The remote SUSE Linux SLES15 / SLES_SAP15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2022:3288-1 advisory.
The einj_error_inject function in drivers/acpi/apei/einj.c in the Linux kernel allows local users to simulate hardware errors and consequently cause a denial of service by leveraging failure to disable APEI error injection through EINJ when securelevel is set. (CVE-2016-3695)
An issue was discovered in the Linux kernel through 5.16.11. The mixed IPID assignment method with the hash-based IPID assignment policy allows an off-path attacker to inject data into a victim’s TCP session or terminate that session. (CVE-2020-36516)
Uncontrolled resource consumption in the Linux kernel drivers for Intel® SGX may allow an authenticated user to potentially enable denial of service via local access. (CVE-2021-33135)
A vulnerability was found in the fs/inode.c:inode_init_owner() function logic of the LInux kernel that allows local users to create files for the XFS file-system with an unintended group ownership and with group execution and SGID permission bits set, in a scenario where a directory is SGID and belongs to a certain group and is writable by a user who is not a member of this group. This can lead to excessive permissions granted in case when they should not. This vulnerability is similar to the previous CVE-2018-13405 and adds the missed fix for the XFS. (CVE-2021-4037)
A use-after-free flaw was found in fs/ext4/namei.c:dx_insert_block() in the Linux kernel’s filesystem sub- component. This flaw allows a local attacker with a user privilege to cause a denial of service.
(CVE-2022-1184)
Product: AndroidVersions: Android kernelAndroid ID: A-224546354References: Upstream kernel (CVE-2022-20368)
In v4l2_m2m_querybuf of v4l2-mem2mem.c, there is a possible out of bounds write due to improper input validation. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID:
A-223375145References: Upstream kernel (CVE-2022-20369)
kernel: posix cpu timer use-after-free may lead to local privilege escalation (CVE-2022-2585)
kernel: a use-after-free in cls_route filter implementation may lead to privilege escalation (CVE-2022-2588)
Non-transparent sharing of return predictor targets between contexts in some Intel® Processors may allow an authorized user to potentially enable information disclosure via local access. (CVE-2022-26373)
An integer coercion error was found in the openvswitch kernel module. Given a sufficiently large number of actions, while copying and reserving memory for a new action of a new flow, the reserve_sfa_size() function does not return -EMSGSIZE as expected, potentially leading to an out-of-bounds write access. This flaw allows a local user to crash or potentially escalate their privileges on the system. (CVE-2022-2639)
An issue was found in the Linux kernel in nf_conntrack_irc where the message handling can be confused and incorrectly matches the message. A firewall may be able to be bypassed when users are using unencrypted IRC with nf_conntrack_irc configured. (CVE-2022-2663)
In the Linux kernel before 5.17.1, a refcount leak bug was found in net/llc/af_llc.c. (CVE-2022-28356)
A flaw was found in hw. Mis-trained branch predictions for return instructions may allow arbitrary speculative code execution under certain microarchitecture-dependent conditions. (CVE-2022-23816) (CVE-2022-28693)
An out-of-bounds memory access flaw was found in the Linux kernel Intel’s iSMT SMBus host controller driver in the way a user triggers the I2C_SMBUS_BLOCK_DATA (with the ioctl I2C_SMBUS) with malicious input data. This flaw allows a local user to crash the system. (CVE-2022-2873)
An out-of-bounds memory read flaw was found in the Linux kernel’s BPF subsystem in how a user calls the bpf_tail_call function with a key larger than the max_entries of the map. This flaw allows a local user to gain unauthorized access to data. (CVE-2022-2905)
A flaw was found in the Linux kernel’s implementation of Pressure Stall Information. While the feature is disabled by default, it could allow an attacker to crash the system or have other memory-corruption side effects. (CVE-2022-2938)
A race condition was found in the Linux kernel’s watch queue due to a missing lock in pipe_resize_ring().
The specific flaw exists within the handling of pipe buffers. The issue results from the lack of proper locking when performing operations on an object. This flaw allows a local user to crash the system or escalate their privileges on the system. (CVE-2022-2959)
A flaw was found in the Linux kernel implementation of proxied virtualized TPM devices. On a system where virtualized TPM devices are configured (this is not the default) a local attacker can create a use-after- free and create a situation where it may be possible to escalate privileges on the system. (CVE-2022-2977)
A race condition was found in the Linux kernel’s IP framework for transforming packets (XFRM subsystem) when multiple calls to xfrm_probe_algs occurred simultaneously. This flaw could allow a local attacker to potentially trigger an out-of-bounds write or leak kernel heap memory by performing an out-of-bounds read and copying it into a socket. (CVE-2022-3028)
An issue was discovered in the Linux kernel through 5.16-rc6. There is a lack of check after calling vzalloc() and lack of free after allocation in drivers/media/test-drivers/vidtv/vidtv_s302m.c.
