Detections
Analytics

SUSE SLES15 / openSUSE 15 Security Update : aws-efs-utils (SUSE-SU-2025:3954-1)

medium Nessus Plugin ID 274420

Language:

Synopsis

The remote SUSE host is missing one or more security updates.

Description

The remote SUSE Linux SLES15 / SLES_SAP15 / openSUSE 15 host has a package installed that is affected by multiple vulnerabilities as referenced in the SUSE-SU-2025:3954-1 advisory.

 Update to version 2.3.3 (bsc#1240044).

 Security issues fixed:

 - CVE-2025-55159: slab: incorrect bounds check in `get_disjoint_mut` function can lead to potential crash due to out-of-bounds access (bsc#1248055).
 - CVE-2020-35881: traitobject: log4rs: out-of-bounds write due to fat pointer layout assumptions (bsc#1249851).

 Other issues fixed:

 - Build and install efs-proxy binary (bsc#1240044).

 - Fixed in version 2.3.3:
 * Add environment variable support for AWS profiles and regions
 * Regenerate Cargo.lock with rust 1.70.0
 * Update circle-ci config
 * Fix AWS Env Variable Test and Code Style Issue
 * Remove CentOS 8 and Ubuntu 16.04 from verified Linux distribution list

 - Fixed in version 2.3.2:
 * Update version in amazon-efs-utils.spec to 2.3.1
 * Fix incorrect package version

 - Fixed in version 2.3.1:
 * Fix backtrace version to resolve ubuntu and rhel build issues
 * Pin Cargo.lock to avoid unexpected error across images

 - Fixed in version 2.3.0:
 * Add support for pod-identity credentials in the credentials chain
 * Enable mounting with IPv6 when using with the 'stunnel' mount option

 - Fixed in version 2.2.1:
 * Update log4rs

 - Fixed in version 2.2.0
 * Use region-specific domain suffixes for dns endpoints where missing
 * Merge PR #211 - Amend Debian control to use binary architecture

 - Fixed in version 2.1.0
 * Add mount option for specifying region
 * Add new ISO regions to config file

 - Fixed in version 2.0.4
 * Add retry logic to and increase timeout for EC2 metadata token retrieval requests

 - Fixed in version 2.0.3:
 * Upgrade py version
 * Replace deprecated usage of datetime

 - Fixed in version 2.0.2
 * Check for efs-proxy PIDs when cleaning tunnel state files
 * Add PID to log entries

 - Fxied in version 2.0.1
 * Disable Nagle's algorithm for efs-proxy TLS mounts to improve latencies

 - Fixed in version 2.0.0:
 * Replace stunnel, which provides TLS encryptions for mounts, with efs-proxy, a component built in-house at AWS.
 Efs-proxy lays the foundation for upcoming feature launches at EFS.

 - Fixed in version 1.36.0:
 * Support new mount option: crossaccount, conduct cross account mounts via ip address. Use client AZ-ID to choose mount target.

 - Fixed in version 1.35.2:
 * Revert 'Add warning if using older Version'
 * Support MacOS Sonoma

 - Fixed in version 1.35.1:
 * Revert openssl requirement change
 * Revert 'Update EFS Documentation: Clarify Current FIPS Compliance Status'
 * Update EFS Documentation: Clarify Current FIPS Compliance Status
 * test: Change repo urls in eol debian9 build
 * Check private key file size to skip generation
 * test: Fix pytest that failed since commit 3dd89ca
 * Fix should_check_efs_utils_version scope
 * Add warning if using old version
 * Add 'fsap' option as EFS-only option

 - Fixed in version 1.35.0:
 * Add parameters to allow mount fo pod impersonation feature in EFS CSI Driver
 * Updated the README with support of Oracle8 distribution
 * Readme troubleshooting section + table of contents
 * Add efs-utils Support for MacOS Ventura EC2 instances

Tenable has extracted the preceding description block directly from the SUSE security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

Solution

Update the affected aws-efs-utils package.

See Also

https://bugzilla.suse.com/1240044

https://bugzilla.suse.com/1248055

https://bugzilla.suse.com/1249851

http://www.nessus.org/u?a7946848

https://www.suse.com/security/cve/CVE-2020-35881

https://www.suse.com/security/cve/CVE-2025-55159

Plugin Details

Severity: Medium

ID: 274420

File Name: suse_SU-2025-3954-1.nasl

Version: 1.1

Type: local

Agent: unix

Published: 11/7/2025

Updated: 11/7/2025

Supported Sensors: Frictionless Assessment AWS, Frictionless Assessment Azure, Frictionless Assessment Agent, Nessus Agent, Agentless Assessment, Continuous Assessment, Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 6.7

CVSS v2

Risk Factor: High

Base Score: 7.5

Temporal Score: 5.9

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P

CVSS Score Source: CVE-2020-35881

CVSS v3

Risk Factor: Critical

Base Score: 9.8

Temporal Score: 8.8

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Temporal Vector: CVSS:3.0/E:P/RL:O/RC:C

CVSS v4

Risk Factor: Medium

Base Score: 5.1

Threat Score: 2

Threat Vector: CVSS:4.0/E:P

Vector: CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N

CVSS Score Source: CVE-2025-55159

Vulnerability Information

CPE: p-cpe:/a:novell:suse_linux:aws-efs-utils, cpe:/o:novell:suse_linux:15

Required KB Items: Host/local_checks_enabled, Host/cpu, Host/SuSE/release, Host/SuSE/rpm-list

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 11/5/2025

Vulnerability Publication Date: 12/31/2020

Reference Information

CVE: CVE-2020-35881, CVE-2025-55159

SuSE: SUSE-SU-2025:3954-1