CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
EPSS
Percentile
26.3%
The remote SUSE Linux SLED15 / SLED_SAP15 / SLES15 / SLES_SAP15 / openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2023:3971-1 advisory.
A use-after-free(UAF) vulnerability was found in function ‘vmw_cmd_res_check’ in drivers/gpu/vmxgfx/vmxgfx_execbuf.c in Linux kernel’s vmwgfx driver with device file ‘/dev/dri/renderD128 (or Dxxx)’. This flaw allows a local attacker with a user account on the system to gain privilege, causing a denial of service(DoS). (CVE-2022-38457)
A use-after-free(UAF) vulnerability was found in function ‘vmw_execbuf_tie_context’ in drivers/gpu/vmxgfx/vmxgfx_execbuf.c in Linux kernel’s vmwgfx driver with device file ‘/dev/dri/renderD128 (or Dxxx)’. This flaw allows a local attacker with a user account on the system to gain privilege, causing a denial of service(DoS). (CVE-2022-40133)
The specific flaw exists within the DPT I2O Controller driver. The issue results from the lack of proper locking when performing operations on an object. An attacker can leverage this in conjunction with other vulnerabilities to escalate privileges and execute arbitrary code in the context of the kernel.
(CVE-2023-2007)
A division-by-zero error on some AMD processors can potentially return speculative data resulting in loss of confidentiality. (CVE-2023-20588)
The fix for XSA-423 added logic to Linux’es netback driver to deal with a frontend splitting a packet in a way such that not all of the headers would come in one piece. Unfortunately the logic introduced there didn’t account for the extreme case of the entire packet being split into as many pieces as permitted by the protocol, yet still being smaller than the area that’s specially dealt with to keep all (possible) headers together. Such an unusual packet would therefore trigger a buffer overrun in the driver.
(CVE-2023-34319)
A use-after-free vulnerability in the Linux kernel’s netfilter: nf_tables component can be exploited to achieve local privilege escalation. Flaw in the error handling of bound chains causes a use-after-free in the abort path of NFT_MSG_NEWRULE. The vulnerability requires CAP_NET_ADMIN to be triggered. We recommend upgrading past commit 4bedf9eee016286c835e3d8fa981ddece5338795. (CVE-2023-3610)
An issue was discovered in the USB subsystem in the Linux kernel through 6.4.2. There is an out-of-bounds and crash in read_descriptors in drivers/usb/core/sysfs.c. (CVE-2023-37453)
A flaw was found in the Linux kernel’s IP framework for transforming packets (XFRM subsystem). This issue may allow a malicious user with CAP_NET_ADMIN privileges to directly dereference a NULL pointer in xfrm_update_ae_params(), leading to a possible kernel crash and denial of service. (CVE-2023-3772)
A use-after-free flaw was found in nfc_llcp_find_local in net/nfc/llcp_core.c in NFC in the Linux kernel.
This flaw allows a local user with special privileges to impact a kernel information leak issue.
(CVE-2023-3863)
An issue was discovered in l2cap_sock_release in net/bluetooth/l2cap_sock.c in the Linux kernel before 6.4.10. There is a use-after-free because the children of an sk are mishandled. (CVE-2023-40283)
A use-after-free flaw was found in net/sched/cls_fw.c in classifiers (cls_fw, cls_u32, and cls_route) in the Linux Kernel. This flaw allows a local attacker to perform a local privilege escalation due to incorrect handling of the existing filter, leading to a kernel information leak issue. (CVE-2023-4128)
A use-after-free vulnerability was found in the cxgb4 driver in the Linux kernel. The bug occurs when the cxgb4 device is detaching due to a possible rearming of the flower_stats_timer from the work queue. This flaw allows a local user to crash the system, causing a denial of service condition. (CVE-2023-4133)
A use-after-free flaw was found in the Linux kernel’s Netfilter functionality when adding a rule with NFTA_RULE_CHAIN_ID. This flaw allows a local user to crash or escalate their privileges on the system.
