Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nessusThis script is Copyright (C) 2022-2023 and is owned by Tenable, Inc. or an Affiliate thereof.SUSE_SU-2022-0619-1.NASL
HistoryMar 22, 2022 - 12:00 a.m.

SUSE SLES15 Security Update : kernel (Live Patch 13 for SLE 15 SP3) (SUSE-SU-2022:0619-1)

2022-03-2200:00:00
This script is Copyright (C) 2022-2023 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
30
suse sles15
kernel update
multiple vulnerabilities
use after free
double free
local escalation
privilege escalation
denial of service
unauthorized memory write access
linux kernel
cve-2021-0920
cve-2021-22600
cve-2022-0516

CVSS2

7.2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:C/I:C/A:C

CVSS3

7.8

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

EPSS

0.001

Percentile

29.5%

JSON

The remote SUSE Linux SLES15 / SLES_SAP15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2022:0619-1 advisory.

  • In unix_scm_to_skb of af_unix.c, there is a possible use after free bug due to a race condition. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-196926917References:
    Upstream kernel (CVE-2021-0920)

  • A double free bug in packet_set_ring() in net/packet/af_packet.c can be exploited by a local user through crafted syscalls to escalate privileges or deny service. We recommend upgrading kernel past the effected versions or rebuilding past ec6af094ea28f0f2dda1a6a33b14cd57e36a9755 (CVE-2021-22600)

  • A vulnerability was found in kvm_s390_guest_sida_op in the arch/s390/kvm/kvm-s390.c function in KVM for s390 in the Linux kernel. This flaw allows a local attacker with a normal user privilege to obtain unauthorized memory write access. This flaw affects Linux kernel versions prior to 5.17-rc4.
    (CVE-2022-0516)

Note that Nessus has not tested for these issues but has instead relied only on the application’s self-reported version number.

#%NASL_MIN_LEVEL 70300
##
# (C) Tenable, Inc.
#
# The package checks in this plugin were extracted from
# SUSE update advisory SUSE-SU-2022:0619-1. The text itself
# is copyright (C) SUSE.
##

include('deprecated_nasl_level.inc');
include('compat.inc');

if (description)
{
  script_id(159150);
  script_version("1.8");
  script_set_attribute(attribute:"plugin_modification_date", value:"2023/07/13");

  script_cve_id("CVE-2021-0920", "CVE-2021-22600", "CVE-2022-0516");
  script_xref(name:"SuSE", value:"SUSE-SU-2022:0619-1");
  script_xref(name:"CISA-KNOWN-EXPLOITED", value:"2022/05/02");
  script_xref(name:"CISA-KNOWN-EXPLOITED", value:"2022/06/13");

  script_name(english:"SUSE SLES15 Security Update : kernel (Live Patch 13 for SLE 15 SP3) (SUSE-SU-2022:0619-1)");

  script_set_attribute(attribute:"synopsis", value:
"The remote SUSE host is missing one or more security updates.");
  script_set_attribute(attribute:"description", value:
"The remote SUSE Linux SLES15 / SLES_SAP15 host has packages installed that are affected by multiple vulnerabilities as
referenced in the SUSE-SU-2022:0619-1 advisory.

  - In unix_scm_to_skb of af_unix.c, there is a possible use after free bug due to a race condition. This
    could lead to local escalation of privilege with System execution privileges needed. User interaction is
    not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-196926917References:
    Upstream kernel (CVE-2021-0920)

  - A double free bug in packet_set_ring() in net/packet/af_packet.c can be exploited by a local user through
    crafted syscalls to escalate privileges or deny service. We recommend upgrading kernel past the effected
    versions or rebuilding past ec6af094ea28f0f2dda1a6a33b14cd57e36a9755 (CVE-2021-22600)

  - A vulnerability was found in kvm_s390_guest_sida_op in the arch/s390/kvm/kvm-s390.c function in KVM for
    s390 in the Linux kernel. This flaw allows a local attacker with a normal user privilege to obtain
    unauthorized memory write access. This flaw affects Linux kernel versions prior to 5.17-rc4.
    (CVE-2022-0516)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version
number.");
  script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/1194463");
  script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/1195307");
  script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/1195947");
  script_set_attribute(attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2021-0920");
  script_set_attribute(attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2021-22600");
  script_set_attribute(attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2022-0516");
  # https://lists.suse.com/pipermail/sle-security-updates/2022-March/010320.html
  script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?58707117");
  script_set_attribute(attribute:"solution", value:
"Update the affected kernel-livepatch-5_3_18-150300_59_46-default and / or kernel-livepatch-5_3_18-24_99-default
packages.");
  script_set_cvss_base_vector("CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C");
  script_set_cvss_temporal_vector("CVSS2#E:F/RL:OF/RC:C");
  script_set_cvss3_base_vector("CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H");
  script_set_cvss3_temporal_vector("CVSS:3.0/E:F/RL:O/RC:C");
  script_set_attribute(attribute:"cvss_score_source", value:"CVE-2021-22600");
  script_set_attribute(attribute:"cvss3_score_source", value:"CVE-2022-0516");

