The remote SUSE Linux SUSE15 host has packages installed that are affected by multiple vulnerabilities as referenced in the openSUSE-SU-2021:1142-1 advisory.
arch/powerpc/kvm/book3s_rtas.c in the Linux kernel through 5.13.5 on the powerpc platform allows KVM guest OS users to cause host OS memory corruption via rtas_args.nargs, aka CID-f62f3c20647e. (CVE-2021-37576)
A NULL pointer dereference flaw was found in the Linux kernel’s IEEE 802.15.4 wireless networking subsystem in the way the user closes the LR-WPAN connection. This flaw allows a local user to crash the system. The highest threat from this vulnerability is to system availability. (CVE-2021-3659)
A lack of CPU resource in the Linux kernel tracing module functionality in versions prior to 5.14-rc3 was found in the way user uses trace ring buffer in a specific way. Only privileged local users (with CAP_SYS_ADMIN capability) could use this flaw to starve the resources causing denial of service.
(CVE-2021-3679)
An information disclosure vulnerability exists in the ARM SIGPAGE functionality of Linux Kernel v5.4.66 and v5.4.54. The latest version (5.11-rc4) seems to still be vulnerable. A userland application can read the contents of the sigpage, which can leak kernel memory contents. An attacker can read a process’s memory at a specific offset to trigger this vulnerability. This was fixed in kernel releases: 4.14.222 4.19.177 5.4.99 5.10.17 5.11 (CVE-2021-21781)
An issue was discovered in Linux: KVM through Improper handling of VM_IO|VM_PFNMAP vmas in KVM can bypass RO checks and can lead to pages being freed while still accessible by the VMM and guest. This allows users with the ability to start and control a VM to read/write random pages of memory and can result in local privilege escalation. (CVE-2021-22543)
Note that Nessus has not tested for this issue but has instead relied only on the application’s self-reported version number.
#%NASL_MIN_LEVEL 70300
##
# (C) Tenable Network Security, Inc.
#
# The package checks in this plugin were extracted from
# openSUSE Security Update openSUSE-SU-2021:1142-1. The text itself
# is copyright (C) SUSE.
##
include('deprecated_nasl_level.inc');
include('compat.inc');
if (description)
{
script_id(152467);
script_version("1.6");
script_set_attribute(attribute:"plugin_modification_date", value:"2023/12/04");
script_cve_id(
"CVE-2021-3659",
"CVE-2021-3679",
"CVE-2021-21781",
"CVE-2021-22543",
"CVE-2021-37576"
);
script_name(english:"openSUSE 15 Security Update : kernel (openSUSE-SU-2021:1142-1)");
script_set_attribute(attribute:"synopsis", value:
"The remote SUSE host is missing one or more security updates.");
script_set_attribute(attribute:"description", value:
"The remote SUSE Linux SUSE15 host has packages installed that are affected by multiple vulnerabilities as referenced in
the openSUSE-SU-2021:1142-1 advisory.
- arch/powerpc/kvm/book3s_rtas.c in the Linux kernel through 5.13.5 on the powerpc platform allows KVM guest
OS users to cause host OS memory corruption via rtas_args.nargs, aka CID-f62f3c20647e. (CVE-2021-37576)
- A NULL pointer dereference flaw was found in the Linux kernel's IEEE 802.15.4 wireless networking
subsystem in the way the user closes the LR-WPAN connection. This flaw allows a local user to crash the
system. The highest threat from this vulnerability is to system availability. (CVE-2021-3659)
- A lack of CPU resource in the Linux kernel tracing module functionality in versions prior to 5.14-rc3 was
found in the way user uses trace ring buffer in a specific way. Only privileged local users (with
CAP_SYS_ADMIN capability) could use this flaw to starve the resources causing denial of service.