(CVE-2023-4147)
A flaw was found in the Linux kernel’s TUN/TAP functionality. This issue could allow a local user to bypass network filters and gain unauthorized access to some resources. The original patches fixing CVE-2023-1076 are incorrect or incomplete. The problem is that the following upstream commits - a096ccca6e50 (tun: tun_chr_open(): correctly initialize socket uid), - 66b2c338adce (tap: tap_open():
correctly initialize socket uid), pass inode->i_uid to sock_init_data_uid() as the last parameter and that turns out to not be accurate. (CVE-2023-4194)
A flaw was found in the exFAT driver of the Linux kernel. The vulnerability exists in the implementation of the file name reconstruction function, which is responsible for reading file name entries from a directory index and merging file name parts belonging to one file into a single long file name. Since the file name characters are copied into a stack variable, a local privileged attacker could use this flaw to overflow the kernel stack. (CVE-2023-4273)
A use-after-free flaw was found in vmxnet3_rq_alloc_rx_buf in drivers/net/vmxnet3/vmxnet3_drv.c in VMware’s vmxnet3 ethernet NIC driver in the Linux Kernel. This issue could allow a local attacker to crash the system due to a double-free while cleaning up vmxnet3_rq_cleanup_all, which could also lead to a kernel information leak problem. (CVE-2023-4387)
A NULL pointer dereference flaw was found in vmxnet3_rq_cleanup in drivers/net/vmxnet3/vmxnet3_drv.c in the networking sub-component in vmxnet3 in the Linux Kernel. This issue may allow a local attacker with normal user privilege to cause a denial of service due to a missing sanity check during cleanup.
(CVE-2023-4459)
A memory leak flaw was found in nft_set_catchall_flush in net/netfilter/nf_tables_api.c in the Linux Kernel. This issue may allow a local attacker to cause a double-deactivations of catchall elements, which results in a memory leak. (CVE-2023-4569)
Note that Nessus has not tested for these issues but has instead relied only on the application’s self-reported version number.
#%NASL_MIN_LEVEL 80900
##
# (C) Tenable, Inc.
#
# The package checks in this plugin were extracted from
# SUSE update advisory SUSE-SU-2023:3971-1. The text itself
# is copyright (C) SUSE.
##
include('compat.inc');
if (description)
{
script_id(182572);
script_version("1.0");
script_set_attribute(attribute:"plugin_modification_date", value:"2023/10/05");
script_cve_id(
"CVE-2022-38457",
"CVE-2022-40133",
"CVE-2023-2007",
"CVE-2023-3610",
"CVE-2023-3772",
"CVE-2023-3863",
"CVE-2023-4128",
"CVE-2023-4133",
"CVE-2023-4134",
"CVE-2023-4147",
"CVE-2023-4194",
"CVE-2023-4273",
"CVE-2023-4387",
"CVE-2023-4459",
"CVE-2023-4563",
"CVE-2023-4569",
"CVE-2023-20588",
"CVE-2023-34319",
"CVE-2023-37453",
"CVE-2023-40283"
);
script_xref(name:"SuSE", value:"SUSE-SU-2023:3971-1");
script_name(english:"SUSE SLED15 / SLES15 / openSUSE 15 Security Update : kernel (SUSE-SU-2023:3971-1)");
script_set_attribute(attribute:"synopsis", value:
"The remote SUSE host is missing one or more security updates.");
script_set_attribute(attribute:"description", value:
"The remote SUSE Linux SLED15 / SLED_SAP15 / SLES15 / SLES_SAP15 / openSUSE 15 host has packages installed that are
affected by multiple vulnerabilities as referenced in the SUSE-SU-2023:3971-1 advisory.
- A use-after-free(UAF) vulnerability was found in function 'vmw_cmd_res_check' in
drivers/gpu/vmxgfx/vmxgfx_execbuf.c in Linux kernel's vmwgfx driver with device file '/dev/dri/renderD128
(or Dxxx)'. This flaw allows a local attacker with a user account on the system to gain privilege, causing
a denial of service(DoS). (CVE-2022-38457)
- A use-after-free(UAF) vulnerability was found in function 'vmw_execbuf_tie_context' in
drivers/gpu/vmxgfx/vmxgfx_execbuf.c in Linux kernel's vmwgfx driver with device file '/dev/dri/renderD128
(or Dxxx)'. This flaw allows a local attacker with a user account on the system to gain privilege, causing
a denial of service(DoS). (CVE-2022-40133)
- The specific flaw exists within the DPT I2O Controller driver. The issue results from the lack of proper
locking when performing operations on an object. An attacker can leverage this in conjunction with other
vulnerabilities to escalate privileges and execute arbitrary code in the context of the kernel.
(CVE-2023-2007)
- A division-by-zero error on some AMD processors can potentially return speculative data resulting in loss
of confidentiality. (CVE-2023-20588)
- The fix for XSA-423 added logic to Linux'es netback driver to deal with a frontend splitting a packet in a
way such that not all of the headers would come in one piece. Unfortunately the logic introduced there
didn't account for the extreme case of the entire packet being split into as many pieces as permitted by
the protocol, yet still being smaller than the area that's specially dealt with to keep all (possible)
headers together. Such an unusual packet would therefore trigger a buffer overrun in the driver.
