CVSS2
Attack Vector
LOCAL
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:L/AC:L/Au:N/C:C/I:C/A:C
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CVSS4
Attack Vector
LOCAL
Attack Complexity
HIGH
Privileges Required
LOW
User Interaction
NONE
CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/SC:H/VI:H/SI:H/VA:N/SA:N
EPSS
Percentile
68.0%
The remote SUSE Linux SLES15 / SLES_SAP15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2022:1163-1 advisory.
In aio_poll_complete_work of aio.c, there is a possible memory corruption due to a use after free. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID:
A-185125206References: Upstream kernel (CVE-2021-39698)
The check_alu_op() function in kernel/bpf/verifier.c in the Linux kernel through v5.16-rc5 did not properly update bounds while handling the mov32 instruction, which allows local users to obtain potentially sensitive address information, aka a pointer leak. (CVE-2021-45402)
In the Linux kernel before 5.15.3, fs/quota/quota_tree.c does not validate the block number in the quota tree (on disk). This can, for example, lead to a kernel/locking/rwsem.c use-after-free if there is a corrupted quota file. (CVE-2021-45868)
A vulnerability was found in linux kernel, where an information leak occurs via ext4_extent_header to userspace. (CVE-2022-0850)
A memory leak flaw was found in the Linux kernel’s DMA subsystem, in the way a user calls DMA_FROM_DEVICE.
This flaw allows a local user to read random memory from the kernel space. (CVE-2022-0854)
A use-after-free flaw was found in the Linux kernel’s FUSE filesystem in the way a user triggers write().
This flaw allows a local user to gain unauthorized access to data from the FUSE filesystem, resulting in privilege escalation. (CVE-2022-1011)
A flaw was found in the Linux kernel in net/netfilter/nf_tables_core.c:nft_do_chain, which can cause a use-after-free. This issue needs to handle ‘return’ with proper preconditions, as it can lead to a kernel information leak problem caused by a local, unprivileged attacker. (CVE-2022-1016)
A use-after-free flaw was found in the Linux kernel’s sound subsystem in the way a user triggers concurrent calls of PCM hw_params. The hw_free ioctls or similar race condition happens inside ALSA PCM for other ioctls. This flaw allows a local user to crash or potentially escalate their privileges on the system. (CVE-2022-1048)
A use-after-free exists in the Linux Kernel in tc_new_tfilter that could allow a local attacker to gain privilege escalation. The exploit requires unprivileged user namespaces. We recommend upgrading past commit 04c2a47ffb13c29778e2a14e414ad4cb5a5db4b5 (CVE-2022-1055)
A use-after-free vulnerability was found in the Linux kernel in drivers/net/hamradio. This flaw allows a local attacker with a user privilege to cause a denial of service (DOS) when the mkiss or sixpack device is detached and reclaim resources early. (CVE-2022-1195)
A use-after-free vulnerabilitity was discovered in drivers/net/hamradio/6pack.c of linux that allows an attacker to crash linux kernel by simulating ax25 device using 6pack driver from user space.
(CVE-2022-1198)
A flaw was found in the Linux kernel. This flaw allows an attacker to crash the Linux kernel by simulating amateur radio from the user space, resulting in a null-ptr-deref vulnerability and a use-after-free vulnerability. (CVE-2022-1199)
A NULL pointer dereference flaw was found in the Linux kernel’s Amateur Radio AX.25 protocol functionality in the way a user connects with the protocol. This flaw allows a local user to crash the system.
(CVE-2022-1205)
Linux PV device frontends vulnerable to attacks by backends T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] Several Linux PV device frontends are using the grant table interfaces for removing access rights of the backends in ways being subject to race conditions, resulting in potential data leaks, data corruption by malicious backends, and denial of service triggered by malicious backends: blkfront, netfront, scsifront and the gntalloc driver are testing whether a grant reference is still in use. If this is not the case, they assume that a following removal of the granted access will always succeed, which is not true in case the backend has mapped the granted page between those two operations. As a result the backend can keep access to the memory page of the guest no matter how the page will be used after the frontend I/O has finished.
