The remote SUSE Linux SLES12 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2022:0761-1 advisory.
In gc_data_segment in fs/f2fs/gc.c in the Linux kernel before 5.16.3, special files are not considered, leading to a move_data_page NULL pointer dereference. (CVE-2021-44879)
Non-transparent sharing of branch predictor selectors between contexts in some Intel® Processors may allow an authorized user to potentially enable information disclosure via local access. (CVE-2022-0001)
Non-transparent sharing of branch predictor within a context in some Intel® Processors may allow an authorized user to potentially enable information disclosure via local access. (CVE-2022-0002)
A vulnerability was found in the Linux kernel’s cgroup_release_agent_write in the kernel/cgroup/cgroup-v1.c function. This flaw, under certain circumstances, allows the use of the cgroups v1 release_agent feature to escalate privileges and bypass the namespace isolation unexpectedly.
(CVE-2022-0492)
A flaw null pointer dereference in the Linux kernel UDF file system functionality was found in the way user triggers udf_file_write_iter function for the malicious UDF image. A local user could use this flaw to crash the system. Actual from Linux kernel 4.2-rc1 till 5.17-rc2. (CVE-2022-0617)
A flaw was found in the way the flags member of the new pipe buffer structure was lacking proper initialization in copy_page_to_iter_pipe and push_pipe functions in the Linux kernel and could thus contain stale values. An unprivileged local user could use this flaw to write to pages in the page cache backed by read only files and as such escalate their privileges on the system. (CVE-2022-0847)
An issue was discovered in the Linux kernel before 5.16.5. There is a memory leak in yam_siocdevprivate in drivers/net/hamradio/yam.c. (CVE-2022-24959)
Note that Nessus has not tested for these issues but has instead relied only on the application’s self-reported version number.
#%NASL_MIN_LEVEL 70300
##
# (C) Tenable, Inc.
#
# The package checks in this plugin were extracted from
# SUSE update advisory SUSE-SU-2022:0761-1. The text itself
# is copyright (C) SUSE.
##
include('deprecated_nasl_level.inc');
include('compat.inc');
if (description)
{
script_id(158757);
script_version("1.12");
script_set_attribute(attribute:"plugin_modification_date", value:"2023/07/14");
script_cve_id(
"CVE-2021-44879",
"CVE-2022-0001",
"CVE-2022-0002",
"CVE-2022-0492",
"CVE-2022-0617",
"CVE-2022-0644",
"CVE-2022-0847",
"CVE-2022-24959"
);
script_xref(name:"SuSE", value:"SUSE-SU-2022:0761-1");
script_xref(name:"CISA-KNOWN-EXPLOITED", value:"2022/05/16");
script_name(english:"SUSE SLES12 Security Update : kernel (SUSE-SU-2022:0761-1)");
script_set_attribute(attribute:"synopsis", value:
"The remote SUSE host is missing one or more security updates.");
script_set_attribute(attribute:"description", value:
"The remote SUSE Linux SLES12 host has packages installed that are affected by multiple vulnerabilities as referenced in
the SUSE-SU-2022:0761-1 advisory.
- In gc_data_segment in fs/f2fs/gc.c in the Linux kernel before 5.16.3, special files are not considered,
leading to a move_data_page NULL pointer dereference. (CVE-2021-44879)
- Non-transparent sharing of branch predictor selectors between contexts in some Intel(R) Processors may
allow an authorized user to potentially enable information disclosure via local access. (CVE-2022-0001)
- Non-transparent sharing of branch predictor within a context in some Intel(R) Processors may allow an
authorized user to potentially enable information disclosure via local access. (CVE-2022-0002)
- A vulnerability was found in the Linux kernel's cgroup_release_agent_write in the
kernel/cgroup/cgroup-v1.c function. This flaw, under certain circumstances, allows the use of the cgroups
v1 release_agent feature to escalate privileges and bypass the namespace isolation unexpectedly.
