Lucene search
This script is Copyright (C) 2021-2023 and is owned by Tenable, Inc. or an Affiliate thereof.SUSE_SU-2021-2644-1.NASLHistoryAug 11, 2021 - 12:00 a.m.
SUSE SLES12 Security Update : kernel (SUSE-SU-2021:2644-1)
2021-08-1100:00:00
This script is Copyright (C) 2021-2023 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
22
The remote SUSE Linux SLES12 / SLES_SAP12 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2021:2644-1 advisory.
-
In l2tp_session_delete and related functions of l2tp_core.c, there is possible memory corruption due to a use after free. This could lead to local escalation of privilege with System execution privileges needed.
User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID:
A-152735806 (CVE-2020-0429) -
An issue was discovered in the Linux kernel before 5.8.1. net/bluetooth/hci_event.c has a slab out-of- bounds read in hci_extended_inquiry_result_evt, aka CID-51c19bf3d5cf. (CVE-2020-36386)
-
An issue was discovered in Linux: KVM through Improper handling of VM_IO|VM_PFNMAP vmas in KVM can bypass RO checks and can lead to pages being freed while still accessible by the VMM and guest. This allows users with the ability to start and control a VM to read/write random pages of memory and can result in local privilege escalation. (CVE-2021-22543)
-
A NULL pointer dereference flaw was found in the Linux kernel’s IEEE 802.15.4 wireless networking subsystem in the way the user closes the LR-WPAN connection. This flaw allows a local user to crash the system. The highest threat from this vulnerability is to system availability. (CVE-2021-3659)
-
arch/powerpc/kvm/book3s_rtas.c in the Linux kernel through 5.13.5 on the powerpc platform allows KVM guest OS users to cause host OS memory corruption via rtas_args.nargs, aka CID-f62f3c20647e. (CVE-2021-37576)
Note that Nessus has not tested for these issues but has instead relied only on the application’s self-reported version number.
#%NASL_MIN_LEVEL 70300
##
# (C) Tenable, Inc.
#
# The package checks in this plugin were extracted from
# SUSE update advisory SUSE-SU-2021:2644-1. The text itself
# is copyright (C) SUSE.
##
include('deprecated_nasl_level.inc');
include('compat.inc');
if (description)
{
script_id(152475);
script_version("1.7");
script_set_attribute(attribute:"plugin_modification_date", value:"2023/07/13");
script_cve_id(
"CVE-2020-0429",
"CVE-2020-36386",
"CVE-2021-3659",
"CVE-2021-22543",
"CVE-2021-37576"
);
script_xref(name:"SuSE", value:"SUSE-SU-2021:2644-1");
script_name(english:"SUSE SLES12 Security Update : kernel (SUSE-SU-2021:2644-1)");
script_set_attribute(attribute:"synopsis", value:
"The remote SUSE host is missing one or more security updates.");
script_set_attribute(attribute:"description", value:
"The remote SUSE Linux SLES12 / SLES_SAP12 host has packages installed that are affected by multiple vulnerabilities as
referenced in the SUSE-SU-2021:2644-1 advisory.
- In l2tp_session_delete and related functions of l2tp_core.c, there is possible memory corruption due to a
use after free. This could lead to local escalation of privilege with System execution privileges needed.
