This script is Copyright (C) 2023 and is owned by Tenable, Inc. or an Affiliate thereof.SUSE_SU-2023-2146-1.NASLSUSE SLES15 Security Update : kernel (SUSE-SU-2023:2146-1)
The remote SUSE Linux SLES15 / SLES_SAP15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2023:2146-1 advisory.
-
An issue was discovered in the Linux kernel before 5.8. lib/nlattr.c allows attackers to cause a denial of service (unbounded recursion) via a nested Netlink policy with a back reference. (CVE-2020-36691)
-
A regression exists in the Linux Kernel within KVM: nVMX that allowed for speculative execution attacks.
L2 can carry out Spectre v2 attacks on L1 due to L1 thinking it doesn’t need retpolines or IBPB after running L2 due to KVM (L0) advertising eIBRS support to L1. An attacker at L2 with code execution can execute code on an indirect branch on the host machine. We recommend upgrading to Kernel 6.2 or past commit 2e7eab81425a (CVE-2022-2196) -
The Linux kernel NFSD implementation prior to versions 5.19.17 and 6.0.2 are vulnerable to buffer overflow. NFSD tracks the number of pages held by each NFSD thread by combining the receive and send buffers of a remote procedure call (RPC) into a single array of pages. A client can force the send buffer to shrink by sending an RPC message over TCP with garbage data added at the end of the message. The RPC message with garbage data is still correctly formed according to the specification and is passed forward to handlers. Vulnerable code in NFSD is not expecting the oversized request and writes beyond the allocated buffer space. CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H (CVE-2022-43945)
-
A use-after-free flaw was found in btrfs_search_slot in fs/btrfs/ctree.c in btrfs in the Linux Kernel.This flaw allows an attacker to crash the system and possibly cause a kernel information lea (CVE-2023-1611)
-
A flaw use after free in the Linux kernel Xircom 16-bit PCMCIA (PC-card) Ethernet driver was found.A local user could use this flaw to crash the system or potentially escalate their privileges on the system.
(CVE-2023-1670) -
A use-after-free flaw was found in vhost_net_set_backend in drivers/vhost/net.c in virtio network subcomponent in the Linux kernel due to a double fget. This flaw could allow a local attacker to crash the system, and could even lead to a kernel information leak problem. (CVE-2023-1838)
-
A use-after-free flaw was found in xgene_hwmon_remove in drivers/hwmon/xgene-hwmon.c in the Hardware Monitoring Linux Kernel Driver (xgene-hwmon). This flaw could allow a local attacker to crash the system due to a race problem. This vulnerability could even lead to a kernel information leak problem.
(CVE-2023-1855) -
A use-after-free vulnerability in the Linux Kernel io_uring system can be exploited to achieve local privilege escalation. The io_file_get_fixed function lacks the presence of ctx->uring_lock which can lead to a Use-After-Free vulnerability due a race condition with fixed files getting unregistered. We recommend upgrading past commit da24142b1ef9fd5d36b76e36bab328a5b27523e8. (CVE-2023-1872)
-
A use-after-free flaw was found in btsdio_remove in drivers\bluetooth\btsdio.c in the Linux Kernel. In this flaw, a call to btsdio_remove with an unfinished job, may cause a race problem leading to a UAF on hdev devices. (CVE-2023-1989)
-
A use-after-free flaw was found in ndlc_remove in drivers/nfc/st-nci/ndlc.c in the Linux Kernel. This flaw could allow an attacker to crash the system due to a race problem. (CVE-2023-1990)
-
The Linux kernel allows userspace processes to enable mitigations by calling prctl with PR_SET_SPECULATION_CTRL which disables the speculation feature as well as by using seccomp. We had noticed that on VMs of at least one major cloud provider, the kernel still left the victim process exposed to attacks in some cases even after enabling the spectre-BTI mitigation with prctl. The same behavior can be observed on a bare-metal machine when forcing the mitigation to IBRS on boot command line. This happened because when plain IBRS was enabled (not enhanced IBRS), the kernel had some logic that determined that STIBP was not needed. The IBRS bit implicitly protects against cross-thread branch target injection.