(CVE-2023-34319)
- A use-after-free vulnerability in the Linux kernel's netfilter: nf_tables component can be exploited to
achieve local privilege escalation. Flaw in the error handling of bound chains causes a use-after-free in
the abort path of NFT_MSG_NEWRULE. The vulnerability requires CAP_NET_ADMIN to be triggered. We recommend
upgrading past commit 4bedf9eee016286c835e3d8fa981ddece5338795. (CVE-2023-3610)
- An issue was discovered in the USB subsystem in the Linux kernel through 6.4.2. There is an out-of-bounds
and crash in read_descriptors in drivers/usb/core/sysfs.c. (CVE-2023-37453)
- A flaw was found in the Linux kernel's IP framework for transforming packets (XFRM subsystem). This issue
may allow a malicious user with CAP_NET_ADMIN privileges to directly dereference a NULL pointer in
xfrm_update_ae_params(), leading to a possible kernel crash and denial of service. (CVE-2023-3772)
- A use-after-free flaw was found in nfc_llcp_find_local in net/nfc/llcp_core.c in NFC in the Linux kernel.
This flaw allows a local user with special privileges to impact a kernel information leak issue.
(CVE-2023-3863)
- An issue was discovered in l2cap_sock_release in net/bluetooth/l2cap_sock.c in the Linux kernel before
6.4.10. There is a use-after-free because the children of an sk are mishandled. (CVE-2023-40283)
- A use-after-free flaw was found in net/sched/cls_fw.c in classifiers (cls_fw, cls_u32, and cls_route) in
the Linux Kernel. This flaw allows a local attacker to perform a local privilege escalation due to
incorrect handling of the existing filter, leading to a kernel information leak issue. (CVE-2023-4128)
- A use-after-free vulnerability was found in the cxgb4 driver in the Linux kernel. The bug occurs when the
cxgb4 device is detaching due to a possible rearming of the flower_stats_timer from the work queue. This
flaw allows a local user to crash the system, causing a denial of service condition. (CVE-2023-4133)
- A use-after-free flaw was found in the Linux kernel's Netfilter functionality when adding a rule with
NFTA_RULE_CHAIN_ID. This flaw allows a local user to crash or escalate their privileges on the system.
(CVE-2023-4147)
- A flaw was found in the Linux kernel's TUN/TAP functionality. This issue could allow a local user to
bypass network filters and gain unauthorized access to some resources. The original patches fixing
CVE-2023-1076 are incorrect or incomplete. The problem is that the following upstream commits -
a096ccca6e50 (tun: tun_chr_open(): correctly initialize socket uid), - 66b2c338adce (tap: tap_open():
correctly initialize socket uid), pass inode->i_uid to sock_init_data_uid() as the last parameter and
that turns out to not be accurate. (CVE-2023-4194)
- A flaw was found in the exFAT driver of the Linux kernel. The vulnerability exists in the implementation
of the file name reconstruction function, which is responsible for reading file name entries from a
directory index and merging file name parts belonging to one file into a single long file name. Since the
file name characters are copied into a stack variable, a local privileged attacker could use this flaw to
overflow the kernel stack. (CVE-2023-4273)
- A use-after-free flaw was found in vmxnet3_rq_alloc_rx_buf in drivers/net/vmxnet3/vmxnet3_drv.c in
VMware's vmxnet3 ethernet NIC driver in the Linux Kernel. This issue could allow a local attacker to crash
the system due to a double-free while cleaning up vmxnet3_rq_cleanup_all, which could also lead to a
kernel information leak problem. (CVE-2023-4387)
- A NULL pointer dereference flaw was found in vmxnet3_rq_cleanup in drivers/net/vmxnet3/vmxnet3_drv.c in
the networking sub-component in vmxnet3 in the Linux Kernel. This issue may allow a local attacker with
normal user privilege to cause a denial of service due to a missing sanity check during cleanup.
