SUSE SLES12: kernel-azure / kernel-azure-base / kernel-azure-devel / etc (SUSE-SU-2023:3349-1)

high Nessus Plugin ID 179970

Language:

Synopsis

The remote SUSE host is missing one or more security updates.

Description

The remote SUSE Linux SLES12 / SLES_SAP12 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2023:3349-1 advisory.

The SUSE Linux Enterprise 12 SP5 Azure kernel was updated to receive various security and bugfixes.


The following security bugs were fixed:

- CVE-2023-3609: Fixed reference counter leak leading to overflow in net/sched (bsc#1213586).
- CVE-2023-3611: Fixed an out-of-bounds write in net/sched sch_qfq(bsc#1213585).
- CVE-2023-3567: Fixed a use-after-free in vcs_read in drivers/tty/vt/vc_screen.c (bsc#1213167).
- CVE-2023-0459: Fixed information leak in __uaccess_begin_nospec (bsc#1211738).
- CVE-2022-40982: Fixed transient execution attack called 'Gather Data Sampling' (bsc#1206418).
- CVE-2023-20593: Fixed a ZenBleed issue in 'Zen 2' CPUs that could allow an attacker to potentially access sensitive information (bsc#1213286).
- CVE-2023-2985: Fixed an use-after-free vulnerability in hfsplus_put_super in fs/hfsplus/super.c that could allow a local user to cause a denial of service (bsc#1211867).
- CVE-2023-35001: Fixed an out-of-bounds memory access flaw in nft_byteorder that could allow a local attacker to escalate their privilege (bsc#1213059).
- CVE-2023-20569: Fixed side channel attack Inception or RAS Poisoning (bsc#1213287).


Tenable has extracted the preceding description block directly from the SUSE security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

Solution

Update the affected packages.

