SUSE SLES15: cluster-md-kmp-azure / dlm-kmp-azure / gfs2-kmp-azure / etc (SUSE-SU-2023:2831-1)

high Nessus Plugin ID 178321

Language:

Synopsis

The remote SUSE host is missing one or more security updates.

Description

The remote SUSE Linux SLES15 / SLES_SAP15 / openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2023:2831-1 advisory.

The SUSE Linux Enterprise 15 SP4 Azure kernel was updated to receive various security and bugfixes.

The following security bugs were fixed:

- CVE-2023-1077: Fixed a type confusion in pick_next_rt_entity(), that could cause memory corruption (bsc#1208600).
- CVE-2023-1249: Fixed a use-after-free flaw in the core dump subsystem that allowed a local user to crash the system (bsc#1209039).
- CVE-2023-1829: Fixed a use-after-free vulnerability in the control index filter (tcindex) (bsc#1210335).
- CVE-2023-21102: Fixed possible bypass of shadow stack protection in __efi_rt_asm_wrapper of efi-rt- wrapper.S (bsc#1212155).
- CVE-2023-3090: Fixed a heap out-of-bounds write in the ipvlan network driver (bsc#1212842).
- CVE-2023-3111: Fixed a use-after-free vulnerability in prepare_to_relocate in fs/btrfs/relocation.c (bsc#1212051).
- CVE-2023-3141: Fixed a use-after-free flaw in r592_remove in drivers/memstick/host/r592.c, that allowed local attackers to crash the system at device disconnect (bsc#1212129).
- CVE-2023-3161: Fixed shift-out-of-bounds in fbcon_set_font() (bsc#1212154).
- CVE-2023-3212: Fixed a NULL pointer dereference flaw in the gfs2 file system (bsc#1212265).
- CVE-2023-3357: Fixed a NULL pointer dereference flaw in the AMD Sensor Fusion Hub driver (bsc#1212605).
- CVE-2023-3358: Fixed a NULL pointer dereference flaw in the Integrated Sensor Hub (ISH) driver (bsc#1212606).
- CVE-2023-3389: Fixed a use-after-free vulnerability in the io_uring subsystem (bsc#1212838).
- CVE-2023-35788: Fixed an out-of-bounds write in the flower classifier code via TCA_FLOWER_KEY_ENC_OPTS_GENEVE packets in fl_set_geneve_opt in net/sched/cls_flower.c (bsc#1212504).
- CVE-2023-35823: Fixed a use-after-free flaw in saa7134_finidev in drivers/media/pci/saa7134/saa7134-core.c (bsc#1212494).
- CVE-2023-35828: Fixed a use-after-free flaw in renesas_usb3_remove in drivers/usb/gadget/udc/renesas_usb3.c (bsc#1212513).
- CVE-2023-35829: Fixed a use-after-free flaw in rkvdec_remove in drivers/staging/media/rkvdec/rkvdec.c (bsc#1212495).


Tenable has extracted the preceding description block directly from the SUSE security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

Solution

Update the affected packages.

