CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
SINGLE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:M/Au:S/C:P/I:N/A:P
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
EPSS
Percentile
84.6%
The remote SUSE Linux SLES15 / SLES_SAP15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2022:3609-1 advisory.
The einj_error_inject function in drivers/acpi/apei/einj.c in the Linux kernel allows local users to simulate hardware errors and consequently cause a denial of service by leveraging failure to disable APEI error injection through EINJ when securelevel is set. (CVE-2016-3695)
Use-after-free vulnerability in the Linux kernel exploitable by a local attacker due to reuse of a DCCP socket with an attached dccps_hc_tx_ccid object as a listener after being released. Fixed in Ubuntu Linux kernel 5.4.0-51.56, 5.3.0-68.63, 4.15.0-121.123, 4.4.0-193.224, 3.13.0.182.191 and 3.2.0-149.196.
(CVE-2020-16119)
A vulnerability was found in the Linux kernel, where accessing a deallocated instance in printer_ioctl() printer_ioctl() tries to access of a printer_dev instance. However, use-after-free arises because it had been freed by gprinter_free(). (CVE-2020-27784)
An issue was discovered in the Linux kernel through 5.16.11. The mixed IPID assignment method with the hash-based IPID assignment policy allows an off-path attacker to inject data into a victim’s TCP session or terminate that session. (CVE-2020-36516)
A data leak flaw was found in the way XFS_IOC_ALLOCSP IOCTL in the XFS filesystem allowed for size increase of files with unaligned size. A local attacker could use this flaw to leak data on the XFS filesystem otherwise not accessible to them. (CVE-2021-4155)
A use-after-free read flaw was found in sock_getsockopt() in net/core/sock.c due to SO_PEERCRED and SO_PEERGROUPS race with listen() (and connect()) in the Linux kernel. In this flaw, an attacker with a user privileges may crash the system or leak internal kernel information. (CVE-2021-4203)
Product: AndroidVersions: Android kernelAndroid ID: A-224546354References: Upstream kernel (CVE-2022-20368)
In v4l2_m2m_querybuf of v4l2-mem2mem.c, there is a possible out of bounds write due to improper input validation. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID:
A-223375145References: Upstream kernel (CVE-2022-20369)
Dm-verity is used for extending root-of-trust to root filesystems. LoadPin builds on this property to restrict module/firmware loads to just the trusted root filesystem. Device-mapper table reloads currently allow users with root privileges to switch out the target with an equivalent dm-linear target and bypass verification till reboot. This allows root to bypass LoadPin and can be used to load untrusted and unverified kernel modules and firmware, which implies arbitrary kernel execution and persistence for peripherals that do not verify firmware updates. We recommend upgrading past commit 4caae58406f8ceb741603eee460d79bacca9b1b5 (CVE-2022-2503)
kernel: nf_tables cross-table potential use-after-free may lead to local privilege escalation (CVE-2022-2586)
kernel: a use-after-free in cls_route filter implementation may lead to privilege escalation (CVE-2022-2588)
Non-transparent sharing of return predictor targets between contexts in some Intel® Processors may allow an authorized user to potentially enable information disclosure via local access. (CVE-2022-26373)
An integer coercion error was found in the openvswitch kernel module. Given a sufficiently large number of actions, while copying and reserving memory for a new action of a new flow, the reserve_sfa_size() function does not return -EMSGSIZE as expected, potentially leading to an out-of-bounds write access. This flaw allows a local user to crash or potentially escalate their privileges on the system. (CVE-2022-2639)
An issue was found in the Linux kernel in nf_conntrack_irc where the message handling can be confused and incorrectly matches the message. A firewall may be able to be bypassed when users are using unencrypted IRC with nf_conntrack_irc configured. (CVE-2022-2663)
An out-of-bounds memory read flaw was found in the Linux kernel’s BPF subsystem in how a user calls the bpf_tail_call function with a key larger than the max_entries of the map. This flaw allows a local user to gain unauthorized access to data. (CVE-2022-2905)