However, with legacy IBRS, the IBRS bit was cleared on returning to userspace, due to performance reasons, which disabled the implicit STIBP and left userspace threads vulnerable to cross-thread branch target injection against which STIBP protects. (CVE-2023-1998) -
A flaw was found in the Linux kernel’s udmabuf device driver. The specific flaw exists within a fault handler. The issue results from the lack of proper validation of user-supplied data, which can result in a memory access past the end of an array. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of the kernel. (CVE-2023-2008)
-
A use-after-free vulnerability was found in iscsi_sw_tcp_session_create in drivers/scsi/iscsi_tcp.c in SCSI sub-component in the Linux Kernel. In this flaw an attacker could leak kernel internal information.
(CVE-2023-2162) -
A vulnerability was found in compare_netdev_and_ip in drivers/infiniband/core/cma.c in RDMA in the Linux Kernel. The improper cleanup results in out-of-boundary read, where a local user can utilize this problem to crash the system or escalation of privilege. (CVE-2023-2176)
-
The Linux kernel before 6.2.9 has a race condition and resultant use-after-free in drivers/power/supply/da9150-charger.c if a physically proximate attacker unplugs a device.
(CVE-2023-30772)
Note that Nessus has not tested for these issues but has instead relied only on the application’s self-reported version number.
#%NASL_MIN_LEVEL 80900
##
# (C) Tenable, Inc.
#
# The package checks in this plugin were extracted from
# SUSE update advisory SUSE-SU-2023:2146-1. The text itself
# is copyright (C) SUSE.
##
include('deprecated_nasl_level.inc');
include('compat.inc');
if (description)
{
script_id(175549);
script_version("1.2");
script_set_attribute(attribute:"plugin_modification_date", value:"2023/07/14");
script_cve_id(
"CVE-2020-36691",
"CVE-2022-2196",
"CVE-2022-43945",
"CVE-2023-1611",
"CVE-2023-1670",
"CVE-2023-1838",
"CVE-2023-1855",
"CVE-2023-1872",
"CVE-2023-1989",
"CVE-2023-1990",
"CVE-2023-1998",
"CVE-2023-2008",
"CVE-2023-2162",
"CVE-2023-2176",
"CVE-2023-30772"
);
script_xref(name:"SuSE", value:"SUSE-SU-2023:2146-1");
script_name(english:"SUSE SLES15 Security Update : kernel (SUSE-SU-2023:2146-1)");
script_set_attribute(attribute:"synopsis", value:
"The remote SUSE host is missing one or more security updates.");
script_set_attribute(attribute:"description", value:
"The remote SUSE Linux SLES15 / SLES_SAP15 host has packages installed that are affected by multiple vulnerabilities as
referenced in the SUSE-SU-2023:2146-1 advisory.
- An issue was discovered in the Linux kernel before 5.8. lib/nlattr.c allows attackers to cause a denial of
service (unbounded recursion) via a nested Netlink policy with a back reference. (CVE-2020-36691)
- A regression exists in the Linux Kernel within KVM: nVMX that allowed for speculative execution attacks.
L2 can carry out Spectre v2 attacks on L1 due to L1 thinking it doesn't need retpolines or IBPB after
running L2 due to KVM (L0) advertising eIBRS support to L1. An attacker at L2 with code execution can
execute code on an indirect branch on the host machine. We recommend upgrading to Kernel 6.2 or past
commit 2e7eab81425a (CVE-2022-2196)
- The Linux kernel NFSD implementation prior to versions 5.19.17 and 6.0.2 are vulnerable to buffer
overflow. NFSD tracks the number of pages held by each NFSD thread by combining the receive and send
buffers of a remote procedure call (RPC) into a single array of pages. A client can force the send buffer
to shrink by sending an RPC message over TCP with garbage data added at the end of the message. The RPC
message with garbage data is still correctly formed according to the specification and is passed forward
to handlers. Vulnerable code in NFSD is not expecting the oversized request and writes beyond the
allocated buffer space. CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H (CVE-2022-43945)
- A use-after-free flaw was found in btrfs_search_slot in fs/btrfs/ctree.c in btrfs in the Linux Kernel.This
flaw allows an attacker to crash the system and possibly cause a kernel information lea (CVE-2023-1611)
- A flaw use after free in the Linux kernel Xircom 16-bit PCMCIA (PC-card) Ethernet driver was found.A local
user could use this flaw to crash the system or potentially escalate their privileges on the system.
