The remote SUSE Linux SLES12 / SLES_SAP12 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2022:2082-1 advisory.
The acpi_ns_evaluate() function in drivers/acpi/acpica/nseval.c in the Linux kernel through 4.12.9 does not flush the operand cache and causes a kernel stack dump, which allows local users to obtain sensitive information from kernel memory and bypass the KASLR protection mechanism (in the kernel through 4.9) via a crafted ACPI table. (CVE-2017-13695)
In the Linux kernel before 4.20.2, kernel/sched/fair.c mishandles leaf cfs_rq’s, which allows attackers to cause a denial of service (infinite loop in update_blocked_averages) or possibly have unspecified other impact by inducing a high load. (CVE-2018-20784)
An issue was discovered in the fd_locked_ioctl function in drivers/block/floppy.c in the Linux kernel through 4.15.7. The floppy driver will copy a kernel pointer to user memory in response to the FDGETPRM ioctl. An attacker can send the FDGETPRM ioctl and use the obtained kernel pointer to discover the location of kernel code and data and bypass kernel security protections such as KASLR. (CVE-2018-7755)
In the Linux kernel 5.0.21, mounting a crafted btrfs filesystem image, performing some operations, and unmounting can lead to a use-after-free in btrfs_queue_work in fs/btrfs/async-thread.c. (CVE-2019-19377)
A buffer over-read flaw was found in RH kernel versions before 5.0 in crypto_authenc_extractkeys in crypto/authenc.c in the IPsec Cryptographic algorithm’s module, authenc. When a payload longer than 4 bytes, and is not following 4-byte alignment boundary guidelines, it causes a buffer over-read threat, leading to a system crash. This flaw allows a local attacker with user privileges to cause a denial of service. (CVE-2020-10769)
There is a flaw reported in the Linux kernel in versions before 5.9 in drivers/gpu/drm/nouveau/nouveau_sgdma.c in nouveau_sgdma_create_ttm in Nouveau DRM subsystem. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker with a local account with a root privilege, can leverage this vulnerability to escalate privileges and execute code in the context of the kernel. (CVE-2021-20292)
A race condition accessing file object in the Linux kernel OverlayFS subsystem was found in the way users do rename in specific way with OverlayFS. A local user could use this flaw to crash the system.
(CVE-2021-20321)
The fix for XSA-365 includes initialization of pointers such that subsequent cleanup code wouldn’t use uninitialized or stale values. This initialization went too far and may under certain conditions also overwrite pointers which are in need of cleaning up. The lack of cleanup would result in leaking persistent grants. The leak in turn would prevent fully cleaning up after a respective guest has died, leaving around zombie domains. All Linux versions having the fix for XSA-365 applied are vulnerable.
XSA-365 was classified to affect versions back to at least 3.11. (CVE-2021-28688)
Insufficient control flow management for the Intel® 82599 Ethernet Controllers and Adapters may allow an authenticated user to potentially enable denial of service via local access. (CVE-2021-33061)
net/nfc/llcp_sock.c in the Linux kernel before 5.12.10 allows local unprivileged users to cause a denial of service (NULL pointer dereference and BUG) by making a getsockname call after a certain type of failure of a bind call. (CVE-2021-38208)
A use-after-free flaw was found in the Linux kernel’s FUSE filesystem in the way a user triggers write().
This flaw allows a local user to gain unauthorized access to data from the FUSE filesystem, resulting in privilege escalation. (CVE-2022-1011)
A use-after-free flaw was found in fs/ext4/namei.c:dx_insert_block() in the Linux kernel’s filesystem sub- component. This flaw allows a local attacker with a user privilege to cause a denial of service.
