CVSS2
Attack Vector
ADJACENT_NETWORK
Attack Complexity
MEDIUM
Authentication
SINGLE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:A/AC:M/Au:S/C:C/I:C/A:C
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
LOW
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H
AI Score
Confidence
High
EPSS
Percentile
61.4%
The remote SUSE Linux SLES12 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2022:2629-1 advisory.
In the Linux kernel 5.0.21, mounting a crafted btrfs filesystem image, performing some operations, and unmounting can lead to a use-after-free in btrfs_queue_work in fs/btrfs/async-thread.c. (CVE-2019-19377)
The Linux kernel through 5.8.13 does not properly enforce the Secure Boot Forbidden Signature Database (aka dbx) protection mechanism. This affects certs/blacklist.c and certs/system_keyring.c.
(CVE-2020-26541)
Some AMD CPUs may transiently execute beyond unconditional direct branches, which may potentially result in data leakage. (CVE-2021-26341)
Insufficient control flow management for the Intel® 82599 Ethernet Controllers and Adapters may allow an authenticated user to potentially enable denial of service via local access. (CVE-2021-33061)
In bpf_prog_test_run_skb of test_run.c, there is a possible out of bounds read due to Incorrect Size Value. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID:
A-154175781References: Upstream kernel (CVE-2021-39711)
An out of memory bounds write flaw (1 or 2 bytes of memory) in the Linux kernel NFS subsystem was found in the way users use mirroring (replication of files with NFS). A user, having access to the NFS mount, could potentially use this flaw to crash the system or escalate privileges on the system. (CVE-2021-4157)
A memory leak problem was found in the TCP source port generation algorithm in net/ipv4/tcp.c due to the small table perturb size. This flaw may allow an attacker to information leak and may cause a denial of service problem. (CVE-2022-1012)
A use-after-free flaw was found in fs/ext4/namei.c:dx_insert_block() in the Linux kernel’s filesystem sub- component. This flaw allows a local attacker with a user privilege to cause a denial of service.
(CVE-2022-1184)
Linux Kernel could allow a local attacker to execute arbitrary code on the system, caused by a concurrency use-after-free flaw in the bad_flp_intr function. By executing a specially-crafted program, an attacker could exploit this vulnerability to execute arbitrary code or cause a denial of service condition on the system. (CVE-2022-1652)
A use-after-free flaw was found in the Linux kernel’s Atheros wireless adapter driver in the way a user forces the ath9k_htc_wait_for_target function to fail with some input messages. This flaw allows a local user to crash or potentially escalate their privileges on the system. (CVE-2022-1679)
A race condition was found the Linux kernel in perf_event_open() which can be exploited by an unprivileged user to gain root privileges. The bug allows to build several exploit primitives such as kernel address information leak, arbitrary execution, etc. (CVE-2022-1729)
A flaw in Linux Kernel found in nfcmrvl_nci_unregister_dev() in drivers/nfc/nfcmrvl/main.c can lead to use after free both read or write when non synchronized between cleanup routine and firmware download routine.
(CVE-2022-1734)
A use-after-free flaw was found in the Linux kernel’s NFC core functionality due to a race condition between kobject creation and delete. This vulnerability allows a local attacker with CAP_NET_ADMIN privilege to leak kernel information. (CVE-2022-1974)
There is a sleep-in-atomic bug in /net/nfc/netlink.c that allows an attacker to crash the Linux kernel by simulating a nfc device from user-space. (CVE-2022-1975)
In lg_probe and related functions of hid-lg.c and other USB HID files, there is a possible out of bounds read due to improper input validation. This could lead to local information disclosure if a malicious USB HID device were plugged in, with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-188677105References: Upstream kernel (CVE-2022-20132)
In ip_check_mc_rcu of igmp.c, there is a possible use after free due to improper locking. This could lead to local escalation of privilege when opening and closing inet sockets with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-112551163References: Upstream kernel (CVE-2022-20141)
In lock_sock_nested of sock.c, there is a possible use after free due to a race condition. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-174846563References: Upstream kernel (CVE-2022-20154)
Incomplete cleanup of multi-core shared buffers for some Intel® Processors may allow an authenticated user to potentially enable information disclosure via local access. (CVE-2022-21123)
Incomplete cleanup of microarchitectural fill buffers on some Intel® Processors may allow an authenticated user to potentially enable information disclosure via local access. (CVE-2022-21125)
Incomplete cleanup in specific special register read operations for some Intel® Processors may allow an authenticated user to potentially enable information disclosure via local access. (CVE-2022-21127)
Incomplete cleanup in specific special register write operations for some Intel® Processors may allow an authenticated user to potentially enable information disclosure via local access. (CVE-2022-21166)
Improper input validation for some Intel® Processors may allow an authenticated user to potentially cause a denial of service via local access. (CVE-2022-21180)
KGDB and KDB allow read and write access to kernel memory, and thus should be restricted during lockdown.