A flaw was found in the Linux kernel implementation of proxied virtualized TPM devices. On a system where virtualized TPM devices are configured (this is not the default) a local attacker can create a use-after- free and create a situation where it may be possible to escalate privileges on the system. (CVE-2022-2977)
A race condition was found in the Linux kernel’s IP framework for transforming packets (XFRM subsystem) when multiple calls to xfrm_probe_algs occurred simultaneously. This flaw could allow a local attacker to potentially trigger an out-of-bounds write or leak kernel heap memory by performing an out-of-bounds read and copying it into a socket. (CVE-2022-3028)
A flaw use after free in the Linux kernel video4linux driver was found in the way user triggers em28xx_usb_probe() for the Empia 28xx based TV cards. A local user could use this flaw to crash the system or potentially escalate their privileges on the system. (CVE-2022-3239)
A race condition flaw was found in the Linux kernel sound subsystem due to improper locking. It could lead to a NULL pointer dereference while handling the SNDCTL_DSP_SYNC ioctl. A privileged local user (root or member of the audio group) could use this flaw to crash the system, resulting in a denial of service condition (CVE-2022-3303)
An issue was discovered in the Linux kernel through 5.18.14. xfrm_expand_policies in net/xfrm/xfrm_policy.c can cause a refcount to be dropped twice. (CVE-2022-36879)
An issue was discovered in include/asm-generic/tlb.h in the Linux kernel before 5.19. Because of a race condition (unmap_mapping_range versus munmap), a device driver can free a page while it still has stale TLB entries. This only occurs in situations with VM_PFNMAP VMAs. (CVE-2022-39188)
An issue was discovered in net/netfilter/nf_tables_api.c in the Linux kernel before 5.19.6. A denial of service can occur upon binding to an already bound chain. (CVE-2022-39190)
In drivers/media/dvb-core/dmxdev.c in the Linux kernel through 5.19.10, there is a use-after-free caused by refcount races, affecting dvb_demux_open and dvb_dmxdev_release. (CVE-2022-41218)
mm/mremap.c in the Linux kernel before 5.13.3 has a use-after-free via a stale TLB because an rmap lock is not held during a PUD move. (CVE-2022-41222)
drivers/char/pcmcia/synclink_cs.c in the Linux kernel through 5.19.12 has a race condition and resultant use-after-free if a physically proximate attacker removes a PCMCIA device while calling ioctl, aka a race condition between mgslpc_ioctl and mgslpc_detach. (CVE-2022-41848)
drivers/video/fbdev/smscufx.c in the Linux kernel through 5.19.12 has a race condition and resultant use- after-free if a physically proximate attacker removes a USB device while calling open(), aka a race condition between ufx_ops_open and ufx_usb_disconnect. (CVE-2022-41849)
Note that Nessus has not tested for these issues but has instead relied only on the application’s self-reported version number.
#%NASL_MIN_LEVEL 80900
##
# (C) Tenable, Inc.
#
# The package checks in this plugin were extracted from
# SUSE update advisory SUSE-SU-2022:3609-1. The text itself
# is copyright (C) SUSE.
##
include('deprecated_nasl_level.inc');
include('compat.inc');
if (description)
{
script_id(166257);
script_version("1.9");
script_set_attribute(attribute:"plugin_modification_date", value:"2024/06/26");
script_cve_id(
"CVE-2016-3695",
"CVE-2020-16119",
"CVE-2020-27784",
"CVE-2020-36516",
"CVE-2021-4155",
"CVE-2021-4203",
"CVE-2022-2503",
"CVE-2022-2586",
"CVE-2022-2588",
"CVE-2022-2639",
"CVE-2022-2663",
"CVE-2022-2905",
"CVE-2022-2977",
"CVE-2022-3028",
"CVE-2022-3239",
"CVE-2022-3303",
"CVE-2022-20368",
"CVE-2022-20369",
"CVE-2022-26373",
"CVE-2022-36879",
"CVE-2022-39188",
"CVE-2022-39190",
"CVE-2022-41218",
"CVE-2022-41222",
"CVE-2022-41848",
"CVE-2022-41849"
);
script_xref(name:"SuSE", value:"SUSE-SU-2022:3609-1");
script_xref(name:"CISA-KNOWN-EXPLOITED", value:"2024/07/17");
script_name(english:"SUSE SLES15 Security Update : kernel (SUSE-SU-2022:3609-1)");
script_set_attribute(attribute:"synopsis", value:
"The remote SUSE host is missing one or more security updates.");
script_set_attribute(attribute:"description", value:
"The remote SUSE Linux SLES15 / SLES_SAP15 host has packages installed that are affected by multiple vulnerabilities as
referenced in the SUSE-SU-2022:3609-1 advisory.
