Detections
Analytics
SUSE SLES12 Security Update : kernel (SUSE-SU-2023:4735-1)
high Nessus Plugin ID 186950
Language:
Synopsis
The remote SUSE host is missing one or more security updates.Description
The remote SUSE Linux SLES12 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2023:4735-1 advisory.- There is a use-after-free vulnerability in the Linux Kernel which can be exploited to achieve local privilege escalation. To reach the vulnerability kernel configuration flag CONFIG_TLS or CONFIG_XFRM_ESPINTCP has to be configured, but the operation does not require any privilege. There is a use-after-free bug of icsk_ulp_data of a struct inet_connection_sock. When CONFIG_TLS is enabled, user can install a tls context (struct tls_context) on a connected tcp socket. The context is not cleared if this socket is disconnected and reused as a listener. If a new socket is created from the listener, the context is inherited and vulnerable. The setsockopt TCP_ULP operation does not require any privilege. We recommend upgrading past commit 2c02d41d71f90a5168391b6a5f2954112ba2307c (CVE-2023-0461)
- An issue was discovered in drivers/bluetooth/hci_ldisc.c in the Linux kernel 6.2. In hci_uart_tty_ioctl, there is a race condition between HCIUARTSETPROTO and HCIUARTGETPROTO. HCI_UART_PROTO_SET is set before hu->proto is set. A NULL pointer dereference may occur. (CVE-2023-31083)
- A race condition was found in the QXL driver in the Linux kernel. The qxl_mode_dumb_create() function dereferences the qobj returned by the qxl_gem_object_create_with_handle(), but the handle is the only one holding a reference to it. This flaw allows an attacker to guess the returned handle value and trigger a use-after-free issue, potentially leading to a denial of service or privilege escalation. (CVE-2023-39198)
- An issue was discovered in lib/kobject.c in the Linux kernel before 6.2.3. With root access, an attacker can trigger a race condition that results in a fill_kobj_path out-of-bounds write. (CVE-2023-45863)
- An issue was discovered in drivers/net/ethernet/intel/igb/igb_main.c in the IGB driver in the Linux kernel before 6.5.3. A buffer size may not be adequate for frames larger than the MTU. (CVE-2023-45871)
- A heap out-of-bounds write vulnerability in the Linux kernel's Linux Kernel Performance Events (perf) component can be exploited to achieve local privilege escalation. If perf_read_group() is called while an event's sibling_list is smaller than its child's sibling_list, it can increment or write to memory locations outside of the allocated buffer. We recommend upgrading past commit 32671e3799ca2e4590773fd0e63aaa4229e50c06. (CVE-2023-5717)
Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.
Solution
Update the affected packages.See Also
https://bugzilla.suse.com/1084909
https://bugzilla.suse.com/1176950
https://bugzilla.suse.com/1190208
https://bugzilla.suse.com/1203496
https://bugzilla.suse.com/1205462
https://bugzilla.suse.com/1208787
https://bugzilla.suse.com/1210780
https://bugzilla.suse.com/1214037
https://bugzilla.suse.com/1214285
https://bugzilla.suse.com/1214408
https://bugzilla.suse.com/1214764
https://bugzilla.suse.com/1216031
https://bugzilla.suse.com/1216058
https://bugzilla.suse.com/1216259
https://bugzilla.suse.com/1216584
https://bugzilla.suse.com/1216759
https://bugzilla.suse.com/1216965
https://bugzilla.suse.com/1216976
https://bugzilla.suse.com/1217036
https://bugzilla.suse.com/1217087
https://bugzilla.suse.com/1217206
https://bugzilla.suse.com/1217519
https://bugzilla.suse.com/1217525
https://bugzilla.suse.com/1217603
https://bugzilla.suse.com/1217604
https://bugzilla.suse.com/1217607
http://www.nessus.org/u?40f05206
https://www.suse.com/security/cve/CVE-2023-0461
https://www.suse.com/security/cve/CVE-2023-31083
https://www.suse.com/security/cve/CVE-2023-39197
https://www.suse.com/security/cve/CVE-2023-39198
https://www.suse.com/security/cve/CVE-2023-45863
Plugin Details
Severity: High
ID: 186950
File Name: suse_SU-2023-4735-1.nasl
Version: 1.2
Type: local
Agent: unix
Family: SuSE Local Security Checks
Published: 12/15/2023
Updated: 1/30/2024
Supported Sensors: Frictionless Assessment AWS, Frictionless Assessment Azure, Frictionless Assessment Agent, Nessus Agent, Agentless Assessment, Nessus
Risk Information
VPR
Risk Factor: High
Score: 7.4
CVSS v2
Risk Factor: High
Base Score: 7.8
Temporal Score: 5.8
Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:N/A:N
CVSS Score Source: CVE-2023-39197
CVSS v3
Risk Factor: High
Base Score: 7.8
Temporal Score: 6.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Temporal Vector: CVSS:3.0/E:U/RL:O/RC:C
CVSS Score Source: CVE-2023-5717
Vulnerability Information
CPE: p-cpe:/a:novell:suse_linux:gfs2-kmp-rt, p-cpe:/a:novell:suse_linux:kernel-rt_debug, p-cpe:/a:novell:suse_linux:kernel-rt-devel, p-cpe:/a:novell:suse_linux:ocfs2-kmp-rt, p-cpe:/a:novell:suse_linux:cluster-md-kmp-rt, p-cpe:/a:novell:suse_linux:kernel-rt-base, p-cpe:/a:novell:suse_linux:kernel-rt_debug-devel, p-cpe:/a:novell:suse_linux:kernel-devel-rt, p-cpe:/a:novell:suse_linux:kernel-rt, p-cpe:/a:novell:suse_linux:kernel-source-rt, p-cpe:/a:novell:suse_linux:kernel-syms-rt, cpe:/o:novell:suse_linux:12, p-cpe:/a:novell:suse_linux:dlm-kmp-rt
Required KB Items: Host/local_checks_enabled, Host/cpu, Host/SuSE/release, Host/SuSE/rpm-list
Exploit Ease: No known exploits are available
Patch Publication Date: 12/12/2023
Vulnerability Publication Date: 2/28/2023
Reference Information
CVE: CVE-2023-0461, CVE-2023-31083, CVE-2023-39197, CVE-2023-39198, CVE-2023-45863, CVE-2023-45871, CVE-2023-5717
SuSE: SUSE-SU-2023:4735-1