(CVE-2022-3078)
An issue was discovered in the Linux kernel through 5.18.14. xfrm_expand_policies in net/xfrm/xfrm_policy.c can cause a refcount to be dropped twice. (CVE-2022-36879)
nfqnl_mangle in net/netfilter/nfnetlink_queue.c in the Linux kernel through 5.18.14 allows remote attackers to cause a denial of service (panic) because, in the case of an nf_queue verdict with a one-byte nfta_payload attribute, an skb_pull can encounter a negative skb->len. (CVE-2022-36946)
An issue was discovered in include/asm-generic/tlb.h in the Linux kernel before 5.19. Because of a race condition (unmap_mapping_range versus munmap), a device driver can free a page while it still has stale TLB entries. This only occurs in situations with VM_PFNMAP VMAs. (CVE-2022-39188)
An issue was discovered in net/netfilter/nf_tables_api.c in the Linux kernel before 5.19.6. A denial of service can occur upon binding to an already bound chain. (CVE-2022-39190)
Note that Nessus has not tested for these issues but has instead relied only on the application’s self-reported version number.
#%NASL_MIN_LEVEL 80900
##
# (C) Tenable, Inc.
#
# The package checks in this plugin were extracted from
# SUSE update advisory SUSE-SU-2022:3288-1. The text itself
# is copyright (C) SUSE.
##
include('deprecated_nasl_level.inc');
include('compat.inc');
if (description)
{
script_id(165235);
script_version("1.8");
script_set_attribute(attribute:"plugin_modification_date", value:"2023/07/14");
script_cve_id(
"CVE-2016-3695",
"CVE-2020-36516",
"CVE-2021-4037",
"CVE-2021-33135",
"CVE-2022-1184",
"CVE-2022-2585",
"CVE-2022-2588",
"CVE-2022-2639",
"CVE-2022-2663",
"CVE-2022-2873",
"CVE-2022-2905",
"CVE-2022-2938",
"CVE-2022-2959",
"CVE-2022-2977",
"CVE-2022-3028",
"CVE-2022-3078",
"CVE-2022-20368",
"CVE-2022-20369",
"CVE-2022-26373",
"CVE-2022-28356",
"CVE-2022-28693",
"CVE-2022-36879",
"CVE-2022-36946",
"CVE-2022-39188",
"CVE-2022-39190"
);
script_xref(name:"SuSE", value:"SUSE-SU-2022:3288-1");
script_name(english:"SUSE SLES15 Security Update : kernel (SUSE-SU-2022:3288-1)");
script_set_attribute(attribute:"synopsis", value:
"The remote SUSE host is missing one or more security updates.");
script_set_attribute(attribute:"description", value:
"The remote SUSE Linux SLES15 / SLES_SAP15 host has packages installed that are affected by multiple vulnerabilities as
referenced in the SUSE-SU-2022:3288-1 advisory.
- The einj_error_inject function in drivers/acpi/apei/einj.c in the Linux kernel allows local users to
simulate hardware errors and consequently cause a denial of service by leveraging failure to disable APEI
error injection through EINJ when securelevel is set. (CVE-2016-3695)
- An issue was discovered in the Linux kernel through 5.16.11. The mixed IPID assignment method with the
hash-based IPID assignment policy allows an off-path attacker to inject data into a victim's TCP session
or terminate that session. (CVE-2020-36516)
- Uncontrolled resource consumption in the Linux kernel drivers for Intel(R) SGX may allow an authenticated
user to potentially enable denial of service via local access. (CVE-2021-33135)
- A vulnerability was found in the fs/inode.c:inode_init_owner() function logic of the LInux kernel that
allows local users to create files for the XFS file-system with an unintended group ownership and with
group execution and SGID permission bits set, in a scenario where a directory is SGID and belongs to a
certain group and is writable by a user who is not a member of this group. This can lead to excessive
permissions granted in case when they should not. This vulnerability is similar to the previous
CVE-2018-13405 and adds the missed fix for the XFS. (CVE-2021-4037)
- A use-after-free flaw was found in fs/ext4/namei.c:dx_insert_block() in the Linux kernel's filesystem sub-
component. This flaw allows a local attacker with a user privilege to cause a denial of service.
