Detections
Analytics
SUSE SLES15 / openSUSE 15 Security Update : kernel (SUSE-SU-2023:4734-1)
critical Nessus Plugin ID 186816
Language:
Synopsis
The remote SUSE host is missing one or more security updates.Description
The remote SUSE Linux SLES15 / SLES_SAP15 / openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2023:4734-1 advisory.- A race condition was found in the Linux kernel's RxRPC network protocol, within the processing of RxRPC bundles. This issue results from the lack of proper locking when performing operations on an object. This may allow an attacker to escalate privileges and execute arbitrary code in the context of the kernel.
(CVE-2023-2006)
- Improper access control in the Intel(R) Ethernet Controller RDMA driver for linux before version 1.9.30 may allow an unauthenticated user to potentially enable escalation of privilege via network access.
(CVE-2023-25775)
- A race condition was found in the QXL driver in the Linux kernel. The qxl_mode_dumb_create() function dereferences the qobj returned by the qxl_gem_object_create_with_handle(), but the handle is the only one holding a reference to it. This flaw allows an attacker to guess the returned handle value and trigger a use-after-free issue, potentially leading to a denial of service or privilege escalation. (CVE-2023-39198)
- A use-after-free vulnerability in the Linux kernel's netfilter: nf_tables component can be exploited to achieve local privilege escalation. Due to a race condition between nf_tables netlink control plane transaction and nft_set element garbage collection, it is possible to underflow the reference counter causing a use-after-free vulnerability. We recommend upgrading past commit 3e91b0ebd994635df2346353322ac51ce84ce6d8. (CVE-2023-4244)
- An issue was discovered in lib/kobject.c in the Linux kernel before 6.2.3. With root access, an attacker can trigger a race condition that results in a fill_kobj_path out-of-bounds write. (CVE-2023-45863)
- An issue was discovered in drivers/net/ethernet/intel/igb/igb_main.c in the IGB driver in the Linux kernel before 6.5.3. A buffer size may not be adequate for frames larger than the MTU. (CVE-2023-45871)
- An issue was discovered in the Linux kernel through 6.5.9. During a race with SQ thread exit, an io_uring/fdinfo.c io_uring_show_fdinfo NULL pointer dereference can occur. (CVE-2023-46862)
- A flaw was found in vringh_kiov_advance in drivers/vhost/vringh.c in the host side of a virtio ring in the Linux Kernel. This issue may result in a denial of service from guest to host via zero length descriptor.
(CVE-2023-5158)
- The reference count changes made as part of the CVE-2023-33951 and CVE-2023-33952 fixes exposed a use- after-free flaw in the way memory objects were handled when they were being used to store a surface. When running inside a VMware guest with 3D acceleration enabled, a local, unprivileged user could potentially use this flaw to escalate their privileges. (CVE-2023-5633)
- A heap out-of-bounds write vulnerability in the Linux kernel's Linux Kernel Performance Events (perf) component can be exploited to achieve local privilege escalation. If perf_read_group() is called while an event's sibling_list is smaller than its child's sibling_list, it can increment or write to memory locations outside of the allocated buffer. We recommend upgrading past commit 32671e3799ca2e4590773fd0e63aaa4229e50c06. (CVE-2023-5717)
- A use-after-free flaw was found in lan78xx_disconnect in drivers/net/usb/lan78xx.c in the network sub- component, net/usb/lan78xx in the Linux Kernel. This flaw allows a local attacker to crash the system when the LAN78XX USB device detaches. (CVE-2023-6039)
- A null pointer dereference flaw was found in the Linux kernel API for the cryptographic algorithm scatterwalk functionality. This issue occurs when a user constructs a malicious packet with specific socket configuration, which could allow a local user to crash the system or escalate their privileges on the system. (CVE-2023-6176)
Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.