(CVE-2022-1184)
A vulnerability was found in the pfkey_register function in net/key/af_key.c in the Linux kernel. This flaw allows a local, unprivileged user to gain access to kernel memory, leading to a system crash or a leak of internal kernel information. (CVE-2022-1353)
The root cause of this vulnerability is that the ioctl$DRM_IOCTL_MODE_DESTROY_DUMB can decrease refcount of *drm_vgem_gem_object *(created in vgem_gem_dumb_create) concurrently, and *vgem_gem_dumb_create *will access the freed drm_vgem_gem_object. (CVE-2022-1419)
A NULL pointer dereference flaw was found in the Linux kernel’s X.25 set of standardized network protocols functionality in the way a user terminates their session using a simulated Ethernet card and continued usage of this connection. This flaw allows a local user to crash the system. (CVE-2022-1516)
Linux Kernel could allow a local attacker to execute arbitrary code on the system, caused by a concurrency use-after-free flaw in the bad_flp_intr function. By executing a specially-crafted program, an attacker could exploit this vulnerability to execute arbitrary code or cause a denial of service condition on the system. (CVE-2022-1652)
A race condition was found the Linux kernel in perf_event_open() which can be exploited by an unprivileged user to gain root privileges. The bug allows to build several exploit primitives such as kernel address information leak, arbitrary execution, etc. (CVE-2022-1729)
A flaw in Linux Kernel found in nfcmrvl_nci_unregister_dev() in drivers/nfc/nfcmrvl/main.c can lead to use after free both read or write when non synchronized between cleanup routine and firmware download routine.
(CVE-2022-1734)
A use-after-free flaw was found in the Linux kernel’s NFC core functionality due to a race condition between kobject creation and delete. This vulnerability allows a local attacker with CAP_NET_ADMIN privilege to leak kernel information. (CVE-2022-1974)
There is a sleep-in-atomic bug in /net/nfc/netlink.c that allows an attacker to crash the Linux kernel by simulating a nfc device from user-space. (CVE-2022-1975)
Incomplete cleanup of multi-core shared buffers for some Intel® Processors may allow an authenticated user to potentially enable information disclosure via local access. (CVE-2022-21123)
Incomplete cleanup of microarchitectural fill buffers on some Intel® Processors may allow an authenticated user to potentially enable information disclosure via local access. (CVE-2022-21125)
Incomplete cleanup in specific special register read operations for some Intel® Processors may allow an authenticated user to potentially enable information disclosure via local access. (CVE-2022-21127)
Incomplete cleanup in specific special register write operations for some Intel® Processors may allow an authenticated user to potentially enable information disclosure via local access. (CVE-2022-21166)
Improper input validation for some Intel® Processors may allow an authenticated user to potentially cause a denial of service via local access. (CVE-2022-21180)
KGDB and KDB allow read and write access to kernel memory, and thus should be restricted during lockdown.
An attacker with access to a serial port could trigger the debugger so it is important that the debugger respect the lockdown mode when/if it is triggered. (CVE-2022-21499)
usb_8dev_start_xmit in drivers/net/can/usb/usb_8dev.c in the Linux kernel through 5.17.1 has a double free. (CVE-2022-28388)
ems_usb_start_xmit in drivers/net/can/usb/ems_usb.c in the Linux kernel through 5.17.1 has a double free.
(CVE-2022-28390)
The Linux kernel before 5.17.2 mishandles seccomp permissions. The PTRACE_SEIZE code path allows attackers to bypass intended restrictions on setting the PT_SUSPEND_SECCOMP flag. (CVE-2022-30594)
Note that Nessus has not tested for these issues but has instead relied only on the application’s self-reported version number.