  script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"true");

  script_set_attribute(attribute:"vuln_publication_date", value:"2021/12/15");
  script_set_attribute(attribute:"patch_publication_date", value:"2022/03/01");
  script_set_attribute(attribute:"plugin_publication_date", value:"2022/03/22");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:kernel-livepatch-5_3_18-150300_59_46-default");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:kernel-livepatch-5_3_18-24_99-default");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:suse_linux:15");
  script_set_attribute(attribute:"generated_plugin", value:"current");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"SuSE Local Security Checks");

  script_copyright(english:"This script is Copyright (C) 2022-2023 and is owned by Tenable, Inc. or an Affiliate thereof.");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/SuSE/release", "Host/SuSE/rpm-list");

  exit(0);
}


include('rpm.inc');

if (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
var os_release = get_kb_item("Host/SuSE/release");
if (isnull(os_release) || os_release !~ "^(SLED|SLES)") audit(AUDIT_OS_NOT, "SUSE");
var os_ver = pregmatch(pattern: "^(SLE(S|D)(?:_SAP)?\d+)", string:os_release);
if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'SUSE');
os_ver = os_ver[1];
if (! preg(pattern:"^(SLES15|SLES_SAP15)$", string:os_ver)) audit(AUDIT_OS_NOT, 'SUSE SLES15 / SLES_SAP15', 'SUSE (' + os_ver + ')');

if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);

var cpu = get_kb_item('Host/cpu');
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if ('x86_64' >!< cpu && cpu !~ "^i[3-6]86$" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'SUSE (' + os_ver + ')', cpu);

var service_pack = get_kb_item("Host/SuSE/patchlevel");
if (isnull(service_pack)) service_pack = "0";
if (os_ver == "SLES15" && (! preg(pattern:"^(2|3)$", string:service_pack))) audit(AUDIT_OS_NOT, "SLES15 SP2/3", os_ver + " SP" + service_pack);
if (os_ver == "SLES_SAP15" && (! preg(pattern:"^(2|3)$", string:service_pack))) audit(AUDIT_OS_NOT, "SLES_SAP15 SP2/3", os_ver + " SP" + service_pack);

var pkgs = [
    {'reference':'kernel-livepatch-5_3_18-24_99-default-3-2.1', 'sp':'2', 'release':'SLES_SAP15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.2']},
    {'reference':'kernel-livepatch-5_3_18-150300_59_46-default-3-150300.2.1', 'sp':'3', 'release':'SLES_SAP15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.3']},
    {'reference':'kernel-livepatch-5_3_18-24_99-default-3-2.1', 'sp':'2', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-release-15.2', 'sle-module-live-patching-release-15.2', 'sles-release-15.2']},
    {'reference':'kernel-livepatch-5_3_18-150300_59_46-default-3-150300.2.1', 'sp':'3', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-release-15.3', 'SUSE-MicroOS-release-5.1', 'sle-module-live-patching-release-15.3', 'sles-release-15.3']}
];

var ltss_caveat_required = FALSE;
var flag = 0;
foreach var package_array ( pkgs ) {
  var reference = NULL;
  var _release = NULL;
  var sp = NULL;
  var _cpu = NULL;
  var exists_check = NULL;
  var rpm_spec_vers_cmp = NULL;
  if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];
  if (!empty_or_null(package_array['release'])) _release = package_array['release'];
  if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];
  if (!empty_or_null(package_array['cpu'])) _cpu = package_array['cpu'];
  if (!empty_or_null(package_array['exists_check'])) exists_check = package_array['exists_check'];
  if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];
  if (reference && _release) {
    if (exists_check) {
      var check_flag = 0;
      foreach var check (exists_check) {
        if (!rpm_exists(release:_release, rpm:check)) continue;
        check_flag++;
      }
      if (!check_flag) continue;
    }
    if (rpm_check(release:_release, sp:sp, cpu:_cpu, reference:reference, rpm_spec_vers_cmp:rpm_spec_vers_cmp)) flag++;
  }
}