An attacker with access to a serial port could trigger the debugger so it is important that the debugger respect the lockdown mode when/if it is triggered. (CVE-2022-21499)
There are use-after-free vulnerabilities caused by timer handler in net/rose/rose_timer.c of linux that allow attackers to crash linux kernel without any privileges. (CVE-2022-2318)
Linux disk/nic frontends data leaks T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] Linux Block and Network PV device frontends don’t zero memory regions before sharing them with the backend (CVE-2022-26365, CVE-2022-33740).
Additionally the granularity of the grant table doesn’t allow sharing less than a 4K page, leading to unrelated data residing in the same 4K page as data shared with a backend being accessible by such backend (CVE-2022-33741, CVE-2022-33742). (CVE-2022-26365, CVE-2022-33740, CVE-2022-33741, CVE-2022-33742)
Mis-trained branch predictions for return instructions may allow arbitrary speculative code execution under certain microarchitecture-dependent conditions. (CVE-2022-29900)
Intel microprocessor generations 6 to 8 are affected by a new Spectre variant that is able to bypass their retpoline mitigation in the kernel to leak arbitrary data. An attacker with unprivileged user access can hijack return instructions to achieve arbitrary speculative code execution under certain microarchitecture-dependent conditions. (CVE-2022-29901)
The Linux kernel before 5.17.2 mishandles seccomp permissions. The PTRACE_SEIZE code path allows attackers to bypass intended restrictions on setting the PT_SUSPEND_SECCOMP flag. (CVE-2022-30594)
Note that Nessus has not tested for these issues but has instead relied only on the application’s self-reported version number.
##
# (C) Tenable, Inc.
#
# The package checks in this plugin were extracted from
# SUSE update advisory SUSE-SU-2022:2629-1. The text itself
# is copyright (C) SUSE.
##
include('compat.inc');
if (description)
{
script_id(163752);
script_version("1.11");
script_set_attribute(attribute:"plugin_modification_date", value:"2024/01/16");
script_cve_id(
"CVE-2019-19377",
"CVE-2020-26541",
"CVE-2021-4157",
"CVE-2021-26341",
"CVE-2021-33061",
"CVE-2021-39711",
"CVE-2022-1012",
"CVE-2022-1184",
"CVE-2022-1652",
"CVE-2022-1679",
"CVE-2022-1729",
"CVE-2022-1734",
"CVE-2022-1836",
"CVE-2022-1974",
"CVE-2022-1975",
"CVE-2022-2318",
"CVE-2022-20132",
"CVE-2022-20141",
"CVE-2022-20154",
"CVE-2022-21123",
"CVE-2022-21125",
"CVE-2022-21127",
"CVE-2022-21166",
"CVE-2022-21180",
"CVE-2022-21499",
"CVE-2022-26365",
"CVE-2022-29900",
"CVE-2022-29901",
"CVE-2022-30594",
"CVE-2022-33740",
"CVE-2022-33741",
"CVE-2022-33742"
);
script_xref(name:"SuSE", value:"SUSE-SU-2022:2629-1");
script_name(english:"SUSE SLES12 Security Update : kernel (SUSE-SU-2022:2629-1)");
script_set_attribute(attribute:"synopsis", value:
"The remote SUSE host is missing one or more security updates.");
script_set_attribute(attribute:"description", value:
"The remote SUSE Linux SLES12 host has packages installed that are affected by multiple vulnerabilities as referenced in
the SUSE-SU-2022:2629-1 advisory.