See Also

https://bugzilla.suse.com/1065729

https://bugzilla.suse.com/1152472

https://bugzilla.suse.com/1152489

https://bugzilla.suse.com/1160435

https://bugzilla.suse.com/1187829

https://bugzilla.suse.com/1189998

https://bugzilla.suse.com/1194869

https://bugzilla.suse.com/1205758

https://bugzilla.suse.com/1208410

https://bugzilla.suse.com/1208600

https://bugzilla.suse.com/1209039

https://bugzilla.suse.com/1209367

https://bugzilla.suse.com/1210335

https://bugzilla.suse.com/1211299

https://bugzilla.suse.com/1211346

https://bugzilla.suse.com/1211387

https://bugzilla.suse.com/1211410

https://bugzilla.suse.com/1211796

https://bugzilla.suse.com/1211852

https://bugzilla.suse.com/1212051

https://bugzilla.suse.com/1212129

https://bugzilla.suse.com/1212154

https://bugzilla.suse.com/1212155

https://bugzilla.suse.com/1212158

https://bugzilla.suse.com/1212265

https://bugzilla.suse.com/1212350

https://bugzilla.suse.com/1212448

https://bugzilla.suse.com/1212494

https://bugzilla.suse.com/1212495

https://bugzilla.suse.com/1212504

https://bugzilla.suse.com/1212513

https://bugzilla.suse.com/1212540

https://bugzilla.suse.com/1212561

https://bugzilla.suse.com/1212563

https://bugzilla.suse.com/1212564

https://bugzilla.suse.com/1212584

https://bugzilla.suse.com/1212592

https://bugzilla.suse.com/1212603

https://bugzilla.suse.com/1212605

https://bugzilla.suse.com/1212606

https://bugzilla.suse.com/1212619

https://bugzilla.suse.com/1212701

https://bugzilla.suse.com/1212741

https://bugzilla.suse.com/1212835

https://bugzilla.suse.com/1212838

https://bugzilla.suse.com/1212842

https://bugzilla.suse.com/1212861

https://bugzilla.suse.com/1212869

https://bugzilla.suse.com/1212892

https://www.suse.com/security/cve/CVE-2023-1077

https://www.suse.com/security/cve/CVE-2023-1249

https://www.suse.com/security/cve/CVE-2023-1829

https://www.suse.com/security/cve/CVE-2023-21102

https://www.suse.com/security/cve/CVE-2023-3090

https://www.suse.com/security/cve/CVE-2023-3111

https://www.suse.com/security/cve/CVE-2023-3141

https://www.suse.com/security/cve/CVE-2023-3161

https://www.suse.com/security/cve/CVE-2023-3212

https://www.suse.com/security/cve/CVE-2023-3357

https://www.suse.com/security/cve/CVE-2023-3358

https://www.suse.com/security/cve/CVE-2023-3389

https://www.suse.com/security/cve/CVE-2023-35788

https://www.suse.com/security/cve/CVE-2023-35823

https://www.suse.com/security/cve/CVE-2023-35828

https://www.suse.com/security/cve/CVE-2023-35829

http://www.nessus.org/u?981d76d3

Plugin Details

Severity: High

ID: 178321

File Name: suse_SU-2023-2831-1.nasl

Version: 1.1

Type: Local

Agent: unix

Published: 7/15/2023

Updated: 6/25/2026

Supported Sensors: Agentless Assessment, Continuous Assessment, Frictionless Assessment Agent, Frictionless Assessment AWS, Frictionless Assessment Azure, Nessus Agent, Tenable Cloud Security, Tenable Self-Hosted Container Security, Nessus

Risk Information

VPR

Risk Factor: High

Score: 7.6

Percentile: 98.67

CVSS v2

Risk Factor: Medium

Base Score: 6.8

Temporal Score: 5.3

Vector: CVSS2#AV:L/AC:L/Au:S/C:C/I:C/A:C

CVSS Score Source: CVE-2023-35788

CVSS v3

Risk Factor: High

Base Score: 7.8

Temporal Score: 7

Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Temporal Vector: CVSS:3.0/E:P/RL:O/RC:C

Vulnerability Information

CPE: cpe:/o:novell:suse_linux:15, p-cpe:/a:novell:suse_linux:kernel-azure, p-cpe:/a:novell:suse_linux:kernel-azure-devel, p-cpe:/a:novell:suse_linux:kernel-syms-azure, p-cpe:/a:novell:suse_linux:kernel-devel-azure, p-cpe:/a:novell:suse_linux:kernel-source-azure

Required KB Items: Host/local_checks_enabled, Host/cpu, Host/SuSE/release, Host/SuSE/rpm-list

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 7/14/2023

Vulnerability Publication Date: 3/17/2023

Reference Information

CVE: CVE-2023-1077, CVE-2023-1249, CVE-2023-1829, CVE-2023-21102, CVE-2023-3090, CVE-2023-3111, CVE-2023-3141, CVE-2023-3161, CVE-2023-3212, CVE-2023-3357, CVE-2023-3358, CVE-2023-3389, CVE-2023-35788, CVE-2023-35823, CVE-2023-35828, CVE-2023-35829

SuSE: SUSE-SU-2023:2831-1