##
# (C) Tenable, Inc.
#
# The package checks in this plugin were extracted from
# SUSE update advisory SUSE-SU-2022:2082-1. The text itself
# is copyright (C) SUSE.
##
include('compat.inc');
if (description)
{
script_id(162245);
script_version("1.6");
script_set_attribute(attribute:"plugin_modification_date", value:"2023/07/13");
script_cve_id(
"CVE-2017-13695",
"CVE-2018-7755",
"CVE-2018-20784",
"CVE-2019-19377",
"CVE-2020-10769",
"CVE-2021-20292",
"CVE-2021-20321",
"CVE-2021-28688",
"CVE-2021-33061",
"CVE-2021-38208",
"CVE-2022-1011",
"CVE-2022-1184",
"CVE-2022-1353",
"CVE-2022-1419",
"CVE-2022-1516",
"CVE-2022-1652",
"CVE-2022-1729",
"CVE-2022-1734",
"CVE-2022-1974",
"CVE-2022-1975",
"CVE-2022-21123",
"CVE-2022-21125",
"CVE-2022-21127",
"CVE-2022-21166",
"CVE-2022-21180",
"CVE-2022-21499",
"CVE-2022-28388",
"CVE-2022-28390",
"CVE-2022-30594"
);
script_xref(name:"SuSE", value:"SUSE-SU-2022:2082-1");
script_name(english:"SUSE SLES12 Security Update : kernel (SUSE-SU-2022:2082-1)");
script_set_attribute(attribute:"synopsis", value:
"The remote SUSE host is missing one or more security updates.");
script_set_attribute(attribute:"description", value:
"The remote SUSE Linux SLES12 / SLES_SAP12 host has packages installed that are affected by multiple vulnerabilities as
referenced in the SUSE-SU-2022:2082-1 advisory.
- The acpi_ns_evaluate() function in drivers/acpi/acpica/nseval.c in the Linux kernel through 4.12.9 does
not flush the operand cache and causes a kernel stack dump, which allows local users to obtain sensitive
information from kernel memory and bypass the KASLR protection mechanism (in the kernel through 4.9) via a
crafted ACPI table. (CVE-2017-13695)
- In the Linux kernel before 4.20.2, kernel/sched/fair.c mishandles leaf cfs_rq's, which allows attackers to
cause a denial of service (infinite loop in update_blocked_averages) or possibly have unspecified other
impact by inducing a high load. (CVE-2018-20784)
- An issue was discovered in the fd_locked_ioctl function in drivers/block/floppy.c in the Linux kernel
through 4.15.7. The floppy driver will copy a kernel pointer to user memory in response to the FDGETPRM
ioctl. An attacker can send the FDGETPRM ioctl and use the obtained kernel pointer to discover the
location of kernel code and data and bypass kernel security protections such as KASLR. (CVE-2018-7755)
- In the Linux kernel 5.0.21, mounting a crafted btrfs filesystem image, performing some operations, and
unmounting can lead to a use-after-free in btrfs_queue_work in fs/btrfs/async-thread.c. (CVE-2019-19377)
- A buffer over-read flaw was found in RH kernel versions before 5.0 in crypto_authenc_extractkeys in
crypto/authenc.c in the IPsec Cryptographic algorithm's module, authenc. When a payload longer than 4
bytes, and is not following 4-byte alignment boundary guidelines, it causes a buffer over-read threat,
leading to a system crash. This flaw allows a local attacker with user privileges to cause a denial of
service. (CVE-2020-10769)
- There is a flaw reported in the Linux kernel in versions before 5.9 in
drivers/gpu/drm/nouveau/nouveau_sgdma.c in nouveau_sgdma_create_ttm in Nouveau DRM subsystem. The issue
results from the lack of validating the existence of an object prior to performing operations on the
object. An attacker with a local account with a root privilege, can leverage this vulnerability to
escalate privileges and execute code in the context of the kernel. (CVE-2021-20292)
- A race condition accessing file object in the Linux kernel OverlayFS subsystem was found in the way users
do rename in specific way with OverlayFS. A local user could use this flaw to crash the system.
(CVE-2021-20321)
- The fix for XSA-365 includes initialization of pointers such that subsequent cleanup code wouldn't use
uninitialized or stale values. This initialization went too far and may under certain conditions also
overwrite pointers which are in need of cleaning up. The lack of cleanup would result in leaking
persistent grants. The leak in turn would prevent fully cleaning up after a respective guest has died,
leaving around zombie domains. All Linux versions having the fix for XSA-365 applied are vulnerable.