if (flag)
{
  security_report_v4(
      port       : 0,
      severity   : SECURITY_HOLE,
      extra      : rpm_report_get()
  );
  exit(0);
}
else
{
  var tested = pkg_tests_get();
  if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
  else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'kernel-livepatch-5_3_18-150300_59_46-default / etc');
}
VendorProductVersionCPE
novellsuse_linuxkernel-livepatch-5_3_18-150300_59_46-defaultp-cpe:/a:novell:suse_linux:kernel-livepatch-5_3_18-150300_59_46-default
novellsuse_linuxkernel-livepatch-5_3_18-24_99-defaultp-cpe:/a:novell:suse_linux:kernel-livepatch-5_3_18-24_99-default
novellsuse_linux15cpe:/o:novell:suse_linux:15

Related

nessus 70
thn 1
prion 3
veracode 3
cbl_mariner 3
osv 12
cisa_kev 2
cnvd 2
cve 3
cvelist 3
nvd 3
attackerkb 2
ubuntucve 3
debiancve 3
redhatcve 3
openvas 27
virtuozzo 1
googleprojectzero 2
redhat 23
ubuntu 5
fedora 2
oraclelinux 9
rocky 2
almalinux 1
cloudlinux 2
suse 3
cloudfoundry 1
slackware 1
ibm 1
centos 1
debian 1
photon 1
nessus
nessus
SUSE SLES15 Security Update : kernel (Live Patch 10 for SLE 15 SP3) (SUSE-SU-2022:0660-1)
2022-03-22 00:00:00
SUSE SLES15 Security Update : kernel (Live Patch 14 for SLE 15 SP3) (SUSE-SU-2022:0615-1)
2022-03-22 00:00:00
SUSE SLES15 Security Update : kernel (Live Patch 25 for SLE 15 SP2) (SUSE-SU-2022:0996-1)
2022-03-30 00:00:00
thn
thn
Google Releases Android Update to Patch Actively Exploited Vulnerability
2022-05-06 05:13:00
prion
prion
Double free
2022-01-26 14:15:00
Design/Logic Flaw
2022-03-10 17:44:00
Race condition
2021-12-15 19:15:00
veracode
veracode
Privilege Escalation
2022-02-08 18:01:01
Insecure Access Control
2022-03-26 18:16:14
Privilege Escalation
2022-03-08 23:57:17
cbl_mariner
cbl_mariner
CVE-2021-22600 affecting package kernel for versions less than 5.15.18.1-1
2022-04-09 06:52:47
CVE-2022-0516 affecting package kernel for versions less than 5.15.32.1-2
2022-04-26 19:58:10
CVE-2022-0516 affecting package kernel 5.10.189.1-1
2022-04-07 06:04:22
osv
osv
net/packet: rx_owner_map depends on pg_vec
2022-05-01 00:00:00
CVE-2022-0516
2022-03-10 17:44:56
Linux kernel: race condition during SCM_RIGHTS garbage collection
2021-11-01 00:00:00
cisa_kev
cisa_kev
Linux Kernel Privilege Escalation Vulnerability
2022-04-11 00:00:00
Android Kernel Race Condition Vulnerability
2022-05-23 00:00:00
cnvd
cnvd
Linux kernel buffer overflow vulnerability (CNVD-2022-07634)
2022-01-28 00:00:00
Google Android Kernel Component Elevation of Privilege Vulnerability (CNVD-2021-101428)
2021-11-02 00:00:00
cve
cve
CVE-2021-22600
2022-01-26 14:15:08
CVE-2022-0516
2022-03-10 17:44:56
CVE-2021-0920
2021-12-15 19:15:11
cvelist
cvelist
CVE-2021-22600 Double Free in net/packet/af_packet.c leading to priviledge escalation
2022-01-26 00:00:00
CVE-2022-0516
2022-03-08 14:06:13
CVE-2021-0920
2021-12-15 18:05:31
nvd
nvd
CVE-2021-22600
2022-01-26 14:15:08
CVE-2022-0516
2022-03-10 17:44:56
CVE-2021-0920
2021-12-15 19:15:11
attackerkb
attackerkb
CVE-2021-22600
2022-01-26 00:00:00
CVE-2021-0920
2021-12-15 00:00:00
ubuntucve
ubuntucve
CVE-2021-22600
2022-01-26 00:00:00
CVE-2022-0516
2022-03-10 00:00:00
CVE-2021-0920
2021-12-15 00:00:00
debiancve
debiancve
CVE-2021-22600
2022-01-26 14:15:08
CVE-2022-0516
2022-03-10 17:44:56
CVE-2021-0920
2021-12-15 19:15:11
redhatcve
redhatcve
CVE-2022-0516
