SUSE SLED12: cluster-md-kmp-default / dlm-kmp-default / gfs2-kmp-default / etc (SUSE-SU-2023:3309-1)

high Nessus Plugin ID 179824

Language:

Synopsis

The remote SUSE host is missing one or more security updates.

Description

The remote SUSE Linux SLED12 / SLED_SAP12 / SLES12 / SLES_SAP12 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2023:3309-1 advisory.

The SUSE Linux Enterprise 12 SP5 kernel was updated to receive various security and bugfixes.

The following security bugs were fixed:

- CVE-2023-20593: Fixed a ZenBleed issue in 'Zen 2' CPUs that could allow an attacker to potentially access sensitive information (bsc#1213286).
- CVE-2023-2985: Fixed an use-after-free vulnerability in hfsplus_put_super in fs/hfsplus/super.c that could allow a local user to cause a denial of service (bsc#1211867).
- CVE-2023-35001: Fixed an out-of-bounds memory access flaw in nft_byteorder that could allow a local attacker to escalate their privilege (bsc#1213059).
- CVE-2022-40982: A transient execution attack called 'Gather Data Sampling' affecting is mitigated, together with respective Intel CPU Microcode updates (bsc#1206418, CVE-2022-40982).
- CVE-2023-0459: Fixed that copy_from_user on 64-bit versions of the Linux kernel did not implement the
__uaccess_begin_nospec allowing a user to bypass the 'access_ok' check which could be used to leak information (bsc#1211738).
- CVE-2023-20569: A side channel attack known as Inception or RAS Poisoning may allow an attacker to influence branch prediction, potentially leading to information disclosure. (bsc#1213287).
- CVE-2023-3567: A use-after-free flaw was found in vcs_read in drivers/tty/vt/vc_screen.c in vc_screen.
This flaw allowed an attacker with local user access to cause a system crash or leak internal kernel information (bsc#1213167bsc#1213842).
- CVE-2023-3609: A use-after-free vulnerability was fixed in net/sched: cls_u32 component can be exploited to achieve local privilege escalation. If tcf_change_indev() fails, u32_set_parms() will immediately return an error after incrementing or decrementing the reference counter in tcf_bind_filter(). If an attacker can control the reference counter and set it to zero, they can cause the reference to be freed, leading to a use-after-free vulnerability. (bsc#1213586).
- CVE-2023-3611: An out-of-bounds write vulnerability was fixed in net/sched: sch_qfq component can be exploited to achieve local privilege escalation. The qfq_change_agg() function in net/sched/sch_qfq.c allowed an out-of-bounds write because lmax is updated according to packet sizes without bounds checks.
(bsc#1213585).
- CVE-2023-3776: A use-after-free vulnerability was fixed in net/sched: cls_fw component can be exploited to achieve local privilege escalation. If tcf_change_indev() fails, fw_set_parms() will immediately return an error after incrementing or decrementing the reference counter in tcf_bind_filter(). If an attacker can control the reference counter and set it to zero, they can cause the reference to be freed, leading to a use-after-free vulnerability. (bsc#1213588).


Tenable has extracted the preceding description block directly from the SUSE security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

Solution

Update the affected packages.

See Also

https://bugzilla.suse.com/1188885

https://bugzilla.suse.com/1202670

https://bugzilla.suse.com/1206418

https://bugzilla.suse.com/1207526

https://bugzilla.suse.com/1207528

https://bugzilla.suse.com/1211738

https://bugzilla.suse.com/1211867

https://bugzilla.suse.com/1212266

https://bugzilla.suse.com/1213059

https://bugzilla.suse.com/1213167

https://bugzilla.suse.com/1213286

https://bugzilla.suse.com/1213287

https://bugzilla.suse.com/1213350

https://bugzilla.suse.com/1213585

https://bugzilla.suse.com/1213586

https://bugzilla.suse.com/1213588

https://bugzilla.suse.com/1213705

https://bugzilla.suse.com/1213747

https://bugzilla.suse.com/1213766

https://bugzilla.suse.com/1213819

https://bugzilla.suse.com/1213823

https://bugzilla.suse.com/1213825

https://bugzilla.suse.com/1213827

https://bugzilla.suse.com/1213842

https://bugzilla.suse.com/962880

https://www.suse.com/security/cve/CVE-2022-40982

https://www.suse.com/security/cve/CVE-2023-0459

https://www.suse.com/security/cve/CVE-2023-20569

https://www.suse.com/security/cve/CVE-2023-20593

https://www.suse.com/security/cve/CVE-2023-2985

https://www.suse.com/security/cve/CVE-2023-35001

https://www.suse.com/security/cve/CVE-2023-3567

https://www.suse.com/security/cve/CVE-2023-3609

https://www.suse.com/security/cve/CVE-2023-3611

https://www.suse.com/security/cve/CVE-2023-3776

http://www.nessus.org/u?b22f59ae

Plugin Details

Severity: High

ID: 179824

File Name: suse_SU-2023-3309-1.nasl

Version: 1.6

Type: Local

Agent: unix

Published: 8/15/2023

Updated: 6/26/2026

Supported Sensors: Agentless Assessment, Continuous Assessment, Frictionless Assessment Agent, Frictionless Assessment AWS, Frictionless Assessment Azure, Nessus Agent, Tenable Cloud Security, Tenable Self-Hosted Container Security, Nessus

Risk Information

VPR

Risk Factor: Critical

Score: 9.5

Percentile: 99.86

CVSS v2

Risk Factor: Medium

Base Score: 6.8

Temporal Score: 5.9

Vector: CVSS2#AV:L/AC:L/Au:S/C:C/I:C/A:C

CVSS Score Source: CVE-2023-3776

CVSS v3

Risk Factor: High

Base Score: 7.8

Temporal Score: 7.5

Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Temporal Vector: CVSS:3.0/E:H/RL:O/RC:C

Vulnerability Information

CPE: cpe:/o:novell:suse_linux:12, p-cpe:/a:novell:suse_linux:kernel-default-base, p-cpe:/a:novell:suse_linux:kernel-default-kgraft-devel, p-cpe:/a:novell:suse_linux:kernel-macros, p-cpe:/a:novell:suse_linux:kernel-default-devel, p-cpe:/a:novell:suse_linux:cluster-md-kmp-default, p-cpe:/a:novell:suse_linux:gfs2-kmp-default, p-cpe:/a:novell:suse_linux:kernel-default, p-cpe:/a:novell:suse_linux:kernel-devel, p-cpe:/a:novell:suse_linux:kernel-default-extra, p-cpe:/a:novell:suse_linux:kernel-obs-build, p-cpe:/a:novell:suse_linux:kernel-syms, p-cpe:/a:novell:suse_linux:kgraft-patch-4_12_14-122_173-default, p-cpe:/a:novell:suse_linux:kernel-default-kgraft, p-cpe:/a:novell:suse_linux:dlm-kmp-default, p-cpe:/a:novell:suse_linux:kernel-source, p-cpe:/a:novell:suse_linux:ocfs2-kmp-default, p-cpe:/a:novell:suse_linux:kernel-default-man

Required KB Items: Host/local_checks_enabled, Host/cpu, Host/SuSE/release, Host/SuSE/rpm-list

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 8/14/2023

Vulnerability Publication Date: 1/31/2023

Reference Information

CVE: CVE-2022-40982, CVE-2023-0459, CVE-2023-20569, CVE-2023-20593, CVE-2023-2985, CVE-2023-35001, CVE-2023-3567, CVE-2023-3609, CVE-2023-3611, CVE-2023-3776

SuSE: SUSE-SU-2023:3309-1