SUSE SLES12 Security Update : kernel (SUSE-SU-2024:2493-1)

high Nessus Plugin ID 202563

Language:

Synopsis

The remote SUSE host is missing one or more security updates.

Description

The remote SUSE Linux SLES12 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2024:2493-1 advisory.

The SUSE Linux Enterprise 12 SP5 RT kernel was updated to receive various security bugfixes.


The following security bugs were fixed:

- CVE-2021-47145: btrfs: do not BUG_ON in link_to_fixup_dir (bsc#1222005).
- CVE-2021-47201: iavf: free q_vectors before queues in iavf_disable_vf (bsc#1222792).
- CVE-2021-47275: bcache: avoid oversized read request in cache missing code path (bsc#1224965).
- CVE-2021-47438: net/mlx5e: nullify cq->dbg pointer in mlx5_debug_cq_remove() (bsc#1225229)
- CVE-2021-47498: dm rq: do not queue request to blk-mq during DM suspend (bsc#1225357).
- CVE-2021-47520: can: pch_can: pch_can_rx_normal: fix use after free (bsc#1225431).
- CVE-2021-47547: net: tulip: de4x5: fix the problem that the array 'lp->phy' may be out of bound (bsc#1225505).
- CVE-2023-4244: Fixed a use-after-free in the nf_tables component, which could be exploited to achieve local privilege escalation (bsc#1215420).
- CVE-2023-52507: Fixed possible shift-out-of-bounds in nfc/nci (bsc#1220833).
- CVE-2023-52683: ACPI: LPIT: Avoid u32 multiplication overflow (bsc#1224627).
- CVE-2023-52693: ACPI: video: check for error while searching for backlight device parent (bsc#1224686).
- CVE-2023-52753: drm/amd/display: Avoid NULL dereference of timing generator (bsc#1225478).
- CVE-2023-52817: drm/amdgpu: Fix a null pointer access when the smc_rreg pointer is NULL (bsc#1225569).
- CVE-2023-52818: drm/amd: Fix UBSAN array-index-out-of-bounds for SMU7 (bsc#1225530).
- CVE-2023-52819: drm/amd: Fix UBSAN array-index-out-of-bounds for Polaris and Tonga (bsc#1225532).
- CVE-2024-26635: llc: Drop support for ETH_P_TR_802_2 (bsc#1221656).
- CVE-2024-26636: llc: make llc_ui_sendmsg() more robust against bonding changes (bsc#1221659).
- CVE-2024-26880: dm: call the resume method on internal suspend (bsc#1223188).
- CVE-2024-35805: dm snapshot: fix lockup in dm_exception_table_exit (bsc#1224743).
- CVE-2024-35819: soc: fsl: qbman: Use raw spinlock for cgr_lock (bsc#1224683).
- CVE-2024-35828: wifi: libertas: fix some memleaks in lbs_allocate_cmd_buffer() (bsc#1224622).
- CVE-2024-35947: dyndbg: fix old BUG_ON in >control parser (bsc#1224647).
- CVE-2024-36014: drm/arm/malidp: fix a possible null pointer dereference (bsc#1225593).
- CVE-2024-36941: wifi: nl80211: do not free NULL coalescing rule (bsc#1225835).
- CVE-2024-38598: md: fix resync softlockup when bitmap size is less than array size (bsc#1226757).
- CVE-2024-38619: usb-storage: alauda: Check whether the media is initialized (bsc#1226861).
- CVE-2024-39301: net/9p: fix uninit-value in p9_client_rpc() (bsc#1226994).
- CVE-2024-39475: fbdev: savage: Handle err return when savagefb_check_var failed (bsc#1227435)


Tenable has extracted the preceding description block directly from the SUSE security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

Solution

Update the affected packages.

