Detections
Analytics

SUSE SLES15 Security Update : qatengine, qatlib (SUSE-SU-2025:3942-1)

high Nessus Plugin ID 274481

Language:

Synopsis

The remote SUSE host is missing one or more security updates.

Description

The remote SUSE Linux SLES15 / SLES_SAP15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2025:3942-1 advisory.

 Note that the 1.6.1 release included in 1.7.0 fixes the following vulnerabilities:

 * bsc#1233363 (CVE-2024-28885)
 * bsc#1233365 (CVE-2024-31074)
 * bsc#1233366 (CVE-2024-33617)

 Update to 1.7.0:

 * ipp-crypto name change to cryptography-primitives
 * QAT_SW GCM memory leak fix in cleanup function
 * Update limitation section in README for v1.7.0 release
 * Fix build with OPENSSL_NO_ENGINE
 * Fix for build issues with qatprovider in qatlib
 * Bug fixes and README updates to v1.7.0
 * Remove qat_contig_mem driver support
 * Add support for building QAT Engine ENGINE and PROVIDER modules with QuicTLS 3.x libraries
 * Fix for DSA issue with openssl3.2
 * Fix missing lower bounds check on index i
 * Enabled SW Fallback support for FBSD
 * Fix for segfault issue when SHIM config section is unavailable
 * Fix for Coverity & Resource leak
 * Fix for RSA failure with SVM enabled in openssl-3.2
 * SM3 Memory Leak Issue Fix
 * Fix qatprovider lib name issue with system openssl

 Update to 1.6.0:

 * Fix issue with make depend for QAT_SW
 * QAT_HW GCM Memleak fix & bug fixes
 * QAT2.0 FreeBSD14 intree driver support
 * Fix OpenSSL 3.2 compatibility issues
 * Optimize hex dump logging
 * Clear job tlv on error
 * QAT_HW RSA Encrypt and Decrypt provider support
 * QAT_HW AES-CCM Provider support
 * Add ECDH keymgmt support for provider
 * Fix QAT_HW SM2 memory leak
 * Enable qaeMemFreeNonZeroNUMA() for qatlib
 * Fix polling issue for the process that doesn't have QAT_HW instance
 * Fix SHA3 qctx initialization issue & potential memleak
 * Fix compilation error in SM2 with qat_contig_mem
 * Update year in copyright information to 2024

 Update to 1.5.0:

 * use new --enable-qat_insecure_algorithms to avoid regressions
 * improve support for SM{2,3,4} ciphers
 * improve SW fallback support
 * many bug fixes, refactorisations and documentation updates

 - update to 0.6.18:
 * Fix address sanitizer issues
 * Fix issues with Babassl & Openssl3.0
 * Add QAT_HW SM4 CBC support
 * Refactor ECX provider code into single file
 * Fix QAT_HW AES-GCM bad mac record & memleak
 * Fix SHA3 memory leak
 * Fix sm4-cbc build error with system default OpenSSL
 * Symmetric performance Optimization & memleak fixes
 * Bug fix, README & v0.6.18 Version update
 * Please refer README (Software requirements section) for dependent libraries release version and other information.

 - update to v0.6.17:
 * Add security policy - c1a7a96
 * Add dependancy update tool file - 522c41d
 * Release v0.6.17 version update - c1a7a96
 * Enable QAT_SW RSA & ECDSA support for BoringSSL - 1035e82
 * Fix QAT_SW SM2 ECDSA Performance issue - f44a564
 * CPP check and Makefile Bug fixes - 98ccbe8
 * Fix buffer overflow issue with SHA3 and ECX - cab65f3
 * Update version and README for v0.6.16 - 1c95fd7
 * Split --with-qat_sw_install_dir into seperate configures - d5f5656
 * Add seperate err files for Boringssl - 1a09627
 * Fix QAT_HW & QAT_SW AES-GCM issue with s_server in provider - c775f5c
 * Fix issue with disable flags in provider - 2e00636
 * Fix coredump issue in provider with qat_sw gcm - 6703c13
 * Fix err files regeneration failure - 510f3dc
 * Add Provider Support for ChachaPoly and SM2 - a98e51d
 * Bug Fixes in testapp and with disable flags. - 0945535
 * QAT HW&SW Co-existence dynamic mechanism support. - 5baf5aa
 * Fix issue with SIGUSR1 during reload. - 00ea833
 * Refactor qat_hw instances based on Sym/Asym capabilities. - bb10128
 * Replace deprecated pthread_yield with sched_yield. - d514406
 * BoringSSL support for RSA and ECDSA. - 41c67c7
 * Fix s_server lseek forever issue with qatprovider. - cb3db21
 * Fix aes-cbc failure issue in testapp. - a530427
 * Fix glibc version test - 2461966
 * Fix issue with generator param and ECDSA verify. - c51fc17
 * Provider Support for DSA, DH, HKDF, PRF, SHA3 & aes-cbc - 7cc5eb9
 * Fix testapp issues and optimization - e7c2ba8
 * Optimize setup and clear async event notification - 573fe48
 * Fix Nginx worker process core dump in QAT_SW with pkill/killall - 4eb4473
 * Add Cofactor to take optimized path in ECDH API - 9a23c7e
 * Fix double free issue with QAT_SW - 1a16708
 * Add thread mapping to specific QAT_HW instance - 5ee799a
 * OpenSSL 3.0 Provider Support - 38086fa
 * Update README and version to v0.6.12 - dca2957
 * Fixed worker process hung forever after nginx reload - bfe97aa
 * Remove OpenSSL 1.1.0 Support - da8682a
 * Add QAT_SW SM2 ECDH & SM3 support - 04a6af2
 * QAT_SW ECDSA SM2 sign and verify Support - d44ae7e
 * Disable SM3, Bug fixes, Readme & version update - d995046