- In the Linux kernel 5.0.21, mounting a crafted btrfs filesystem image, performing some operations, and
unmounting can lead to a use-after-free in btrfs_queue_work in fs/btrfs/async-thread.c. (CVE-2019-19377)
- The Linux kernel through 5.8.13 does not properly enforce the Secure Boot Forbidden Signature Database
(aka dbx) protection mechanism. This affects certs/blacklist.c and certs/system_keyring.c.
(CVE-2020-26541)
- Some AMD CPUs may transiently execute beyond unconditional direct branches, which may potentially result
in data leakage. (CVE-2021-26341)
- Insufficient control flow management for the Intel(R) 82599 Ethernet Controllers and Adapters may allow an
authenticated user to potentially enable denial of service via local access. (CVE-2021-33061)
- In bpf_prog_test_run_skb of test_run.c, there is a possible out of bounds read due to Incorrect Size
Value. This could lead to local information disclosure with System execution privileges needed. User
interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID:
A-154175781References: Upstream kernel (CVE-2021-39711)
- An out of memory bounds write flaw (1 or 2 bytes of memory) in the Linux kernel NFS subsystem was found in
the way users use mirroring (replication of files with NFS). A user, having access to the NFS mount, could
potentially use this flaw to crash the system or escalate privileges on the system. (CVE-2021-4157)
- A memory leak problem was found in the TCP source port generation algorithm in net/ipv4/tcp.c due to the
small table perturb size. This flaw may allow an attacker to information leak and may cause a denial of
service problem. (CVE-2022-1012)
- A use-after-free flaw was found in fs/ext4/namei.c:dx_insert_block() in the Linux kernel's filesystem sub-
component. This flaw allows a local attacker with a user privilege to cause a denial of service.
(CVE-2022-1184)
- Linux Kernel could allow a local attacker to execute arbitrary code on the system, caused by a concurrency
use-after-free flaw in the bad_flp_intr function. By executing a specially-crafted program, an attacker
could exploit this vulnerability to execute arbitrary code or cause a denial of service condition on the
system. (CVE-2022-1652)
- A use-after-free flaw was found in the Linux kernel's Atheros wireless adapter driver in the way a user
forces the ath9k_htc_wait_for_target function to fail with some input messages. This flaw allows a local
user to crash or potentially escalate their privileges on the system. (CVE-2022-1679)
- A race condition was found the Linux kernel in perf_event_open() which can be exploited by an unprivileged
user to gain root privileges. The bug allows to build several exploit primitives such as kernel address
information leak, arbitrary execution, etc. (CVE-2022-1729)
- A flaw in Linux Kernel found in nfcmrvl_nci_unregister_dev() in drivers/nfc/nfcmrvl/main.c can lead to use
after free both read or write when non synchronized between cleanup routine and firmware download routine.
(CVE-2022-1734)
- A use-after-free flaw was found in the Linux kernel's NFC core functionality due to a race condition
between kobject creation and delete. This vulnerability allows a local attacker with CAP_NET_ADMIN
privilege to leak kernel information. (CVE-2022-1974)
- There is a sleep-in-atomic bug in /net/nfc/netlink.c that allows an attacker to crash the Linux kernel by
simulating a nfc device from user-space. (CVE-2022-1975)
- In lg_probe and related functions of hid-lg.c and other USB HID files, there is a possible out of bounds
read due to improper input validation. This could lead to local information disclosure if a malicious USB
HID device were plugged in, with no additional execution privileges needed. User interaction is not needed
for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-188677105References: Upstream
kernel (CVE-2022-20132)
- In ip_check_mc_rcu of igmp.c, there is a possible use after free due to improper locking. This could lead
to local escalation of privilege when opening and closing inet sockets with no additional execution
privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android
kernelAndroid ID: A-112551163References: Upstream kernel (CVE-2022-20141)
- In lock_sock_nested of sock.c, there is a possible use after free due to a race condition. This could lead
to local escalation of privilege with System execution privileges needed. User interaction is not needed
for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-174846563References: Upstream
kernel (CVE-2022-20154)
- Incomplete cleanup of multi-core shared buffers for some Intel(R) Processors may allow an authenticated
user to potentially enable information disclosure via local access. (CVE-2022-21123)
- Incomplete cleanup of microarchitectural fill buffers on some Intel(R) Processors may allow an
authenticated user to potentially enable information disclosure via local access. (CVE-2022-21125)
- Incomplete cleanup in specific special register read operations for some Intel(R) Processors may allow an
authenticated user to potentially enable information disclosure via local access. (CVE-2022-21127)
- Incomplete cleanup in specific special register write operations for some Intel(R) Processors may allow an
authenticated user to potentially enable information disclosure via local access. (CVE-2022-21166)
- Improper input validation for some Intel(R) Processors may allow an authenticated user to potentially
cause a denial of service via local access. (CVE-2022-21180)
- KGDB and KDB allow read and write access to kernel memory, and thus should be restricted during lockdown.