(CVE-2022-0492)
- A flaw null pointer dereference in the Linux kernel UDF file system functionality was found in the way
user triggers udf_file_write_iter function for the malicious UDF image. A local user could use this flaw
to crash the system. Actual from Linux kernel 4.2-rc1 till 5.17-rc2. (CVE-2022-0617)
- A flaw was found in the way the flags member of the new pipe buffer structure was lacking proper
initialization in copy_page_to_iter_pipe and push_pipe functions in the Linux kernel and could thus
contain stale values. An unprivileged local user could use this flaw to write to pages in the page cache
backed by read only files and as such escalate their privileges on the system. (CVE-2022-0847)
- An issue was discovered in the Linux kernel before 5.16.5. There is a memory leak in yam_siocdevprivate in
drivers/net/hamradio/yam.c. (CVE-2022-24959)
Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version
number.");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/1046306");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/1050244");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/1089644");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/1094978");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/1097583");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/1097584");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/1097585");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/1097586");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/1097587");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/1097588");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/1101674");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/1101816");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/1103991");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/1109837");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/1111981");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/1112374");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/1114648");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/1114685");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/1114893");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/1117495");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/1118661");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/1119113");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/1136460");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/1136461");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/1157038");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/1157923");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/1158533");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/1174852");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/1185973");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/1187716");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/1189126");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/1191271");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/1191580");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/1191655");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/1193857");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/1195080");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/1195377");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/1195536");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/1195543");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/1195638");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/1195795");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/1195823");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/1195840");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/1195897");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/1195908");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/1195934");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/1195987");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/1195995");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/1196079");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/1196155");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/1196400");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/1196516");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/1196584");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/1196612");
script_set_attribute(attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2021-44879");
script_set_attribute(attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2022-0001");
script_set_attribute(attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2022-0002");
script_set_attribute(attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2022-0492");
script_set_attribute(attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2022-0617");
script_set_attribute(attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2022-0644");
script_set_attribute(attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2022-0847");
script_set_attribute(attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2022-24959");
# https://lists.suse.com/pipermail/sle-security-updates/2022-March/010398.html
script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?bf00c770");
script_set_attribute(attribute:"solution", value:
"Update the affected packages.");
script_set_cvss_base_vector("CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C");
script_set_cvss_temporal_vector("CVSS2#E:H/RL:OF/RC:C");
script_set_cvss3_base_vector("CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H");
script_set_cvss3_temporal_vector("CVSS:3.0/E:H/RL:O/RC:C");
script_set_attribute(attribute:"cvss_score_source", value:"CVE-2022-0847");
script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
script_set_attribute(attribute:"exploit_available", value:"true");
script_set_attribute(attribute:"exploit_framework_core", value:"true");
script_set_attribute(attribute:"exploited_by_malware", value:"true");
script_set_attribute(attribute:"metasploit_name", value:'Dirty Pipe Local Privilege Escalation via CVE-2022-0847');
script_set_attribute(attribute:"exploit_framework_metasploit", value:"true");
script_set_attribute(attribute:"exploit_framework_canvas", value:"true");
script_set_attribute(attribute:"canvas_package", value:"CANVAS");
script_set_attribute(attribute:"vuln_publication_date", value:"2022/02/11");
script_set_attribute(attribute:"patch_publication_date", value:"2022/03/09");
script_set_attribute(attribute:"plugin_publication_date", value:"2022/03/09");
script_set_attribute(attribute:"plugin_type", value:"local");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:cluster-md-kmp-rt");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:dlm-kmp-rt");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:gfs2-kmp-rt");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:kernel-devel-rt");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:kernel-rt");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:kernel-rt-base");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:kernel-rt-devel");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:kernel-rt_debug");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:kernel-rt_debug-devel");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:kernel-source-rt");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:kernel-syms-rt");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:ocfs2-kmp-rt");