XSA-365 was classified to affect versions back to at least 3.11. (CVE-2021-28688)
- Insufficient control flow management for the Intel(R) 82599 Ethernet Controllers and Adapters may allow an
authenticated user to potentially enable denial of service via local access. (CVE-2021-33061)
- net/nfc/llcp_sock.c in the Linux kernel before 5.12.10 allows local unprivileged users to cause a denial
of service (NULL pointer dereference and BUG) by making a getsockname call after a certain type of failure
of a bind call. (CVE-2021-38208)
- A use-after-free flaw was found in the Linux kernel's FUSE filesystem in the way a user triggers write().
This flaw allows a local user to gain unauthorized access to data from the FUSE filesystem, resulting in
privilege escalation. (CVE-2022-1011)
- A use-after-free flaw was found in fs/ext4/namei.c:dx_insert_block() in the Linux kernel's filesystem sub-
component. This flaw allows a local attacker with a user privilege to cause a denial of service.
(CVE-2022-1184)
- A vulnerability was found in the pfkey_register function in net/key/af_key.c in the Linux kernel. This
flaw allows a local, unprivileged user to gain access to kernel memory, leading to a system crash or a
leak of internal kernel information. (CVE-2022-1353)
- The root cause of this vulnerability is that the ioctl$DRM_IOCTL_MODE_DESTROY_DUMB can decrease refcount
of *drm_vgem_gem_object *(created in *vgem_gem_dumb_create*) concurrently, and *vgem_gem_dumb_create *will
access the freed drm_vgem_gem_object. (CVE-2022-1419)
- A NULL pointer dereference flaw was found in the Linux kernel's X.25 set of standardized network protocols
functionality in the way a user terminates their session using a simulated Ethernet card and continued
usage of this connection. This flaw allows a local user to crash the system. (CVE-2022-1516)
- Linux Kernel could allow a local attacker to execute arbitrary code on the system, caused by a concurrency
use-after-free flaw in the bad_flp_intr function. By executing a specially-crafted program, an attacker
could exploit this vulnerability to execute arbitrary code or cause a denial of service condition on the
system. (CVE-2022-1652)
- A race condition was found the Linux kernel in perf_event_open() which can be exploited by an unprivileged
user to gain root privileges. The bug allows to build several exploit primitives such as kernel address
information leak, arbitrary execution, etc. (CVE-2022-1729)
- A flaw in Linux Kernel found in nfcmrvl_nci_unregister_dev() in drivers/nfc/nfcmrvl/main.c can lead to use
after free both read or write when non synchronized between cleanup routine and firmware download routine.
(CVE-2022-1734)
- A use-after-free flaw was found in the Linux kernel's NFC core functionality due to a race condition
between kobject creation and delete. This vulnerability allows a local attacker with CAP_NET_ADMIN
privilege to leak kernel information. (CVE-2022-1974)
- There is a sleep-in-atomic bug in /net/nfc/netlink.c that allows an attacker to crash the Linux kernel by
simulating a nfc device from user-space. (CVE-2022-1975)
- Incomplete cleanup of multi-core shared buffers for some Intel(R) Processors may allow an authenticated
user to potentially enable information disclosure via local access. (CVE-2022-21123)
- Incomplete cleanup of microarchitectural fill buffers on some Intel(R) Processors may allow an
authenticated user to potentially enable information disclosure via local access. (CVE-2022-21125)
- Incomplete cleanup in specific special register read operations for some Intel(R) Processors may allow an
authenticated user to potentially enable information disclosure via local access. (CVE-2022-21127)
- Incomplete cleanup in specific special register write operations for some Intel(R) Processors may allow an
authenticated user to potentially enable information disclosure via local access. (CVE-2022-21166)
- Improper input validation for some Intel(R) Processors may allow an authenticated user to potentially
cause a denial of service via local access. (CVE-2022-21180)
- KGDB and KDB allow read and write access to kernel memory, and thus should be restricted during lockdown.
An attacker with access to a serial port could trigger the debugger so it is important that the debugger
respect the lockdown mode when/if it is triggered. (CVE-2022-21499)
- usb_8dev_start_xmit in drivers/net/can/usb/usb_8dev.c in the Linux kernel through 5.17.1 has a double
free. (CVE-2022-28388)
- ems_usb_start_xmit in drivers/net/can/usb/ems_usb.c in the Linux kernel through 5.17.1 has a double free.
