CVSS3
Attack Vector
ADJACENT
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS
Percentile
83.6%
The remote SUSE Linux SLES15 / SLES_SAP15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2022:3628-1 advisory.
An issue was discovered the x86 KVM subsystem in the Linux kernel before 5.18.17. Unprivileged guest users can compromise the guest kernel because TLB flush operations are mishandled in certain KVM_VCPU_PREEMPTED situations. (CVE-2022-39189)
An issue was discovered in the Linux kernel before 5.19.16. Attackers able to inject WLAN frames could cause a buffer overflow in the ieee80211_bss_info_update function in net/mac80211/scan.c. (CVE-2022-41674)
A use-after-free in the mac80211 stack when parsing a multi-BSSID element in the Linux kernel 5.2 through 5.19.x before 5.19.16 could be used by attackers (able to inject WLAN frames) to crash the kernel and potentially execute code. (CVE-2022-42719)
Various refcounting bugs in the multi-BSS handling in the mac80211 stack in the Linux kernel 5.1 through 5.19.x before 5.19.16 could be used by local attackers (able to inject WLAN frames) to trigger use-after- free conditions to potentially execute code. (CVE-2022-42720)
A list management bug in BSS handling in the mac80211 stack in the Linux kernel 5.1 through 5.19.x before 5.19.16 could be used by local attackers (able to inject WLAN frames) to corrupt a linked list and, in turn, potentially execute code. (CVE-2022-42721)
Note that Nessus has not tested for these issues but has instead relied only on the application’s self-reported version number.
#%NASL_MIN_LEVEL 80900
##
# (C) Tenable, Inc.
#
# The package checks in this plugin were extracted from
# SUSE update advisory SUSE-SU-2022:3628-1. The text itself
# is copyright (C) SUSE.
##
include('deprecated_nasl_level.inc');
include('compat.inc');
if (description)
{
script_id(166254);
script_version("1.6");
script_set_attribute(attribute:"plugin_modification_date", value:"2023/07/13");
script_cve_id(
"CVE-2022-39189",
"CVE-2022-41674",
"CVE-2022-42719",
"CVE-2022-42720",
"CVE-2022-42721"
);
script_xref(name:"SuSE", value:"SUSE-SU-2022:3628-1");
script_name(english:"SUSE SLES15 Security Update : kernel (Live Patch 0 for SLE 15 SP4) (SUSE-SU-2022:3628-1)");
script_set_attribute(attribute:"synopsis", value:
"The remote SUSE host is missing one or more security updates.");
script_set_attribute(attribute:"description", value:
"The remote SUSE Linux SLES15 / SLES_SAP15 host has packages installed that are affected by multiple vulnerabilities as
referenced in the SUSE-SU-2022:3628-1 advisory.
- An issue was discovered the x86 KVM subsystem in the Linux kernel before 5.18.17. Unprivileged guest users
can compromise the guest kernel because TLB flush operations are mishandled in certain KVM_VCPU_PREEMPTED
situations. (CVE-2022-39189)
- An issue was discovered in the Linux kernel before 5.19.16. Attackers able to inject WLAN frames could
cause a buffer overflow in the ieee80211_bss_info_update function in net/mac80211/scan.c. (CVE-2022-41674)
- A use-after-free in the mac80211 stack when parsing a multi-BSSID element in the Linux kernel 5.2 through
5.19.x before 5.19.16 could be used by attackers (able to inject WLAN frames) to crash the kernel and
potentially execute code. (CVE-2022-42719)
- Various refcounting bugs in the multi-BSS handling in the mac80211 stack in the Linux kernel 5.1 through
5.19.x before 5.19.16 could be used by local attackers (able to inject WLAN frames) to trigger use-after-
free conditions to potentially execute code. (CVE-2022-42720)
- A list management bug in BSS handling in the mac80211 stack in the Linux kernel 5.1 through 5.19.x before
5.19.16 could be used by local attackers (able to inject WLAN frames) to corrupt a linked list and, in
turn, potentially execute code. (CVE-2022-42721)
Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version
number.");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/1203067");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/1203994");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/1204290");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/1204291");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/1204292");
script_set_attribute(attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2022-39189");
script_set_attribute(attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2022-41674");
script_set_attribute(attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2022-42719");
script_set_attribute(attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2022-42720");
script_set_attribute(attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2022-42721");
# https://lists.suse.com/pipermail/sle-security-updates/2022-October/012566.html
script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?ca3a20e0");
script_set_attribute(attribute:"solution", value:
"Update the affected kernel-livepatch-5_14_21-150400_22-default and / or kernel-livepatch-5_14_21-150400_24_11-default
packages.");
script_set_cvss_base_vector("CVSS2#AV:A/AC:L/Au:N/C:C/I:C/A:C");
script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C");
