Lucene search
This script is Copyright (C) 2022-2023 and is owned by Tenable, Inc. or an Affiliate thereof.SUSE_SU-2022-0234-1.NASLHistoryFeb 01, 2022 - 12:00 a.m.
SUSE SLES12 / SLES15 Security Update : kernel (Live Patch 16 for SLE 12 SP5) (SUSE-SU-2022:0234-1)
2022-02-0100:00:00
This script is Copyright (C) 2022-2023 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
14
The remote SUSE Linux SLES12 / SLES15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2022:0234-1 advisory.
-
A vulnerability was found in Linux Kernel where refcount leak in llcp_sock_bind() causing use-after-free which might lead to privilege escalations. (CVE-2020-25670)
-
A vulnerability was found in Linux Kernel, where a refcount leak in llcp_sock_connect() causing use-after- free which might lead to privilege escalations. (CVE-2020-25671)
-
A memory leak vulnerability was found in Linux kernel in llcp_sock_connect (CVE-2020-25672)
-
A vulnerability was found in Linux kernel where non-blocking socket in llcp_sock_connect() leads to leak and eventually hanging-up the system. (CVE-2020-25673)
-
u’Specifically timed and handcrafted traffic can cause internal errors in a WLAN device that lead to improper layer 2 Wi-Fi encryption with a consequent possibility of information disclosure over the air for a discrete set of traffic’ in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables, Snapdragon Wired Infrastructure and Networking in APQ8053, IPQ4019, IPQ8064, MSM8909W, MSM8996AU, QCA9531, QCN5502, QCS405, SDX20, SM6150, SM7150 (CVE-2020-3702)
-
Use After Free vulnerability in nfc sockets in the Linux Kernel before 5.12.4 allows local attackers to elevate their privileges. In typical configurations, the issue can only be triggered by a privileged local user with the CAP_NET_RAW capability. (CVE-2021-23134)
-
A heap-based buffer overflow flaw was found in the Linux kernel FireDTV media card driver, where the user calls the CA_SEND_MSG ioctl. This flaw allows a local user of the host machine to crash the system or escalate privileges on the system. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability. (CVE-2021-42739)
Note that Nessus has not tested for these issues but has instead relied only on the application’s self-reported version number.
#%NASL_MIN_LEVEL 70300
##
# (C) Tenable, Inc.
#
# The package checks in this plugin were extracted from
# SUSE update advisory SUSE-SU-2022:0234-1. The text itself
# is copyright (C) SUSE.
##
include('deprecated_nasl_level.inc');
include('compat.inc');
if (description)
{
script_id(157278);
script_version("1.6");
script_set_attribute(attribute:"plugin_modification_date", value:"2023/07/13");
script_cve_id(
"CVE-2020-3702",
"CVE-2020-25670",
"CVE-2020-25671",
"CVE-2020-25672",
"CVE-2020-25673",
"CVE-2021-23134",
"CVE-2021-42739"
);
script_xref(name:"SuSE", value:"SUSE-SU-2022:0234-1");
script_name(english:"SUSE SLES12 / SLES15 Security Update : kernel (Live Patch 16 for SLE 12 SP5) (SUSE-SU-2022:0234-1)");
script_set_attribute(attribute:"synopsis", value:
"The remote SUSE host is missing one or more security updates.");
script_set_attribute(attribute:"description", value:
"The remote SUSE Linux SLES12 / SLES15 host has packages installed that are affected by multiple vulnerabilities as
referenced in the SUSE-SU-2022:0234-1 advisory.
- A vulnerability was found in Linux Kernel where refcount leak in llcp_sock_bind() causing use-after-free
which might lead to privilege escalations. (CVE-2020-25670)
- A vulnerability was found in Linux Kernel, where a refcount leak in llcp_sock_connect() causing use-after-
free which might lead to privilege escalations. (CVE-2020-25671)
- A memory leak vulnerability was found in Linux kernel in llcp_sock_connect (CVE-2020-25672)
- A vulnerability was found in Linux kernel where non-blocking socket in llcp_sock_connect() leads to leak
and eventually hanging-up the system. (CVE-2020-25673)
- u'Specifically timed and handcrafted traffic can cause internal errors in a WLAN device that lead to
improper layer 2 Wi-Fi encryption with a consequent possibility of information disclosure over the air for
a discrete set of traffic' in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon
Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon
Wearables, Snapdragon Wired Infrastructure and Networking in APQ8053, IPQ4019, IPQ8064, MSM8909W,
MSM8996AU, QCA9531, QCN5502, QCS405, SDX20, SM6150, SM7150 (CVE-2020-3702)
- Use After Free vulnerability in nfc sockets in the Linux Kernel before 5.12.4 allows local attackers to
elevate their privileges. In typical configurations, the issue can only be triggered by a privileged local
user with the CAP_NET_RAW capability. (CVE-2021-23134)
- A heap-based buffer overflow flaw was found in the Linux kernel FireDTV media card driver, where the user
calls the CA_SEND_MSG ioctl. This flaw allows a local user of the host machine to crash the system or
escalate privileges on the system. The highest threat from this vulnerability is to confidentiality,