User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID:
A-152735806 (CVE-2020-0429)
- An issue was discovered in the Linux kernel before 5.8.1. net/bluetooth/hci_event.c has a slab out-of-
bounds read in hci_extended_inquiry_result_evt, aka CID-51c19bf3d5cf. (CVE-2020-36386)
- An issue was discovered in Linux: KVM through Improper handling of VM_IO|VM_PFNMAP vmas in KVM can bypass
RO checks and can lead to pages being freed while still accessible by the VMM and guest. This allows users
with the ability to start and control a VM to read/write random pages of memory and can result in local
privilege escalation. (CVE-2021-22543)
- A NULL pointer dereference flaw was found in the Linux kernel's IEEE 802.15.4 wireless networking
subsystem in the way the user closes the LR-WPAN connection. This flaw allows a local user to crash the
system. The highest threat from this vulnerability is to system availability. (CVE-2021-3659)
- arch/powerpc/kvm/book3s_rtas.c in the Linux kernel through 5.13.5 on the powerpc platform allows KVM guest
OS users to cause host OS memory corruption via rtas_args.nargs, aka CID-f62f3c20647e. (CVE-2021-37576)
Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version
number.");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/1065729");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/1085224");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/1094840");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/1113295");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/1176724");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/1176931");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/1176940");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/1179195");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/1181161");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/1183871");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/1184114");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/1184350");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/1184804");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/1185377");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/1186206");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/1186482");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/1186483");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/1186672");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/1187038");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/1187476");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/1187846");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/1188026");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/1188101");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/1188405");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/1188620");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/1188750");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/1188838");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/1188876");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/1188885");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/1188973");
script_set_attribute(attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2020-0429");
script_set_attribute(attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2020-36386");
script_set_attribute(attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2021-22543");
script_set_attribute(attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2021-3659");
script_set_attribute(attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2021-37576");
# https://lists.suse.com/pipermail/sle-security-updates/2021-August/009281.html
script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?59a9c797");
script_set_attribute(attribute:"solution", value:
"Update the affected packages.");
script_set_cvss_base_vector("CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C");
script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C");
script_set_cvss3_base_vector("CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H");
script_set_cvss3_temporal_vector("CVSS:3.0/E:P/RL:O/RC:C");
script_set_attribute(attribute:"cvss_score_source", value:"CVE-2021-37576");
script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
script_set_attribute(attribute:"exploit_available", value:"true");
script_set_attribute(attribute:"vuln_publication_date", value:"2020/09/17");
script_set_attribute(attribute:"patch_publication_date", value:"2021/08/10");
script_set_attribute(attribute:"plugin_publication_date", value:"2021/08/11");
script_set_attribute(attribute:"plugin_type", value:"local");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:kernel-azure");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:kernel-azure-base");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:kernel-azure-devel");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:kernel-devel-azure");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:kernel-source-azure");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:kernel-syms-azure");