(CVE-2023-4459)
- A memory leak flaw was found in nft_set_catchall_flush in net/netfilter/nf_tables_api.c in the Linux
Kernel. This issue may allow a local attacker to cause a double-deactivations of catchall elements, which
results in a memory leak. (CVE-2023-4569)
Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version
number.");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/1023051");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/1120059");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/1177719");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/1188885");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/1193629");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/1194869");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/1203329");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/1203330");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/1205462");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/1206453");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/1208902");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/1208949");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/1209284");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/1209799");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/1210048");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/1210448");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/1211220");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/1212091");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/1212142");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/1212423");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/1212526");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/1212857");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/1212873");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/1213026");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/1213123");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/1213546");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/1213580");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/1213601");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/1213666");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/1213733");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/1213757");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/1213759");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/1213916");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/1213921");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/1213927");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/1213946");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/1213949");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/1213968");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/1213970");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/1213971");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/1214000");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/1214019");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/1214073");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/1214120");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/1214149");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/1214180");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/1214233");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/1214238");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/1214285");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/1214297");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/1214299");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/1214305");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/1214350");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/1214368");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/1214370");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/1214371");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/1214372");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/1214380");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/1214386");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/1214392");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/1214393");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/1214397");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/1214404");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/1214428");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/1214451");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/1214635");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/1214659");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/1214661");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/1214727");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/1214729");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/1214742");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/1214743");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/1214756");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/1214976");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/1215522");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/1215523");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/1215552");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/1215553");
# https://lists.suse.com/pipermail/sle-security-updates/2023-October/016512.html
script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?8fa41c0d");
script_set_attribute(attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2022-38457");
script_set_attribute(attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2022-40133");
script_set_attribute(attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2023-2007");
script_set_attribute(attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2023-20588");