- The einj_error_inject function in drivers/acpi/apei/einj.c in the Linux kernel allows local users to
simulate hardware errors and consequently cause a denial of service by leveraging failure to disable APEI
error injection through EINJ when securelevel is set. (CVE-2016-3695)
- Use-after-free vulnerability in the Linux kernel exploitable by a local attacker due to reuse of a DCCP
socket with an attached dccps_hc_tx_ccid object as a listener after being released. Fixed in Ubuntu Linux
kernel 5.4.0-51.56, 5.3.0-68.63, 4.15.0-121.123, 4.4.0-193.224, 3.13.0.182.191 and 3.2.0-149.196.
(CVE-2020-16119)
- A vulnerability was found in the Linux kernel, where accessing a deallocated instance in printer_ioctl()
printer_ioctl() tries to access of a printer_dev instance. However, use-after-free arises because it had
been freed by gprinter_free(). (CVE-2020-27784)
- An issue was discovered in the Linux kernel through 5.16.11. The mixed IPID assignment method with the
hash-based IPID assignment policy allows an off-path attacker to inject data into a victim's TCP session
or terminate that session. (CVE-2020-36516)
- A data leak flaw was found in the way XFS_IOC_ALLOCSP IOCTL in the XFS filesystem allowed for size
increase of files with unaligned size. A local attacker could use this flaw to leak data on the XFS
filesystem otherwise not accessible to them. (CVE-2021-4155)
- A use-after-free read flaw was found in sock_getsockopt() in net/core/sock.c due to SO_PEERCRED and
SO_PEERGROUPS race with listen() (and connect()) in the Linux kernel. In this flaw, an attacker with a
user privileges may crash the system or leak internal kernel information. (CVE-2021-4203)
- Product: AndroidVersions: Android kernelAndroid ID: A-224546354References: Upstream kernel
(CVE-2022-20368)
- In v4l2_m2m_querybuf of v4l2-mem2mem.c, there is a possible out of bounds write due to improper input
validation. This could lead to local escalation of privilege with System execution privileges needed. User
interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID:
A-223375145References: Upstream kernel (CVE-2022-20369)
- Dm-verity is used for extending root-of-trust to root filesystems. LoadPin builds on this property to
restrict module/firmware loads to just the trusted root filesystem. Device-mapper table reloads currently
allow users with root privileges to switch out the target with an equivalent dm-linear target and bypass
verification till reboot. This allows root to bypass LoadPin and can be used to load untrusted and
unverified kernel modules and firmware, which implies arbitrary kernel execution and persistence for
peripherals that do not verify firmware updates. We recommend upgrading past commit
4caae58406f8ceb741603eee460d79bacca9b1b5 (CVE-2022-2503)
- kernel: nf_tables cross-table potential use-after-free may lead to local privilege escalation
(CVE-2022-2586)
- kernel: a use-after-free in cls_route filter implementation may lead to privilege escalation
(CVE-2022-2588)
- Non-transparent sharing of return predictor targets between contexts in some Intel(R) Processors may allow
an authorized user to potentially enable information disclosure via local access. (CVE-2022-26373)
- An integer coercion error was found in the openvswitch kernel module. Given a sufficiently large number of
actions, while copying and reserving memory for a new action of a new flow, the reserve_sfa_size()
function does not return -EMSGSIZE as expected, potentially leading to an out-of-bounds write access. This
flaw allows a local user to crash or potentially escalate their privileges on the system. (CVE-2022-2639)
- An issue was found in the Linux kernel in nf_conntrack_irc where the message handling can be confused and
incorrectly matches the message. A firewall may be able to be bypassed when users are using unencrypted
IRC with nf_conntrack_irc configured. (CVE-2022-2663)
- An out-of-bounds memory read flaw was found in the Linux kernel's BPF subsystem in how a user calls the
bpf_tail_call function with a key larger than the max_entries of the map. This flaw allows a local user to
gain unauthorized access to data. (CVE-2022-2905)
- A flaw was found in the Linux kernel implementation of proxied virtualized TPM devices. On a system where
virtualized TPM devices are configured (this is not the default) a local attacker can create a use-after-
free and create a situation where it may be possible to escalate privileges on the system. (CVE-2022-2977)
- A race condition was found in the Linux kernel's IP framework for transforming packets (XFRM subsystem)
when multiple calls to xfrm_probe_algs occurred simultaneously. This flaw could allow a local attacker to
potentially trigger an out-of-bounds write or leak kernel heap memory by performing an out-of-bounds read
and copying it into a socket. (CVE-2022-3028)
- A flaw use after free in the Linux kernel video4linux driver was found in the way user triggers
em28xx_usb_probe() for the Empia 28xx based TV cards. A local user could use this flaw to crash the system
or potentially escalate their privileges on the system. (CVE-2022-3239)
- A race condition flaw was found in the Linux kernel sound subsystem due to improper locking. It could lead
to a NULL pointer dereference while handling the SNDCTL_DSP_SYNC ioctl. A privileged local user (root or
member of the audio group) could use this flaw to crash the system, resulting in a denial of service
condition (CVE-2022-3303)
- An issue was discovered in the Linux kernel through 5.18.14. xfrm_expand_policies in
net/xfrm/xfrm_policy.c can cause a refcount to be dropped twice. (CVE-2022-36879)
- An issue was discovered in include/asm-generic/tlb.h in the Linux kernel before 5.19. Because of a race