(CVE-2022-1184)
- Product: AndroidVersions: Android kernelAndroid ID: A-224546354References: Upstream kernel
(CVE-2022-20368)
- In v4l2_m2m_querybuf of v4l2-mem2mem.c, there is a possible out of bounds write due to improper input
validation. This could lead to local escalation of privilege with System execution privileges needed. User
interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID:
A-223375145References: Upstream kernel (CVE-2022-20369)
- kernel: posix cpu timer use-after-free may lead to local privilege escalation (CVE-2022-2585)
- kernel: a use-after-free in cls_route filter implementation may lead to privilege escalation
(CVE-2022-2588)
- Non-transparent sharing of return predictor targets between contexts in some Intel(R) Processors may allow
an authorized user to potentially enable information disclosure via local access. (CVE-2022-26373)
- An integer coercion error was found in the openvswitch kernel module. Given a sufficiently large number of
actions, while copying and reserving memory for a new action of a new flow, the reserve_sfa_size()
function does not return -EMSGSIZE as expected, potentially leading to an out-of-bounds write access. This
flaw allows a local user to crash or potentially escalate their privileges on the system. (CVE-2022-2639)
- An issue was found in the Linux kernel in nf_conntrack_irc where the message handling can be confused and
incorrectly matches the message. A firewall may be able to be bypassed when users are using unencrypted
IRC with nf_conntrack_irc configured. (CVE-2022-2663)
- In the Linux kernel before 5.17.1, a refcount leak bug was found in net/llc/af_llc.c. (CVE-2022-28356)
- A flaw was found in hw. Mis-trained branch predictions for return instructions may allow arbitrary
speculative code execution under certain microarchitecture-dependent conditions. (CVE-2022-23816)
(CVE-2022-28693)
- An out-of-bounds memory access flaw was found in the Linux kernel Intel's iSMT SMBus host controller
driver in the way a user triggers the I2C_SMBUS_BLOCK_DATA (with the ioctl I2C_SMBUS) with malicious input
data. This flaw allows a local user to crash the system. (CVE-2022-2873)
- An out-of-bounds memory read flaw was found in the Linux kernel's BPF subsystem in how a user calls the
bpf_tail_call function with a key larger than the max_entries of the map. This flaw allows a local user to
gain unauthorized access to data. (CVE-2022-2905)
- A flaw was found in the Linux kernel's implementation of Pressure Stall Information. While the feature is
disabled by default, it could allow an attacker to crash the system or have other memory-corruption side
effects. (CVE-2022-2938)
- A race condition was found in the Linux kernel's watch queue due to a missing lock in pipe_resize_ring().
The specific flaw exists within the handling of pipe buffers. The issue results from the lack of proper
locking when performing operations on an object. This flaw allows a local user to crash the system or
escalate their privileges on the system. (CVE-2022-2959)
- A flaw was found in the Linux kernel implementation of proxied virtualized TPM devices. On a system where
virtualized TPM devices are configured (this is not the default) a local attacker can create a use-after-
free and create a situation where it may be possible to escalate privileges on the system. (CVE-2022-2977)
- A race condition was found in the Linux kernel's IP framework for transforming packets (XFRM subsystem)
when multiple calls to xfrm_probe_algs occurred simultaneously. This flaw could allow a local attacker to
potentially trigger an out-of-bounds write or leak kernel heap memory by performing an out-of-bounds read
and copying it into a socket. (CVE-2022-3028)
- An issue was discovered in the Linux kernel through 5.16-rc6. There is a lack of check after calling
vzalloc() and lack of free after allocation in drivers/media/test-drivers/vidtv/vidtv_s302m.c.