2022-02-10 16:50:30
CVE-2021-22600
2022-01-28 20:58:25
CVE-2021-0920
2021-12-13 18:20:34
openvas
openvas
SUSE: Security Advisory (SUSE-SU-2022:0667-1)
2022-03-02 00:00:00
Ubuntu: Security Advisory (USN-5266-1)
2022-02-03 00:00:00
Fedora: Security Advisory for kernel (FEDORA-2022-6f887c7be7)
2022-02-17 00:00:00
virtuozzo
virtuozzo
[Important] [Security] Virtuozzo ReadyKernel patch 139.0 for Virtuozzo Hybrid Server 7.0, 7.5
2022-03-29 00:00:00
googleprojectzero
googleprojectzero
Racing against the clock -- hitting a tiny kernel race window
2022-03-24 00:00:00
The quantum state of Linux kernel garbage collection CVE-2021-0920 (Part I)
2022-08-10 00:00:00
redhat
redhat
(RHSA-2022:0777) Important: kernel security, bug fix, and enhancement update
2022-03-08 15:37:02
(RHSA-2022:1106) Important: kernel security update
2022-03-29 08:22:25
(RHSA-2022:0825) Important: kernel security, bug fix, and enhancement update
2022-03-10 14:43:03
ubuntu
ubuntu
Linux kernel (GKE) vulnerabilities
2022-02-03 00:00:00
Linux kernel (HWE) vulnerabilities
2022-02-18 00:00:00
Linux kernel vulnerabilities
2022-02-22 00:00:00
fedora
fedora
[SECURITY] Fedora 35 Update: kernel-5.16.9-200.fc35
2022-02-17 03:16:11
[SECURITY] Fedora 34 Update: kernel-5.16.9-100.fc34
2022-02-17 03:07:22
oraclelinux
oraclelinux
Unbreakable Enterprise kernel-container security update
2022-01-10 00:00:00
Unbreakable Enterprise kernel security update
2022-01-10 00:00:00
Unbreakable Enterprise kernel-container security update
2022-01-10 00:00:00
rocky
rocky
kernel security, bug fix, and enhancement update
2022-03-10 14:43:03
kernel-rt security and bug fix update
2022-03-10 14:37:54
almalinux
almalinux
Important: kernel security, bug fix, and enhancement update
2022-03-10 14:43:03
cloudlinux
cloudlinux
Fix of CVE: CVE-2021-0920, CVE-2022-0492, CVE-2020-0466, CVE-2021-4155
2022-04-26 15:23:09
Fix of CVE: CVE-2020-0466, CVE-2022-0492, CVE-2021-4155, CVE-2021-0920
2022-04-26 15:21:28
suse
suse
Security update for the Linux Kernel (important)
2022-03-08 00:00:00
Security update for the Linux Kernel (important)
2022-03-08 00:00:00
Security update for the Linux Kernel (critical)
2022-02-11 00:00:00
cloudfoundry
cloudfoundry
USN-5294-2: Linux kernel vulnerabilities | Cloud Foundry
2022-03-11 00:00:00
slackware
slackware
[slackware-security] Slackware 15.0 kernel
2022-03-09 04:16:04
ibm
ibm
Security Bulletin: Multiple vulnerabiities in the IBM 4769 Developer's Toolkit. CVE-2019-20811, CVE-2020-0466, CVE-2021-0920, CVE-2021-3347, CVE-2018-19985, CVE-2018-20169, CVE-2019-13648, CVE-2019-15916, CVE-2019-19527
2023-04-05 16:09:24
centos
centos
bpftool, kernel, perf, python security update
2022-02-25 15:41:18
debian
debian
[SECURITY] [DSA 5092-1] linux security update
2022-03-07 12:54:12
photon
photon
Important Photon OS Security Update - PHSA-2021-0302
2021-09-19 00:00:00

CVSS2

7.2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:C/I:C/A:C

CVSS3

7.8

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

EPSS

0.001

Percentile

29.5%

JSON
Related for SUSE_SU-2022-0619-1.NASL
nessus70thn1prion3veracode3cbl_mariner3osv12cisa_kev2cnvd2cve3cvelist3nvd3attackerkb2ubuntucve3debiancve3redhatcve3openvas27virtuozzo1googleprojectzero2redhat23ubuntu5fedora2oraclelinux9rocky2almalinux1cloudlinux2suse3cloudfoundry1slackware1ibm1centos1debian1photon1