condition (unmap_mapping_range versus munmap), a device driver can free a page while it still has stale
TLB entries. This only occurs in situations with VM_PFNMAP VMAs. (CVE-2022-39188)
- An issue was discovered in net/netfilter/nf_tables_api.c in the Linux kernel before 5.19.6. A denial of
service can occur upon binding to an already bound chain. (CVE-2022-39190)
- In drivers/media/dvb-core/dmxdev.c in the Linux kernel through 5.19.10, there is a use-after-free caused
by refcount races, affecting dvb_demux_open and dvb_dmxdev_release. (CVE-2022-41218)
- mm/mremap.c in the Linux kernel before 5.13.3 has a use-after-free via a stale TLB because an rmap lock is
not held during a PUD move. (CVE-2022-41222)
- drivers/char/pcmcia/synclink_cs.c in the Linux kernel through 5.19.12 has a race condition and resultant
use-after-free if a physically proximate attacker removes a PCMCIA device while calling ioctl, aka a race
condition between mgslpc_ioctl and mgslpc_detach. (CVE-2022-41848)
- drivers/video/fbdev/smscufx.c in the Linux kernel through 5.19.12 has a race condition and resultant use-
after-free if a physically proximate attacker removes a USB device while calling open(), aka a race
condition between ufx_ops_open and ufx_usb_disconnect. (CVE-2022-41849)
Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version
number.");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/1023051");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/1065729");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/1156395");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/1177471");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/1179722");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/1179723");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/1181862");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/1185032");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/1191662");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/1191667");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/1191881");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/1192594");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/1194023");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/1194272");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/1194535");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/1196444");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/1196616");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/1196867");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/1197158");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/1197659");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/1197755");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/1197756");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/1197757");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/1197760");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/1197763");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/1197920");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/1198971");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/1199255");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/1199291");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/1200084");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/1200313");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/1200431");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/1200622");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/1200845");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/1200868");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/1200869");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/1200870");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/1200871");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/1200872");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/1200873");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/1201019");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/1201309");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/1201310");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/1201420");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/1201442");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/1201489");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/1201610");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/1201645");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/1201705");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/1201726");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/1201865");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/1201948");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/1201990");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/1202095");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/1202096");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/1202097");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/1202154");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/1202341");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/1202346");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/1202347");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/1202385");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/1202393");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/1202396");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/1202447");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/1202577");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/1202636");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/1202672");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/1202677");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/1202701");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/1202708");