(CVE-2023-1670)
- A use-after-free flaw was found in vhost_net_set_backend in drivers/vhost/net.c in virtio network
subcomponent in the Linux kernel due to a double fget. This flaw could allow a local attacker to crash the
system, and could even lead to a kernel information leak problem. (CVE-2023-1838)
- A use-after-free flaw was found in xgene_hwmon_remove in drivers/hwmon/xgene-hwmon.c in the Hardware
Monitoring Linux Kernel Driver (xgene-hwmon). This flaw could allow a local attacker to crash the system
due to a race problem. This vulnerability could even lead to a kernel information leak problem.
(CVE-2023-1855)
- A use-after-free vulnerability in the Linux Kernel io_uring system can be exploited to achieve local
privilege escalation. The io_file_get_fixed function lacks the presence of ctx->uring_lock which can lead
to a Use-After-Free vulnerability due a race condition with fixed files getting unregistered. We recommend
upgrading past commit da24142b1ef9fd5d36b76e36bab328a5b27523e8. (CVE-2023-1872)
- A use-after-free flaw was found in btsdio_remove in drivers\bluetooth\btsdio.c in the Linux Kernel. In
this flaw, a call to btsdio_remove with an unfinished job, may cause a race problem leading to a UAF on
hdev devices. (CVE-2023-1989)
- A use-after-free flaw was found in ndlc_remove in drivers/nfc/st-nci/ndlc.c in the Linux Kernel. This flaw
could allow an attacker to crash the system due to a race problem. (CVE-2023-1990)
- The Linux kernel allows userspace processes to enable mitigations by calling prctl with
PR_SET_SPECULATION_CTRL which disables the speculation feature as well as by using seccomp. We had noticed
that on VMs of at least one major cloud provider, the kernel still left the victim process exposed to
attacks in some cases even after enabling the spectre-BTI mitigation with prctl. The same behavior can be
observed on a bare-metal machine when forcing the mitigation to IBRS on boot command line. This happened
because when plain IBRS was enabled (not enhanced IBRS), the kernel had some logic that determined that
STIBP was not needed. The IBRS bit implicitly protects against cross-thread branch target injection.
However, with legacy IBRS, the IBRS bit was cleared on returning to userspace, due to performance reasons,
which disabled the implicit STIBP and left userspace threads vulnerable to cross-thread branch target
injection against which STIBP protects. (CVE-2023-1998)
- A flaw was found in the Linux kernel's udmabuf device driver. The specific flaw exists within a fault
handler. The issue results from the lack of proper validation of user-supplied data, which can result in a
memory access past the end of an array. An attacker can leverage this vulnerability to escalate privileges
and execute arbitrary code in the context of the kernel. (CVE-2023-2008)
- A use-after-free vulnerability was found in iscsi_sw_tcp_session_create in drivers/scsi/iscsi_tcp.c in
SCSI sub-component in the Linux Kernel. In this flaw an attacker could leak kernel internal information.
(CVE-2023-2162)
- A vulnerability was found in compare_netdev_and_ip in drivers/infiniband/core/cma.c in RDMA in the Linux
Kernel. The improper cleanup results in out-of-boundary read, where a local user can utilize this problem
to crash the system or escalation of privilege. (CVE-2023-2176)
- The Linux kernel before 6.2.9 has a race condition and resultant use-after-free in
drivers/power/supply/da9150-charger.c if a physically proximate attacker unplugs a device.
