c (bsc#1209549).
- CVE-2023-30772: Fixed race condition and resultant use-after-free in da9150_charger_remove (bsc#1210329).
- CVE-2023-3090: Fixed a heap out-of-bounds write in the ipvlan network driver (bsc#1212842).
- CVE-2023-3141: Fixed a use-after-free flaw in r592_remove in drivers/memstick/host/r592.c, that allowed local attackers to crash the system at device disconnect (bsc#1212129).
- CVE-2023-31436: Fixed an out-of-bounds write in qfq_change_class() because lmax can exceed QFQ_MIN_LMAX (bsc#1210940).
- CVE-2023-3159: Fixed use-after-free issue in driver/firewire in outbound_phy_packet_callback (bsc#1212128).
- CVE-2023-3161: Fixed shift-out-of-bounds in fbcon_set_font() (bsc#1212154).
- CVE-2023-32269: Fixed a use-after-free in af_netrom.c, related to the fact that accept() was also allowed for a successfully connected AF_NETROM socket (bsc#1211186).
- CVE-2023-35824: Fixed a use-after-free in dm1105_remove in drivers/media/pci/dm1105/dm1105.c (bsc#1212501).


Tenable has extracted the preceding description block directly from the SUSE security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

Solution

Update the affected packages.

See Also

https://bugzilla.suse.com/1126703

https://bugzilla.suse.com/1204405

https://bugzilla.suse.com/1205756

https://bugzilla.suse.com/1205758

https://bugzilla.suse.com/1205760

https://bugzilla.suse.com/1205762

https://bugzilla.suse.com/1205803

https://bugzilla.suse.com/1206878

https://bugzilla.suse.com/1207036

https://bugzilla.suse.com/1207125

https://bugzilla.suse.com/1207168

https://bugzilla.suse.com/1207795

https://bugzilla.suse.com/1208600

https://bugzilla.suse.com/1208777

https://bugzilla.suse.com/1208837

https://bugzilla.suse.com/1209008

https://bugzilla.suse.com/1209039

https://bugzilla.suse.com/1209052

https://bugzilla.suse.com/1209256

https://bugzilla.suse.com/1209287

https://bugzilla.suse.com/1209289

https://bugzilla.suse.com/1209291

https://bugzilla.suse.com/1209532

https://bugzilla.suse.com/1209549

https://bugzilla.suse.com/1209687

https://bugzilla.suse.com/1209871

https://bugzilla.suse.com/1210329

https://bugzilla.suse.com/1210336

https://bugzilla.suse.com/1210337

https://bugzilla.suse.com/1210498

https://bugzilla.suse.com/1210506

https://bugzilla.suse.com/1210647

https://bugzilla.suse.com/1210715

https://bugzilla.suse.com/1210940

https://bugzilla.suse.com/1211105

https://bugzilla.suse.com/1211186

https://bugzilla.suse.com/1211449

https://bugzilla.suse.com/1212128

https://bugzilla.suse.com/1212129

https://bugzilla.suse.com/1212154

https://bugzilla.suse.com/1212501

https://bugzilla.suse.com/1212842

https://www.suse.com/security/cve/CVE-2017-5753

https://www.suse.com/security/cve/CVE-2018-20784

https://www.suse.com/security/cve/CVE-2022-3566

https://www.suse.com/security/cve/CVE-2022-45884

https://www.suse.com/security/cve/CVE-2022-45885

https://www.suse.com/security/cve/CVE-2022-45886

https://www.suse.com/security/cve/CVE-2022-45887

https://www.suse.com/security/cve/CVE-2022-45919

https://www.suse.com/security/cve/CVE-2023-0590

https://www.suse.com/security/cve/CVE-2023-1077

https://www.suse.com/security/cve/CVE-2023-1095

https://www.suse.com/security/cve/CVE-2023-1118

https://www.suse.com/security/cve/CVE-2023-1249