integrity, as well as system availability. (CVE-2021-42739)
Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version
number.");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/1186061");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/1191529");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/1192036");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/1194680");
script_set_attribute(attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2020-25670");
script_set_attribute(attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2020-25671");
script_set_attribute(attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2020-25672");
script_set_attribute(attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2020-25673");
script_set_attribute(attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2020-3702");
script_set_attribute(attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2021-23134");
script_set_attribute(attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2021-42739");
# https://lists.suse.com/pipermail/sle-security-updates/2022-January/010147.html
script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?c94ee712");
script_set_attribute(attribute:"solution", value:
"Update the affected kernel-livepatch-4_12_14-197_86-default and / or kgraft-patch-4_12_14-122_63-default packages.");
script_set_cvss_base_vector("CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C");
script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C");
script_set_cvss3_base_vector("CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H");
script_set_cvss3_temporal_vector("CVSS:3.0/E:P/RL:O/RC:C");
script_set_attribute(attribute:"cvss_score_source", value:"CVE-2020-25671");
script_set_attribute(attribute:"cvss3_score_source", value:"CVE-2021-23134");
script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
script_set_attribute(attribute:"exploit_available", value:"true");
script_set_attribute(attribute:"vuln_publication_date", value:"2020/09/08");
script_set_attribute(attribute:"patch_publication_date", value:"2022/01/31");
script_set_attribute(attribute:"plugin_publication_date", value:"2022/02/01");
script_set_attribute(attribute:"plugin_type", value:"local");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:kernel-livepatch-4_12_14-197_86-default");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:kgraft-patch-4_12_14-122_63-default");
script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:suse_linux:12");
script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:suse_linux:15");
script_set_attribute(attribute:"generated_plugin", value:"current");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_family(english:"SuSE Local Security Checks");
script_copyright(english:"This script is Copyright (C) 2022-2023 and is owned by Tenable, Inc. or an Affiliate thereof.");
script_dependencies("ssh_get_info.nasl");
script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/SuSE/release", "Host/SuSE/rpm-list");
exit(0);
}
include('rpm.inc');
if (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
var os_release = get_kb_item("Host/SuSE/release");
if (isnull(os_release) || os_release !~ "^(SLED|SLES)") audit(AUDIT_OS_NOT, "SUSE");
var os_ver = pregmatch(pattern: "^(SLE(S|D)\d+)", string:os_release);
if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'SUSE');
os_ver = os_ver[1];
if (! preg(pattern:"^(SLES12|SLES15)$", string:os_ver)) audit(AUDIT_OS_NOT, 'SUSE SLES12 / SLES15', 'SUSE (' + os_ver + ')');
if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
var cpu = get_kb_item('Host/cpu');
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if ('x86_64' >!< cpu && cpu !~ "^i[3-6]86$" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'SUSE (' + os_ver + ')', cpu);
var service_pack = get_kb_item("Host/SuSE/patchlevel");
if (isnull(service_pack)) service_pack = "0";
if (os_ver == "SLES12" && (! preg(pattern:"^(5)$", string:service_pack))) audit(AUDIT_OS_NOT, "SLES12 SP5", os_ver + " SP" + service_pack);
if (os_ver == "SLES15" && (! preg(pattern:"^(1)$", string:service_pack))) audit(AUDIT_OS_NOT, "SLES15 SP1", os_ver + " SP" + service_pack);
var pkgs = [
{'reference':'kgraft-patch-4_12_14-122_63-default-13-2.2', 'sp':'5', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sle-live-patching-release-12.5']},
{'reference':'kernel-livepatch-4_12_14-197_86-default-13-2.2', 'sp':'1', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sle-module-live-patching-release-15.1']}
];
var ltss_caveat_required = FALSE;
var flag = 0;
foreach var package_array ( pkgs ) {
var reference = NULL;
var _release = NULL;
var sp = NULL;
var _cpu = NULL;
var exists_check = NULL;
var rpm_spec_vers_cmp = NULL;
if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];
if (!empty_or_null(package_array['release'])) _release = package_array['release'];
if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];
if (!empty_or_null(package_array['cpu'])) _cpu = package_array['cpu'];