(CVE-2022-3078)
- An issue was discovered in the Linux kernel through 5.18.14. xfrm_expand_policies in
net/xfrm/xfrm_policy.c can cause a refcount to be dropped twice. (CVE-2022-36879)
- nfqnl_mangle in net/netfilter/nfnetlink_queue.c in the Linux kernel through 5.18.14 allows remote
attackers to cause a denial of service (panic) because, in the case of an nf_queue verdict with a one-byte
nfta_payload attribute, an skb_pull can encounter a negative skb->len. (CVE-2022-36946)
- An issue was discovered in include/asm-generic/tlb.h in the Linux kernel before 5.19. Because of a race
condition (unmap_mapping_range versus munmap), a device driver can free a page while it still has stale
TLB entries. This only occurs in situations with VM_PFNMAP VMAs. (CVE-2022-39188)
- An issue was discovered in net/netfilter/nf_tables_api.c in the Linux kernel before 5.19.6. A denial of
service can occur upon binding to an already bound chain. (CVE-2022-39190)
Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version
number.");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/1023051");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/1032323");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/1065729");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/1156395");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/1189999");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/1190497");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/1192968");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/1194592");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/1194869");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/1194904");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/1195480");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/1195917");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/1196616");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/1197158");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/1197391");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/1197755");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/1197756");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/1197757");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/1197763");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/1198410");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/1198577");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/1198702");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/1198971");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/1199356");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/1199515");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/1200301");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/1200313");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/1200431");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/1200544");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/1200845");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/1200868");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/1200869");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/1200870");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/1200871");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/1200872");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/1200873");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/1201019");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/1201308");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/1201361");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/1201442");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/1201455");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/1201489");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/1201610");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/1201726");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/1201768");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/1201865");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/1201940");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/1201948");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/1201956");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/1202094");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/1202096");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/1202097");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/1202113");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/1202131");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/1202154");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/1202262");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/1202265");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/1202346");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/1202347");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/1202385");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/1202393");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/1202447");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/1202471");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/1202558");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/1202564");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/1202623");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/1202636");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/1202672");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/1202681");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/1202710");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/1202711");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/1202712");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/1202713");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/1202715");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/1202716");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/1202757");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/1202758");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/1202759");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