 qatlib was updated to:

 Update to 24.09.0:

 * Improved performance scaling in multi-thread applications
 * Set core affinity mapping based on NUMA (libnuma now required for building)
 * bug fixes, see https://github.com/intel/qatlib#resolved-issues

 Version update to 24.02.0

 * Support DC NS (NoSession) APIs
 * Support Symmetric Crypto SM3 & SM4
 * Support Asymmetric Crypto SM2
 * Support DC CompressBound APIs
 * Bug Fixes. See Resolved section in README.md


 Update to 23.11.0:

 * use new --enable-legacy-algorithms to avoid regressions
 * add support for data compression chaining (hash then compress)
 * add support for additional configuration profiles
 * add support DC NS (NoSession) APIs
 * add support DC CompressBound APIs
 * add Support for Chinese SM{2,3,4} ciphers
 * bump shared library major to 4
 * refactoring, bug fixes and documentation updates

 Update to 22.07.2:

 * Changed from yasm to nasm for assembly compilation
 * Added configuration option to use C implementation of soft CRC implementation instead of asm
 * Added support for pkg-config
 * Added missing lock around accesses to some global data in qatmgr
 * Fix for QATE-86605 improve error checking on size param used by qatmgr debug function.
 * Fix for issue #10
 * Fixed link to Programmer's Guide
 * Added support for Compression LZ4 and LZ4s algorithms
 * Added support for Compression end-to-end integrity checks
 * Added support for PKE Generic Point Multiply APIs
 * Added support for CPM2.0b
 * Updated library to support new version of QAT APIs
 * Updated qat service to allow compression only and crypto only configurations
 * Created qatlib-tests rpm package
 * Added option to configure script to skip building sample code

Tenable has extracted the preceding description block directly from the SUSE security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

Solution

Update the affected packages.

See Also

https://bugzilla.suse.com/1233363

https://bugzilla.suse.com/1233365

https://bugzilla.suse.com/1233366

http://www.nessus.org/u?40ea2f76

https://www.suse.com/security/cve/CVE-2024-28885

https://www.suse.com/security/cve/CVE-2024-31074

https://www.suse.com/security/cve/CVE-2024-33617

Plugin Details

Severity: High

ID: 274481

File Name: suse_SU-2025-3942-1.nasl

Version: 1.1

Type: local

Agent: unix

Published: 11/7/2025

Updated: 11/7/2025

Supported Sensors: Frictionless Assessment AWS, Frictionless Assessment Azure, Frictionless Assessment Agent, Nessus Agent, Agentless Assessment, Continuous Assessment, Nessus

Risk Information

VPR

Risk Factor: Low

Score: 3.6

CVSS v2

Risk Factor: Medium

Base Score: 5.4

Temporal Score: 4

Vector: CVSS2#AV:N/AC:H/Au:N/C:C/I:N/A:N

CVSS Score Source: CVE-2024-33617

CVSS v3

Risk Factor: Medium

Base Score: 5.9

Temporal Score: 5.2

Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

Temporal Vector: CVSS:3.0/E:U/RL:O/RC:C

CVSS v4

Risk Factor: High

Base Score: 8.2

Threat Score: 4.6

Threat Vector: CVSS:4.0/E:U

Vector: CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N

Vulnerability Information

CPE: p-cpe:/a:novell:suse_linux:qatzip-devel, p-cpe:/a:novell:suse_linux:qatlib-devel, p-cpe:/a:novell:suse_linux:libqatzip3, p-cpe:/a:novell:suse_linux:libqat4, p-cpe:/a:novell:suse_linux:libusdm0, p-cpe:/a:novell:suse_linux:qatengine, p-cpe:/a:novell:suse_linux:qatlib, p-cpe:/a:novell:suse_linux:qatzip, cpe:/o:novell:suse_linux:15

Required KB Items: Host/local_checks_enabled, Host/cpu, Host/SuSE/release, Host/SuSE/rpm-list

Exploit Ease: No known exploits are available

Patch Publication Date: 11/5/2025

Vulnerability Publication Date: 11/13/2024

Reference Information

CVE: CVE-2024-28885, CVE-2024-31074, CVE-2024-33617

SuSE: SUSE-SU-2025:3942-1