The xenbus driver has a similar problem, as it doesn’t check the success of removing the granted access of a shared ring buffer. blkfront: CVE-2022-23036 netfront: CVE-2022-23037 scsifront: CVE-2022-23038 gntalloc: CVE-2022-23039 xenbus: CVE-2022-23040 blkfront, netfront, scsifront, usbfront, dmabuf, xenbus, 9p, kbdfront, and pvcalls are using a functionality to delay freeing a grant reference until it is no longer in use, but the freeing of the related data page is not synchronized with dropping the granted access. As a result the backend can keep access to the memory page even after it has been freed and then re-used for a different purpose. CVE-2022-23041 netfront will fail a BUG_ON() assertion if it fails to revoke access in the rx path. This will result in a Denial of Service (DoS) situation of the guest which can be triggered by the backend. CVE-2022-23042 (CVE-2022-23036, CVE-2022-23037, CVE-2022-23038, CVE-2022-23039, CVE-2022-23040, CVE-2022-23041, CVE-2022-23042)
In drivers/usb/gadget/udc/udc-xilinx.c in the Linux kernel before 5.16.12, the endpoint index is not validated and might be manipulated by the host for out-of-array access. (CVE-2022-27223)
A heap buffer overflow flaw was found in IPsec ESP transformation code in net/ipv4/esp4.c and net/ipv6/esp6.c. This flaw allows a local attacker with a normal user privilege to overwrite kernel heap objects and may cause a local privilege escalation threat. (CVE-2022-27666)
usb_8dev_start_xmit in drivers/net/can/usb/usb_8dev.c in the Linux kernel through 5.17.1 has a double free. (CVE-2022-28388)
mcba_usb_start_xmit in drivers/net/can/usb/mcba_usb.c in the Linux kernel through 5.17.1 has a double free. (CVE-2022-28389)
ems_usb_start_xmit in drivers/net/can/usb/ems_usb.c in the Linux kernel through 5.17.1 has a double free.
(CVE-2022-28390)
Note that Nessus has not tested for these issues but has instead relied only on the application’s self-reported version number.
#%NASL_MIN_LEVEL 70300
##
# (C) Tenable, Inc.
#
# The package checks in this plugin were extracted from
# SUSE update advisory SUSE-SU-2022:1163-1. The text itself
# is copyright (C) SUSE.
##
include('deprecated_nasl_level.inc');
include('compat.inc');
if (description)
{
script_id(159698);
script_version("1.10");
script_set_attribute(attribute:"plugin_modification_date", value:"2023/07/13");
script_cve_id(
"CVE-2021-39698",
"CVE-2021-45402",
"CVE-2021-45868",
"CVE-2022-0850",
"CVE-2022-0854",
"CVE-2022-1011",
"CVE-2022-1016",
"CVE-2022-1048",
"CVE-2022-1055",
"CVE-2022-1195",
"CVE-2022-1198",
"CVE-2022-1199",
"CVE-2022-1205",
"CVE-2022-23036",
"CVE-2022-23037",
"CVE-2022-23038",
"CVE-2022-23039",
"CVE-2022-23040",
"CVE-2022-23041",
"CVE-2022-23042",
"CVE-2022-27223",
"CVE-2022-27666",
"CVE-2022-28388",
"CVE-2022-28389",
"CVE-2022-28390"
);
script_xref(name:"SuSE", value:"SUSE-SU-2022:1163-1");
script_name(english:"SUSE SLES15 Security Update : kernel (SUSE-SU-2022:1163-1)");
script_set_attribute(attribute:"synopsis", value:
"The remote SUSE host is missing one or more security updates.");
script_set_attribute(attribute:"description", value:
"The remote SUSE Linux SLES15 / SLES_SAP15 host has packages installed that are affected by multiple vulnerabilities as
referenced in the SUSE-SU-2022:1163-1 advisory.
- In aio_poll_complete_work of aio.c, there is a possible memory corruption due to a use after free. This
could lead to local escalation of privilege with no additional execution privileges needed. User
interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID:
A-185125206References: Upstream kernel (CVE-2021-39698)
- The check_alu_op() function in kernel/bpf/verifier.c in the Linux kernel through v5.16-rc5 did not
properly update bounds while handling the mov32 instruction, which allows local users to obtain
potentially sensitive address information, aka a pointer leak. (CVE-2021-45402)
- In the Linux kernel before 5.15.3, fs/quota/quota_tree.c does not validate the block number in the quota
tree (on disk). This can, for example, lead to a kernel/locking/rwsem.c use-after-free if there is a
corrupted quota file. (CVE-2021-45868)
- A vulnerability was found in linux kernel, where an information leak occurs via ext4_extent_header to
userspace. (CVE-2022-0850)
- A memory leak flaw was found in the Linux kernel's DMA subsystem, in the way a user calls DMA_FROM_DEVICE.