(CVE-2023-30772)
Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version
number.");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/1202353");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/1205128");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/1206992");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/1209613");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/1209687");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/1209777");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/1209871");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/1210202");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/1210203");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/1210301");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/1210329");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/1210336");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/1210337");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/1210414");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/1210417");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/1210453");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/1210469");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/1210506");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/1210629");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/1210647");
script_set_attribute(attribute:"see_also", value:"https://lists.suse.com/pipermail/sle-updates/2023-May/029295.html");
script_set_attribute(attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2020-36691");
script_set_attribute(attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2022-2196");
script_set_attribute(attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2022-43945");
script_set_attribute(attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2023-1611");
script_set_attribute(attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2023-1670");
script_set_attribute(attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2023-1838");
script_set_attribute(attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2023-1855");
script_set_attribute(attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2023-1872");
script_set_attribute(attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2023-1989");
script_set_attribute(attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2023-1990");
script_set_attribute(attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2023-1998");
script_set_attribute(attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2023-2008");
script_set_attribute(attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2023-2162");
script_set_attribute(attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2023-2176");
script_set_attribute(attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2023-30772");
script_set_attribute(attribute:"solution", value:
"Update the affected packages.");
script_set_cvss_base_vector("CVSS2#AV:L/AC:L/Au:S/C:C/I:C/A:C");
script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C");
script_set_cvss3_base_vector("CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H");
script_set_cvss3_temporal_vector("CVSS:3.0/E:P/RL:O/RC:C");
script_set_attribute(attribute:"cvss_score_source", value:"CVE-2023-2176");
script_set_attribute(attribute:"cvss3_score_source", value:"CVE-2022-2196");
script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
script_set_attribute(attribute:"exploit_available", value:"true");
script_set_attribute(attribute:"vuln_publication_date", value:"2022/06/04");
script_set_attribute(attribute:"patch_publication_date", value:"2023/05/09");
script_set_attribute(attribute:"plugin_publication_date", value:"2023/05/13");
script_set_attribute(attribute:"plugin_type", value:"local");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:cluster-md-kmp-default");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:dlm-kmp-default");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:gfs2-kmp-default");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:kernel-default");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:kernel-default-base");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:kernel-default-devel");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:kernel-default-livepatch");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:kernel-default-livepatch-devel");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:kernel-devel");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:kernel-livepatch-5_3_18-150200_24_151-default");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:kernel-macros");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:kernel-obs-build");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:kernel-preempt");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:kernel-preempt-devel");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:kernel-source");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:kernel-syms");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:ocfs2-kmp-default");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:reiserfs-kmp-default");