/1202761");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/1202762");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/1202763");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/1202764");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/1202765");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/1202766");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/1202767");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/1202768");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/1202769");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/1202770");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/1202771");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/1202773");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/1202774");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/1202775");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/1202776");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/1202778");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/1202779");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/1202780");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/1202781");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/1202782");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/1202783");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/1202822");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/1202823");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/1202824");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/1202860");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/1202867");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/1202872");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/1202898");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/1202989");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/1203036");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/1203041");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/1203063");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/1203098");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/1203107");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/1203117");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/1203138");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/1203139");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/1203159");
script_set_attribute(attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2016-3695");
script_set_attribute(attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2020-36516");
script_set_attribute(attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2021-33135");
script_set_attribute(attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2021-4037");
script_set_attribute(attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2022-1184");
script_set_attribute(attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2022-20368");
script_set_attribute(attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2022-20369");
script_set_attribute(attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2022-2585");
script_set_attribute(attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2022-2588");
script_set_attribute(attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2022-26373");
script_set_attribute(attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2022-2639");
script_set_attribute(attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2022-2663");
script_set_attribute(attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2022-28356");
script_set_attribute(attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2022-28693");
script_set_attribute(attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2022-2873");
script_set_attribute(attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2022-2905");
script_set_attribute(attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2022-2938");
script_set_attribute(attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2022-2959");
script_set_attribute(attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2022-2977");
script_set_attribute(attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2022-3028");
script_set_attribute(attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2022-3078");
script_set_attribute(attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2022-36879");
script_set_attribute(attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2022-36946");
script_set_attribute(attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2022-39188");
script_set_attribute(attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2022-39190");
# https://lists.suse.com/pipermail/sle-security-updates/2022-September/012270.html
script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?23d93ad3");
script_set_attribute(attribute:"solution", value:
"Update the affected packages.");
script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:S/C:N/I:P/A:P");
script_set_cvss_temporal_vector("CVSS2#E:H/RL:OF/RC:C");
script_set_cvss3_base_vector("CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H");
script_set_cvss3_temporal_vector("CVSS:3.0/E:H/RL:O/RC:C");
script_set_attribute(attribute:"cvss_score_source", value:"CVE-2020-36516");
script_set_attribute(attribute:"cvss3_score_source", value:"CVE-2022-2977");
script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
script_set_attribute(attribute:"exploit_available", value:"true");
script_set_attribute(attribute:"exploit_framework_core", value:"true");
script_set_attribute(attribute:"exploited_by_malware", value:"true");
script_set_attribute(attribute:"vuln_publication_date", value:"2017/12/29");
script_set_attribute(attribute:"patch_publication_date", value:"2022/09/16");
script_set_attribute(attribute:"plugin_publication_date", value:"2022/09/17");
script_set_attribute(attribute:"plugin_type", value:"local");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:kernel-azure");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:kernel-azure-devel");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:kernel-devel-azure");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:kernel-source-azure");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:kernel-syms-azure");