This flaw allows a local user to read random memory from the kernel space. (CVE-2022-0854)
- A use-after-free flaw was found in the Linux kernel's FUSE filesystem in the way a user triggers write().
This flaw allows a local user to gain unauthorized access to data from the FUSE filesystem, resulting in
privilege escalation. (CVE-2022-1011)
- A flaw was found in the Linux kernel in net/netfilter/nf_tables_core.c:nft_do_chain, which can cause a
use-after-free. This issue needs to handle 'return' with proper preconditions, as it can lead to a kernel
information leak problem caused by a local, unprivileged attacker. (CVE-2022-1016)
- A use-after-free flaw was found in the Linux kernel's sound subsystem in the way a user triggers
concurrent calls of PCM hw_params. The hw_free ioctls or similar race condition happens inside ALSA PCM
for other ioctls. This flaw allows a local user to crash or potentially escalate their privileges on the
system. (CVE-2022-1048)
- A use-after-free exists in the Linux Kernel in tc_new_tfilter that could allow a local attacker to gain
privilege escalation. The exploit requires unprivileged user namespaces. We recommend upgrading past
commit 04c2a47ffb13c29778e2a14e414ad4cb5a5db4b5 (CVE-2022-1055)
- A use-after-free vulnerability was found in the Linux kernel in drivers/net/hamradio. This flaw allows a
local attacker with a user privilege to cause a denial of service (DOS) when the mkiss or sixpack device
is detached and reclaim resources early. (CVE-2022-1195)
- A use-after-free vulnerabilitity was discovered in drivers/net/hamradio/6pack.c of linux that allows an
attacker to crash linux kernel by simulating ax25 device using 6pack driver from user space.
(CVE-2022-1198)
- A flaw was found in the Linux kernel. This flaw allows an attacker to crash the Linux kernel by simulating
amateur radio from the user space, resulting in a null-ptr-deref vulnerability and a use-after-free
vulnerability. (CVE-2022-1199)
- A NULL pointer dereference flaw was found in the Linux kernel's Amateur Radio AX.25 protocol functionality
in the way a user connects with the protocol. This flaw allows a local user to crash the system.
(CVE-2022-1205)
- Linux PV device frontends vulnerable to attacks by backends T[his CNA information record relates to
multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] Several Linux PV
device frontends are using the grant table interfaces for removing access rights of the backends in ways
being subject to race conditions, resulting in potential data leaks, data corruption by malicious
backends, and denial of service triggered by malicious backends: blkfront, netfront, scsifront and the
gntalloc driver are testing whether a grant reference is still in use. If this is not the case, they
assume that a following removal of the granted access will always succeed, which is not true in case the
backend has mapped the granted page between those two operations. As a result the backend can keep access
to the memory page of the guest no matter how the page will be used after the frontend I/O has finished.
The xenbus driver has a similar problem, as it doesn't check the success of removing the granted access of
a shared ring buffer. blkfront: CVE-2022-23036 netfront: CVE-2022-23037 scsifront: CVE-2022-23038
gntalloc: CVE-2022-23039 xenbus: CVE-2022-23040 blkfront, netfront, scsifront, usbfront, dmabuf, xenbus,
9p, kbdfront, and pvcalls are using a functionality to delay freeing a grant reference until it is no
longer in use, but the freeing of the related data page is not synchronized with dropping the granted
access. As a result the backend can keep access to the memory page even after it has been freed and then
re-used for a different purpose. CVE-2022-23041 netfront will fail a BUG_ON() assertion if it fails to
revoke access in the rx path. This will result in a Denial of Service (DoS) situation of the guest which
can be triggered by the backend. CVE-2022-23042 (CVE-2022-23036, CVE-2022-23037, CVE-2022-23038,
CVE-2022-23039, CVE-2022-23040, CVE-2022-23041, CVE-2022-23042)
- In drivers/usb/gadget/udc/udc-xilinx.c in the Linux kernel before 5.16.12, the endpoint index is not
validated and might be manipulated by the host for out-of-array access. (CVE-2022-27223)
- A heap buffer overflow flaw was found in IPsec ESP transformation code in net/ipv4/esp4.c and
net/ipv6/esp6.c. This flaw allows a local attacker with a normal user privilege to overwrite kernel heap
objects and may cause a local privilege escalation threat. (CVE-2022-27666)
- usb_8dev_start_xmit in drivers/net/can/usb/usb_8dev.c in the Linux kernel through 5.17.1 has a double
free. (CVE-2022-28388)
- mcba_usb_start_xmit in drivers/net/can/usb/mcba_usb.c in the Linux kernel through 5.17.1 has a double
free. (CVE-2022-28389)
- ems_usb_start_xmit in drivers/net/can/usb/ems_usb.c in the Linux kernel through 5.17.1 has a double free.