(CVE-2021-3679)
- An information disclosure vulnerability exists in the ARM SIGPAGE functionality of Linux Kernel v5.4.66
and v5.4.54. The latest version (5.11-rc4) seems to still be vulnerable. A userland application can read
the contents of the sigpage, which can leak kernel memory contents. An attacker can read a process's
memory at a specific offset to trigger this vulnerability. This was fixed in kernel releases: 4.14.222
4.19.177 5.4.99 5.10.17 5.11 (CVE-2021-21781)
- An issue was discovered in Linux: KVM through Improper handling of VM_IO|VM_PFNMAP vmas in KVM can bypass
RO checks and can lead to pages being freed while still accessible by the VMM and guest. This allows users
with the ability to start and control a VM to read/write random pages of memory and can result in local
privilege escalation. (CVE-2021-22543)
Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version
number.");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/802154");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/1065729");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/1085224");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/1094840");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/1113295");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/1153274");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/1154353");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/1156395");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/1179243");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/1183871");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/1184114");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/1184350");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/1184631");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/1185377");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/1185902");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/1186194");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/1186264");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/1186482");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/1187476");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/1188101");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/1188405");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/1188445");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/1188504");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/1188620");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/1188683");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/1188746");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/1188747");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/1188748");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/1188770");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/1188771");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/1188772");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/1188773");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/1188774");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/1188777");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/1188780");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/1188781");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/1188782");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/1188783");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/1188784");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/1188786");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/1188787");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/1188788");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/1188790");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/1188838");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/1188842");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/1188876");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/1188885");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/1188973");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/1189021");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/1189057");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/1189077");
# https://lists.opensuse.org/archives/list/[email protected]/thread/BN7VVRY72WW4I46CQCFBKXWN6CBHKRXO/
script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?7c3b8007");
script_set_attribute(attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2021-21781");
script_set_attribute(attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2021-22543");
script_set_attribute(attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2021-3659");
script_set_attribute(attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2021-3679");
script_set_attribute(attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2021-37576");
script_set_attribute(attribute:"solution", value:
"Update the affected packages.");
script_set_cvss_base_vector("CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C");
script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C");
script_set_cvss3_base_vector("CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H");
script_set_cvss3_temporal_vector("CVSS:3.0/E:P/RL:O/RC:C");
script_set_attribute(attribute:"cvss_score_source", value:"CVE-2021-37576");
script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
script_set_attribute(attribute:"exploit_available", value:"true");
script_set_attribute(attribute:"vuln_publication_date", value:"2021/05/26");
script_set_attribute(attribute:"patch_publication_date", value:"2021/08/10");
script_set_attribute(attribute:"plugin_publication_date", value:"2021/08/11");
script_set_attribute(attribute:"plugin_type", value:"local");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-debug");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-debug-devel");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-default");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-default-base");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-default-base-rebuild");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-default-devel");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-devel");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-kvmsmall");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-kvmsmall-devel");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-macros");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-obs-build");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-obs-qa");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-preempt");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-preempt-devel");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-source");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-source-vanilla");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-syms");
