The remote SUSE Linux SUSE15 host has packages installed that are affected by multiple vulnerabilities as referenced in the openSUSE-SU-2021:3338-1 advisory.
A use-after-free flaw was found in the Linux kernel’s Bluetooth subsystem in the way user calls connect to the socket and disconnect simultaneously due to a race condition. This flaw allows a user to crash the system or escalate their privileges. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability. (CVE-2021-3752)
u’Specifically timed and handcrafted traffic can cause internal errors in a WLAN device that lead to improper layer 2 Wi-Fi encryption with a consequent possibility of information disclosure over the air for a discrete set of traffic’ in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables, Snapdragon Wired Infrastructure and Networking in APQ8053, IPQ4019, IPQ8064, MSM8909W, MSM8996AU, QCA9531, QCN5502, QCS405, SDX20, SM6150, SM7150 (CVE-2020-3702)
A flaw was found in the Linux kernel. Measuring usage of the shared memory does not scale with large shared memory segment counts which could lead to resource exhaustion and DoS. (CVE-2021-3669)
A memory leak flaw was found in the Linux kernel in the ccp_run_aes_gcm_cmd() function in drivers/crypto/ccp/ccp-ops.c, which allows attackers to cause a denial of service (memory consumption).
This vulnerability is similar with the older CVE-2019-18808. (CVE-2021-3744)
A memory leak flaw was found in the Linux kernel’s ccp_run_aes_gcm_cmd() function that allows an attacker to cause a denial of service. The vulnerability is similar to the older CVE-2019-18808. The highest threat from this vulnerability is to system availability. (CVE-2021-3764)
Note that Nessus has not tested for this issue but has instead relied only on the application’s self-reported version number.
#%NASL_MIN_LEVEL 70300
##
# (C) Tenable Network Security, Inc.
#
# The package checks in this plugin were extracted from
# openSUSE Security Update openSUSE-SU-2021:3338-1. The text itself
# is copyright (C) SUSE.
##
include('deprecated_nasl_level.inc');
include('compat.inc');
if (description)
{
script_id(154091);
script_version("1.8");
script_set_attribute(attribute:"plugin_modification_date", value:"2023/11/28");
script_cve_id(
"CVE-2020-3702",
"CVE-2021-3669",
"CVE-2021-3744",
"CVE-2021-3752",
"CVE-2021-3764",
"CVE-2021-40490"
);
script_name(english:"openSUSE 15 Security Update : kernel (openSUSE-SU-2021:3338-1)");
script_set_attribute(attribute:"synopsis", value:
"The remote SUSE host is missing one or more security updates.");
script_set_attribute(attribute:"description", value:
"The remote SUSE Linux SUSE15 host has packages installed that are affected by multiple vulnerabilities as referenced in
the openSUSE-SU-2021:3338-1 advisory.
- A use-after-free flaw was found in the Linux kernel's Bluetooth subsystem in the way user calls connect to
the socket and disconnect simultaneously due to a race condition. This flaw allows a user to crash the
system or escalate their privileges. The highest threat from this vulnerability is to confidentiality,
integrity, as well as system availability. (CVE-2021-3752)
- u'Specifically timed and handcrafted traffic can cause internal errors in a WLAN device that lead to
improper layer 2 Wi-Fi encryption with a consequent possibility of information disclosure over the air for
a discrete set of traffic' in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon
Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon
Wearables, Snapdragon Wired Infrastructure and Networking in APQ8053, IPQ4019, IPQ8064, MSM8909W,
MSM8996AU, QCA9531, QCN5502, QCS405, SDX20, SM6150, SM7150 (CVE-2020-3702)
- A flaw was found in the Linux kernel. Measuring usage of the shared memory does not scale with large
shared memory segment counts which could lead to resource exhaustion and DoS. (CVE-2021-3669)
- A memory leak flaw was found in the Linux kernel in the ccp_run_aes_gcm_cmd() function in
drivers/crypto/ccp/ccp-ops.c, which allows attackers to cause a denial of service (memory consumption).