(CVE-2022-28390)
- The Linux kernel before 5.17.2 mishandles seccomp permissions. The PTRACE_SEIZE code path allows attackers
to bypass intended restrictions on setting the PT_SUSPEND_SECCOMP flag. (CVE-2022-30594)
Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version
number.");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/1051510");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/1055710");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/1065729");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/1084513");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/1087082");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/1126703");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/1158266");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/1173265");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/1182171");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/1183646");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/1183723");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/1187055");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/1191647");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/1195651");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/1196426");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/1197343");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/1198031");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/1198032");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/1198516");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/1198577");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/1198660");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/1198687");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/1198742");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/1198962");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/1198997");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/1199012");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/1199063");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/1199314");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/1199426");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/1199505");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/1199507");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/1199605");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/1199650");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/1199785");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/1200143");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/1200144");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/1200249");
script_set_attribute(attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2017-13695");
script_set_attribute(attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2018-20784");
script_set_attribute(attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2018-7755");
script_set_attribute(attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2019-19377");
script_set_attribute(attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2020-10769");
script_set_attribute(attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2021-20292");
script_set_attribute(attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2021-20321");
script_set_attribute(attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2021-28688");
script_set_attribute(attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2021-33061");
script_set_attribute(attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2021-38208");
script_set_attribute(attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2022-1011");
script_set_attribute(attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2022-1184");
script_set_attribute(attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2022-1353");
script_set_attribute(attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2022-1419");
script_set_attribute(attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2022-1516");
script_set_attribute(attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2022-1652");
script_set_attribute(attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2022-1729");
script_set_attribute(attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2022-1734");
script_set_attribute(attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2022-1974");
script_set_attribute(attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2022-1975");
script_set_attribute(attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2022-21123");
script_set_attribute(attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2022-21125");
script_set_attribute(attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2022-21127");
script_set_attribute(attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2022-21166");
script_set_attribute(attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2022-21180");
script_set_attribute(attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2022-21499");