An attacker with access to a serial port could trigger the debugger so it is important that the debugger
respect the lockdown mode when/if it is triggered. (CVE-2022-21499)
- There are use-after-free vulnerabilities caused by timer handler in net/rose/rose_timer.c of linux that
allow attackers to crash linux kernel without any privileges. (CVE-2022-2318)
- Linux disk/nic frontends data leaks T[his CNA information record relates to multiple CVEs; the text
explains which aspects/vulnerabilities correspond to which CVE.] Linux Block and Network PV device
frontends don't zero memory regions before sharing them with the backend (CVE-2022-26365, CVE-2022-33740).
Additionally the granularity of the grant table doesn't allow sharing less than a 4K page, leading to
unrelated data residing in the same 4K page as data shared with a backend being accessible by such backend
(CVE-2022-33741, CVE-2022-33742). (CVE-2022-26365, CVE-2022-33740, CVE-2022-33741, CVE-2022-33742)
- Mis-trained branch predictions for return instructions may allow arbitrary speculative code execution
under certain microarchitecture-dependent conditions. (CVE-2022-29900)
- Intel microprocessor generations 6 to 8 are affected by a new Spectre variant that is able to bypass their
retpoline mitigation in the kernel to leak arbitrary data. An attacker with unprivileged user access can
hijack return instructions to achieve arbitrary speculative code execution under certain
microarchitecture-dependent conditions. (CVE-2022-29901)
- The Linux kernel before 5.17.2 mishandles seccomp permissions. The PTRACE_SEIZE code path allows attackers
to bypass intended restrictions on setting the PT_SUSPEND_SECCOMP flag. (CVE-2022-30594)
Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version
number.");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/1024718");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/1055117");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/1061840");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/1065729");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/1129770");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/1158266");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/1177282");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/1188885");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/1194013");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/1194124");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/1196426");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/1196570");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/1196901");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/1196964");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/1197170");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/1197219");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/1197601");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/1198438");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/1198577");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/1198866");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/1198899");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/1199035");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/1199063");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/1199237");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/1199239");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/1199314");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/1199399");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/1199426");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/1199482");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/1199487");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/1199505");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/1199507");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/1199526");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/1199605");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/1199631");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/1199650");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/1199657");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/1199671");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/1199839");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/1200015");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/1200045");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/1200143");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/1200144");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/1200173");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/1200249");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/1200343");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/1200549");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/1200571");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/1200599");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/1200600");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/1200604");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/1200605");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/1200608");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/1200619");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/1200762");