script_set_attribute(attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2023-34319");
script_set_attribute(attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2023-3610");
script_set_attribute(attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2023-37453");
script_set_attribute(attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2023-3772");
script_set_attribute(attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2023-3863");
script_set_attribute(attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2023-40283");
script_set_attribute(attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2023-4128");
script_set_attribute(attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2023-4133");
script_set_attribute(attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2023-4134");
script_set_attribute(attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2023-4147");
script_set_attribute(attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2023-4194");
script_set_attribute(attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2023-4273");
script_set_attribute(attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2023-4387");
script_set_attribute(attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2023-4459");
script_set_attribute(attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2023-4563");
script_set_attribute(attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2023-4569");
script_set_attribute(attribute:"solution", value:
"Update the affected packages.");
script_set_cvss_base_vector("CVSS2#AV:L/AC:L/Au:S/C:C/I:C/A:C");
script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C");
script_set_cvss3_base_vector("CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H");
script_set_cvss3_temporal_vector("CVSS:3.0/E:P/RL:O/RC:C");
script_set_attribute(attribute:"cvss_score_source", value:"CVE-2023-4147");
script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
script_set_attribute(attribute:"exploit_available", value:"true");
script_set_attribute(attribute:"vuln_publication_date", value:"2022/09/09");
script_set_attribute(attribute:"patch_publication_date", value:"2023/10/04");
script_set_attribute(attribute:"plugin_publication_date", value:"2023/10/05");
script_set_attribute(attribute:"plugin_type", value:"local");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:cluster-md-kmp-default");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:dlm-kmp-default");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:gfs2-kmp-default");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:kernel-64kb");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:kernel-64kb-devel");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:kernel-default");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:kernel-default-base");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:kernel-default-devel");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:kernel-default-extra");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:kernel-default-livepatch");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:kernel-default-livepatch-devel");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:kernel-devel");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:kernel-livepatch-5_14_21-150500_55_28-default");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:kernel-macros");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:kernel-obs-build");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:kernel-source");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:kernel-syms");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:kernel-zfcpdump");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:ocfs2-kmp-default");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:reiserfs-kmp-default");
script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:suse_linux:15");
script_set_attribute(attribute:"generated_plugin", value:"current");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_family(english:"SuSE Local Security Checks");
script_copyright(english:"This script is Copyright (C) 2023 and is owned by Tenable, Inc. or an Affiliate thereof.");
script_dependencies("ssh_get_info.nasl");
script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/SuSE/release", "Host/SuSE/rpm-list");
exit(0);
}
include('rpm.inc');
if (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
var os_release = get_kb_item("Host/SuSE/release");
if (isnull(os_release) || os_release !~ "^(SLED|SLES|SUSE)") audit(AUDIT_OS_NOT, "SUSE / openSUSE");
var os_ver = pregmatch(pattern: "^(SLE(S|D)(?:_SAP)?\d+|SUSE([\d.]+))", string:os_release);
if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'SUSE / openSUSE');
os_ver = os_ver[1];
if (! preg(pattern:"^(SLED15|SLED_SAP15|SLES15|SLES_SAP15|SUSE15\.5)$", string:os_ver)) audit(AUDIT_OS_NOT, 'SUSE SLED15 / SLED_SAP15 / SLES15 / SLES_SAP15 / openSUSE 15', 'SUSE / openSUSE (' + os_ver + ')');
if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
var cpu = get_kb_item('Host/cpu');
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if ('x86_64' >!< cpu && cpu !~ "^i[3-6]86$" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'SUSE / openSUSE (' + os_ver + ')', cpu);
var service_pack = get_kb_item("Host/SuSE/patchlevel");
if (isnull(service_pack)) service_pack = "0";
if (os_ver == "SLED15" && (! preg(pattern:"^(5)$", string:service_pack))) audit(AUDIT_OS_NOT, "SLED15 SP5", os_ver + " SP" + service_pack);
if (os_ver == "SLED_SAP15" && (! preg(pattern:"^(5)$", string:service_pack))) audit(AUDIT_OS_NOT, "SLED_SAP15 SP5", os_ver + " SP" + service_pack);
if (os_ver == "SLES15" && (! preg(pattern:"^(5)$", string:service_pack))) audit(AUDIT_OS_NOT, "SLES15 SP5", os_ver + " SP" + service_pack);
if (os_ver == "SLES_SAP15" && (! preg(pattern:"^(5)$", string:service_pack))) audit(AUDIT_OS_NOT, "SLES_SAP15 SP5", os_ver + " SP" + service_pack);