Solution
Update the affected packages.See Also
https://bugzilla.suse.com/1084909
https://bugzilla.suse.com/1207948
https://bugzilla.suse.com/1210447
https://bugzilla.suse.com/1214286
https://bugzilla.suse.com/1214700
https://bugzilla.suse.com/1214840
https://bugzilla.suse.com/1214976
https://bugzilla.suse.com/1215123
https://bugzilla.suse.com/1215124
https://bugzilla.suse.com/1215292
https://bugzilla.suse.com/1215420
https://bugzilla.suse.com/1215458
https://bugzilla.suse.com/1215710
https://bugzilla.suse.com/1215802
https://bugzilla.suse.com/1215931
https://bugzilla.suse.com/1216058
https://bugzilla.suse.com/1216105
https://bugzilla.suse.com/1216259
https://bugzilla.suse.com/1216527
https://bugzilla.suse.com/1216584
https://bugzilla.suse.com/1216687
https://bugzilla.suse.com/1216693
https://bugzilla.suse.com/1216759
https://bugzilla.suse.com/1216788
https://bugzilla.suse.com/1216844
https://bugzilla.suse.com/1216861
https://bugzilla.suse.com/1216909
https://bugzilla.suse.com/1216959
https://bugzilla.suse.com/1216965
https://bugzilla.suse.com/1216976
https://bugzilla.suse.com/1217036
https://bugzilla.suse.com/1217068
https://bugzilla.suse.com/1217086
https://bugzilla.suse.com/1217095
https://bugzilla.suse.com/1217124
https://bugzilla.suse.com/1217140
https://bugzilla.suse.com/1217147
https://bugzilla.suse.com/1217195
https://bugzilla.suse.com/1217196
https://bugzilla.suse.com/1217200
https://bugzilla.suse.com/1217205
https://bugzilla.suse.com/1217332
https://bugzilla.suse.com/1217366
https://bugzilla.suse.com/1217511
https://bugzilla.suse.com/1217515
https://bugzilla.suse.com/1217598
https://bugzilla.suse.com/1217599
https://bugzilla.suse.com/1217609
https://bugzilla.suse.com/1217687
https://bugzilla.suse.com/1217731
https://bugzilla.suse.com/1217780
https://lists.suse.com/pipermail/sle-updates/2023-December/033074.html
https://www.suse.com/security/cve/CVE-2023-2006
https://www.suse.com/security/cve/CVE-2023-25775
https://www.suse.com/security/cve/CVE-2023-39197
https://www.suse.com/security/cve/CVE-2023-39198
https://www.suse.com/security/cve/CVE-2023-4244
https://www.suse.com/security/cve/CVE-2023-45863
https://www.suse.com/security/cve/CVE-2023-45871
https://www.suse.com/security/cve/CVE-2023-46862
https://www.suse.com/security/cve/CVE-2023-5158
https://www.suse.com/security/cve/CVE-2023-5633
https://www.suse.com/security/cve/CVE-2023-5717
Plugin Details
Severity: Critical
ID: 186816
File Name: suse_SU-2023-4734-1.nasl
Version: 1.1
Type: local
Agent: unix
Family: SuSE Local Security Checks
Published: 12/13/2023
Updated: 1/5/2024
Supported Sensors: Frictionless Assessment AWS, Frictionless Assessment Azure, Frictionless Assessment Agent, Nessus Agent, Agentless Assessment, Nessus
Risk Information
VPR
Risk Factor: High
Score: 7.4
CVSS v2
Risk Factor: Critical
Base Score: 10
Temporal Score: 7.4
Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C
CVSS Score Source: CVE-2023-25775
CVSS v3
Risk Factor: Critical
Base Score: 9.8
Temporal Score: 8.5
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Temporal Vector: CVSS:3.0/E:U/RL:O/RC:C
Vulnerability Information
CPE: p-cpe:/a:novell:suse_linux:kernel-source-azure, p-cpe:/a:novell:suse_linux:kernel-azure-devel, p-cpe:/a:novell:suse_linux:kernel-azure, p-cpe:/a:novell:suse_linux:kernel-syms-azure, p-cpe:/a:novell:suse_linux:kernel-devel-azure, cpe:/o:novell:suse_linux:15
Required KB Items: Host/local_checks_enabled, Host/cpu, Host/SuSE/release, Host/SuSE/rpm-list
Exploit Ease: No known exploits are available
Patch Publication Date: 12/12/2023
Vulnerability Publication Date: 3/17/2023
Reference Information
CVE: CVE-2023-2006, CVE-2023-25775, CVE-2023-39197, CVE-2023-39198, CVE-2023-4244, CVE-2023-45863, CVE-2023-45871, CVE-2023-46862, CVE-2023-5158, CVE-2023-5633, CVE-2023-5717, CVE-2023-6039, CVE-2023-6176
SuSE: SUSE-SU-2023:4734-1