https://www.suse.com/security/cve/CVE-2023-1380

https://www.suse.com/security/cve/CVE-2023-1390

https://www.suse.com/security/cve/CVE-2023-1513

https://www.suse.com/security/cve/CVE-2023-1611

https://www.suse.com/security/cve/CVE-2023-1670

https://www.suse.com/security/cve/CVE-2023-1989

https://www.suse.com/security/cve/CVE-2023-1990

https://www.suse.com/security/cve/CVE-2023-1998

https://www.suse.com/security/cve/CVE-2023-2124

https://www.suse.com/security/cve/CVE-2023-2162

https://www.suse.com/security/cve/CVE-2023-2194

https://www.suse.com/security/cve/CVE-2023-23454

https://www.suse.com/security/cve/CVE-2023-23455

https://www.suse.com/security/cve/CVE-2023-2513

https://www.suse.com/security/cve/CVE-2023-28328

https://www.suse.com/security/cve/CVE-2023-28464

https://www.suse.com/security/cve/CVE-2023-28772

https://www.suse.com/security/cve/CVE-2023-30772

https://www.suse.com/security/cve/CVE-2023-3090

https://www.suse.com/security/cve/CVE-2023-3141

https://www.suse.com/security/cve/CVE-2023-31436

https://www.suse.com/security/cve/CVE-2023-3159

https://www.suse.com/security/cve/CVE-2023-3161

https://www.suse.com/security/cve/CVE-2023-32269

https://www.suse.com/security/cve/CVE-2023-35824

http://www.nessus.org/u?78f2c5aa

Plugin Details

Severity: Critical

ID: 178180

File Name: suse_SU-2023-2805-1.nasl

Version: 1.3

Type: Local

Agent: unix

Published: 7/12/2023

Updated: 6/26/2026

Supported Sensors: Frictionless Assessment AWS, Frictionless Assessment Azure, Frictionless Assessment Agent, Nessus Agent, Agentless Assessment, Continuous Assessment, Tenable Cloud Security, Tenable Self-Hosted Container Security, Nessus

Risk Information

VPR

Risk Factor: High

Score: 7.6

Percentile: 98.67

CVSS v2

Risk Factor: High

Base Score: 7.5

Temporal Score: 6.5

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P

CVSS Score Source: CVE-2018-20784

CVSS v3

Risk Factor: Critical

Base Score: 9.8

Temporal Score: 9.4

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Temporal Vector: CVSS:3.0/E:H/RL:O/RC:C

Vulnerability Information

CPE: cpe:/o:novell:suse_linux:12, p-cpe:/a:novell:suse_linux:kernel-default-base, p-cpe:/a:novell:suse_linux:kernel-macros, p-cpe:/a:novell:suse_linux:kernel-default-devel, p-cpe:/a:novell:suse_linux:kernel-devel, p-cpe:/a:novell:suse_linux:kernel-syms, p-cpe:/a:novell:suse_linux:kernel-default, p-cpe:/a:novell:suse_linux:kernel-source

Required KB Items: Host/local_checks_enabled, Host/cpu, Host/SuSE/release, Host/SuSE/rpm-list

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 7/11/2023

Vulnerability Publication Date: 1/3/2018

Exploitable With

CANVAS (CANVAS)

Reference Information

CVE: CVE-2017-5753, CVE-2018-20784, CVE-2022-3566, CVE-2022-45884, CVE-2022-45885, CVE-2022-45886, CVE-2022-45887, CVE-2022-45919, CVE-2023-0590, CVE-2023-1077, CVE-2023-1095, CVE-2023-1118, CVE-2023-1249, CVE-2023-1380, CVE-2023-1390, CVE-2023-1513, CVE-2023-1611, CVE-2023-1670, CVE-2023-1989, CVE-2023-1990, CVE-2023-1998, CVE-2023-2124, CVE-2023-2162, CVE-2023-2194, CVE-2023-23454, CVE-2023-23455, CVE-2023-2513, CVE-2023-28328, CVE-2023-28464, CVE-2023-28772, CVE-2023-30772, CVE-2023-3090, CVE-2023-3141, CVE-2023-31436, CVE-2023-3159, CVE-2023-3161, CVE-2023-32269, CVE-2023-35824

SuSE: SUSE-SU-2023:2805-1