script_set_attribute(attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2022-28388");
script_set_attribute(attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2022-28390");
script_set_attribute(attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2022-30594");
# https://lists.suse.com/pipermail/sle-security-updates/2022-June/011287.html
script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?145ea4c2");
script_set_attribute(attribute:"solution", value:
"Update the affected packages.");
script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P");
script_set_cvss_temporal_vector("CVSS2#E:F/RL:OF/RC:C");
script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H");
script_set_cvss3_temporal_vector("CVSS:3.0/E:F/RL:O/RC:C");
script_set_attribute(attribute:"cvss_score_source", value:"CVE-2018-20784");
script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
script_set_attribute(attribute:"exploit_available", value:"true");
script_set_attribute(attribute:"vuln_publication_date", value:"2017/08/25");
script_set_attribute(attribute:"patch_publication_date", value:"2022/06/14");
script_set_attribute(attribute:"plugin_publication_date", value:"2022/06/15");
script_set_attribute(attribute:"plugin_type", value:"local");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:cluster-md-kmp-default");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:dlm-kmp-default");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:gfs2-kmp-default");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:kernel-default");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:kernel-default-base");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:kernel-default-devel");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:kernel-default-kgraft");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:kernel-default-man");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:kernel-devel");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:kernel-macros");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:kernel-source");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:kernel-syms");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:kgraft-patch-4_4_180-94_164-default");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:ocfs2-kmp-default");
script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:suse_linux:12");
script_set_attribute(attribute:"generated_plugin", value:"current");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_family(english:"SuSE Local Security Checks");
script_copyright(english:"This script is Copyright (C) 2022-2023 and is owned by Tenable, Inc. or an Affiliate thereof.");
script_dependencies("ssh_get_info.nasl");
script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/SuSE/release", "Host/SuSE/rpm-list");
exit(0);
}
include('rpm.inc');
if (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
var os_release = get_kb_item("Host/SuSE/release");
if (isnull(os_release) || os_release !~ "^(SLED|SLES)") audit(AUDIT_OS_NOT, "SUSE");
var os_ver = pregmatch(pattern: "^(SLE(S|D)(?:_SAP)?\d+)", string:os_release);
if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'SUSE');
os_ver = os_ver[1];
if (! preg(pattern:"^(SLES12|SLES_SAP12)$", string:os_ver)) audit(AUDIT_OS_NOT, 'SUSE SLES12 / SLES_SAP12', 'SUSE (' + os_ver + ')');
if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
var cpu = get_kb_item('Host/cpu');
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if ('x86_64' >!< cpu && cpu !~ "^i[3-6]86$" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'SUSE (' + os_ver + ')', cpu);
var service_pack = get_kb_item("Host/SuSE/patchlevel");
if (isnull(service_pack)) service_pack = "0";
if (os_ver == "SLES12" && (! preg(pattern:"^(3)$", string:service_pack))) audit(AUDIT_OS_NOT, "SLES12 SP3", os_ver + " SP" + service_pack);
if (os_ver == "SLES_SAP12" && (! preg(pattern:"^(3)$", string:service_pack))) audit(AUDIT_OS_NOT, "SLES_SAP12 SP3", os_ver + " SP" + service_pack);
var pkgs = [
{'reference':'cluster-md-kmp-default-4.4.180-94.164.3', 'sp':'3', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE-HPC-release-12.3', 'sle-ha-release-12.3', 'sles-release-12.3']},
{'reference':'dlm-kmp-default-4.4.180-94.164.3', 'sp':'3', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE-HPC-release-12.3', 'sle-ha-release-12.3', 'sles-release-12.3']},
{'reference':'gfs2-kmp-default-4.4.180-94.164.3', 'sp':'3', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE-HPC-release-12.3', 'sle-ha-release-12.3', 'sles-release-12.3']},
{'reference':'ocfs2-kmp-default-4.4.180-94.164.3', 'sp':'3', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE-HPC-release-12.3', 'sle-ha-release-12.3', 'sles-release-12.3']},
{'reference':'kernel-default-4.4.180-94.164.3', 'sp':'3', 'cpu':'x86_64', 'release':'SLES_SAP12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-12.3']},
{'reference':'kernel-default-base-4.4.180-94.164.3', 'sp':'3', 'cpu':'x86_64', 'release':'SLES_SAP12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-12.3']},