script_set_cvss3_base_vector("CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H");
script_set_cvss3_temporal_vector("CVSS:3.0/E:P/RL:O/RC:C");
script_set_attribute(attribute:"cvss_score_source", value:"CVE-2022-42719");
script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
script_set_attribute(attribute:"exploit_available", value:"true");
script_set_attribute(attribute:"vuln_publication_date", value:"2022/09/02");
script_set_attribute(attribute:"patch_publication_date", value:"2022/10/18");
script_set_attribute(attribute:"plugin_publication_date", value:"2022/10/19");
script_set_attribute(attribute:"plugin_type", value:"local");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:kernel-livepatch-5_14_21-150400_22-default");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:kernel-livepatch-5_14_21-150400_24_11-default");
script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:suse_linux:15");
script_set_attribute(attribute:"generated_plugin", value:"current");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_family(english:"SuSE Local Security Checks");
script_copyright(english:"This script is Copyright (C) 2022-2023 and is owned by Tenable, Inc. or an Affiliate thereof.");
script_dependencies("ssh_get_info.nasl");
script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/SuSE/release", "Host/SuSE/rpm-list");
exit(0);
}
include('rpm.inc');
if (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
var os_release = get_kb_item("Host/SuSE/release");
if (isnull(os_release) || os_release !~ "^(SLED|SLES)") audit(AUDIT_OS_NOT, "SUSE");
var os_ver = pregmatch(pattern: "^(SLE(S|D)(?:_SAP)?\d+)", string:os_release);
if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'SUSE');
os_ver = os_ver[1];
if (! preg(pattern:"^(SLES15|SLES_SAP15)$", string:os_ver)) audit(AUDIT_OS_NOT, 'SUSE SLES15 / SLES_SAP15', 'SUSE (' + os_ver + ')');
if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
var cpu = get_kb_item('Host/cpu');
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if ('x86_64' >!< cpu && cpu !~ "^i[3-6]86$" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'SUSE (' + os_ver + ')', cpu);
var service_pack = get_kb_item("Host/SuSE/patchlevel");
if (isnull(service_pack)) service_pack = "0";
if (os_ver == "SLES15" && (! preg(pattern:"^(4)$", string:service_pack))) audit(AUDIT_OS_NOT, "SLES15 SP4", os_ver + " SP" + service_pack);
if (os_ver == "SLES_SAP15" && (! preg(pattern:"^(4)$", string:service_pack))) audit(AUDIT_OS_NOT, "SLES_SAP15 SP4", os_ver + " SP" + service_pack);
var pkgs = [
{'reference':'kernel-livepatch-5_14_21-150400_22-default-7-150400.4.18.3', 'sp':'4', 'release':'SLES_SAP15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.4']},
{'reference':'kernel-livepatch-5_14_21-150400_24_11-default-4-150400.2.1', 'sp':'4', 'release':'SLES_SAP15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.4']},
{'reference':'kernel-livepatch-5_14_21-150400_22-default-7-150400.4.18.3', 'sp':'4', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-release-15.4', 'sle-module-live-patching-release-15.4', 'sles-release-15.4']},
{'reference':'kernel-livepatch-5_14_21-150400_24_11-default-4-150400.2.1', 'sp':'4', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-release-15.4', 'sle-module-live-patching-release-15.4', 'sles-release-15.4']}
];
var ltss_caveat_required = FALSE;
var flag = 0;
foreach var package_array ( pkgs ) {
var reference = NULL;
var _release = NULL;
var sp = NULL;
var _cpu = NULL;
var exists_check = NULL;
var rpm_spec_vers_cmp = NULL;
if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];
if (!empty_or_null(package_array['release'])) _release = package_array['release'];
if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];
if (!empty_or_null(package_array['cpu'])) _cpu = package_array['cpu'];
if (!empty_or_null(package_array['exists_check'])) exists_check = package_array['exists_check'];
if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];
if (reference && _release) {
if (exists_check) {
var check_flag = 0;
foreach var check (exists_check) {
if (!rpm_exists(release:_release, rpm:check)) continue;
check_flag++;
}
if (!check_flag) continue;
}
if (rpm_check(release:_release, sp:sp, cpu:_cpu, reference:reference, rpm_spec_vers_cmp:rpm_spec_vers_cmp)) flag++;
}
}
if (flag)
{
security_report_v4(
port : 0,
severity : SECURITY_HOLE,
extra : rpm_report_get()
);
exit(0);
}
else
{
var tested = pkg_tests_get();
if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'kernel-livepatch-5_14_21-150400_22-default / etc');
}
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-39189
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41674
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-42719
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-42720
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-42721
www.nessus.org/u?ca3a20e0
bugzilla.suse.com/1203067
bugzilla.suse.com/1203994
bugzilla.suse.com/1204290
bugzilla.suse.com/1204291
bugzilla.suse.com/1204292
www.suse.com/security/cve/CVE-2022-39189
www.suse.com/security/cve/CVE-2022-41674
www.suse.com/security/cve/CVE-2022-42719
www.suse.com/security/cve/CVE-2022-42720
www.suse.com/security/cve/CVE-2022-42721