script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:suse_linux:12");
script_set_attribute(attribute:"generated_plugin", value:"current");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_family(english:"SuSE Local Security Checks");
script_copyright(english:"This script is Copyright (C) 2021-2023 and is owned by Tenable, Inc. or an Affiliate thereof.");
script_dependencies("ssh_get_info.nasl");
script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/SuSE/release", "Host/SuSE/rpm-list");
exit(0);
}
include('rpm.inc');
if (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
var os_release = get_kb_item("Host/SuSE/release");
if (isnull(os_release) || os_release !~ "^(SLED|SLES)") audit(AUDIT_OS_NOT, "SUSE");
var os_ver = pregmatch(pattern: "^(SLE(S|D)(?:_SAP)?\d+)", string:os_release);
if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'SUSE');
os_ver = os_ver[1];
if (! preg(pattern:"^(SLES12|SLES_SAP12)$", string:os_ver)) audit(AUDIT_OS_NOT, 'SUSE SLES12 / SLES_SAP12', 'SUSE (' + os_ver + ')');
if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
var cpu = get_kb_item('Host/cpu');
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if ('x86_64' >!< cpu && cpu !~ "^i[3-6]86$" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'SUSE (' + os_ver + ')', cpu);
var service_pack = get_kb_item("Host/SuSE/patchlevel");
if (isnull(service_pack)) service_pack = "0";
if (os_ver == "SLES12" && (! preg(pattern:"^(5)$", string:service_pack))) audit(AUDIT_OS_NOT, "SLES12 SP5", os_ver + " SP" + service_pack);
if (os_ver == "SLES_SAP12" && (! preg(pattern:"^(5)$", string:service_pack))) audit(AUDIT_OS_NOT, "SLES_SAP12 SP5", os_ver + " SP" + service_pack);
var pkgs = [
{'reference':'kernel-azure-4.12.14-16.68.1', 'sp':'5', 'cpu':'x86_64', 'release':'SLES_SAP12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-12.5']},
{'reference':'kernel-azure-base-4.12.14-16.68.1', 'sp':'5', 'cpu':'x86_64', 'release':'SLES_SAP12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-12.5']},
{'reference':'kernel-azure-devel-4.12.14-16.68.1', 'sp':'5', 'cpu':'x86_64', 'release':'SLES_SAP12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-12.5']},
{'reference':'kernel-devel-azure-4.12.14-16.68.1', 'sp':'5', 'release':'SLES_SAP12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-12.5']},
{'reference':'kernel-source-azure-4.12.14-16.68.1', 'sp':'5', 'release':'SLES_SAP12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-12.5']},
{'reference':'kernel-syms-azure-4.12.14-16.68.1', 'sp':'5', 'cpu':'x86_64', 'release':'SLES_SAP12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-12.5']},
{'reference':'kernel-azure-4.12.14-16.68.1', 'sp':'5', 'cpu':'x86_64', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sles-release-12.5']},
{'reference':'kernel-azure-base-4.12.14-16.68.1', 'sp':'5', 'cpu':'x86_64', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sles-release-12.5']},
{'reference':'kernel-azure-devel-4.12.14-16.68.1', 'sp':'5', 'cpu':'x86_64', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sles-release-12.5']},
{'reference':'kernel-devel-azure-4.12.14-16.68.1', 'sp':'5', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sles-release-12.5']},
{'reference':'kernel-source-azure-4.12.14-16.68.1', 'sp':'5', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sles-release-12.5']},
{'reference':'kernel-syms-azure-4.12.14-16.68.1', 'sp':'5', 'cpu':'x86_64', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sles-release-12.5']}
];
var ltss_caveat_required = FALSE;
var flag = 0;
foreach var package_array ( pkgs ) {
var reference = NULL;
var _release = NULL;
var sp = NULL;
var _cpu = NULL;
var exists_check = NULL;
var rpm_spec_vers_cmp = NULL;
if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];
if (!empty_or_null(package_array['release'])) _release = package_array['release'];
if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];
if (!empty_or_null(package_array['cpu'])) _cpu = package_array['cpu'];
if (!empty_or_null(package_array['exists_check'])) exists_check = package_array['exists_check'];
if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];
if (reference && _release) {
if (exists_check) {
var check_flag = 0;
foreach var check (exists_check) {
if (!rpm_exists(release:_release, rpm:check)) continue;
check_flag++;
}
if (!check_flag) continue;
}
if (rpm_check(release:_release, sp:sp, cpu:_cpu, reference:reference, rpm_spec_vers_cmp:rpm_spec_vers_cmp)) flag++;
}
}
if (flag)
{
security_report_v4(
port : 0,
severity : SECURITY_HOLE,
extra : rpm_report_get()
);
exit(0);
}
else
{
var tested = pkg_tests_get();
if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'kernel-azure / kernel-azure-base / kernel-azure-devel / etc');
}
| Vendor | Product | Version | CPE |
|---|---|---|---|
| novell | suse_linux | kernel-azure | p-cpe:/a:novell:suse_linux:kernel-azure |
| novell | suse_linux | kernel-azure-base | p-cpe:/a:novell:suse_linux:kernel-azure-base |
| novell | suse_linux | kernel-azure-devel | p-cpe:/a:novell:suse_linux:kernel-azure-devel |