{'reference':'kernel-default-devel-4.4.180-94.164.3', 'sp':'3', 'cpu':'x86_64', 'release':'SLES_SAP12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-12.3']},
{'reference':'kernel-default-kgraft-4.4.180-94.164.3', 'sp':'3', 'cpu':'x86_64', 'release':'SLES_SAP12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-12.3']},
{'reference':'kernel-devel-4.4.180-94.164.2', 'sp':'3', 'release':'SLES_SAP12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-12.3']},
{'reference':'kernel-macros-4.4.180-94.164.2', 'sp':'3', 'release':'SLES_SAP12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-12.3']},
{'reference':'kernel-source-4.4.180-94.164.2', 'sp':'3', 'release':'SLES_SAP12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-12.3']},
{'reference':'kernel-syms-4.4.180-94.164.2', 'sp':'3', 'cpu':'x86_64', 'release':'SLES_SAP12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-12.3']},
{'reference':'kgraft-patch-4_4_180-94_164-default-1-4.3.2', 'sp':'3', 'cpu':'x86_64', 'release':'SLES_SAP12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-12.3']},
{'reference':'kernel-default-4.4.180-94.164.3', 'sp':'3', 'cpu':'x86_64', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sles-release-12.3']},
{'reference':'kernel-default-4.4.180-94.164.3', 'sp':'3', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sles-release-12.3']},
{'reference':'kernel-default-base-4.4.180-94.164.3', 'sp':'3', 'cpu':'x86_64', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sles-release-12.3']},
{'reference':'kernel-default-base-4.4.180-94.164.3', 'sp':'3', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sles-release-12.3']},
{'reference':'kernel-default-devel-4.4.180-94.164.3', 'sp':'3', 'cpu':'x86_64', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sles-release-12.3']},
{'reference':'kernel-default-devel-4.4.180-94.164.3', 'sp':'3', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sles-release-12.3']},
{'reference':'kernel-default-kgraft-4.4.180-94.164.3', 'sp':'3', 'cpu':'x86_64', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sles-release-12.3']},
{'reference':'kernel-default-man-4.4.180-94.164.3', 'sp':'3', 'cpu':'s390x', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sles-release-12.3']},
{'reference':'kernel-devel-4.4.180-94.164.2', 'sp':'3', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sles-release-12.3']},
{'reference':'kernel-devel-4.4.180-94.164.2', 'sp':'3', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sles-release-12.3']},
{'reference':'kernel-macros-4.4.180-94.164.2', 'sp':'3', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sles-release-12.3']},
{'reference':'kernel-macros-4.4.180-94.164.2', 'sp':'3', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sles-release-12.3']},
{'reference':'kernel-source-4.4.180-94.164.2', 'sp':'3', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sles-release-12.3']},
{'reference':'kernel-source-4.4.180-94.164.2', 'sp':'3', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sles-release-12.3']},
{'reference':'kernel-syms-4.4.180-94.164.2', 'sp':'3', 'cpu':'x86_64', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sles-release-12.3']},
{'reference':'kernel-syms-4.4.180-94.164.2', 'sp':'3', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sles-release-12.3']},
{'reference':'kgraft-patch-4_4_180-94_164-default-1-4.3.2', 'sp':'3', 'cpu':'x86_64', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sles-release-12.3']}
];
var ltss_caveat_required = FALSE;
var flag = 0;
foreach var package_array ( pkgs ) {
var reference = NULL;
var _release = NULL;
var sp = NULL;
var _cpu = NULL;
var exists_check = NULL;
var rpm_spec_vers_cmp = NULL;
if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];
if (!empty_or_null(package_array['release'])) _release = package_array['release'];
if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];
if (!empty_or_null(package_array['cpu'])) _cpu = package_array['cpu'];
if (!empty_or_null(package_array['exists_check'])) exists_check = package_array['exists_check'];
if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];
if (reference && _release) {
if (exists_check) {
var check_flag = 0;
foreach var check (exists_check) {
if (!rpm_exists(release:_release, rpm:check)) continue;
if ('ltss' >< tolower(check)) ltss_caveat_required = TRUE;
check_flag++;
}
if (!check_flag) continue;
}
if (rpm_check(release:_release, sp:sp, cpu:_cpu, reference:reference, rpm_spec_vers_cmp:rpm_spec_vers_cmp)) flag++;
}
}
if (flag)
{
var ltss_plugin_caveat = NULL;
if(ltss_caveat_required) ltss_plugin_caveat = '\n' +
'NOTE: This vulnerability check contains fixes that apply to\n' +
'packages only available in SUSE Enterprise Linux Server LTSS\n' +
'repositories. Access to these package security updates require\n' +
'a paid SUSE LTSS subscription.\n';
security_report_v4(
port : 0,
severity : SECURITY_HOLE,
extra : rpm_report_get() + ltss_plugin_caveat