This vulnerability is similar with the older CVE-2019-18808. (CVE-2021-3744)
- A memory leak flaw was found in the Linux kernel's ccp_run_aes_gcm_cmd() function that allows an attacker
to cause a denial of service. The vulnerability is similar to the older CVE-2019-18808. The highest threat
from this vulnerability is to system availability. (CVE-2021-3764)
Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version
number.");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/1065729");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/1148868");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/1152489");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/1154353");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/1159886");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/1167773");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/1170774");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/1171688");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/1173746");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/1174003");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/1176447");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/1176940");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/1177028");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/1178134");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/1184439");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/1184804");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/1185302");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/1185550");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/1185677");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/1185726");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/1185762");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/1187211");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/1188067");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/1188418");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/1188651");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/1188986");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/1189257");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/1189297");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/1189841");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/1189884");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/1190023");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/1190062");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/1190115");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/1190138");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/1190159");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/1190358");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/1190406");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/1190432");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/1190467");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/1190523");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/1190534");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/1190543");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/1190544");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/1190561");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/1190576");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/1190595");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/1190596");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/1190598");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/1190620");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/1190626");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/1190679");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/1190705");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/1190717");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/1190746");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/1190758");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/1190784");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/1190785");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/1191172");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/1191193");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/1191292");
# https://lists.opensuse.org/archives/list/[email protected]/thread/H64LCXMISTZ7YB7R4ABO2Y73X23DJFXU/
script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?3c7b5d8d");
script_set_attribute(attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2020-3702");
script_set_attribute(attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2021-3669");
script_set_attribute(attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2021-3744");
script_set_attribute(attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2021-3752");
script_set_attribute(attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2021-3764");
script_set_attribute(attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2021-40490");
script_set_attribute(attribute:"solution", value:
"Update the affected packages.");
script_set_cvss_base_vector("CVSS2#AV:A/AC:M/Au:N/C:C/I:C/A:C");
script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C");
script_set_cvss3_base_vector("CVSS:3.0/AV:A/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H");
script_set_cvss3_temporal_vector("CVSS:3.0/E:P/RL:O/RC:C");
script_set_attribute(attribute:"cvss_score_source", value:"CVE-2021-3752");
script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
script_set_attribute(attribute:"exploit_available", value:"true");
script_set_attribute(attribute:"vuln_publication_date", value:"2020/09/08");
script_set_attribute(attribute:"patch_publication_date", value:"2021/10/12");
script_set_attribute(attribute:"plugin_publication_date", value:"2021/10/13");
script_set_attribute(attribute:"plugin_type", value:"local");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:cluster-md-kmp-azure");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:dlm-kmp-azure");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:gfs2-kmp-azure");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-azure");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-azure-devel");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-azure-extra");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-azure-livepatch-devel");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-azure-optional");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-devel-azure");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-source-azure");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-syms-azure");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kselftests-kmp-azure");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:ocfs2-kmp-azure");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:reiserfs-kmp-azure");