| novell | suse_linux | kernel-devel-azure | p-cpe:/a:novell:suse_linux:kernel-devel-azure |
| novell | suse_linux | kernel-source-azure | p-cpe:/a:novell:suse_linux:kernel-source-azure |
| novell | suse_linux | kernel-syms-azure | p-cpe:/a:novell:suse_linux:kernel-syms-azure |
| novell | suse_linux | 12 | cpe:/o:novell:suse_linux:12 |
References
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-0429
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-36386
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-22543
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3659
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-37576
www.nessus.org/u?59a9c797
bugzilla.suse.com/1065729
bugzilla.suse.com/1085224
bugzilla.suse.com/1094840
bugzilla.suse.com/1113295
bugzilla.suse.com/1176724
bugzilla.suse.com/1176931
bugzilla.suse.com/1176940
bugzilla.suse.com/1179195
bugzilla.suse.com/1181161
bugzilla.suse.com/1183871
bugzilla.suse.com/1184114
bugzilla.suse.com/1184350
bugzilla.suse.com/1184804
bugzilla.suse.com/1185377
bugzilla.suse.com/1186206
bugzilla.suse.com/1186482
bugzilla.suse.com/1186483
bugzilla.suse.com/1186672
bugzilla.suse.com/1187038
bugzilla.suse.com/1187476
bugzilla.suse.com/1187846
bugzilla.suse.com/1188026
bugzilla.suse.com/1188101
bugzilla.suse.com/1188405
bugzilla.suse.com/1188620
bugzilla.suse.com/1188750
bugzilla.suse.com/1188838
bugzilla.suse.com/1188876
bugzilla.suse.com/1188885
bugzilla.suse.com/1188973
www.suse.com/security/cve/CVE-2020-0429
www.suse.com/security/cve/CVE-2020-36386
www.suse.com/security/cve/CVE-2021-22543
www.suse.com/security/cve/CVE-2021-3659
www.suse.com/security/cve/CVE-2021-37576
Related
nessus
nessus
SUSE SLED12 / SLES12 Security Update : kernel (SUSE-SU-2021:2647-1)
2021-08-11 00:00:00
SUSE SLED15 / SLES15 Security Update : kernel (SUSE-SU-2021:2756-1)
2021-08-18 00:00:00
SUSE SLES15 Security Update : kernel (SUSE-SU-2021:2646-1)
2021-08-11 00:00:00
redhat
redhat
(RHSA-2021:3768) Important: kpatch-patch security update
2021-10-12 09:00:13
(RHSA-2021:3766) Important: kernel security update
2021-10-12 07:29:36
(RHSA-2021:4000) Important: kpatch-patch security update
2021-10-26 15:34:21
suse
suse
Security update for the Linux Kernel (important)
2021-08-11 00:00:00
Security update for the Linux Kernel (important)
2021-08-10 00:00:00
Security update for the Linux Kernel (important)
2021-08-14 00:00:00
ibm
ibm
centos
centos
bpftool, kernel, perf, python security update
2021-11-17 15:22:13
oraclelinux
oraclelinux
kernel security and bug fix update
2021-10-12 00:00:00
kernel security and bug fix update
2021-09-08 00:00:00
kernel security, bug fix, and enhancement update
2021-08-11 00:00:00
cve
cve
debiancve
debiancve
ubuntucve
ubuntucve
redhatcve
redhatcve
veracode
veracode
Denial Of Service (DoS)
2021-11-26 00:41:02
Denial Of Service (DoS)
2021-09-09 16:22:43
Denial Of Service (DoS)
2021-12-12 23:34:14
prion
prion
Design/Logic Flaw
2021-06-07 20:15:00
Memory corruption
2021-07-26 22:15:00
Privilege escalation
2021-05-26 11:15:00
f5
f5
K76934290 : Linux kernel vulnerability CVE-2020-36386
2022-10-19 00:00:00
K39029022 : Linux kernel vulnerability CVE-2021-37576
2022-01-20 00:00:00
K01217337 : Linux kernel vulnerability CVE-2021-22543
2022-02-07 00:00:00
fedora
fedora
[SECURITY] Fedora 34 Update: kernel-tools-5.13.6-200.fc34
2021-08-02 01:05:52
[SECURITY] Fedora 34 Update: kernel-5.13.6-200.fc34
2021-08-02 01:05:51
[SECURITY] Fedora 33 Update: kernel-tools-5.13.6-100.fc33
2021-08-02 01:07:19
photon
photon
cloudlinux
cloudlinux
Fixed CVE-2021-22543 in kernel
2022-07-28 14:22:27
Fixed CVE-2021-22543 in kernel
2022-07-28 14:18:22
cbl_mariner
cbl_mariner
CVE-2021-37576 affecting package kernel 5.10.78.1-1
2022-04-09 06:52:47
CVE-2021-37576 affecting package kernel 5.10.168.1-1
2021-09-09 15:03:26
CVE-2021-3659 affecting package kernel 5.10.131.1-1
2022-09-17 05:57:05
amazon
amazon
Important: kernel
2021-08-13 17:31:00
cnvd
cnvd
Linux Kerne code issue vulnerability
2022-10-17 00:00:00
osv
osv
ubuntu
ubuntu
Linux kernel vulnerabilities
2021-09-29 00:00:00
Linux kernel (Raspberry Pi) vulnerabilities
2021-09-22 00:00:00
Linux kernel (HWE) vulnerabilities
2021-09-16 00:00:00
cloudfoundry
cloudfoundry
USN-5094-1: Linux kernel vulnerabilities | Cloud Foundry
2021-10-28 00:00:00
USN-5071-2: Linux kernel (HWE) vulnerabilities | Cloud Foundry
2021-10-04 00:00:00
USN-5091-1: Linux kernel vulnerabilities | Cloud Foundry
2021-10-04 00:00:00
rocky
rocky
kernel security and bug fix update
2021-09-07 17:24:27
kernel-rt security and bug fix update
2021-08-10 12:10:45
kernel security, bug fix, and enhancement update
2021-08-10 11:56:07
almalinux
almalinux
Important: kernel security and bug fix update
2021-09-07 17:24:27
Important: kernel security, bug fix, and enhancement update
2021-08-10 11:56:07
mageia
mageia
Updated kernel-linus packages fix security vulnerabilities
2021-07-12 23:26:21
Updated kernel packages fix security vulnerabilities
2021-07-12 23:26:21
Related for SUSE_SU-2021-2644-1.NASL