script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:suse_linux:15");
script_set_attribute(attribute:"generated_plugin", value:"current");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_family(english:"SuSE Local Security Checks");
script_copyright(english:"This script is Copyright (C) 2022-2023 and is owned by Tenable, Inc. or an Affiliate thereof.");
script_dependencies("ssh_get_info.nasl");
script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/SuSE/release", "Host/SuSE/rpm-list");
exit(0);
}
include('rpm.inc');
if (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
var os_release = get_kb_item("Host/SuSE/release");
if (isnull(os_release) || os_release !~ "^(SLED|SLES)") audit(AUDIT_OS_NOT, "SUSE");
var os_ver = pregmatch(pattern: "^(SLE(S|D)(?:_SAP)?\d+)", string:os_release);
if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'SUSE');
os_ver = os_ver[1];
if (! preg(pattern:"^(SLES15|SLES_SAP15)$", string:os_ver)) audit(AUDIT_OS_NOT, 'SUSE SLES15 / SLES_SAP15', 'SUSE (' + os_ver + ')');
if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
var cpu = get_kb_item('Host/cpu');
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if ('x86_64' >!< cpu && cpu !~ "^i[3-6]86$" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'SUSE (' + os_ver + ')', cpu);
var service_pack = get_kb_item("Host/SuSE/patchlevel");
if (isnull(service_pack)) service_pack = "0";
if (os_ver == "SLES15" && (! preg(pattern:"^(4)$", string:service_pack))) audit(AUDIT_OS_NOT, "SLES15 SP4", os_ver + " SP" + service_pack);
if (os_ver == "SLES_SAP15" && (! preg(pattern:"^(4)$", string:service_pack))) audit(AUDIT_OS_NOT, "SLES_SAP15 SP4", os_ver + " SP" + service_pack);
var pkgs = [
{'reference':'kernel-azure-5.14.21-150400.14.13.1', 'sp':'4', 'cpu':'aarch64', 'release':'SLES_SAP15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.4']},
{'reference':'kernel-azure-5.14.21-150400.14.13.1', 'sp':'4', 'cpu':'x86_64', 'release':'SLES_SAP15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.4']},
{'reference':'kernel-azure-devel-5.14.21-150400.14.13.1', 'sp':'4', 'cpu':'aarch64', 'release':'SLES_SAP15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.4']},
{'reference':'kernel-azure-devel-5.14.21-150400.14.13.1', 'sp':'4', 'cpu':'x86_64', 'release':'SLES_SAP15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.4']},
{'reference':'kernel-devel-azure-5.14.21-150400.14.13.1', 'sp':'4', 'release':'SLES_SAP15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.4']},
{'reference':'kernel-source-azure-5.14.21-150400.14.13.1', 'sp':'4', 'release':'SLES_SAP15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.4']},
{'reference':'kernel-syms-azure-5.14.21-150400.14.13.1', 'sp':'4', 'cpu':'aarch64', 'release':'SLES_SAP15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.4']},
{'reference':'kernel-syms-azure-5.14.21-150400.14.13.1', 'sp':'4', 'cpu':'x86_64', 'release':'SLES_SAP15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.4']},
{'reference':'kernel-azure-5.14.21-150400.14.13.1', 'sp':'4', 'cpu':'aarch64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-release-15.4', 'sle-module-public-cloud-release-15.4', 'sles-release-15.4']},
{'reference':'kernel-azure-5.14.21-150400.14.13.1', 'sp':'4', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-release-15.4', 'sle-module-public-cloud-release-15.4', 'sles-release-15.4']},
{'reference':'kernel-azure-devel-5.14.21-150400.14.13.1', 'sp':'4', 'cpu':'aarch64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-release-15.4', 'sle-module-public-cloud-release-15.4', 'sles-release-15.4']},
{'reference':'kernel-azure-devel-5.14.21-150400.14.13.1', 'sp':'4', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-release-15.4', 'sle-module-public-cloud-release-15.4', 'sles-release-15.4']},
{'reference':'kernel-devel-azure-5.14.21-150400.14.13.1', 'sp':'4', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-release-15.4', 'sle-module-public-cloud-release-15.4', 'sles-release-15.4']},
{'reference':'kernel-source-azure-5.14.21-150400.14.13.1', 'sp':'4', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-release-15.4', 'sle-module-public-cloud-release-15.4', 'sles-release-15.4']},
{'reference':'kernel-syms-azure-5.14.21-150400.14.13.1', 'sp':'4', 'cpu':'aarch64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-release-15.4', 'sle-module-public-cloud-release-15.4', 'sles-release-15.4']},
{'reference':'kernel-syms-azure-5.14.21-150400.14.13.1', 'sp':'4', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-release-15.4', 'sle-module-public-cloud-release-15.4', 'sles-release-15.4']}
];
var ltss_caveat_required = FALSE;
var flag = 0;
foreach var package_array ( pkgs ) {
var reference = NULL;
var _release = NULL;
var sp = NULL;
var _cpu = NULL;
var exists_check = NULL;
var rpm_spec_vers_cmp = NULL;
if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];
if (!empty_or_null(package_array['release'])) _release = package_array['release'];
if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];
if (!empty_or_null(package_array['cpu'])) _cpu = package_array['cpu'];
if (!empty_or_null(package_array['exists_check'])) exists_check = package_array['exists_check'];
if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];
if (reference && _release) {
if (exists_check) {
var check_flag = 0;
foreach var check (exists_check) {
if (!rpm_exists(release:_release, rpm:check)) continue;
check_flag++;
}
if (!check_flag) continue;
}
if (rpm_check(release:_release, sp:sp, cpu:_cpu, reference:reference, rpm_spec_vers_cmp:rpm_spec_vers_cmp)) flag++;
}
}
if (flag)
{
security_report_v4(
port : 0,
severity : SECURITY_WARNING,
extra : rpm_report_get()
);
exit(0);
}
else
{
var tested = pkg_tests_get();
if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'kernel-azure / kernel-azure-devel / kernel-devel-azure / etc');
}