);
exit(0);
}
else
{
var tested = pkg_tests_get();
if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'cluster-md-kmp-default / dlm-kmp-default / gfs2-kmp-default / etc');
}
Vendor | Product | Version | CPE |
---|---|---|---|
novell | suse_linux | cluster-md-kmp-default | p-cpe:/a:novell:suse_linux:cluster-md-kmp-default |
novell | suse_linux | kernel-syms | p-cpe:/a:novell:suse_linux:kernel-syms |
novell | suse_linux | kernel-default-man | p-cpe:/a:novell:suse_linux:kernel-default-man |
novell | suse_linux | dlm-kmp-default | p-cpe:/a:novell:suse_linux:dlm-kmp-default |
novell | suse_linux | kernel-source | p-cpe:/a:novell:suse_linux:kernel-source |
novell | suse_linux | ocfs2-kmp-default | p-cpe:/a:novell:suse_linux:ocfs2-kmp-default |
novell | suse_linux | kernel-macros | p-cpe:/a:novell:suse_linux:kernel-macros |
novell | suse_linux | kernel-default-base | p-cpe:/a:novell:suse_linux:kernel-default-base |
novell | suse_linux | kernel-default-devel | p-cpe:/a:novell:suse_linux:kernel-default-devel |
novell | suse_linux | kernel-default | p-cpe:/a:novell:suse_linux:kernel-default |
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13695
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20784
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-7755
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-19377
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-10769
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-20292
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-20321
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-28688
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-33061
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-38208
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1011
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1184
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1353
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1419
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1516
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1652
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1729
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1734
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1974
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1975
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-21123
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-21125
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-21127
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-21166
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-21180
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-21499
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-28388
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-28390
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-30594
www.nessus.org/u?145ea4c2
bugzilla.suse.com/1051510
bugzilla.suse.com/1055710
bugzilla.suse.com/1065729
bugzilla.suse.com/1084513
bugzilla.suse.com/1087082
bugzilla.suse.com/1126703
bugzilla.suse.com/1158266
bugzilla.suse.com/1173265
bugzilla.suse.com/1182171
bugzilla.suse.com/1183646
bugzilla.suse.com/1183723
bugzilla.suse.com/1187055
bugzilla.suse.com/1191647
bugzilla.suse.com/1195651
bugzilla.suse.com/1196426
bugzilla.suse.com/1197343
bugzilla.suse.com/1198031
bugzilla.suse.com/1198032
bugzilla.suse.com/1198516
bugzilla.suse.com/1198577
bugzilla.suse.com/1198660
bugzilla.suse.com/1198687
bugzilla.suse.com/1198742
bugzilla.suse.com/1198962
bugzilla.suse.com/1198997
bugzilla.suse.com/1199012
bugzilla.suse.com/1199063
bugzilla.suse.com/1199314
bugzilla.suse.com/1199426
bugzilla.suse.com/1199505
bugzilla.suse.com/1199507
bugzilla.suse.com/1199605
bugzilla.suse.com/1199650
bugzilla.suse.com/1199785
bugzilla.suse.com/1200143
bugzilla.suse.com/1200144
bugzilla.suse.com/1200249
www.suse.com/security/cve/CVE-2017-13695
www.suse.com/security/cve/CVE-2018-20784
www.suse.com/security/cve/CVE-2018-7755
www.suse.com/security/cve/CVE-2019-19377
www.suse.com/security/cve/CVE-2020-10769
www.suse.com/security/cve/CVE-2021-20292
www.suse.com/security/cve/CVE-2021-20321
www.suse.com/security/cve/CVE-2021-28688
www.suse.com/security/cve/CVE-2021-33061
www.suse.com/security/cve/CVE-2021-38208
www.suse.com/security/cve/CVE-2022-1011
www.suse.com/security/cve/CVE-2022-1184
www.suse.com/security/cve/CVE-2022-1353
www.suse.com/security/cve/CVE-2022-1419
www.suse.com/security/cve/CVE-2022-1516
www.suse.com/security/cve/CVE-2022-1652
www.suse.com/security/cve/CVE-2022-1729
www.suse.com/security/cve/CVE-2022-1734
www.suse.com/security/cve/CVE-2022-1974
www.suse.com/security/cve/CVE-2022-1975
www.suse.com/security/cve/CVE-2022-21123
www.suse.com/security/cve/CVE-2022-21125
www.suse.com/security/cve/CVE-2022-21127
www.suse.com/security/cve/CVE-2022-21166
www.suse.com/security/cve/CVE-2022-21180
www.suse.com/security/cve/CVE-2022-21499
www.suse.com/security/cve/CVE-2022-28388
www.suse.com/security/cve/CVE-2022-28390
www.suse.com/security/cve/CVE-2022-30594