See Also

https://bugzilla.suse.com/1215420

https://bugzilla.suse.com/1220833

https://bugzilla.suse.com/1221656

https://bugzilla.suse.com/1221659

https://bugzilla.suse.com/1222005

https://bugzilla.suse.com/1222792

https://bugzilla.suse.com/1223021

https://bugzilla.suse.com/1223188

https://bugzilla.suse.com/1224622

https://bugzilla.suse.com/1224627

https://bugzilla.suse.com/1224647

https://bugzilla.suse.com/1224683

https://bugzilla.suse.com/1224686

https://bugzilla.suse.com/1224743

https://bugzilla.suse.com/1224965

https://bugzilla.suse.com/1225229

https://bugzilla.suse.com/1225357

https://bugzilla.suse.com/1225431

https://bugzilla.suse.com/1225478

https://bugzilla.suse.com/1225505

https://bugzilla.suse.com/1225530

https://bugzilla.suse.com/1225532

https://bugzilla.suse.com/1225569

https://bugzilla.suse.com/1225593

https://bugzilla.suse.com/1225835

https://bugzilla.suse.com/1226757

https://bugzilla.suse.com/1226861

https://bugzilla.suse.com/1226994

https://bugzilla.suse.com/1227407

https://bugzilla.suse.com/1227435

https://bugzilla.suse.com/1227487

https://lists.suse.com/pipermail/sle-updates/2024-July/036017.html

https://www.suse.com/security/cve/CVE-2021-47145

https://www.suse.com/security/cve/CVE-2021-47201

https://www.suse.com/security/cve/CVE-2021-47275

https://www.suse.com/security/cve/CVE-2021-47438

https://www.suse.com/security/cve/CVE-2021-47498

https://www.suse.com/security/cve/CVE-2021-47520

https://www.suse.com/security/cve/CVE-2021-47547

https://www.suse.com/security/cve/CVE-2023-4244

https://www.suse.com/security/cve/CVE-2023-52507

https://www.suse.com/security/cve/CVE-2023-52683

https://www.suse.com/security/cve/CVE-2023-52693

https://www.suse.com/security/cve/CVE-2023-52753

https://www.suse.com/security/cve/CVE-2023-52817

https://www.suse.com/security/cve/CVE-2023-52818

https://www.suse.com/security/cve/CVE-2023-52819

https://www.suse.com/security/cve/CVE-2024-26635

https://www.suse.com/security/cve/CVE-2024-26636

https://www.suse.com/security/cve/CVE-2024-26880

https://www.suse.com/security/cve/CVE-2024-35805

https://www.suse.com/security/cve/CVE-2024-35819

https://www.suse.com/security/cve/CVE-2024-35828

https://www.suse.com/security/cve/CVE-2024-35947

https://www.suse.com/security/cve/CVE-2024-36014

https://www.suse.com/security/cve/CVE-2024-36941

https://www.suse.com/security/cve/CVE-2024-38598

https://www.suse.com/security/cve/CVE-2024-38619

https://www.suse.com/security/cve/CVE-2024-39301

https://www.suse.com/security/cve/CVE-2024-39475

Plugin Details

Severity: High

ID: 202563

File Name: suse_SU-2024-2493-1.nasl

Version: 1.2

Type: local

Agent: unix

Published: 7/17/2024

Updated: 8/28/2024

Supported Sensors: Frictionless Assessment AWS, Frictionless Assessment Azure, Frictionless Assessment Agent, Nessus Agent, Agentless Assessment, Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 6.7

CVSS v2

Risk Factor: Medium

Base Score: 6.8

Temporal Score: 5

Vector: CVSS2#AV:L/AC:L/Au:S/C:C/I:C/A:C

CVSS Score Source: CVE-2021-47520

CVSS v3

Risk Factor: High

Base Score: 7.8

Temporal Score: 6.8

Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Temporal Vector: CVSS:3.0/E:U/RL:O/RC:C

Vulnerability Information

CPE: p-cpe:/a:novell:suse_linux:dlm-kmp-rt, p-cpe:/a:novell:suse_linux:kernel-rt-devel, p-cpe:/a:novell:suse_linux:kernel-source-rt, cpe:/o:novell:suse_linux:12, p-cpe:/a:novell:suse_linux:kernel-rt-base, p-cpe:/a:novell:suse_linux:gfs2-kmp-rt, p-cpe:/a:novell:suse_linux:kernel-syms-rt, p-cpe:/a:novell:suse_linux:cluster-md-kmp-rt, p-cpe:/a:novell:suse_linux:kernel-rt_debug-devel, p-cpe:/a:novell:suse_linux:kernel-rt_debug, p-cpe:/a:novell:suse_linux:kernel-rt, p-cpe:/a:novell:suse_linux:ocfs2-kmp-rt, p-cpe:/a:novell:suse_linux:kernel-devel-rt

Required KB Items: Host/local_checks_enabled, Host/cpu, Host/SuSE/release, Host/SuSE/rpm-list

Exploit Ease: No known exploits are available

Patch Publication Date: 7/16/2024

Vulnerability Publication Date: 9/6/2023

Reference Information

CVE: CVE-2021-47145, CVE-2021-47201, CVE-2021-47275, CVE-2021-47438, CVE-2021-47498, CVE-2021-47520, CVE-2021-47547, CVE-2023-4244, CVE-2023-52507, CVE-2023-52683, CVE-2023-52693, CVE-2023-52753, CVE-2023-52817, CVE-2023-52818, CVE-2023-52819, CVE-2024-26635, CVE-2024-26636, CVE-2024-26880, CVE-2024-35805, CVE-2024-35819, CVE-2024-35828, CVE-2024-35947, CVE-2024-36014, CVE-2024-36941, CVE-2024-38598, CVE-2024-38619, CVE-2024-39301, CVE-2024-39475

SuSE: SUSE-SU-2024:2493-1