script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:opensuse:15.3");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_family(english:"SuSE Local Security Checks");
script_copyright(english:"This script is Copyright (C) 2021-2023 and is owned by Tenable, Inc. or an Affiliate thereof.");
script_dependencies("ssh_get_info.nasl");
script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/SuSE/release", "Host/SuSE/rpm-list");
exit(0);
}
include('audit.inc');
include('global_settings.inc');
include('misc_func.inc');
include('rpm.inc');
if (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
var release = get_kb_item('Host/SuSE/release');
if (isnull(release) || release =~ "^(SLED|SLES)") audit(AUDIT_OS_NOT, 'openSUSE');
var os_ver = pregmatch(pattern: "^SUSE([\d.]+)", string:release);
if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'openSUSE');
os_ver = os_ver[1];
if (release !~ "^(SUSE15\.3)$") audit(AUDIT_OS_RELEASE_NOT, 'openSUSE', '15.3', release);
if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
var cpu = get_kb_item('Host/cpu');
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if ('x86_64' >!< cpu && cpu !~ "^i[3-6]86$" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'openSUSE ' + os_ver, cpu);
var pkgs = [
{'reference':'cluster-md-kmp-azure-5.3.18-38.25.2', 'cpu':'x86_64', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE},
{'reference':'dlm-kmp-azure-5.3.18-38.25.2', 'cpu':'x86_64', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE},
{'reference':'gfs2-kmp-azure-5.3.18-38.25.2', 'cpu':'x86_64', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE},
{'reference':'kernel-azure-5.3.18-38.25.2', 'cpu':'x86_64', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE},
{'reference':'kernel-azure-devel-5.3.18-38.25.2', 'cpu':'x86_64', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE},
{'reference':'kernel-azure-extra-5.3.18-38.25.2', 'cpu':'x86_64', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE},
{'reference':'kernel-azure-livepatch-devel-5.3.18-38.25.2', 'cpu':'x86_64', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE},
{'reference':'kernel-azure-optional-5.3.18-38.25.2', 'cpu':'x86_64', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE},
{'reference':'kernel-devel-azure-5.3.18-38.25.2', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE},
{'reference':'kernel-source-azure-5.3.18-38.25.2', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE},
{'reference':'kernel-syms-azure-5.3.18-38.25.1', 'cpu':'x86_64', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE},
{'reference':'kselftests-kmp-azure-5.3.18-38.25.2', 'cpu':'x86_64', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE},
{'reference':'ocfs2-kmp-azure-5.3.18-38.25.2', 'cpu':'x86_64', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE},
{'reference':'reiserfs-kmp-azure-5.3.18-38.25.2', 'cpu':'x86_64', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE}
];
var flag = 0;
foreach package_array ( pkgs ) {
var reference = NULL;
var release = NULL;
var cpu = NULL;
var rpm_spec_vers_cmp = NULL;
if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];
if (!empty_or_null(package_array['release'])) release = package_array['release'];
if (!empty_or_null(package_array['cpu'])) cpu = package_array['cpu'];
if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];
if (reference && release) {
if (rpm_check(release:release, cpu:cpu, reference:reference, rpm_spec_vers_cmp:rpm_spec_vers_cmp)) flag++;
}
}
if (flag)
{
security_report_v4(
port : 0,
severity : SECURITY_HOLE,
extra : rpm_report_get()
);
exit(0);
}
else
{
var tested = pkg_tests_get();
if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'cluster-md-kmp-azure / dlm-kmp-azure / gfs2-kmp-azure / kernel-azure / etc');
}
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-3702
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3669
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3744
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3752
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3764
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-40490
www.nessus.org/u?3c7b5d8d
bugzilla.suse.com/1065729
bugzilla.suse.com/1148868
bugzilla.suse.com/1152489
bugzilla.suse.com/1154353
bugzilla.suse.com/1159886
bugzilla.suse.com/1167773
bugzilla.suse.com/1170774
bugzilla.suse.com/1171688
bugzilla.suse.com/1173746
bugzilla.suse.com/1174003
bugzilla.suse.com/1176447
bugzilla.suse.com/1176940
bugzilla.suse.com/1177028
bugzilla.suse.com/1178134
bugzilla.suse.com/1184439
bugzilla.suse.com/1184804
bugzilla.suse.com/1185302
bugzilla.suse.com/1185550
bugzilla.suse.com/1185677
bugzilla.suse.com/1185726
bugzilla.suse.com/1185762
bugzilla.suse.com/1187211
bugzilla.suse.com/1188067
bugzilla.suse.com/1188418
bugzilla.suse.com/1188651
bugzilla.suse.com/1188986
bugzilla.suse.com/1189257
bugzilla.suse.com/1189297
bugzilla.suse.com/1189841
bugzilla.suse.com/1189884
bugzilla.suse.com/1190023
bugzilla.suse.com/1190062
bugzilla.suse.com/1190115
bugzilla.suse.com/1190138
bugzilla.suse.com/1190159
bugzilla.suse.com/1190358
bugzilla.suse.com/1190406
bugzilla.suse.com/1190432
bugzilla.suse.com/1190467
bugzilla.suse.com/1190523
bugzilla.suse.com/1190534
bugzilla.suse.com/1190543
bugzilla.suse.com/1190544
bugzilla.suse.com/1190561
bugzilla.suse.com/1190576
bugzilla.suse.com/1190595
bugzilla.suse.com/1190596
bugzilla.suse.com/1190598
bugzilla.suse.com/1190620
bugzilla.suse.com/1190626
bugzilla.suse.com/1190679
bugzilla.suse.com/1190705
bugzilla.suse.com/1190717
bugzilla.suse.com/1190746
bugzilla.suse.com/1190758
bugzilla.suse.com/1190784
bugzilla.suse.com/1190785
bugzilla.suse.com/1191172
bugzilla.suse.com/1191193
bugzilla.suse.com/1191292
www.suse.com/security/cve/CVE-2020-3702
www.suse.com/security/cve/CVE-2021-3669
www.suse.com/security/cve/CVE-2021-3744
www.suse.com/security/cve/CVE-2021-3752
www.suse.com/security/cve/CVE-2021-3764
www.suse.com/security/cve/CVE-2021-40490