script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:opensuse:15.2");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_family(english:"SuSE Local Security Checks");
script_copyright(english:"This script is Copyright (C) 2021-2023 and is owned by Tenable, Inc. or an Affiliate thereof.");
script_dependencies("ssh_get_info.nasl");
script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/SuSE/release", "Host/SuSE/rpm-list");
exit(0);
}
include('audit.inc');
include('global_settings.inc');
include('misc_func.inc');
include('rpm.inc');
if (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
var release = get_kb_item('Host/SuSE/release');
if (isnull(release) || release =~ "^(SLED|SLES)") audit(AUDIT_OS_NOT, 'openSUSE');
var os_ver = pregmatch(pattern: "^SUSE([\d.]+)", string:release);
if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'openSUSE');
os_ver = os_ver[1];
if (release !~ "^(SUSE15\.2)$") audit(AUDIT_OS_RELEASE_NOT, 'openSUSE', '15.2', release);
if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
var cpu = get_kb_item('Host/cpu');
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if ('x86_64' >!< cpu && cpu !~ "^i[3-6]86$" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'openSUSE ' + os_ver, cpu);
var pkgs = [
{'reference':'kernel-debug-5.3.18-lp152.87.1', 'cpu':'x86_64', 'release':'SUSE15.2', 'rpm_spec_vers_cmp':TRUE},
{'reference':'kernel-debug-devel-5.3.18-lp152.87.1', 'cpu':'x86_64', 'release':'SUSE15.2', 'rpm_spec_vers_cmp':TRUE},
{'reference':'kernel-default-5.3.18-lp152.87.1', 'cpu':'x86_64', 'release':'SUSE15.2', 'rpm_spec_vers_cmp':TRUE},
{'reference':'kernel-default-base-5.3.18-lp152.87.1.lp152.8.40.1', 'cpu':'x86_64', 'release':'SUSE15.2', 'rpm_spec_vers_cmp':TRUE},
{'reference':'kernel-default-base-rebuild-5.3.18-lp152.87.1.lp152.8.40.1', 'cpu':'x86_64', 'release':'SUSE15.2', 'rpm_spec_vers_cmp':TRUE},
{'reference':'kernel-default-devel-5.3.18-lp152.87.1', 'cpu':'x86_64', 'release':'SUSE15.2', 'rpm_spec_vers_cmp':TRUE},
{'reference':'kernel-devel-5.3.18-lp152.87.1', 'release':'SUSE15.2', 'rpm_spec_vers_cmp':TRUE},
{'reference':'kernel-kvmsmall-5.3.18-lp152.87.1', 'cpu':'x86_64', 'release':'SUSE15.2', 'rpm_spec_vers_cmp':TRUE},
{'reference':'kernel-kvmsmall-devel-5.3.18-lp152.87.1', 'cpu':'x86_64', 'release':'SUSE15.2', 'rpm_spec_vers_cmp':TRUE},
{'reference':'kernel-macros-5.3.18-lp152.87.1', 'release':'SUSE15.2', 'rpm_spec_vers_cmp':TRUE},
{'reference':'kernel-obs-build-5.3.18-lp152.87.1', 'cpu':'x86_64', 'release':'SUSE15.2', 'rpm_spec_vers_cmp':TRUE},
{'reference':'kernel-obs-qa-5.3.18-lp152.87.1', 'cpu':'x86_64', 'release':'SUSE15.2', 'rpm_spec_vers_cmp':TRUE},
{'reference':'kernel-preempt-5.3.18-lp152.87.1', 'cpu':'x86_64', 'release':'SUSE15.2', 'rpm_spec_vers_cmp':TRUE},
{'reference':'kernel-preempt-devel-5.3.18-lp152.87.1', 'cpu':'x86_64', 'release':'SUSE15.2', 'rpm_spec_vers_cmp':TRUE},
{'reference':'kernel-source-5.3.18-lp152.87.1', 'release':'SUSE15.2', 'rpm_spec_vers_cmp':TRUE},
{'reference':'kernel-source-vanilla-5.3.18-lp152.87.1', 'release':'SUSE15.2', 'rpm_spec_vers_cmp':TRUE},
{'reference':'kernel-syms-5.3.18-lp152.87.1', 'cpu':'x86_64', 'release':'SUSE15.2', 'rpm_spec_vers_cmp':TRUE}
];
var flag = 0;
foreach package_array ( pkgs ) {
var reference = NULL;
var release = NULL;
var cpu = NULL;
var rpm_spec_vers_cmp = NULL;
if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];
if (!empty_or_null(package_array['release'])) release = package_array['release'];
if (!empty_or_null(package_array['cpu'])) cpu = package_array['cpu'];
if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];
if (reference && release) {
if (rpm_check(release:release, cpu:cpu, reference:reference, rpm_spec_vers_cmp:rpm_spec_vers_cmp)) flag++;
}
}
if (flag)
{
security_report_v4(
port : 0,
severity : SECURITY_HOLE,
extra : rpm_report_get()
);
exit(0);
}
else
{
var tested = pkg_tests_get();
if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'kernel-debug / kernel-debug-devel / kernel-default / etc');
}
Vendor | Product | Version | CPE |
---|---|---|---|
novell | opensuse | kernel-debug | p-cpe:/a:novell:opensuse:kernel-debug |
novell | opensuse | kernel-debug-devel | p-cpe:/a:novell:opensuse:kernel-debug-devel |
novell | opensuse | kernel-default | p-cpe:/a:novell:opensuse:kernel-default |
novell | opensuse | kernel-default-base | p-cpe:/a:novell:opensuse:kernel-default-base |
novell | opensuse | kernel-default-base-rebuild | p-cpe:/a:novell:opensuse:kernel-default-base-rebuild |
novell | opensuse | kernel-default-devel | p-cpe:/a:novell:opensuse:kernel-default-devel |
novell | opensuse | kernel-devel | p-cpe:/a:novell:opensuse:kernel-devel |
novell | opensuse | kernel-kvmsmall | p-cpe:/a:novell:opensuse:kernel-kvmsmall |
novell | opensuse | kernel-kvmsmall-devel | p-cpe:/a:novell:opensuse:kernel-kvmsmall-devel |
novell | opensuse | kernel-macros | p-cpe:/a:novell:opensuse:kernel-macros |
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-21781
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-22543
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3659
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3679
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-37576
www.nessus.org/u?7c3b8007
bugzilla.suse.com/1065729
bugzilla.suse.com/1085224
bugzilla.suse.com/1094840
bugzilla.suse.com/1113295
bugzilla.suse.com/1153274
bugzilla.suse.com/1154353
bugzilla.suse.com/1156395
bugzilla.suse.com/1179243
bugzilla.suse.com/1183871
bugzilla.suse.com/1184114
bugzilla.suse.com/1184350
bugzilla.suse.com/1184631
bugzilla.suse.com/1185377
bugzilla.suse.com/1185902
bugzilla.suse.com/1186194
bugzilla.suse.com/1186264
bugzilla.suse.com/1186482
bugzilla.suse.com/1187476
bugzilla.suse.com/1188101
bugzilla.suse.com/1188405
bugzilla.suse.com/1188445
bugzilla.suse.com/1188504
bugzilla.suse.com/1188620
bugzilla.suse.com/1188683
bugzilla.suse.com/1188746
bugzilla.suse.com/1188747
bugzilla.suse.com/1188748
bugzilla.suse.com/1188770
bugzilla.suse.com/1188771
bugzilla.suse.com/1188772
bugzilla.suse.com/1188773
bugzilla.suse.com/1188774
bugzilla.suse.com/1188777
bugzilla.suse.com/1188780
bugzilla.suse.com/1188781
bugzilla.suse.com/1188782
bugzilla.suse.com/1188783
bugzilla.suse.com/1188784
bugzilla.suse.com/1188786
bugzilla.suse.com/1188787
bugzilla.suse.com/1188788
bugzilla.suse.com/1188790
bugzilla.suse.com/1188838
bugzilla.suse.com/1188842
bugzilla.suse.com/1188876
bugzilla.suse.com/1188885
bugzilla.suse.com/1188973
bugzilla.suse.com/1189021
bugzilla.suse.com/1189057
bugzilla.suse.com/1189077
bugzilla.suse.com/802154
www.suse.com/security/cve/CVE-2021-21781
www.suse.com/security/cve/CVE-2021-22543
www.suse.com/security/cve/CVE-2021-3659
www.suse.com/security/cve/CVE-2021-3679
www.suse.com/security/cve/CVE-2021-37576