(CVE-2022-28390)
Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version
number.");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/1065729");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/1156395");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/1175667");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/1177028");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/1178134");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/1179639");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/1180153");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/1189562");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/1194589");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/1194625");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/1194649");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/1194943");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/1195051");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/1195353");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/1195640");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/1195926");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/1196018");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/1196130");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/1196196");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/1196478");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/1196488");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/1196761");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/1196823");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/1196956");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/1197227");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/1197243");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/1197245");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/1197300");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/1197302");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/1197331");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/1197343");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/1197366");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/1197389");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/1197460");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/1197462");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/1197501");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/1197534");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/1197661");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/1197675");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/1197677");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/1197702");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/1197811");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/1197812");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/1197815");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/1197817");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/1197819");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/1197820");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/1197888");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/1197889");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/1197894");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/1198027");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/1198028");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/1198029");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/1198030");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/1198031");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/1198032");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/1198033");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/1198077");
script_set_attribute(attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2021-39698");
script_set_attribute(attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2021-45402");
script_set_attribute(attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2021-45868");
script_set_attribute(attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2022-0850");
script_set_attribute(attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2022-0854");
script_set_attribute(attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2022-1011");
script_set_attribute(attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2022-1016");
script_set_attribute(attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2022-1048");
script_set_attribute(attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2022-1055");
script_set_attribute(attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2022-1195");
script_set_attribute(attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2022-1198");
script_set_attribute(attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2022-1199");
script_set_attribute(attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2022-1205");
script_set_attribute(attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2022-23036");
script_set_attribute(attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2022-23037");
script_set_attribute(attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2022-23038");
script_set_attribute(attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2022-23039");
script_set_attribute(attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2022-23040");
script_set_attribute(attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2022-23041");
script_set_attribute(attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2022-23042");