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/1202709");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/1202710");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/1202711");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/1202712");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/1202713");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/1202714");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/1202715");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/1202716");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/1202717");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/1202718");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/1202720");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/1202722");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/1202745");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/1202756");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/1202810");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/1202811");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/1202860");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/1202895");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/1202898");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/1202960");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/1202984");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/1203063");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/1203098");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/1203107");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/1203116");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/1203117");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/1203135");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/1203136");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/1203137");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/1203159");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/1203313");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/1203389");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/1203410");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/1203424");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/1203552");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/1203622");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/1203737");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/1203769");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/1203906");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/1203909");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/1203933");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/1203935");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/1203939");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/1203987");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/1203992");
script_set_attribute(attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2016-3695");
script_set_attribute(attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2020-16119");
script_set_attribute(attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2020-27784");
script_set_attribute(attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2020-36516");
script_set_attribute(attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2021-4155");
script_set_attribute(attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2021-4203");
script_set_attribute(attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2022-20368");
script_set_attribute(attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2022-20369");
script_set_attribute(attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2022-2503");
script_set_attribute(attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2022-2586");
script_set_attribute(attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2022-2588");
script_set_attribute(attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2022-26373");
script_set_attribute(attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2022-2639");
script_set_attribute(attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2022-2663");
script_set_attribute(attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2022-2905");
script_set_attribute(attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2022-2977");
script_set_attribute(attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2022-3028");
script_set_attribute(attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2022-3239");
script_set_attribute(attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2022-3303");
script_set_attribute(attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2022-36879");
script_set_attribute(attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2022-39188");
script_set_attribute(attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2022-39190");
script_set_attribute(attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2022-41218");
script_set_attribute(attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2022-41222");
script_set_attribute(attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2022-41848");
script_set_attribute(attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2022-41849");
# https://lists.suse.com/pipermail/sle-security-updates/2022-October/012557.html
script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?868a3805");
script_set_attribute(attribute:"solution", value:
"Update the affected packages.");
script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:S/C:P/I:N/A:P");
script_set_cvss_temporal_vector("CVSS2#E:H/RL:OF/RC:C");
script_set_cvss3_base_vector("CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H");
script_set_cvss3_temporal_vector("CVSS:3.0/E:H/RL:O/RC:C");
