Detections
Analytics

SUSE SLES15 Security Update : qatengine, qatlib (SUSE-SU-2025:3943-1)

high Nessus Plugin ID 274423

Language:

Synopsis

The remote SUSE host is missing one or more security updates.

Description

The remote SUSE Linux SLES15 / SLES_SAP15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2025:3943-1 advisory.

 Note that the 1.6.1 release included in 1.7.0 fixes the following vulnerabilities:

 * bsc#1233363 (CVE-2024-28885)
 * bsc#1233365 (CVE-2024-31074)
 * bsc#1233366 (CVE-2024-33617)

 Update to 1.7.0:

 * ipp-crypto name change to cryptography-primitives
 * QAT_SW GCM memory leak fix in cleanup function
 * Update limitation section in README for v1.7.0 release
 * Fix build with OPENSSL_NO_ENGINE
 * Fix for build issues with qatprovider in qatlib
 * Bug fixes and README updates to v1.7.0
 * Remove qat_contig_mem driver support
 * Add support for building QAT Engine ENGINE and PROVIDER modules with QuicTLS 3.x libraries
 * Fix for DSA issue with openssl3.2
 * Fix missing lower bounds check on index i
 * Enabled SW Fallback support for FBSD
 * Fix for segfault issue when SHIM config section is unavailable
 * Fix for Coverity & Resource leak
 * Fix for RSA failure with SVM enabled in openssl-3.2
 * SM3 Memory Leak Issue Fix
 * Fix qatprovider lib name issue with system openssl

 Update to 1.6.0:

 * Fix issue with make depend for QAT_SW
 * QAT_HW GCM Memleak fix & bug fixes
 * QAT2.0 FreeBSD14 intree driver support
 * Fix OpenSSL 3.2 compatibility issues
 * Optimize hex dump logging
 * Clear job tlv on error
 * QAT_HW RSA Encrypt and Decrypt provider support
 * QAT_HW AES-CCM Provider support
 * Add ECDH keymgmt support for provider
 * Fix QAT_HW SM2 memory leak
 * Enable qaeMemFreeNonZeroNUMA() for qatlib
 * Fix polling issue for the process that doesn't have QAT_HW instance
 * Fix SHA3 qctx initialization issue & potential memleak
 * Fix compilation error in SM2 with qat_contig_mem
 * Update year in copyright information to 2024

 Update to 1.5.0:

 * use new --enable-qat_insecure_algorithms to avoid regressions
 * improve support for SM{2,3,4} ciphers
 * improve SW fallback support
 * many bug fixes, refactorisations and documentation updates

 qatlib was updated to 24.09.0:

 * Improved performance scaling in multi-thread applications
 * Set core affinity mapping based on NUMA (libnuma now required for building)
 * bug fixes, see https://github.com/intel/qatlib#resolved-issues

 version update to 24.02.0:

 * Support DC NS (NoSession) APIs
 * Support Symmetric Crypto SM3 & SM4
 * Support Asymmetric Crypto SM2
 * Support DC CompressBound APIs
 * Bug Fixes. See Resolved section in README.md

 update to 23.11.0:

 * use new --enable-legacy-algorithms to avoid regressions
 * add support for data compression chaining (hash then compress)
 * add support for additional configuration profiles
 * add support DC NS (NoSession) APIs
 * add support DC CompressBound APIs
 * add Support for Chinese SM{2,3,4} ciphers
 * bump shared library major to 4
 * refactoring, bug fixes and documentation updates

Tenable has extracted the preceding description block directly from the SUSE security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

Solution

Update the affected packages.

See Also

https://bugzilla.suse.com/1233363

https://bugzilla.suse.com/1233365

https://bugzilla.suse.com/1233366

http://www.nessus.org/u?d6891aa7

https://www.suse.com/security/cve/CVE-2024-28885

https://www.suse.com/security/cve/CVE-2024-31074

https://www.suse.com/security/cve/CVE-2024-33617

Plugin Details

Severity: High

ID: 274423

File Name: suse_SU-2025-3943-1.nasl

Version: 1.1

Type: local

Agent: unix

Published: 11/7/2025

Updated: 11/7/2025

Supported Sensors: Frictionless Assessment AWS, Frictionless Assessment Azure, Frictionless Assessment Agent, Nessus Agent, Agentless Assessment, Continuous Assessment, Nessus

Risk Information

VPR

Risk Factor: Low

Score: 3.6

CVSS v2

Risk Factor: Medium

Base Score: 5.4

Temporal Score: 4

Vector: CVSS2#AV:N/AC:H/Au:N/C:C/I:N/A:N

CVSS Score Source: CVE-2024-33617

CVSS v3

Risk Factor: Medium

Base Score: 5.9

Temporal Score: 5.2

Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

Temporal Vector: CVSS:3.0/E:U/RL:O/RC:C

CVSS v4

Risk Factor: High

Base Score: 8.2

Threat Score: 4.6

Threat Vector: CVSS:4.0/E:U

Vector: CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N

Vulnerability Information

CPE: p-cpe:/a:novell:suse_linux:qatzip-devel, p-cpe:/a:novell:suse_linux:qatlib-devel, p-cpe:/a:novell:suse_linux:libqatzip3, p-cpe:/a:novell:suse_linux:libusdm0, p-cpe:/a:novell:suse_linux:libqat4, p-cpe:/a:novell:suse_linux:qatlib, p-cpe:/a:novell:suse_linux:qatengine, p-cpe:/a:novell:suse_linux:qatzip, cpe:/o:novell:suse_linux:15

Required KB Items: Host/local_checks_enabled, Host/cpu, Host/SuSE/release, Host/SuSE/rpm-list

Exploit Ease: No known exploits are available

Patch Publication Date: 11/5/2025

Vulnerability Publication Date: 11/13/2024

Reference Information

CVE: CVE-2024-28885, CVE-2024-31074, CVE-2024-33617

SuSE: SUSE-SU-2025:3943-1