script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:suse_linux:15");
script_set_attribute(attribute:"generated_plugin", value:"current");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_family(english:"SuSE Local Security Checks");
script_copyright(english:"This script is Copyright (C) 2023 and is owned by Tenable, Inc. or an Affiliate thereof.");
script_dependencies("ssh_get_info.nasl");
script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/SuSE/release", "Host/SuSE/rpm-list");
exit(0);
}
include('rpm.inc');
if (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
var os_release = get_kb_item("Host/SuSE/release");
if (isnull(os_release) || os_release !~ "^(SLED|SLES)") audit(AUDIT_OS_NOT, "SUSE");
var os_ver = pregmatch(pattern: "^(SLE(S|D)(?:_SAP)?\d+)", string:os_release);
if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'SUSE');
os_ver = os_ver[1];
if (! preg(pattern:"^(SLES15|SLES_SAP15)$", string:os_ver)) audit(AUDIT_OS_NOT, 'SUSE SLES15 / SLES_SAP15', 'SUSE (' + os_ver + ')');
if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
var cpu = get_kb_item('Host/cpu');
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if ('x86_64' >!< cpu && cpu !~ "^i[3-6]86$" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'SUSE (' + os_ver + ')', cpu);
var service_pack = get_kb_item("Host/SuSE/patchlevel");
if (isnull(service_pack)) service_pack = "0";
if (os_ver == "SLES15" && (! preg(pattern:"^(2)$", string:service_pack))) audit(AUDIT_OS_NOT, "SLES15 SP2", os_ver + " SP" + service_pack);
if (os_ver == "SLES_SAP15" && (! preg(pattern:"^(2)$", string:service_pack))) audit(AUDIT_OS_NOT, "SLES_SAP15 SP2", os_ver + " SP" + service_pack);
var pkgs = [
{'reference':'kernel-default-5.3.18-150200.24.151.1', 'sp':'2', 'cpu':'x86_64', 'release':'SLES_SAP15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.2']},
{'reference':'kernel-default-base-5.3.18-150200.24.151.1.150200.9.73.1', 'sp':'2', 'cpu':'x86_64', 'release':'SLES_SAP15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.2']},
{'reference':'kernel-default-devel-5.3.18-150200.24.151.1', 'sp':'2', 'cpu':'x86_64', 'release':'SLES_SAP15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.2']},
{'reference':'kernel-devel-5.3.18-150200.24.151.1', 'sp':'2', 'release':'SLES_SAP15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.2']},
{'reference':'kernel-macros-5.3.18-150200.24.151.1', 'sp':'2', 'release':'SLES_SAP15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.2']},
{'reference':'kernel-obs-build-5.3.18-150200.24.151.1', 'sp':'2', 'cpu':'x86_64', 'release':'SLES_SAP15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.2']},
{'reference':'kernel-preempt-5.3.18-150200.24.151.1', 'sp':'2', 'cpu':'x86_64', 'release':'SLES_SAP15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.2']},
{'reference':'kernel-preempt-devel-5.3.18-150200.24.151.1', 'sp':'2', 'cpu':'x86_64', 'release':'SLES_SAP15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.2']},
{'reference':'kernel-source-5.3.18-150200.24.151.1', 'sp':'2', 'release':'SLES_SAP15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.2']},
{'reference':'kernel-syms-5.3.18-150200.24.151.1', 'sp':'2', 'cpu':'x86_64', 'release':'SLES_SAP15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.2']},
{'reference':'reiserfs-kmp-default-5.3.18-150200.24.151.1', 'sp':'2', 'cpu':'x86_64', 'release':'SLES_SAP15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.2']},
{'reference':'kernel-default-5.3.18-150200.24.151.1', 'sp':'2', 'cpu':'aarch64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-LTSS-release-15.2']},
{'reference':'kernel-default-5.3.18-150200.24.151.1', 'sp':'2', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-LTSS-release-15.2']},
{'reference':'kernel-default-base-5.3.18-150200.24.151.1.150200.9.73.1', 'sp':'2', 'cpu':'aarch64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-LTSS-release-15.2']},