script_set_attribute(attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2022-27223");
script_set_attribute(attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2022-27666");
script_set_attribute(attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2022-28388");
script_set_attribute(attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2022-28389");
script_set_attribute(attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2022-28390");
# https://lists.suse.com/pipermail/sle-security-updates/2022-April/010687.html
script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?09b2530e");
script_set_attribute(attribute:"solution", value:
"Update the affected packages.");
script_set_cvss_base_vector("CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C");
script_set_cvss_temporal_vector("CVSS2#E:F/RL:OF/RC:C");
script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H");
script_set_cvss3_temporal_vector("CVSS:3.0/E:F/RL:O/RC:C");
script_set_attribute(attribute:"cvss_score_source", value:"CVE-2021-39698");
script_set_attribute(attribute:"cvss3_score_source", value:"CVE-2022-27223");
script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
script_set_attribute(attribute:"exploit_available", value:"true");
script_set_attribute(attribute:"exploit_framework_canvas", value:"true");
script_set_attribute(attribute:"canvas_package", value:"CANVAS");
script_set_attribute(attribute:"vuln_publication_date", value:"2022/02/11");
script_set_attribute(attribute:"patch_publication_date", value:"2022/04/12");
script_set_attribute(attribute:"plugin_publication_date", value:"2022/04/13");
script_set_attribute(attribute:"plugin_type", value:"local");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:kernel-azure");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:kernel-azure-devel");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:kernel-devel-azure");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:kernel-source-azure");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:kernel-syms-azure");
script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:suse_linux:15");
script_set_attribute(attribute:"generated_plugin", value:"current");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_family(english:"SuSE Local Security Checks");
script_copyright(english:"This script is Copyright (C) 2022-2023 and is owned by Tenable, Inc. or an Affiliate thereof.");
script_dependencies("ssh_get_info.nasl");
script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/SuSE/release", "Host/SuSE/rpm-list");
exit(0);
}
include('rpm.inc');
if (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
var os_release = get_kb_item("Host/SuSE/release");
if (isnull(os_release) || os_release !~ "^(SLED|SLES)") audit(AUDIT_OS_NOT, "SUSE");
var os_ver = pregmatch(pattern: "^(SLE(S|D)(?:_SAP)?\d+)", string:os_release);
if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'SUSE');
os_ver = os_ver[1];
if (! preg(pattern:"^(SLES15|SLES_SAP15)$", string:os_ver)) audit(AUDIT_OS_NOT, 'SUSE SLES15 / SLES_SAP15', 'SUSE (' + os_ver + ')');
if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
var cpu = get_kb_item('Host/cpu');
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if ('x86_64' >!< cpu && cpu !~ "^i[3-6]86$" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'SUSE (' + os_ver + ')', cpu);
var service_pack = get_kb_item("Host/SuSE/patchlevel");
if (isnull(service_pack)) service_pack = "0";
if (os_ver == "SLES15" && (! preg(pattern:"^(3)$", string:service_pack))) audit(AUDIT_OS_NOT, "SLES15 SP3", os_ver + " SP" + service_pack);
if (os_ver == "SLES_SAP15" && (! preg(pattern:"^(3)$", string:service_pack))) audit(AUDIT_OS_NOT, "SLES_SAP15 SP3", os_ver + " SP" + service_pack);
var pkgs = [
{'reference':'kernel-azure-5.3.18-150300.38.53.1', 'sp':'3', 'cpu':'x86_64', 'release':'SLES_SAP15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.3']},
{'reference':'kernel-azure-devel-5.3.18-150300.38.53.1', 'sp':'3', 'cpu':'x86_64', 'release':'SLES_SAP15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.3']},
{'reference':'kernel-devel-azure-5.3.18-150300.38.53.1', 'sp':'3', 'release':'SLES_SAP15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.3']},
{'reference':'kernel-source-azure-5.3.18-150300.38.53.1', 'sp':'3', 'release':'SLES_SAP15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.3']},
{'reference':'kernel-syms-azure-5.3.18-150300.38.53.1', 'sp':'3', 'cpu':'x86_64', 'release':'SLES_SAP15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.3']},
{'reference':'kernel-azure-5.3.18-150300.38.53.1', 'sp':'3', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-release-15.3', 'sle-module-public-cloud-release-15.3', 'sles-release-15.3']},
{'reference':'kernel-azure-devel-5.3.18-150300.38.53.1', 'sp':'3', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-release-15.3', 'sle-module-public-cloud-release-15.3', 'sles-release-15.3']},
{'reference':'kernel-devel-azure-5.3.18-150300.38.53.1', 'sp':'3', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-release-15.3', 'sle-module-public-cloud-release-15.3', 'sles-release-15.3']},
{'reference':'kernel-source-azure-5.3.18-150300.38.53.1', 'sp':'3', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-release-15.3', 'sle-module-public-cloud-release-15.3', 'sles-release-15.3']},
{'reference':'kernel-syms-azure-5.3.18-150300.38.53.1', 'sp':'3', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-release-15.3', 'sle-module-public-cloud-release-15.3', 'sles-release-15.3']}
];
var ltss_caveat_required = FALSE;