script_set_attribute(attribute:"cvss_score_source", value:"CVE-2021-4203");
script_set_attribute(attribute:"cvss3_score_source", value:"CVE-2022-3239");
script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
script_set_attribute(attribute:"exploit_available", value:"true");
script_set_attribute(attribute:"exploit_framework_core", value:"true");
script_set_attribute(attribute:"exploited_by_malware", value:"true");
script_set_attribute(attribute:"vuln_publication_date", value:"2017/12/29");
script_set_attribute(attribute:"patch_publication_date", value:"2022/10/18");
script_set_attribute(attribute:"plugin_publication_date", value:"2022/10/19");
script_set_attribute(attribute:"plugin_type", value:"local");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:kernel-azure");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:kernel-azure-devel");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:kernel-devel-azure");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:kernel-source-azure");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:kernel-syms-azure");
script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:suse_linux:15");
script_set_attribute(attribute:"generated_plugin", value:"current");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_family(english:"SuSE Local Security Checks");
script_copyright(english:"This script is Copyright (C) 2022-2024 and is owned by Tenable, Inc. or an Affiliate thereof.");
script_dependencies("ssh_get_info.nasl");
script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/SuSE/release", "Host/SuSE/rpm-list");
exit(0);
}
include('rpm.inc');
if (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
var os_release = get_kb_item("Host/SuSE/release");
if (isnull(os_release) || os_release !~ "^(SLED|SLES)") audit(AUDIT_OS_NOT, "SUSE");
var os_ver = pregmatch(pattern: "^(SLE(S|D)(?:_SAP)?\d+)", string:os_release);
if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'SUSE');
os_ver = os_ver[1];
if (! preg(pattern:"^(SLES15|SLES_SAP15)$", string:os_ver)) audit(AUDIT_OS_NOT, 'SUSE SLES15 / SLES_SAP15', 'SUSE (' + os_ver + ')');
if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
var cpu = get_kb_item('Host/cpu');
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if ('x86_64' >!< cpu && cpu !~ "^i[3-6]86$" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'SUSE (' + os_ver + ')', cpu);
var service_pack = get_kb_item("Host/SuSE/patchlevel");
if (isnull(service_pack)) service_pack = "0";
if (os_ver == "SLES15" && (! preg(pattern:"^(3)$", string:service_pack))) audit(AUDIT_OS_NOT, "SLES15 SP3", os_ver + " SP" + service_pack);
if (os_ver == "SLES_SAP15" && (! preg(pattern:"^(3)$", string:service_pack))) audit(AUDIT_OS_NOT, "SLES_SAP15 SP3", os_ver + " SP" + service_pack);
var pkgs = [
{'reference':'kernel-azure-5.3.18-150300.38.80.1', 'sp':'3', 'cpu':'x86_64', 'release':'SLES_SAP15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.3']},
{'reference':'kernel-azure-devel-5.3.18-150300.38.80.1', 'sp':'3', 'cpu':'x86_64', 'release':'SLES_SAP15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.3']},
{'reference':'kernel-devel-azure-5.3.18-150300.38.80.1', 'sp':'3', 'release':'SLES_SAP15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.3']},
{'reference':'kernel-source-azure-5.3.18-150300.38.80.1', 'sp':'3', 'release':'SLES_SAP15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.3']},
{'reference':'kernel-syms-azure-5.3.18-150300.38.80.1', 'sp':'3', 'cpu':'x86_64', 'release':'SLES_SAP15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.3']},
{'reference':'kernel-azure-5.3.18-150300.38.80.1', 'sp':'3', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-release-15.3', 'sle-module-public-cloud-release-15.3', 'sles-release-15.3']},
{'reference':'kernel-azure-devel-5.3.18-150300.38.80.1', 'sp':'3', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-release-15.3', 'sle-module-public-cloud-release-15.3', 'sles-release-15.3']},
{'reference':'kernel-devel-azure-5.3.18-150300.38.80.1', 'sp':'3', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-release-15.3', 'sle-module-public-cloud-release-15.3', 'sles-release-15.3']},
{'reference':'kernel-source-azure-5.3.18-150300.38.80.1', 'sp':'3', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-release-15.3', 'sle-module-public-cloud-release-15.3', 'sles-release-15.3']},
{'reference':'kernel-syms-azure-5.3.18-150300.38.80.1', 'sp':'3', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-release-15.3', 'sle-module-public-cloud-release-15.3', 'sles-release-15.3']}
];
var ltss_caveat_required = FALSE;
var flag = 0;
foreach var package_array ( pkgs ) {
var reference = NULL;
var _release = NULL;
var sp = NULL;
var _cpu = NULL;
var exists_check = NULL;
var rpm_spec_vers_cmp = NULL;
if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];
if (!empty_or_null(package_array['release'])) _release = package_array['release'];
if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];
if (!empty_or_null(package_array['cpu'])) _cpu = package_array['cpu'];
if (!empty_or_null(package_array['exists_check'])) exists_check = package_array['exists_check'];
if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];
if (reference && _release) {
if (exists_check) {
var check_flag = 0;
foreach var check (exists_check) {
if (!rpm_exists(release:_release, rpm:check)) continue;
check_flag++;
}
if (!check_flag) continue;
}
if (rpm_check(release:_release, sp:sp, cpu:_cpu, reference:reference, rpm_spec_vers_cmp:rpm_spec_vers_cmp)) flag++;
}
}
if (flag)
{
security_report_v4(
port : 0,
severity : SECURITY_WARNING,
extra : rpm_report_get()
);
exit(0);
}
else
{
var tested = pkg_tests_get();
if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'kernel-azure / kernel-azure-devel / kernel-devel-azure / etc');
}
