SUSE SLES15 Security Update : kernel-firmware (SUSE-SU-2023:4654-1)

critical Nessus Plugin ID 186648

Language:

Synopsis

The remote SUSE host is missing one or more security updates.

Description

The remote SUSE Linux SLES15 / SLES_SAP15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2023:4654-1 advisory.

- Failure to validate the value in APCB may allow a privileged attacker to tamper with the APCB token to force an out-of-bounds memory read potentially resulting in a denial of service. (CVE-2021-26345)

- Improper clearing of sensitive data in the ASP Bootloader may expose secret keys to a privileged attacker accessing ASP SRAM, potentially leading to a loss of confidentiality. (CVE-2021-46766)

- Insufficient DRAM address validation in System Management Unit (SMU) may allow an attacker to read/write from/to an invalid DRAM address, potentially resulting in denial-of-service. (CVE-2021-46774, CVE-2023-20533)

- Failure to validate the AMD SMM communication buffer may allow an attacker to corrupt the SMRAM potentially leading to arbitrary code execution. (CVE-2022-23820)

- SMM configuration may not be immutable, as intended, when SNP is enabled resulting in a potential limited loss of guest memory integrity. (CVE-2022-23830)

- A Use-After-Free vulnerability in the management of an SNP guest context page may allow a malicious hypervisor to masquerade as the guest's migration agent resulting in a potential loss of guest integrity.
(CVE-2023-20519)

- TOCTOU in the ASP Bootloader may allow an attacker with physical access to tamper with SPI ROM records after memory content verification, potentially leading to loss of confidentiality or a denial of service.
(CVE-2023-20521)

- Insufficient input validation in the ASP Bootloader may enable a privileged attacker with physical access to expose the contents of ASP memory potentially leading to a loss of confidentiality. (CVE-2023-20526)

- Improper address validation in ASP with SNP enabled may potentially allow an attacker to compromise guest memory integrity. (CVE-2023-20566)

- Improper or unexpected behavior of the INVD instruction in some AMD CPUs may allow an attacker with a malicious hypervisor to affect cache line write-back behavior of the CPU leading to a potential loss of guest virtual machine (VM) memory integrity. (CVE-2023-20592)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

Solution

Update the affected kernel-firmware, kernel-firmware-brcm and / or ucode-amd packages.

Plugin Details

Severity: Critical

ID: 186648

File Name: suse_SU-2023-4654-1.nasl

Version: 1.0

Type: local

Agent: unix

Family: SuSE Local Security Checks

Published: 12/7/2023

Updated: 12/7/2023

Supported Sensors: Agentless Assessment, Frictionless Assessment Agent, Frictionless Assessment AWS, Frictionless Assessment Azure, Nessus Agent, Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 6.7

CVSS v2

Risk Factor: Critical

Base Score: 10

Temporal Score: 7.4

Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C

CVSS Score Source: CVE-2022-23820

CVSS v3

Risk Factor: Critical

Base Score: 9.8

Temporal Score: 8.5

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Temporal Vector: CVSS:3.0/E:U/RL:O/RC:C

Vulnerability Information

CPE: p-cpe:/a:novell:suse_linux:kernel-firmware, p-cpe:/a:novell:suse_linux:kernel-firmware-brcm, p-cpe:/a:novell:suse_linux:ucode-amd, cpe:/o:novell:suse_linux:15

Required KB Items: Host/local_checks_enabled, Host/cpu, Host/SuSE/release, Host/SuSE/rpm-list

Exploit Ease: No known exploits are available

Patch Publication Date: 12/6/2023

Vulnerability Publication Date: 11/14/2023

Reference Information

CVE: CVE-2021-26345, CVE-2021-46766, CVE-2021-46774, CVE-2022-23820, CVE-2022-23830, CVE-2023-20519, CVE-2023-20521, CVE-2023-20526, CVE-2023-20533, CVE-2023-20566, CVE-2023-20592

SuSE: SUSE-SU-2023:4654-1

Detections

Analytics