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/1200806");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/1200807");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/1200809");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/1200810");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/1200813");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/1200820");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/1200821");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/1200822");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/1200829");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/1200868");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/1200869");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/1200870");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/1200871");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/1200872");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/1200873");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/1200925");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/1201050");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/1201080");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/1201251");
script_set_attribute(attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2019-19377");
script_set_attribute(attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2020-26541");
script_set_attribute(attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2021-26341");
script_set_attribute(attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2021-33061");
script_set_attribute(attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2021-39711");
script_set_attribute(attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2021-4157");
script_set_attribute(attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2022-1012");
script_set_attribute(attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2022-1184");
script_set_attribute(attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2022-1652");
script_set_attribute(attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2022-1679");
script_set_attribute(attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2022-1729");
script_set_attribute(attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2022-1734");
script_set_attribute(attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2022-1836");
script_set_attribute(attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2022-1974");
script_set_attribute(attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2022-1975");
script_set_attribute(attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2022-20132");
script_set_attribute(attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2022-20141");
script_set_attribute(attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2022-20154");
script_set_attribute(attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2022-21123");
script_set_attribute(attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2022-21125");
script_set_attribute(attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2022-21127");
script_set_attribute(attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2022-21166");
script_set_attribute(attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2022-21180");
script_set_attribute(attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2022-21499");
script_set_attribute(attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2022-2318");
script_set_attribute(attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2022-26365");
script_set_attribute(attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2022-29900");
script_set_attribute(attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2022-29901");
script_set_attribute(attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2022-30594");
script_set_attribute(attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2022-33740");
script_set_attribute(attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2022-33741");
script_set_attribute(attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2022-33742");
# https://lists.suse.com/pipermail/sle-security-updates/2022-August/011744.html
script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?e33c2e64");
script_set_attribute(attribute:"solution", value:
"Update the affected packages.");
script_set_cvss_base_vector("CVSS2#AV:A/AC:M/Au:S/C:C/I:C/A:C");
script_set_cvss_temporal_vector("CVSS2#E:F/RL:OF/RC:C");
script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H");
script_set_cvss3_temporal_vector("CVSS:3.0/E:F/RL:O/RC:C");
script_set_attribute(attribute:"cvss_score_source", value:"CVE-2021-4157");
script_set_attribute(attribute:"cvss3_score_source", value:"CVE-2022-1012");
script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
script_set_attribute(attribute:"exploit_available", value:"true");
script_set_attribute(attribute:"vuln_publication_date", value:"2019/11/29");
script_set_attribute(attribute:"patch_publication_date", value:"2022/08/02");
script_set_attribute(attribute:"plugin_publication_date", value:"2022/08/03");