Vendor | Product | Version | CPE |
---|---|---|---|
novell | suse_linux | kernel-azure | p-cpe:/a:novell:suse_linux:kernel-azure |
novell | suse_linux | kernel-azure-devel | p-cpe:/a:novell:suse_linux:kernel-azure-devel |
novell | suse_linux | kernel-devel-azure | p-cpe:/a:novell:suse_linux:kernel-devel-azure |
novell | suse_linux | kernel-source-azure | p-cpe:/a:novell:suse_linux:kernel-source-azure |
novell | suse_linux | kernel-syms-azure | p-cpe:/a:novell:suse_linux:kernel-syms-azure |
novell | suse_linux | 15 | cpe:/o:novell:suse_linux:15 |
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3695
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-36516
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-33135
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-4037
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1184
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-20368
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-20369
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2585
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2588
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-26373
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2639
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2663
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-28356
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-28693
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2873
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2905
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2938
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2959
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2977
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3028
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3078
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-36879
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-36946
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-39188
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-39190
www.nessus.org/u?23d93ad3
bugzilla.suse.com/1023051
bugzilla.suse.com/1032323
bugzilla.suse.com/1065729
bugzilla.suse.com/1156395
bugzilla.suse.com/1189999
bugzilla.suse.com/1190497
bugzilla.suse.com/1192968
bugzilla.suse.com/1194592
bugzilla.suse.com/1194869
bugzilla.suse.com/1194904
bugzilla.suse.com/1195480
bugzilla.suse.com/1195917
bugzilla.suse.com/1196616
bugzilla.suse.com/1197158
bugzilla.suse.com/1197391
bugzilla.suse.com/1197755
bugzilla.suse.com/1197756
bugzilla.suse.com/1197757
bugzilla.suse.com/1197763
bugzilla.suse.com/1198410
bugzilla.suse.com/1198577
bugzilla.suse.com/1198702
bugzilla.suse.com/1198971
bugzilla.suse.com/1199356
bugzilla.suse.com/1199515
bugzilla.suse.com/1200301
bugzilla.suse.com/1200313
bugzilla.suse.com/1200431
bugzilla.suse.com/1200544
bugzilla.suse.com/1200845
bugzilla.suse.com/1200868
bugzilla.suse.com/1200869
bugzilla.suse.com/1200870
bugzilla.suse.com/1200871
bugzilla.suse.com/1200872
bugzilla.suse.com/1200873
bugzilla.suse.com/1201019
bugzilla.suse.com/1201308
bugzilla.suse.com/1201361
bugzilla.suse.com/1201442
bugzilla.suse.com/1201455
bugzilla.suse.com/1201489
bugzilla.suse.com/1201610
bugzilla.suse.com/1201726
bugzilla.suse.com/1201768
bugzilla.suse.com/1201865
bugzilla.suse.com/1201940
bugzilla.suse.com/1201948
bugzilla.suse.com/1201956
bugzilla.suse.com/1202094
bugzilla.suse.com/1202096
bugzilla.suse.com/1202097
bugzilla.suse.com/1202113
bugzilla.suse.com/1202131
bugzilla.suse.com/1202154
bugzilla.suse.com/1202262
bugzilla.suse.com/1202265
bugzilla.suse.com/1202346
bugzilla.suse.com/1202347
bugzilla.suse.com/1202385
bugzilla.suse.com/1202393
bugzilla.suse.com/1202447
bugzilla.suse.com/1202471
bugzilla.suse.com/1202558
bugzilla.suse.com/1202564
bugzilla.suse.com/1202623
bugzilla.suse.com/1202636
bugzilla.suse.com/1202672
bugzilla.suse.com/1202681
bugzilla.suse.com/1202710
bugzilla.suse.com/1202711
bugzilla.suse.com/1202712
bugzilla.suse.com/1202713
bugzilla.suse.com/1202715
bugzilla.suse.com/1202716
bugzilla.suse.com/1202757
bugzilla.suse.com/1202758
bugzilla.suse.com/1202759
bugzilla.suse.com/1202761
bugzilla.suse.com/1202762
bugzilla.suse.com/1202763
bugzilla.suse.com/1202764
bugzilla.suse.com/1202765
bugzilla.suse.com/1202766
bugzilla.suse.com/1202767
bugzilla.suse.com/1202768
bugzilla.suse.com/1202769
bugzilla.suse.com/1202770
bugzilla.suse.com/1202771
bugzilla.suse.com/1202773
bugzilla.suse.com/1202774
bugzilla.suse.com/1202775
bugzilla.suse.com/1202776
bugzilla.suse.com/1202778
bugzilla.suse.com/1202779
bugzilla.suse.com/1202780
bugzilla.suse.com/1202781
bugzilla.suse.com/1202782
bugzilla.suse.com/1202783
bugzilla.suse.com/1202822
bugzilla.suse.com/1202823
bugzilla.suse.com/1202824
bugzilla.suse.com/1202860
bugzilla.suse.com/1202867
bugzilla.suse.com/1202872
bugzilla.suse.com/1202898
bugzilla.suse.com/1202989
bugzilla.suse.com/1203036
bugzilla.suse.com/1203041
bugzilla.suse.com/1203063
bugzilla.suse.com/1203098
bugzilla.suse.com/1203107
bugzilla.suse.com/1203117
bugzilla.suse.com/1203138
bugzilla.suse.com/1203139
bugzilla.suse.com/1203159
www.suse.com/security/cve/CVE-2016-3695
www.suse.com/security/cve/CVE-2020-36516
www.suse.com/security/cve/CVE-2021-33135
www.suse.com/security/cve/CVE-2021-4037
www.suse.com/security/cve/CVE-2022-1184
www.suse.com/security/cve/CVE-2022-20368
www.suse.com/security/cve/CVE-2022-20369
www.suse.com/security/cve/CVE-2022-2585
www.suse.com/security/cve/CVE-2022-2588
www.suse.com/security/cve/CVE-2022-26373
www.suse.com/security/cve/CVE-2022-2639
www.suse.com/security/cve/CVE-2022-2663
www.suse.com/security/cve/CVE-2022-28356
www.suse.com/security/cve/CVE-2022-28693
www.suse.com/security/cve/CVE-2022-2873
www.suse.com/security/cve/CVE-2022-2905
www.suse.com/security/cve/CVE-2022-2938
www.suse.com/security/cve/CVE-2022-2959
www.suse.com/security/cve/CVE-2022-2977
www.suse.com/security/cve/CVE-2022-3028
www.suse.com/security/cve/CVE-2022-3078
www.suse.com/security/cve/CVE-2022-36879
www.suse.com/security/cve/CVE-2022-36946
www.suse.com/security/cve/CVE-2022-39188
www.suse.com/security/cve/CVE-2022-39190