Detections
Analytics

SUSE SLED15 / SLES15 / openSUSE 15 Security Update : qatengine, qatlib (SUSE-SU-2025:4053-1)

high Nessus Plugin ID 275265

Language:

Synopsis

The remote SUSE host is missing one or more security updates.

Description

The remote SUSE Linux SLED15 / SLED_SAP15 / SLES15 / SLES_SAP15 / openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2025:4053-1 advisory.

 Note that the 1.6.1 release included in 1.7.0 fixes the following vulnerabilities:

 * CVE-2024-28885: Fixed observable discrepancy in some Intel(R) QAT Engine for OpenSSL software before version v1.6.1 may allow information disclosure via network access. (bsc#1233363)
 * CVE-2024-31074: Fixed observable timing discrepancy may allow information disclosure via network access (bsc#1233365)
 * CVE-2024-33617: Fixed insufficient control flow management may allow information disclosure via network access (bsc#1233366)

 qatengine was updated to 1.7.0:

 * ipp-crypto name change to cryptography-primitives
 * QAT_SW GCM memory leak fix in cleanup function
 * Update limitation section in README for v1.7.0 release
 * Fix build with OPENSSL_NO_ENGINE
 * Fix for build issues with qatprovider in qatlib
 * Bug fixes and README updates to v1.7.0
 * Remove qat_contig_mem driver support
 * Add support for building QAT Engine ENGINE and PROVIDER modules with QuicTLS 3.x libraries
 * Fix for DSA issue with openssl3.2
 * Fix missing lower bounds check on index i
 * Enabled SW Fallback support for FBSD
 * Fix for segfault issue when SHIM config section is unavailable
 * Fix for Coverity & Resource leak
 * Fix for RSA failure with SVM enabled in openssl-3.2
 * SM3 Memory Leak Issue Fix
 * Fix qatprovider lib name issue with system openssl

 Update to 1.6.0:

 * Fix issue with make depend for QAT_SW
 * QAT_HW GCM Memleak fix & bug fixes
 * QAT2.0 FreeBSD14 intree driver support
 * Fix OpenSSL 3.2 compatibility issues
 * Optimize hex dump logging
 * Clear job tlv on error
 * QAT_HW RSA Encrypt and Decrypt provider support
 * QAT_HW AES-CCM Provider support
 * Add ECDH keymgmt support for provider
 * Fix QAT_HW SM2 memory leak
 * Enable qaeMemFreeNonZeroNUMA() for qatlib
 * Fix polling issue for the process that doesn't have QAT_HW instance
 * Fix SHA3 qctx initialization issue & potential memleak
 * Fix compilation error in SM2 with qat_contig_mem
 * Update year in copyright information to 2024

 - update to 24.09.0:
 * Improved performance scaling in multi-thread applications
 * Set core affinity mapping based on NUMA (libnuma now required for building)
 * bug fixes, see https://github.com/intel/qatlib#resolved-issues

 - version update to 24.02.0
 * Support DC NS (NoSession) APIs
 * Support Symmetric Crypto SM3 & SM4
 * Support Asymmetric Crypto SM2
 * Support DC CompressBound APIs
 * Bug Fixes. See Resolved section in README.md

Tenable has extracted the preceding description block directly from the SUSE security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

Solution

Update the affected packages.

See Also

https://bugzilla.suse.com/1233363

https://bugzilla.suse.com/1233365

https://bugzilla.suse.com/1233366

http://www.nessus.org/u?05395311

https://www.suse.com/security/cve/CVE-2024-28885

https://www.suse.com/security/cve/CVE-2024-31074

https://www.suse.com/security/cve/CVE-2024-33617

Plugin Details

Severity: High

ID: 275265

File Name: suse_SU-2025-4053-1.nasl

Version: 1.1

Type: local

Agent: unix

Published: 11/13/2025

Updated: 11/13/2025

Supported Sensors: Frictionless Assessment AWS, Frictionless Assessment Azure, Frictionless Assessment Agent, Nessus Agent, Agentless Assessment, Continuous Assessment, Nessus

Risk Information

VPR

Risk Factor: Low

Score: 3.6

CVSS v2

Risk Factor: Medium

Base Score: 5.4

Temporal Score: 4

Vector: CVSS2#AV:N/AC:H/Au:N/C:C/I:N/A:N

CVSS Score Source: CVE-2024-33617

CVSS v3

Risk Factor: Medium

Base Score: 5.9

Temporal Score: 5.2

Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

Temporal Vector: CVSS:3.0/E:U/RL:O/RC:C

CVSS v4

Risk Factor: High

Base Score: 8.2

Threat Score: 4.6

Threat Vector: CVSS:4.0/E:U

Vector: CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N

Vulnerability Information

CPE: p-cpe:/a:novell:suse_linux:qatlib-devel, p-cpe:/a:novell:suse_linux:libqat4, p-cpe:/a:novell:suse_linux:libusdm0, p-cpe:/a:novell:suse_linux:qatengine, p-cpe:/a:novell:suse_linux:qatlib, cpe:/o:novell:suse_linux:15

Required KB Items: Host/local_checks_enabled, Host/cpu, Host/SuSE/release, Host/SuSE/rpm-list

Exploit Ease: No known exploits are available

Patch Publication Date: 11/11/2025

Vulnerability Publication Date: 11/13/2024

Reference Information

CVE: CVE-2024-28885, CVE-2024-31074, CVE-2024-33617

SuSE: SUSE-SU-2025:4053-1