var pkgs = [
{'reference':'kernel-64kb-5.14.21-150500.55.28.1', 'sp':'5', 'cpu':'aarch64', 'release':'SLED_SAP15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.5']},
{'reference':'kernel-64kb-5.14.21-150500.55.28.1', 'sp':'5', 'cpu':'aarch64', 'release':'SLES_SAP15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.5']},
{'reference':'kernel-64kb-devel-5.14.21-150500.55.28.1', 'sp':'5', 'cpu':'aarch64', 'release':'SLED_SAP15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.5']},
{'reference':'kernel-64kb-devel-5.14.21-150500.55.28.1', 'sp':'5', 'cpu':'aarch64', 'release':'SLES_SAP15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.5']},
{'reference':'kernel-default-5.14.21-150500.55.28.1', 'sp':'5', 'release':'SLED_SAP15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.5']},
{'reference':'kernel-default-5.14.21-150500.55.28.1', 'sp':'5', 'release':'SLES_SAP15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.5']},
{'reference':'kernel-default-base-5.14.21-150500.55.28.1.150500.6.11.2', 'sp':'5', 'cpu':'aarch64', 'release':'SLED_SAP15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.5']},
{'reference':'kernel-default-base-5.14.21-150500.55.28.1.150500.6.11.2', 'sp':'5', 'cpu':'x86_64', 'release':'SLED_SAP15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.5']},
{'reference':'kernel-default-base-5.14.21-150500.55.28.1.150500.6.11.2', 'sp':'5', 'cpu':'aarch64', 'release':'SLES_SAP15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.5']},
{'reference':'kernel-default-base-5.14.21-150500.55.28.1.150500.6.11.2', 'sp':'5', 'cpu':'x86_64', 'release':'SLES_SAP15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.5']},
{'reference':'kernel-default-devel-5.14.21-150500.55.28.1', 'sp':'5', 'release':'SLED_SAP15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.5']},
{'reference':'kernel-default-devel-5.14.21-150500.55.28.1', 'sp':'5', 'release':'SLES_SAP15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.5']},
{'reference':'kernel-default-extra-5.14.21-150500.55.28.1', 'sp':'5', 'cpu':'x86_64', 'release':'SLED_SAP15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.5']},
{'reference':'kernel-default-extra-5.14.21-150500.55.28.1', 'sp':'5', 'cpu':'x86_64', 'release':'SLES_SAP15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.5']},
{'reference':'kernel-devel-5.14.21-150500.55.28.1', 'sp':'5', 'release':'SLED_SAP15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.5']},
{'reference':'kernel-devel-5.14.21-150500.55.28.1', 'sp':'5', 'release':'SLES_SAP15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.5']},
{'reference':'kernel-macros-5.14.21-150500.55.28.1', 'sp':'5', 'release':'SLED_SAP15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.5']},
{'reference':'kernel-macros-5.14.21-150500.55.28.1', 'sp':'5', 'release':'SLES_SAP15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.5']},
{'reference':'kernel-obs-build-5.14.21-150500.55.28.1', 'sp':'5', 'release':'SLED_SAP15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.5']},
{'reference':'kernel-obs-build-5.14.21-150500.55.28.1', 'sp':'5', 'release':'SLES_SAP15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.5']},
{'reference':'kernel-source-5.14.21-150500.55.28.1', 'sp':'5', 'release':'SLED_SAP15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.5']},
{'reference':'kernel-source-5.14.21-150500.55.28.1', 'sp':'5', 'release':'SLES_SAP15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.5']},
{'reference':'kernel-syms-5.14.21-150500.55.28.1', 'sp':'5', 'release':'SLED_SAP15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.5']},
{'reference':'kernel-syms-5.14.21-150500.55.28.1', 'sp':'5', 'release':'SLES_SAP15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.5']},
{'reference':'kernel-zfcpdump-5.14.21-150500.55.28.1', 'sp':'5', 'cpu':'s390x', 'release':'SLED_SAP15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.5']},
{'reference':'kernel-zfcpdump-5.14.21-150500.55.28.1', 'sp':'5', 'cpu':'s390x', 'release':'SLES_SAP15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.5']},
{'reference':'reiserfs-kmp-default-5.14.21-150500.55.28.1', 'sp':'5', 'release':'SLES_SAP15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.5']},
{'reference':'kernel-64kb-5.14.21-150500.55.28.1', 'sp':'5', 'cpu':'aarch64', 'release':'SLED15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-release-15.5', 'sle-module-basesystem-release-15.5', 'sled-release-15.5', 'sles-release-15.5']},
{'reference':'kernel-64kb-5.14.21-150500.55.28.1', 'sp':'5', 'cpu':'aarch64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-release-15.5', 'sle-module-basesystem-release-15.5', 'sled-release-15.5', 'sles-release-15.5']},
{'reference':'kernel-64kb-devel-5.14.21-150500.55.28.1', 'sp':'5', 'cpu':'aarch64', 'release':'SLED15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-release-15.5', 'sle-module-basesystem-release-15.5', 'sled-release-15.5', 'sles-release-15.5']},
{'reference':'kernel-64kb-devel-5.14.21-150500.55.28.1', 'sp':'5', 'cpu':'aarch64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-release-15.5', 'sle-module-basesystem-release-15.5', 'sled-release-15.5', 'sles-release-15.5']},
{'reference':'kernel-default-5.14.21-150500.55.28.1', 'sp':'5', 'release':'SLED15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-release-15.5', 'sle-module-basesystem-release-15.5', 'sled-release-15.5', 'sles-release-15.5']},
{'reference':'kernel-default-5.14.21-150500.55.28.1', 'sp':'5', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-release-15.5', 'sle-module-basesystem-release-15.5', 'sled-release-15.5', 'sles-release-15.5']},
{'reference':'kernel-default-base-5.14.21-150500.55.28.1.150500.6.11.2', 'sp':'5', 'cpu':'aarch64', 'release':'SLED15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-release-15.5', 'sle-module-basesystem-release-15.5', 'sled-release-15.5', 'sles-release-15.5']},