See Also

https://bugzilla.suse.com/1087082

https://bugzilla.suse.com/1150305

https://bugzilla.suse.com/1173438

https://bugzilla.suse.com/1188885

https://bugzilla.suse.com/1202670

https://bugzilla.suse.com/1202716

https://bugzilla.suse.com/1205496

https://bugzilla.suse.com/1206418

https://bugzilla.suse.com/1207526

https://bugzilla.suse.com/1207528

https://bugzilla.suse.com/1207561

https://bugzilla.suse.com/1207617

https://bugzilla.suse.com/1207620

https://bugzilla.suse.com/1207629

https://bugzilla.suse.com/1207630

https://bugzilla.suse.com/1207633

https://bugzilla.suse.com/1207634

https://bugzilla.suse.com/1207653

https://bugzilla.suse.com/1208788

https://bugzilla.suse.com/1210584

https://bugzilla.suse.com/1210765

https://bugzilla.suse.com/1210766

https://bugzilla.suse.com/1210771

https://bugzilla.suse.com/1211738

https://bugzilla.suse.com/1211867

https://bugzilla.suse.com/1212266

https://bugzilla.suse.com/1212301

https://bugzilla.suse.com/1212657

https://bugzilla.suse.com/1212741

https://bugzilla.suse.com/1212835

https://bugzilla.suse.com/1212871

https://bugzilla.suse.com/1212905

https://bugzilla.suse.com/1212986

https://bugzilla.suse.com/1212987

https://bugzilla.suse.com/1212988

https://bugzilla.suse.com/1212989

https://bugzilla.suse.com/1212990

https://bugzilla.suse.com/1213010

https://bugzilla.suse.com/1213011

https://bugzilla.suse.com/1213012

https://bugzilla.suse.com/1213013

https://bugzilla.suse.com/1213014

https://bugzilla.suse.com/1213015

https://bugzilla.suse.com/1213017

https://bugzilla.suse.com/1213018

https://bugzilla.suse.com/1213019

https://bugzilla.suse.com/1213020

https://bugzilla.suse.com/1213021

https://bugzilla.suse.com/1213022

https://bugzilla.suse.com/1213023

https://bugzilla.suse.com/1213024

https://bugzilla.suse.com/1213025

https://bugzilla.suse.com/1213032

https://bugzilla.suse.com/1213033

https://bugzilla.suse.com/1213034

https://bugzilla.suse.com/1213035

https://bugzilla.suse.com/1213036

https://bugzilla.suse.com/1213037

https://bugzilla.suse.com/1213038

https://bugzilla.suse.com/1213039

https://bugzilla.suse.com/1213040

https://bugzilla.suse.com/1213041

https://bugzilla.suse.com/1213042

https://bugzilla.suse.com/1213059

https://bugzilla.suse.com/1213133

https://bugzilla.suse.com/1213167

https://bugzilla.suse.com/1213215

https://bugzilla.suse.com/1213218

https://bugzilla.suse.com/1213221

https://bugzilla.suse.com/1213286

https://bugzilla.suse.com/1213287

https://bugzilla.suse.com/1213344

https://bugzilla.suse.com/1213346

https://bugzilla.suse.com/1213350

https://bugzilla.suse.com/1213525

https://bugzilla.suse.com/1213585

https://bugzilla.suse.com/1213586

https://bugzilla.suse.com/1213588

https://bugzilla.suse.com/1213705

https://bugzilla.suse.com/1213747

https://bugzilla.suse.com/1213766

https://bugzilla.suse.com/1213819

https://bugzilla.suse.com/1213823

https://bugzilla.suse.com/1213825

https://bugzilla.suse.com/1213827

https://lists.suse.com/pipermail/sle-updates/2023-August/031064.html

https://www.suse.com/security/cve/CVE-2018-3639

https://www.suse.com/security/cve/CVE-2022-40982

https://www.suse.com/security/cve/CVE-2023-0459

https://www.suse.com/security/cve/CVE-2023-20569

https://www.suse.com/security/cve/CVE-2023-20593

https://www.suse.com/security/cve/CVE-2023-2985

https://www.suse.com/security/cve/CVE-2023-35001

https://www.suse.com/security/cve/CVE-2023-3567

https://www.suse.com/security/cve/CVE-2023-3609

https://www.suse.com/security/cve/CVE-2023-3611

https://www.suse.com/security/cve/CVE-2023-3776

Plugin Details

Severity: High

ID: 179970

File Name: suse_SU-2023-3349-1.nasl

Version: 1.3

Type: Local

Agent: unix

Published: 8/18/2023

Updated: 6/26/2026

Supported Sensors: Agentless Assessment, Continuous Assessment, Frictionless Assessment Agent, Frictionless Assessment AWS, Frictionless Assessment Azure, Nessus Agent, Tenable Cloud Security, Tenable Self-Hosted Container Security, Nessus

Risk Information

VPR

Risk Factor: Critical

Score: 9.5

Percentile: 99.86

CVSS v2

Risk Factor: Low

Base Score: 2.1

Temporal Score: 1.8

Vector: CVSS2#AV:L/AC:L/Au:N/C:P/I:N/A:N

CVSS Score Source: CVE-2018-3639

CVSS v3

Risk Factor: High

Base Score: 7.8

Temporal Score: 7.5

Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Temporal Vector: CVSS:3.0/E:H/RL:O/RC:C

CVSS Score Source: CVE-2023-3776

Vulnerability Information

CPE: cpe:/o:novell:suse_linux:12, p-cpe:/a:novell:suse_linux:kernel-azure, p-cpe:/a:novell:suse_linux:kernel-azure-base, p-cpe:/a:novell:suse_linux:kernel-azure-devel, p-cpe:/a:novell:suse_linux:kernel-syms-azure, p-cpe:/a:novell:suse_linux:kernel-devel-azure, p-cpe:/a:novell:suse_linux:kernel-source-azure

Required KB Items: Host/local_checks_enabled, Host/cpu, Host/SuSE/release, Host/SuSE/rpm-list

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 8/17/2023

Vulnerability Publication Date: 5/21/2018

Exploitable With

Core Impact

Reference Information

CVE: CVE-2018-3639, CVE-2022-40982, CVE-2023-0459, CVE-2023-20569, CVE-2023-20593, CVE-2023-2985, CVE-2023-35001, CVE-2023-3567, CVE-2023-3609, CVE-2023-3611, CVE-2023-3776

SuSE: SUSE-SU-2023:3349-1