SUSE SLED15 / SLES15 / openSUSE 15 Security Update : kernel (SUSE-SU-2023:3172-1)

high Nessus Plugin ID 179354

Language:

Synopsis

The remote SUSE host is missing one or more security updates.

Description

The remote SUSE Linux SLED15 / SLED_SAP15 / SLES15 / SLES_SAP15 / openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2023:3172-1 advisory.

- An issue in Zen 2 CPUs, under specific microarchitectural circumstances, may allow an attacker to potentially access sensitive information. (CVE-2023-20593)

- A use after free flaw was found in hfsplus_put_super in fs/hfsplus/super.c in the Linux Kernel. This flaw could allow a local user to cause a denial of service problem. (CVE-2023-2985)

- ** REJECT ** DO NOT USE THIS CVE RECORD. ConsultIDs: CVE-2023-3390. Reason: This record is a duplicate of CVE-2023-3390. Notes: All CVE users should reference CVE-2023-3390 instead of this record. All references and descriptions in this record have been removed to prevent accidental usage. (CVE-2023-3117)

- Linux Kernel nftables Use-After-Free Local Privilege Escalation Vulnerability; `nft_chain_lookup_byid()` failed to check whether a chain was active and CAP_NET_ADMIN is in any user or network namespace (CVE-2023-31248)

- A use-after-free vulnerability was found in the Linux kernel's netfilter subsystem in net/netfilter/nf_tables_api.c. Mishandled error handling with NFT_MSG_NEWRULE makes it possible to use a dangling pointer in the same transaction causing a use-after-free vulnerability. This flaw allows a local attacker with user access to cause a privilege escalation issue. We recommend upgrading past commit 1240eb93f0616b21c675416516ff3d74798fdc97. (CVE-2023-3390)

- Linux Kernel nftables Out-Of-Bounds Read/Write Vulnerability; nft_byteorder poorly handled vm register contents when CAP_NET_ADMIN is in any user or network namespace (CVE-2023-35001)

- An out-of-bounds memory access flaw was found in the Linux kernel's TUN/TAP device driver functionality in how a user generates a malicious (too big) networking packet when napi frags is enabled. This flaw allows a local user to crash or potentially escalate their privileges on the system. (CVE-2023-3812)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

Solution

Update the affected packages.

See Also

https://bugzilla.suse.com/1150305

https://bugzilla.suse.com/1193629

https://bugzilla.suse.com/1194869

https://bugzilla.suse.com/1207894

https://bugzilla.suse.com/1208788

https://bugzilla.suse.com/1211243

https://bugzilla.suse.com/1211867

https://bugzilla.suse.com/1212256

https://bugzilla.suse.com/1212301

https://bugzilla.suse.com/1212525

https://bugzilla.suse.com/1212846

https://bugzilla.suse.com/1212905

https://bugzilla.suse.com/1213059

https://bugzilla.suse.com/1213061

https://bugzilla.suse.com/1213205

https://bugzilla.suse.com/1213206

https://bugzilla.suse.com/1213226

https://bugzilla.suse.com/1213233

https://bugzilla.suse.com/1213245

https://bugzilla.suse.com/1213247

https://bugzilla.suse.com/1213252

https://bugzilla.suse.com/1213258

https://bugzilla.suse.com/1213259

https://bugzilla.suse.com/1213263

https://bugzilla.suse.com/1213264

https://bugzilla.suse.com/1213286

https://bugzilla.suse.com/1213493

https://bugzilla.suse.com/1213523

https://bugzilla.suse.com/1213524

https://bugzilla.suse.com/1213533

https://bugzilla.suse.com/1213543

https://bugzilla.suse.com/1213705

http://www.nessus.org/u?33d430b8

https://www.suse.com/security/cve/CVE-2023-20593

https://www.suse.com/security/cve/CVE-2023-2985

https://www.suse.com/security/cve/CVE-2023-3117

https://www.suse.com/security/cve/CVE-2023-31248

https://www.suse.com/security/cve/CVE-2023-3390

https://www.suse.com/security/cve/CVE-2023-35001

https://www.suse.com/security/cve/CVE-2023-3812

Plugin Details

Severity: High

ID: 179354

File Name: suse_SU-2023-3172-1.nasl

Version: 1.0

Type: local

Agent: unix

Published: 8/4/2023

Updated: 8/4/2023

Supported Sensors: Frictionless Assessment AWS, Frictionless Assessment Azure, Frictionless Assessment Agent, Nessus Agent, Agentless Assessment, Nessus

Risk Information

VPR

Risk Factor: Critical

Score: 9.0

CVSS v2

Risk Factor: Medium

Base Score: 6.8

Temporal Score: 5.3

Vector: CVSS2#AV:L/AC:L/Au:S/C:C/I:C/A:C

CVSS Score Source: CVE-2023-3812

CVSS v3

Risk Factor: High

Base Score: 7.8

Temporal Score: 7

Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Temporal Vector: CVSS:3.0/E:P/RL:O/RC:C

Vulnerability Information

CPE: p-cpe:/a:novell:suse_linux:kernel-macros, p-cpe:/a:novell:suse_linux:kernel-zfcpdump, p-cpe:/a:novell:suse_linux:kernel-64kb-devel, p-cpe:/a:novell:suse_linux:ocfs2-kmp-default, p-cpe:/a:novell:suse_linux:dlm-kmp-default, p-cpe:/a:novell:suse_linux:kernel-default-base, p-cpe:/a:novell:suse_linux:kernel-default-livepatch, p-cpe:/a:novell:suse_linux:kernel-default-devel, p-cpe:/a:novell:suse_linux:kernel-devel, p-cpe:/a:novell:suse_linux:gfs2-kmp-default, p-cpe:/a:novell:suse_linux:kernel-syms, p-cpe:/a:novell:suse_linux:kernel-default-extra, cpe:/o:novell:suse_linux:15, p-cpe:/a:novell:suse_linux:kernel-livepatch-5_14_21-150500_55_12-default, p-cpe:/a:novell:suse_linux:reiserfs-kmp-default, p-cpe:/a:novell:suse_linux:kernel-default-livepatch-devel, p-cpe:/a:novell:suse_linux:cluster-md-kmp-default, p-cpe:/a:novell:suse_linux:kernel-obs-build, p-cpe:/a:novell:suse_linux:kernel-default, p-cpe:/a:novell:suse_linux:kernel-source, p-cpe:/a:novell:suse_linux:kernel-64kb

Required KB Items: Host/local_checks_enabled, Host/cpu, Host/SuSE/release, Host/SuSE/rpm-list

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 8/3/2023

Vulnerability Publication Date: 6/1/2023

Reference Information

CVE: CVE-2023-20593, CVE-2023-2985, CVE-2023-3117, CVE-2023-31248, CVE-2023-3390, CVE-2023-35001, CVE-2023-3812

SuSE: SUSE-SU-2023:3172-1