{'reference':'kernel-default-base-5.14.21-150500.55.28.1.150500.6.11.2', 'sp':'5', 'cpu':'x86_64', 'release':'SLED15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-release-15.5', 'sle-module-basesystem-release-15.5', 'sled-release-15.5', 'sles-release-15.5']},
{'reference':'kernel-default-base-5.14.21-150500.55.28.1.150500.6.11.2', 'sp':'5', 'cpu':'aarch64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-release-15.5', 'sle-module-basesystem-release-15.5', 'sled-release-15.5', 'sles-release-15.5']},
{'reference':'kernel-default-base-5.14.21-150500.55.28.1.150500.6.11.2', 'sp':'5', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-release-15.5', 'sle-module-basesystem-release-15.5', 'sled-release-15.5', 'sles-release-15.5']},
{'reference':'kernel-default-devel-5.14.21-150500.55.28.1', 'sp':'5', 'release':'SLED15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-release-15.5', 'sle-module-basesystem-release-15.5', 'sled-release-15.5', 'sles-release-15.5']},
{'reference':'kernel-default-devel-5.14.21-150500.55.28.1', 'sp':'5', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-release-15.5', 'sle-module-basesystem-release-15.5', 'sled-release-15.5', 'sles-release-15.5']},
{'reference':'kernel-devel-5.14.21-150500.55.28.1', 'sp':'5', 'release':'SLED15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-release-15.5', 'sle-module-basesystem-release-15.5', 'sled-release-15.5', 'sles-release-15.5']},
{'reference':'kernel-devel-5.14.21-150500.55.28.1', 'sp':'5', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-release-15.5', 'sle-module-basesystem-release-15.5', 'sled-release-15.5', 'sles-release-15.5']},
{'reference':'kernel-macros-5.14.21-150500.55.28.1', 'sp':'5', 'release':'SLED15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-release-15.5', 'sle-module-basesystem-release-15.5', 'sled-release-15.5', 'sles-release-15.5']},
{'reference':'kernel-macros-5.14.21-150500.55.28.1', 'sp':'5', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-release-15.5', 'sle-module-basesystem-release-15.5', 'sled-release-15.5', 'sles-release-15.5']},
{'reference':'kernel-obs-build-5.14.21-150500.55.28.1', 'sp':'5', 'release':'SLED15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-release-15.5', 'sle-module-development-tools-release-15.5', 'sled-release-15.5', 'sles-release-15.5']},
{'reference':'kernel-obs-build-5.14.21-150500.55.28.1', 'sp':'5', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-release-15.5', 'sle-module-development-tools-release-15.5', 'sled-release-15.5', 'sles-release-15.5']},
{'reference':'kernel-source-5.14.21-150500.55.28.1', 'sp':'5', 'release':'SLED15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-release-15.5', 'sle-module-development-tools-release-15.5', 'sled-release-15.5', 'sles-release-15.5']},
{'reference':'kernel-source-5.14.21-150500.55.28.1', 'sp':'5', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-release-15.5', 'sle-module-development-tools-release-15.5', 'sled-release-15.5', 'sles-release-15.5']},
{'reference':'kernel-syms-5.14.21-150500.55.28.1', 'sp':'5', 'release':'SLED15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-release-15.5', 'sle-module-development-tools-release-15.5', 'sled-release-15.5', 'sles-release-15.5']},
{'reference':'kernel-syms-5.14.21-150500.55.28.1', 'sp':'5', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-release-15.5', 'sle-module-development-tools-release-15.5', 'sled-release-15.5', 'sles-release-15.5']},
{'reference':'kernel-zfcpdump-5.14.21-150500.55.28.1', 'sp':'5', 'cpu':'s390x', 'release':'SLED15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-release-15.5', 'sle-module-basesystem-release-15.5', 'sled-release-15.5', 'sles-release-15.5']},
{'reference':'kernel-zfcpdump-5.14.21-150500.55.28.1', 'sp':'5', 'cpu':'s390x', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-release-15.5', 'sle-module-basesystem-release-15.5', 'sled-release-15.5', 'sles-release-15.5']},
{'reference':'reiserfs-kmp-default-5.14.21-150500.55.28.1', 'sp':'5', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-release-15.5', 'sle-module-legacy-release-15.5', 'sles-release-15.5']},
{'reference':'cluster-md-kmp-64kb-5.14.21-150500.55.28.1', 'cpu':'aarch64', 'release':'SUSE15.5', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['openSUSE-release-15.5']},
{'reference':'cluster-md-kmp-default-5.14.21-150500.55.28.1', 'release':'SUSE15.5', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['openSUSE-release-15.5']},
{'reference':'dlm-kmp-64kb-5.14.21-150500.55.28.1', 'cpu':'aarch64', 'release':'SUSE15.5', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['openSUSE-release-15.5']},
{'reference':'dlm-kmp-default-5.14.21-150500.55.28.1', 'release':'SUSE15.5', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['openSUSE-release-15.5']},
{'reference':'dtb-allwinner-5.14.21-150500.55.28.1', 'cpu':'aarch64', 'release':'SUSE15.5', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['openSUSE-release-15.5']},
{'reference':'dtb-altera-5.14.21-150500.55.28.1', 'cpu':'aarch64', 'release':'SUSE15.5', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['openSUSE-release-15.5']},
{'reference':'dtb-amazon-5.14.21-150500.55.28.1', 'cpu':'aarch64', 'release':'SUSE15.5', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['openSUSE-release-15.5']},
{'reference':'dtb-amd-5.14.21-150500.55.28.1', 'cpu':'aarch64', 'release':'SUSE15.5', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['openSUSE-release-15.5']},
{'reference':'dtb-amlogic-5.14.21-150500.55.28.1', 'cpu':'aarch64', 'release':'SUSE15.5', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['openSUSE-release-15.5']},
{'reference':'dtb-apm-5.14.21-150500.55.28.1', 'cpu':'aarch64', 'release':'SUSE15.5', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['openSUSE-release-15.5']},