{'reference':'kernel-default-base-5.3.18-150200.24.151.1.150200.9.73.1', 'sp':'2', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-LTSS-release-15.2']},
{'reference':'kernel-default-devel-5.3.18-150200.24.151.1', 'sp':'2', 'cpu':'aarch64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-LTSS-release-15.2']},
{'reference':'kernel-default-devel-5.3.18-150200.24.151.1', 'sp':'2', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-LTSS-release-15.2']},
{'reference':'kernel-devel-5.3.18-150200.24.151.1', 'sp':'2', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-LTSS-release-15.2', 'sles-ltss-release-15.2']},
{'reference':'kernel-macros-5.3.18-150200.24.151.1', 'sp':'2', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-LTSS-release-15.2', 'sles-ltss-release-15.2']},
{'reference':'kernel-obs-build-5.3.18-150200.24.151.1', 'sp':'2', 'cpu':'aarch64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-LTSS-release-15.2']},
{'reference':'kernel-obs-build-5.3.18-150200.24.151.1', 'sp':'2', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-LTSS-release-15.2']},
{'reference':'kernel-preempt-5.3.18-150200.24.151.1', 'sp':'2', 'cpu':'aarch64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-LTSS-release-15.2', 'sles-ltss-release-15.2']},
{'reference':'kernel-preempt-5.3.18-150200.24.151.1', 'sp':'2', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-LTSS-release-15.2', 'sles-ltss-release-15.2']},
{'reference':'kernel-preempt-devel-5.3.18-150200.24.151.1', 'sp':'2', 'cpu':'aarch64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-LTSS-release-15.2', 'sles-ltss-release-15.2']},
{'reference':'kernel-preempt-devel-5.3.18-150200.24.151.1', 'sp':'2', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-LTSS-release-15.2', 'sles-ltss-release-15.2']},
{'reference':'kernel-source-5.3.18-150200.24.151.1', 'sp':'2', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-LTSS-release-15.2', 'sles-ltss-release-15.2']},
{'reference':'kernel-syms-5.3.18-150200.24.151.1', 'sp':'2', 'cpu':'aarch64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-LTSS-release-15.2']},
{'reference':'kernel-syms-5.3.18-150200.24.151.1', 'sp':'2', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-LTSS-release-15.2']},
{'reference':'cluster-md-kmp-default-5.3.18-150200.24.151.1', 'sp':'2', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sle-ha-release-15.2']},
{'reference':'dlm-kmp-default-5.3.18-150200.24.151.1', 'sp':'2', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sle-ha-release-15.2']},
{'reference':'gfs2-kmp-default-5.3.18-150200.24.151.1', 'sp':'2', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sle-ha-release-15.2']},
{'reference':'ocfs2-kmp-default-5.3.18-150200.24.151.1', 'sp':'2', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sle-ha-release-15.2']},
{'reference':'kernel-default-livepatch-5.3.18-150200.24.151.1', 'sp':'2', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sle-module-live-patching-release-15.2']},
{'reference':'kernel-default-livepatch-devel-5.3.18-150200.24.151.1', 'sp':'2', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sle-module-live-patching-release-15.2']},
{'reference':'kernel-livepatch-5_3_18-150200_24_151-default-1-150200.5.3.1', 'sp':'2', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sle-module-live-patching-release-15.2']},
{'reference':'kernel-default-5.3.18-150200.24.151.1', 'sp':'2', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sles-ltss-release-15.2']},
{'reference':'kernel-default-base-5.3.18-150200.24.151.1.150200.9.73.1', 'sp':'2', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sles-ltss-release-15.2']},
{'reference':'kernel-default-devel-5.3.18-150200.24.151.1', 'sp':'2', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sles-ltss-release-15.2']},
{'reference':'kernel-obs-build-5.3.18-150200.24.151.1', 'sp':'2', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sles-ltss-release-15.2']},
{'reference':'kernel-syms-5.3.18-150200.24.151.1', 'sp':'2', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sles-ltss-release-15.2']},
{'reference':'reiserfs-kmp-default-5.3.18-150200.24.151.1', 'sp':'2', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sles-ltss-release-15.2']}
];
var ltss_caveat_required = FALSE;
var flag = 0;
foreach var package_array ( pkgs ) {
var reference = NULL;
var _release = NULL;
var sp = NULL;
var _cpu = NULL;
var exists_check = NULL;
var rpm_spec_vers_cmp = NULL;