var flag = 0;
foreach var package_array ( pkgs ) {
var reference = NULL;
var _release = NULL;
var sp = NULL;
var _cpu = NULL;
var exists_check = NULL;
var rpm_spec_vers_cmp = NULL;
if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];
if (!empty_or_null(package_array['release'])) _release = package_array['release'];
if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];
if (!empty_or_null(package_array['cpu'])) _cpu = package_array['cpu'];
if (!empty_or_null(package_array['exists_check'])) exists_check = package_array['exists_check'];
if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];
if (reference && _release) {
if (exists_check) {
var check_flag = 0;
foreach var check (exists_check) {
if (!rpm_exists(release:_release, rpm:check)) continue;
check_flag++;
}
if (!check_flag) continue;
}
if (rpm_check(release:_release, sp:sp, cpu:_cpu, reference:reference, rpm_spec_vers_cmp:rpm_spec_vers_cmp)) flag++;
}
}
if (flag)
{
security_report_v4(
port : 0,
severity : SECURITY_HOLE,
extra : rpm_report_get()
);
exit(0);
}
else
{
var tested = pkg_tests_get();
if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'kernel-azure / kernel-azure-devel / kernel-devel-azure / etc');
}
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-39698
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-45402
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-45868
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0850
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0854
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1011
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1016
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1048
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1055
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1195
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1198
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1199
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1205
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23036
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23037
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23038
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23039
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23040
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23041
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23042
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-27223
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-27666
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-28388
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-28389
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-28390
www.nessus.org/u?09b2530e
bugzilla.suse.com/1065729
bugzilla.suse.com/1156395
bugzilla.suse.com/1175667
bugzilla.suse.com/1177028
bugzilla.suse.com/1178134
bugzilla.suse.com/1179639
bugzilla.suse.com/1180153
bugzilla.suse.com/1189562
bugzilla.suse.com/1194589
bugzilla.suse.com/1194625
bugzilla.suse.com/1194649
bugzilla.suse.com/1194943
bugzilla.suse.com/1195051
bugzilla.suse.com/1195353
bugzilla.suse.com/1195640
bugzilla.suse.com/1195926
bugzilla.suse.com/1196018
bugzilla.suse.com/1196130
bugzilla.suse.com/1196196
bugzilla.suse.com/1196478
bugzilla.suse.com/1196488
bugzilla.suse.com/1196761
bugzilla.suse.com/1196823
bugzilla.suse.com/1196956
bugzilla.suse.com/1197227
bugzilla.suse.com/1197243
bugzilla.suse.com/1197245
bugzilla.suse.com/1197300
bugzilla.suse.com/1197302
bugzilla.suse.com/1197331
bugzilla.suse.com/1197343
bugzilla.suse.com/1197366
bugzilla.suse.com/1197389
bugzilla.suse.com/1197460
bugzilla.suse.com/1197462
bugzilla.suse.com/1197501
bugzilla.suse.com/1197534
bugzilla.suse.com/1197661
bugzilla.suse.com/1197675
bugzilla.suse.com/1197677
bugzilla.suse.com/1197702
bugzilla.suse.com/1197811
bugzilla.suse.com/1197812
bugzilla.suse.com/1197815
bugzilla.suse.com/1197817
bugzilla.suse.com/1197819
bugzilla.suse.com/1197820
bugzilla.suse.com/1197888
bugzilla.suse.com/1197889
bugzilla.suse.com/1197894
bugzilla.suse.com/1198027
bugzilla.suse.com/1198028
bugzilla.suse.com/1198029
bugzilla.suse.com/1198030
bugzilla.suse.com/1198031
bugzilla.suse.com/1198032
bugzilla.suse.com/1198033
bugzilla.suse.com/1198077
www.suse.com/security/cve/CVE-2021-39698
www.suse.com/security/cve/CVE-2021-45402
www.suse.com/security/cve/CVE-2021-45868
www.suse.com/security/cve/CVE-2022-0850
www.suse.com/security/cve/CVE-2022-0854
www.suse.com/security/cve/CVE-2022-1011
www.suse.com/security/cve/CVE-2022-1016
www.suse.com/security/cve/CVE-2022-1048
www.suse.com/security/cve/CVE-2022-1055
www.suse.com/security/cve/CVE-2022-1195
www.suse.com/security/cve/CVE-2022-1198
www.suse.com/security/cve/CVE-2022-1199
www.suse.com/security/cve/CVE-2022-1205
www.suse.com/security/cve/CVE-2022-23036
www.suse.com/security/cve/CVE-2022-23037
www.suse.com/security/cve/CVE-2022-23038
www.suse.com/security/cve/CVE-2022-23039
www.suse.com/security/cve/CVE-2022-23040
www.suse.com/security/cve/CVE-2022-23041
www.suse.com/security/cve/CVE-2022-23042
www.suse.com/security/cve/CVE-2022-27223
www.suse.com/security/cve/CVE-2022-27666
www.suse.com/security/cve/CVE-2022-28388
www.suse.com/security/cve/CVE-2022-28389
www.suse.com/security/cve/CVE-2022-28390
CVSS2
Attack Vector
LOCAL
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:L/AC:L/Au:N/C:C/I:C/A:C
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CVSS4
Attack Vector
LOCAL
Attack Complexity
HIGH
Privileges Required
LOW
User Interaction
NONE
CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/SC:H/VI:H/SI:H/VA:N/SA:N
EPSS
Percentile
68.0%