The remote SUSE Linux SLED15 / SLED_SAP15 / SLES15 / SLES_SAP15 / openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2024:0160-1 advisory.

  - Bluetooth legacy BR/EDR PIN code pairing in Bluetooth Core Specification 1.0B through 5.2 may permit an     unauthenticated nearby device to spoof the BD_ADDR of the peer device to complete pairing without     knowledge of the PIN. (CVE-2020-26555)

  - An out-of-bounds read vulnerability was found in the NVMe-oF/TCP subsystem in the Linux kernel. This issue     may allow a remote attacker to send a crafted TCP packet, triggering a heap-based buffer overflow that     results in kmalloc data being printed and potentially leaked to the kernel ring buffer (dmesg).
    (CVE-2023-6121)

  - A race condition was found in the GSM 0710 tty multiplexor in the Linux kernel. This issue occurs when two     threads execute the GSMIOC_SETCONF ioctl on the same tty file descriptor with the gsm line discipline     enabled, and can lead to a use-after-free problem on a struct gsm_dlci while restarting the gsm mux. This     could allow a local unprivileged user to escalate their privileges on the system. (CVE-2023-6546)

  - An out-of-bounds read vulnerability was found in smbCalcSize in fs/smb/client/netmisc.c in the Linux     Kernel. This issue could allow a local attacker to crash the system or leak internal kernel information.
    (CVE-2023-6606)

  - An out-of-bounds read vulnerability was found in smb2_dump_detail in fs/smb/client/smb2ops.c in the Linux     Kernel. This issue could allow a local attacker to crash the system or leak internal kernel information.
    (CVE-2023-6610)

  - A null pointer dereference vulnerability was found in nft_dynset_init() in net/netfilter/nft_dynset.c in     nf_tables in the Linux kernel. This issue may allow a local attacker with CAP_NET_ADMIN user privilege to     trigger a denial of service. (CVE-2023-6622)

  - A heap out-of-bounds write vulnerability in the Linux kernel's Performance Events system component can be     exploited to achieve local privilege escalation. A perf_event's read_size can overflow, leading to an heap     out-of-bounds increment or write in perf_read_group(). We recommend upgrading past commit     382c27f4ed28f803b1f1473ac2d8db0afc795a1b. (CVE-2023-6931)

  - A use-after-free vulnerability in the Linux kernel's ipv4: igmp component can be exploited to achieve     local privilege escalation. A race condition can be exploited to cause a timer be mistakenly registered on     a RCU read locked object which is freed by another thread. We recommend upgrading past commit     e2b706c691905fe78468c361aaabc719d0a496f1. (CVE-2023-6932)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

Detections

Analytics

SUSE SLED15 / SLES15 / openSUSE 15 Security Update : kernel (SUSE-SU-2024:0160-1)

high Nessus Plugin ID 189207

Version 1.2

Version 1.1

Version 1.0

Version 1.2 Feb 23, 2024, 3:16 PM CVSS temporal metrics ("CVSSv2 temporal vector" set to "CVSS2#E:F/RL:OF/RC:C". "CVSSv3 temporal vector" set to "CVSS:3.0/E:F/RL:O/RC:C") Exploit attributes ("Exploit framework core" set to "True") Plugin Feed: 202402231516
Version 1.1 Feb 2, 2024, 3:59 PM CVSS metrics ("CVSSv3 score" set to 7.1. "CVSSv3 vector" set to "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H") CVSSv3 score source (changed from "CVE-2023-6931" to "CVE-2023-6610") Plugin Feed: 202402021559
Version 1.0 Jan 19, 2024, 6:54 AM New Plugin Feed: 202401190654