script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:suse_linux:12");
script_set_attribute(attribute:"generated_plugin", value:"current");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_family(english:"SuSE Local Security Checks");
script_copyright(english:"This script is Copyright (C) 2022-2023 and is owned by Tenable, Inc. or an Affiliate thereof.");
script_dependencies("ssh_get_info.nasl");
script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/SuSE/release", "Host/SuSE/rpm-list");
exit(0);
}
include('rpm.inc');
if (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
var os_release = get_kb_item("Host/SuSE/release");
if (isnull(os_release) || os_release !~ "^(SLED|SLES)") audit(AUDIT_OS_NOT, "SUSE");
var os_ver = pregmatch(pattern: "^(SLE(S|D)\d+)", string:os_release);
if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'SUSE');
os_ver = os_ver[1];
if (! preg(pattern:"^(SLES12)$", string:os_ver)) audit(AUDIT_OS_NOT, 'SUSE SLES12', 'SUSE (' + os_ver + ')');
if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
var cpu = get_kb_item('Host/cpu');
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if ('x86_64' >!< cpu && cpu !~ "^i[3-6]86$" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'SUSE (' + os_ver + ')', cpu);
var service_pack = get_kb_item("Host/SuSE/patchlevel");
if (isnull(service_pack)) service_pack = "0";
if (os_ver == "SLES12" && (! preg(pattern:"^(5)$", string:service_pack))) audit(AUDIT_OS_NOT, "SLES12 SP5", os_ver + " SP" + service_pack);
var pkgs = [
{'reference':'cluster-md-kmp-rt-4.12.14-10.81.1', 'sp':'5', 'cpu':'x86_64', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_RT-release-12.5']},
{'reference':'dlm-kmp-rt-4.12.14-10.81.1', 'sp':'5', 'cpu':'x86_64', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_RT-release-12.5']},
{'reference':'gfs2-kmp-rt-4.12.14-10.81.1', 'sp':'5', 'cpu':'x86_64', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_RT-release-12.5']},
{'reference':'kernel-devel-rt-4.12.14-10.81.1', 'sp':'5', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_RT-release-12.5']},
{'reference':'kernel-rt-4.12.14-10.81.1', 'sp':'5', 'cpu':'x86_64', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_RT-release-12.5']},
{'reference':'kernel-rt-base-4.12.14-10.81.1', 'sp':'5', 'cpu':'x86_64', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_RT-release-12.5']},
{'reference':'kernel-rt-devel-4.12.14-10.81.1', 'sp':'5', 'cpu':'x86_64', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_RT-release-12.5']},
{'reference':'kernel-rt_debug-4.12.14-10.81.1', 'sp':'5', 'cpu':'x86_64', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_RT-release-12.5']},
{'reference':'kernel-rt_debug-devel-4.12.14-10.81.1', 'sp':'5', 'cpu':'x86_64', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_RT-release-12.5']},
{'reference':'kernel-source-rt-4.12.14-10.81.1', 'sp':'5', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_RT-release-12.5']},
{'reference':'kernel-syms-rt-4.12.14-10.81.1', 'sp':'5', 'cpu':'x86_64', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_RT-release-12.5']},
{'reference':'ocfs2-kmp-rt-4.12.14-10.81.1', 'sp':'5', 'cpu':'x86_64', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_RT-release-12.5']}
];
var ltss_caveat_required = FALSE;
var flag = 0;
foreach var package_array ( pkgs ) {
var reference = NULL;
var _release = NULL;
var sp = NULL;
var _cpu = NULL;
var exists_check = NULL;
var rpm_spec_vers_cmp = NULL;
if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];
if (!empty_or_null(package_array['release'])) _release = package_array['release'];
if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];
if (!empty_or_null(package_array['cpu'])) _cpu = package_array['cpu'];
if (!empty_or_null(package_array['exists_check'])) exists_check = package_array['exists_check'];
if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];
if (reference && _release) {
if (exists_check) {
var check_flag = 0;
foreach var check (exists_check) {
if (!rpm_exists(release:_release, rpm:check)) continue;
check_flag++;
}
if (!check_flag) continue;
}
if (rpm_check(release:_release, sp:sp, cpu:_cpu, reference:reference, rpm_spec_vers_cmp:rpm_spec_vers_cmp)) flag++;
}
}
if (flag)
{
security_report_v4(
port : 0,
severity : SECURITY_HOLE,
extra : rpm_report_get()
);
exit(0);
}
else
{
var tested = pkg_tests_get();
if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'cluster-md-kmp-rt / dlm-kmp-rt / gfs2-kmp-rt / kernel-devel-rt / etc');
}
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44879
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0001
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0002
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0492
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0617
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0644
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0847
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24959
www.nessus.org/u?bf00c770
bugzilla.suse.com/1046306
bugzilla.suse.com/1050244
bugzilla.suse.com/1089644
bugzilla.suse.com/1094978
bugzilla.suse.com/1097583
bugzilla.suse.com/1097584
bugzilla.suse.com/1097585
bugzilla.suse.com/1097586
bugzilla.suse.com/1097587
bugzilla.suse.com/1097588
bugzilla.suse.com/1101674
bugzilla.suse.com/1101816
bugzilla.suse.com/1103991
bugzilla.suse.com/1109837
bugzilla.suse.com/1111981
bugzilla.suse.com/1112374
bugzilla.suse.com/1114648
bugzilla.suse.com/1114685
bugzilla.suse.com/1114893
bugzilla.suse.com/1117495
bugzilla.suse.com/1118661
bugzilla.suse.com/1119113
bugzilla.suse.com/1136460
bugzilla.suse.com/1136461
bugzilla.suse.com/1157038
bugzilla.suse.com/1157923
bugzilla.suse.com/1158533
bugzilla.suse.com/1174852
bugzilla.suse.com/1185973
bugzilla.suse.com/1187716
bugzilla.suse.com/1189126
bugzilla.suse.com/1191271
bugzilla.suse.com/1191580
bugzilla.suse.com/1191655
bugzilla.suse.com/1193857
bugzilla.suse.com/1195080
bugzilla.suse.com/1195377
bugzilla.suse.com/1195536
bugzilla.suse.com/1195543
bugzilla.suse.com/1195638
bugzilla.suse.com/1195795
bugzilla.suse.com/1195823
bugzilla.suse.com/1195840
bugzilla.suse.com/1195897
bugzilla.suse.com/1195908
bugzilla.suse.com/1195934
bugzilla.suse.com/1195987
bugzilla.suse.com/1195995
bugzilla.suse.com/1196079
bugzilla.suse.com/1196155
bugzilla.suse.com/1196400
bugzilla.suse.com/1196516
bugzilla.suse.com/1196584
bugzilla.suse.com/1196612
www.suse.com/security/cve/CVE-2021-44879
www.suse.com/security/cve/CVE-2022-0001
www.suse.com/security/cve/CVE-2022-0002
www.suse.com/security/cve/CVE-2022-0492
www.suse.com/security/cve/CVE-2022-0617
www.suse.com/security/cve/CVE-2022-0644
www.suse.com/security/cve/CVE-2022-0847
www.suse.com/security/cve/CVE-2022-24959