script_set_attribute(attribute:"plugin_type", value:"local");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:cluster-md-kmp-rt");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:dlm-kmp-rt");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:gfs2-kmp-rt");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:kernel-devel-rt");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:kernel-rt");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:kernel-rt-base");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:kernel-rt-devel");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:kernel-rt_debug");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:kernel-rt_debug-devel");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:kernel-source-rt");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:kernel-syms-rt");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:ocfs2-kmp-rt");
script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:suse_linux:12");
script_set_attribute(attribute:"generated_plugin", value:"former");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_family(english:"SuSE Local Security Checks");
script_copyright(english:"This script is Copyright (C) 2022-2024 and is owned by Tenable, Inc. or an Affiliate thereof.");
script_dependencies("ssh_get_info.nasl");
script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/SuSE/release", "Host/SuSE/rpm-list");
exit(0);
}
include('rpm.inc');
if (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
var os_release = get_kb_item("Host/SuSE/release");
if (isnull(os_release) || os_release !~ "^(SLED|SLES)") audit(AUDIT_OS_NOT, "SUSE");
var os_ver = pregmatch(pattern: "^(SLE(S|D)\d+)", string:os_release);
if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'SUSE');
os_ver = os_ver[1];
if (! preg(pattern:"^(SLES12)$", string:os_ver)) audit(AUDIT_OS_NOT, 'SUSE SLES12', 'SUSE (' + os_ver + ')');
if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
var cpu = get_kb_item('Host/cpu');
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if ('x86_64' >!< cpu && cpu !~ "^i[3-6]86$" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'SUSE (' + os_ver + ')', cpu);
var service_pack = get_kb_item("Host/SuSE/patchlevel");
if (isnull(service_pack)) service_pack = "0";
if (os_ver == "SLES12" && (! preg(pattern:"^(5)$", string:service_pack))) audit(AUDIT_OS_NOT, "SLES12 SP5", os_ver + " SP" + service_pack);
var pkgs = [
{'reference':'cluster-md-kmp-rt-4.12.14-10.94.1', 'sp':'5', 'cpu':'x86_64', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_RT-release-12.5']},
{'reference':'dlm-kmp-rt-4.12.14-10.94.1', 'sp':'5', 'cpu':'x86_64', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_RT-release-12.5']},
{'reference':'gfs2-kmp-rt-4.12.14-10.94.1', 'sp':'5', 'cpu':'x86_64', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_RT-release-12.5']},
{'reference':'kernel-devel-rt-4.12.14-10.94.1', 'sp':'5', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_RT-release-12.5']},
{'reference':'kernel-rt-4.12.14-10.94.1', 'sp':'5', 'cpu':'x86_64', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_RT-release-12.5']},
{'reference':'kernel-rt-base-4.12.14-10.94.1', 'sp':'5', 'cpu':'x86_64', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_RT-release-12.5']},
{'reference':'kernel-rt-devel-4.12.14-10.94.1', 'sp':'5', 'cpu':'x86_64', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_RT-release-12.5']},
{'reference':'kernel-rt_debug-4.12.14-10.94.1', 'sp':'5', 'cpu':'x86_64', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_RT-release-12.5']},
{'reference':'kernel-rt_debug-devel-4.12.14-10.94.1', 'sp':'5', 'cpu':'x86_64', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_RT-release-12.5']},
{'reference':'kernel-source-rt-4.12.14-10.94.1', 'sp':'5', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_RT-release-12.5']},
{'reference':'kernel-syms-rt-4.12.14-10.94.1', 'sp':'5', 'cpu':'x86_64', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_RT-release-12.5']},
{'reference':'ocfs2-kmp-rt-4.12.14-10.94.1', 'sp':'5', 'cpu':'x86_64', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_RT-release-12.5']}
];
var ltss_caveat_required = FALSE;
var flag = 0;
foreach var package_array ( pkgs ) {
var reference = NULL;
var _release = NULL;
var sp = NULL;
var _cpu = NULL;
var exists_check = NULL;
var rpm_spec_vers_cmp = NULL;
if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];
if (!empty_or_null(package_array['release'])) _release = package_array['release'];
if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];
if (!empty_or_null(package_array['cpu'])) _cpu = package_array['cpu'];
if (!empty_or_null(package_array['exists_check'])) exists_check = package_array['exists_check'];
if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];
if (reference && _release) {
if (exists_check) {
var check_flag = 0;
foreach var check (exists_check) {
if (!rpm_exists(release:_release, rpm:check)) continue;
check_flag++;
}
if (!check_flag) continue;
}
if (rpm_check(release:_release, sp:sp, cpu:_cpu, reference:reference, rpm_spec_vers_cmp:rpm_spec_vers_cmp)) flag++;
}
}
if (flag)
{
security_report_v4(
port : 0,
severity : SECURITY_HOLE,
extra : rpm_report_get()
);
exit(0);
}
else
{
var tested = pkg_tests_get();
if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'cluster-md-kmp-rt / dlm-kmp-rt / gfs2-kmp-rt / kernel-devel-rt / etc');
}
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-19377
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-26541