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3695
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-16119
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-27784
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-36516
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-4155
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-4203
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-20368
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-20369
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2503
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2586
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2588
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-26373
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2639
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2663
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2905
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2977
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3028
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3239
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3303
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-36879
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-39188
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-39190
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41218
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41222
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41848
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41849
www.nessus.org/u?868a3805
bugzilla.suse.com/1023051
bugzilla.suse.com/1065729
bugzilla.suse.com/1156395
bugzilla.suse.com/1177471
bugzilla.suse.com/1179722
bugzilla.suse.com/1179723
bugzilla.suse.com/1181862
bugzilla.suse.com/1185032
bugzilla.suse.com/1191662
bugzilla.suse.com/1191667
bugzilla.suse.com/1191881
bugzilla.suse.com/1192594
bugzilla.suse.com/1194023
bugzilla.suse.com/1194272
bugzilla.suse.com/1194535
bugzilla.suse.com/1196444
bugzilla.suse.com/1196616
bugzilla.suse.com/1196867
bugzilla.suse.com/1197158
bugzilla.suse.com/1197659
bugzilla.suse.com/1197755
bugzilla.suse.com/1197756
bugzilla.suse.com/1197757
bugzilla.suse.com/1197760
bugzilla.suse.com/1197763
bugzilla.suse.com/1197920
bugzilla.suse.com/1198971
bugzilla.suse.com/1199255
bugzilla.suse.com/1199291
bugzilla.suse.com/1200084
bugzilla.suse.com/1200313
bugzilla.suse.com/1200431
bugzilla.suse.com/1200622
bugzilla.suse.com/1200845
bugzilla.suse.com/1200868
bugzilla.suse.com/1200869
bugzilla.suse.com/1200870
bugzilla.suse.com/1200871
bugzilla.suse.com/1200872
bugzilla.suse.com/1200873
bugzilla.suse.com/1201019
bugzilla.suse.com/1201309
bugzilla.suse.com/1201310
bugzilla.suse.com/1201420
bugzilla.suse.com/1201442
bugzilla.suse.com/1201489
bugzilla.suse.com/1201610
bugzilla.suse.com/1201645
bugzilla.suse.com/1201705
bugzilla.suse.com/1201726
bugzilla.suse.com/1201865
bugzilla.suse.com/1201948
bugzilla.suse.com/1201990
bugzilla.suse.com/1202095
bugzilla.suse.com/1202096
bugzilla.suse.com/1202097
bugzilla.suse.com/1202154
bugzilla.suse.com/1202341
bugzilla.suse.com/1202346
bugzilla.suse.com/1202347
bugzilla.suse.com/1202385
bugzilla.suse.com/1202393
bugzilla.suse.com/1202396
bugzilla.suse.com/1202447
bugzilla.suse.com/1202577
bugzilla.suse.com/1202636
bugzilla.suse.com/1202672
bugzilla.suse.com/1202677
bugzilla.suse.com/1202701
bugzilla.suse.com/1202708
bugzilla.suse.com/1202709
bugzilla.suse.com/1202710
bugzilla.suse.com/1202711
bugzilla.suse.com/1202712
bugzilla.suse.com/1202713
bugzilla.suse.com/1202714
bugzilla.suse.com/1202715
bugzilla.suse.com/1202716
bugzilla.suse.com/1202717
bugzilla.suse.com/1202718
bugzilla.suse.com/1202720
bugzilla.suse.com/1202722
bugzilla.suse.com/1202745
bugzilla.suse.com/1202756
bugzilla.suse.com/1202810
bugzilla.suse.com/1202811
bugzilla.suse.com/1202860
bugzilla.suse.com/1202895
bugzilla.suse.com/1202898
bugzilla.suse.com/1202960
bugzilla.suse.com/1202984
bugzilla.suse.com/1203063
bugzilla.suse.com/1203098
bugzilla.suse.com/1203107
bugzilla.suse.com/1203116
bugzilla.suse.com/1203117
bugzilla.suse.com/1203135
bugzilla.suse.com/1203136
bugzilla.suse.com/1203137
bugzilla.suse.com/1203159
bugzilla.suse.com/1203313
bugzilla.suse.com/1203389
bugzilla.suse.com/1203410
bugzilla.suse.com/1203424
bugzilla.suse.com/1203552
bugzilla.suse.com/1203622
bugzilla.suse.com/1203737
bugzilla.suse.com/1203769
bugzilla.suse.com/1203906
bugzilla.suse.com/1203909
bugzilla.suse.com/1203933
bugzilla.suse.com/1203935
bugzilla.suse.com/1203939
bugzilla.suse.com/1203987
bugzilla.suse.com/1203992
www.suse.com/security/cve/CVE-2016-3695
www.suse.com/security/cve/CVE-2020-16119
www.suse.com/security/cve/CVE-2020-27784
www.suse.com/security/cve/CVE-2020-36516
www.suse.com/security/cve/CVE-2021-4155
www.suse.com/security/cve/CVE-2021-4203
www.suse.com/security/cve/CVE-2022-20368
www.suse.com/security/cve/CVE-2022-20369
www.suse.com/security/cve/CVE-2022-2503
www.suse.com/security/cve/CVE-2022-2586
www.suse.com/security/cve/CVE-2022-2588
www.suse.com/security/cve/CVE-2022-26373
www.suse.com/security/cve/CVE-2022-2639
www.suse.com/security/cve/CVE-2022-2663
www.suse.com/security/cve/CVE-2022-2905
www.suse.com/security/cve/CVE-2022-2977
www.suse.com/security/cve/CVE-2022-3028
www.suse.com/security/cve/CVE-2022-3239
www.suse.com/security/cve/CVE-2022-3303
www.suse.com/security/cve/CVE-2022-36879
www.suse.com/security/cve/CVE-2022-39188
www.suse.com/security/cve/CVE-2022-39190
www.suse.com/security/cve/CVE-2022-41218
www.suse.com/security/cve/CVE-2022-41222
www.suse.com/security/cve/CVE-2022-41848
www.suse.com/security/cve/CVE-2022-41849
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
SINGLE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:M/Au:S/C:P/I:N/A:P
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
EPSS
Percentile
84.6%