if (!empty_or_null(package_array['exists_check'])) exists_check = package_array['exists_check'];
if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];
if (reference && _release) {
if (exists_check) {
var check_flag = 0;
foreach var check (exists_check) {
if (!rpm_exists(release:_release, rpm:check)) continue;
check_flag++;
}
if (!check_flag) continue;
}
if (rpm_check(release:_release, sp:sp, cpu:_cpu, reference:reference, rpm_spec_vers_cmp:rpm_spec_vers_cmp)) flag++;
}
}
if (flag)
{
security_report_v4(
port : 0,
severity : SECURITY_HOLE,
extra : rpm_report_get()
);
exit(0);
}
else
{
var tested = pkg_tests_get();
if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'kernel-livepatch-4_12_14-197_86-default / etc');
}
| Vendor | Product | Version | CPE |
|---|---|---|---|
| novell | suse_linux | kernel-livepatch-4_12_14-197_86-default | p-cpe:/a:novell:suse_linux:kernel-livepatch-4_12_14-197_86-default |
| novell | suse_linux | kgraft-patch-4_12_14-122_63-default | p-cpe:/a:novell:suse_linux:kgraft-patch-4_12_14-122_63-default |
| novell | suse_linux | 12 | cpe:/o:novell:suse_linux:12 |
| novell | suse_linux | 15 | cpe:/o:novell:suse_linux:15 |
References
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25670
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25671
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25672
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25673
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-3702
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-23134
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42739
www.nessus.org/u?c94ee712
bugzilla.suse.com/1186061
bugzilla.suse.com/1191529
bugzilla.suse.com/1192036
bugzilla.suse.com/1194680
www.suse.com/security/cve/CVE-2020-25670
www.suse.com/security/cve/CVE-2020-25671
www.suse.com/security/cve/CVE-2020-25672
www.suse.com/security/cve/CVE-2020-25673
www.suse.com/security/cve/CVE-2020-3702
www.suse.com/security/cve/CVE-2021-23134
www.suse.com/security/cve/CVE-2021-42739
Related
nessus
nessus
fedora
fedora
[SECURITY] Fedora 33 Update: kernel-tools-5.11.14-200.fc33
2021-04-16 14:37:11
[SECURITY] Fedora 34 Update: kernel-5.11.14-300.fc34
2021-04-24 20:25:50
[SECURITY] Fedora 34 Update: kernel-headers-5.11.14-300.fc34
2021-04-24 20:25:50
ubuntu
ubuntu
Linux kernel vulnerabilities
2021-06-03 00:00:00
Linux kernel vulnerabilities
2021-06-08 00:00:00
Linux kernel vulnerabilities
2021-06-04 00:00:00
photon
photon
Important Photon OS Security Update - PHSA-2021-0341
2021-04-29 00:00:00
Important Photon OS Security Update - PHSA-2021-0387
2021-04-29 00:00:00
Important Photon OS Security Update - PHSA-2021-0234
2021-05-04 00:00:00
oraclelinux
oraclelinux
Unbreakable Enterprise kernel-container security update
2021-08-10 00:00:00
Unbreakable Enterprise kernel security update
2021-08-11 00:00:00
Unbreakable Enterprise kernel security update
2021-07-16 00:00:00
mageia
mageia
Updated kernel packages fix security vulnerabilities
2021-04-18 17:50:05
Updated kernel-linus packages fix security vulnerabilities
2021-04-18 17:50:05
Updated kernel-linus packages fix security vulnerabilities
2021-09-08 12:23:46
suse
suse
Security update for the Linux Kernel (important)
2021-04-19 00:00:00
Security update for the Linux Kernel (important)
2021-05-22 00:00:00
veracode
veracode
Denial Of Service (DoS)
2021-06-06 10:24:22
Privilege Escalation
2021-06-06 10:24:17
Denial Of Service (DoS)
2021-06-06 10:24:20
cbl_mariner
cbl_mariner
CVE-2020-25672 affecting package kernel 5.15.153.1-1
2022-04-09 06:52:47
CVE-2020-25672 affecting package kernel 5.10.189.1-1
2021-09-09 15:03:26
CVE-2021-42739 affecting package kernel 5.10.78.1-1
2022-04-09 06:52:47
cve
cve
debiancve
debiancve
redhatcve
redhatcve
ubuntucve
ubuntucve
cloudfoundry
cloudfoundry
USN-4982-1: Linux kernel vulnerabilities | Cloud Foundry
2021-06-11 00:00:00
USN-5267-1: Linux kernel vulnerabilities | Cloud Foundry
2022-03-10 00:00:00
USN-5267-2: Linux kernel regression | Cloud Foundry
2022-03-10 00:00:00
f5
f5
K23702520 : Linux kernel Vulnerability CVE-2020-25672
2022-05-17 00:00:00
K04454621 : Linux kernel vulnerability CVE-2020-25671
2022-05-12 00:00:00
K14594844 : Linux kernel Vulnerability CVE-2020-25670
2022-05-17 00:00:00
prion
prion
Memory corruption
2021-05-25 20:15:00
Information disclosure
2021-05-26 11:15:00
Design/Logic Flaw
2021-05-26 11:15:00
amazon
amazon
Low: kernel
2021-05-20 21:12:00
Important: kernel
2021-04-20 17:55:00
arista
arista
Security Advisory 0058
2020-12-16 00:00:00
redhat
redhat
(RHSA-2022:0063) Moderate: kernel security and bug fix update
2022-01-11 09:02:34
(RHSA-2022:0065) Moderate: kernel-rt security and bug fix update
2022-01-11 09:03:22
centos
centos
bpftool, kernel, perf, python security update
2022-01-18 13:57:43
debian
debian
[SECURITY] [DLA 2690-1] linux-4.19 security update
2021-06-23 00:05:06
[SECURITY] [DLA 2689-1] linux security update
2021-06-23 00:11:57
Related for SUSE_SU-2022-0234-1.NASL