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-26341
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-33061
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-39711
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-4157
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1012
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1184
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1652
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1679
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1729
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1734
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1836
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1974
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1975
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-20132
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-20141
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-20154
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-21123
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-21125
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-21127
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-21166
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-21180
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-21499
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2318
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-26365
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-29900
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-29901
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-30594
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-33740
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-33741
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-33742
www.nessus.org/u?e33c2e64
bugzilla.suse.com/1024718
bugzilla.suse.com/1055117
bugzilla.suse.com/1061840
bugzilla.suse.com/1065729
bugzilla.suse.com/1129770
bugzilla.suse.com/1158266
bugzilla.suse.com/1177282
bugzilla.suse.com/1188885
bugzilla.suse.com/1194013
bugzilla.suse.com/1194124
bugzilla.suse.com/1196426
bugzilla.suse.com/1196570
bugzilla.suse.com/1196901
bugzilla.suse.com/1196964
bugzilla.suse.com/1197170
bugzilla.suse.com/1197219
bugzilla.suse.com/1197601
bugzilla.suse.com/1198438
bugzilla.suse.com/1198577
bugzilla.suse.com/1198866
bugzilla.suse.com/1198899
bugzilla.suse.com/1199035
bugzilla.suse.com/1199063
bugzilla.suse.com/1199237
bugzilla.suse.com/1199239
bugzilla.suse.com/1199314
bugzilla.suse.com/1199399
bugzilla.suse.com/1199426
bugzilla.suse.com/1199482
bugzilla.suse.com/1199487
bugzilla.suse.com/1199505
bugzilla.suse.com/1199507
bugzilla.suse.com/1199526
bugzilla.suse.com/1199605
bugzilla.suse.com/1199631
bugzilla.suse.com/1199650
bugzilla.suse.com/1199657
bugzilla.suse.com/1199671
bugzilla.suse.com/1199839
bugzilla.suse.com/1200015
bugzilla.suse.com/1200045
bugzilla.suse.com/1200143
bugzilla.suse.com/1200144
bugzilla.suse.com/1200173
bugzilla.suse.com/1200249
bugzilla.suse.com/1200343
bugzilla.suse.com/1200549
bugzilla.suse.com/1200571
bugzilla.suse.com/1200599
bugzilla.suse.com/1200600
bugzilla.suse.com/1200604
bugzilla.suse.com/1200605
bugzilla.suse.com/1200608
bugzilla.suse.com/1200619
bugzilla.suse.com/1200762
bugzilla.suse.com/1200806
bugzilla.suse.com/1200807
bugzilla.suse.com/1200809
bugzilla.suse.com/1200810
bugzilla.suse.com/1200813
bugzilla.suse.com/1200820
bugzilla.suse.com/1200821
bugzilla.suse.com/1200822
bugzilla.suse.com/1200829
bugzilla.suse.com/1200868
bugzilla.suse.com/1200869
bugzilla.suse.com/1200870
bugzilla.suse.com/1200871
bugzilla.suse.com/1200872
bugzilla.suse.com/1200873
bugzilla.suse.com/1200925
bugzilla.suse.com/1201050
bugzilla.suse.com/1201080
bugzilla.suse.com/1201251
www.suse.com/security/cve/CVE-2019-19377
www.suse.com/security/cve/CVE-2020-26541
www.suse.com/security/cve/CVE-2021-26341
www.suse.com/security/cve/CVE-2021-33061
www.suse.com/security/cve/CVE-2021-39711
www.suse.com/security/cve/CVE-2021-4157
www.suse.com/security/cve/CVE-2022-1012
www.suse.com/security/cve/CVE-2022-1184
www.suse.com/security/cve/CVE-2022-1652
www.suse.com/security/cve/CVE-2022-1679
www.suse.com/security/cve/CVE-2022-1729
www.suse.com/security/cve/CVE-2022-1734
www.suse.com/security/cve/CVE-2022-1836
www.suse.com/security/cve/CVE-2022-1974
www.suse.com/security/cve/CVE-2022-1975
www.suse.com/security/cve/CVE-2022-20132
www.suse.com/security/cve/CVE-2022-20141
www.suse.com/security/cve/CVE-2022-20154
www.suse.com/security/cve/CVE-2022-21123
www.suse.com/security/cve/CVE-2022-21125
www.suse.com/security/cve/CVE-2022-21127
www.suse.com/security/cve/CVE-2022-21166
www.suse.com/security/cve/CVE-2022-21180
www.suse.com/security/cve/CVE-2022-21499
www.suse.com/security/cve/CVE-2022-2318
www.suse.com/security/cve/CVE-2022-26365
www.suse.com/security/cve/CVE-2022-29900
www.suse.com/security/cve/CVE-2022-29901
www.suse.com/security/cve/CVE-2022-30594
www.suse.com/security/cve/CVE-2022-33740
www.suse.com/security/cve/CVE-2022-33741
www.suse.com/security/cve/CVE-2022-33742
CVSS2
Attack Vector
ADJACENT_NETWORK
Attack Complexity
MEDIUM
Authentication
SINGLE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:A/AC:M/Au:S/C:C/I:C/A:C
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
LOW
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H
AI Score
Confidence
High
EPSS
Percentile
61.4%