if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];
if (!empty_or_null(package_array['release'])) _release = package_array['release'];
if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];
if (!empty_or_null(package_array['cpu'])) _cpu = package_array['cpu'];
if (!empty_or_null(package_array['exists_check'])) exists_check = package_array['exists_check'];
if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];
if (reference && _release) {
if (exists_check) {
var check_flag = 0;
foreach var check (exists_check) {
if (!rpm_exists(release:_release, rpm:check)) continue;
if ('ltss' >< tolower(check)) ltss_caveat_required = TRUE;
check_flag++;
}
if (!check_flag) continue;
}
if (rpm_check(release:_release, sp:sp, cpu:_cpu, reference:reference, rpm_spec_vers_cmp:rpm_spec_vers_cmp)) flag++;
}
}
if (flag)
{
var ltss_plugin_caveat = NULL;
if(ltss_caveat_required) ltss_plugin_caveat = '\n' +
'NOTE: This vulnerability check contains fixes that apply to\n' +
'packages only available in SUSE Enterprise Linux Server LTSS\n' +
'repositories. Access to these package security updates require\n' +
'a paid SUSE LTSS subscription.\n';
security_report_v4(
port : 0,
severity : SECURITY_WARNING,
extra : rpm_report_get() + ltss_plugin_caveat
);
exit(0);
}
else
{
var tested = pkg_tests_get();
if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'cluster-md-kmp-default / dlm-kmp-default / gfs2-kmp-default / etc');
}
| Vendor | Product | Version | CPE |
|---|---|---|---|
| novell | suse_linux | kernel-livepatch-5_3_18-150200_24_151-default | p-cpe:/a:novell:suse_linux:kernel-livepatch-5_3_18-150200_24_151-default |
| novell | suse_linux | kernel-macros | p-cpe:/a:novell:suse_linux:kernel-macros |
| novell | suse_linux | kernel-obs-build | p-cpe:/a:novell:suse_linux:kernel-obs-build |
| novell | suse_linux | kernel-preempt | p-cpe:/a:novell:suse_linux:kernel-preempt |
| novell | suse_linux | kernel-preempt-devel | p-cpe:/a:novell:suse_linux:kernel-preempt-devel |
| novell | suse_linux | kernel-source | p-cpe:/a:novell:suse_linux:kernel-source |
| novell | suse_linux | cluster-md-kmp-default | p-cpe:/a:novell:suse_linux:cluster-md-kmp-default |
| novell | suse_linux | dlm-kmp-default | p-cpe:/a:novell:suse_linux:dlm-kmp-default |
| novell | suse_linux | gfs2-kmp-default | p-cpe:/a:novell:suse_linux:gfs2-kmp-default |
| novell | suse_linux | kernel-default | p-cpe:/a:novell:suse_linux:kernel-default |
References
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-36691
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2196
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-43945
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1611
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1670
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1838
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1855
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1872
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1989
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1990
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1998
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-2008
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-2162
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-2176
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-30772
bugzilla.suse.com/1202353
bugzilla.suse.com/1205128
bugzilla.suse.com/1206992
bugzilla.suse.com/1209613
bugzilla.suse.com/1209687
bugzilla.suse.com/1209777
bugzilla.suse.com/1209871
bugzilla.suse.com/1210202
bugzilla.suse.com/1210203
bugzilla.suse.com/1210301
bugzilla.suse.com/1210329
bugzilla.suse.com/1210336
bugzilla.suse.com/1210337
bugzilla.suse.com/1210414
bugzilla.suse.com/1210417
bugzilla.suse.com/1210453
bugzilla.suse.com/1210469
bugzilla.suse.com/1210506
bugzilla.suse.com/1210629
bugzilla.suse.com/1210647
lists.suse.com/pipermail/sle-updates/2023-May/029295.html
www.suse.com/security/cve/CVE-2020-36691
www.suse.com/security/cve/CVE-2022-2196
www.suse.com/security/cve/CVE-2022-43945
www.suse.com/security/cve/CVE-2023-1611
www.suse.com/security/cve/CVE-2023-1670
www.suse.com/security/cve/CVE-2023-1838
www.suse.com/security/cve/CVE-2023-1855
www.suse.com/security/cve/CVE-2023-1872
www.suse.com/security/cve/CVE-2023-1989
www.suse.com/security/cve/CVE-2023-1990
www.suse.com/security/cve/CVE-2023-1998
www.suse.com/security/cve/CVE-2023-2008
www.suse.com/security/cve/CVE-2023-2162
www.suse.com/security/cve/CVE-2023-2176
www.suse.com/security/cve/CVE-2023-30772
Related