{'reference':'dtb-apple-5.14.21-150500.55.28.1', 'cpu':'aarch64', 'release':'SUSE15.5', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['openSUSE-release-15.5']},
{'reference':'dtb-arm-5.14.21-150500.55.28.1', 'cpu':'aarch64', 'release':'SUSE15.5', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['openSUSE-release-15.5']},
{'reference':'dtb-broadcom-5.14.21-150500.55.28.1', 'cpu':'aarch64', 'release':'SUSE15.5', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['openSUSE-release-15.5']},
{'reference':'dtb-cavium-5.14.21-150500.55.28.1', 'cpu':'aarch64', 'release':'SUSE15.5', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['openSUSE-release-15.5']},
{'reference':'dtb-exynos-5.14.21-150500.55.28.1', 'cpu':'aarch64', 'release':'SUSE15.5', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['openSUSE-release-15.5']},
{'reference':'dtb-freescale-5.14.21-150500.55.28.1', 'cpu':'aarch64', 'release':'SUSE15.5', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['openSUSE-release-15.5']},
{'reference':'dtb-hisilicon-5.14.21-150500.55.28.1', 'cpu':'aarch64', 'release':'SUSE15.5', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['openSUSE-release-15.5']},
{'reference':'dtb-lg-5.14.21-150500.55.28.1', 'cpu':'aarch64', 'release':'SUSE15.5', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['openSUSE-release-15.5']},
{'reference':'dtb-marvell-5.14.21-150500.55.28.1', 'cpu':'aarch64', 'release':'SUSE15.5', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['openSUSE-release-15.5']},
{'reference':'dtb-mediatek-5.14.21-150500.55.28.1', 'cpu':'aarch64', 'release':'SUSE15.5', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['openSUSE-release-15.5']},
{'reference':'dtb-nvidia-5.14.21-150500.55.28.1', 'cpu':'aarch64', 'release':'SUSE15.5', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['openSUSE-release-15.5']},
{'reference':'dtb-qcom-5.14.21-150500.55.28.1', 'cpu':'aarch64', 'release':'SUSE15.5', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['openSUSE-release-15.5']},
{'reference':'dtb-renesas-5.14.21-150500.55.28.1', 'cpu':'aarch64', 'release':'SUSE15.5', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['openSUSE-release-15.5']},
{'reference':'dtb-rockchip-5.14.21-150500.55.28.1', 'cpu':'aarch64', 'release':'SUSE15.5', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['openSUSE-release-15.5']},
{'reference':'dtb-socionext-5.14.21-150500.55.28.1', 'cpu':'aarch64', 'release':'SUSE15.5', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['openSUSE-release-15.5']},
{'reference':'dtb-sprd-5.14.21-150500.55.28.1', 'cpu':'aarch64', 'release':'SUSE15.5', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['openSUSE-release-15.5']},
{'reference':'dtb-xilinx-5.14.21-150500.55.28.1', 'cpu':'aarch64', 'release':'SUSE15.5', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['openSUSE-release-15.5']},
{'reference':'gfs2-kmp-64kb-5.14.21-150500.55.28.1', 'cpu':'aarch64', 'release':'SUSE15.5', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['openSUSE-release-15.5']},
{'reference':'gfs2-kmp-default-5.14.21-150500.55.28.1', 'release':'SUSE15.5', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['openSUSE-release-15.5']},
{'reference':'kernel-64kb-5.14.21-150500.55.28.1', 'cpu':'aarch64', 'release':'SUSE15.5', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['openSUSE-release-15.5']},
{'reference':'kernel-64kb-devel-5.14.21-150500.55.28.1', 'cpu':'aarch64', 'release':'SUSE15.5', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['openSUSE-release-15.5']},
{'reference':'kernel-64kb-extra-5.14.21-150500.55.28.1', 'cpu':'aarch64', 'release':'SUSE15.5', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['openSUSE-release-15.5']},
{'reference':'kernel-64kb-livepatch-devel-5.14.21-150500.55.28.1', 'cpu':'aarch64', 'release':'SUSE15.5', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['openSUSE-release-15.5']},
{'reference':'kernel-64kb-optional-5.14.21-150500.55.28.1', 'cpu':'aarch64', 'release':'SUSE15.5', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['openSUSE-release-15.5']},
{'reference':'kernel-debug-5.14.21-150500.55.28.1', 'cpu':'x86_64', 'release':'SUSE15.5', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['openSUSE-release-15.5']},
{'reference':'kernel-debug-devel-5.14.21-150500.55.28.1', 'cpu':'x86_64', 'release':'SUSE15.5', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['openSUSE-release-15.5']},
{'reference':'kernel-debug-livepatch-devel-5.14.21-150500.55.28.1', 'cpu':'x86_64', 'release':'SUSE15.5', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['openSUSE-release-15.5']},
{'reference':'kernel-debug-vdso-5.14.21-150500.55.28.1', 'cpu':'x86_64', 'release':'SUSE15.5', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['openSUSE-release-15.5']},
{'reference':'kernel-default-5.14.21-150500.55.28.1', 'release':'SUSE15.5', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['openSUSE-release-15.5']},
{'reference':'kernel-default-base-5.14.21-150500.55.28.1.150500.6.11.2', 'cpu':'aarch64', 'release':'SUSE15.5', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['openSUSE-release-15.5']},
{'reference':'kernel-default-base-5.14.21-150500.55.28.1.150500.6.11.2', 'cpu':'x86_64', 'release':'SUSE15.5', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['openSUSE-release-15.5']},
{'reference':'kernel-default-base-rebuild-5.14.21-150500.55.28.1.150500.6.11.2', 'cpu':'aarch64', 'release':'SUSE15.5', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['openSUSE-release-15.5']},
{'reference':'kernel-default-base-rebuild-5.14.21-150500.55.28.1.150500.6.11.2', 'cpu':'x86_64', 'release':'SUSE15.5', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['openSUSE-release-15.5']},
{'reference':'kernel-default-devel-5.14.21-150500.55.28.1', 'release':'SUSE15.5', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['openSUSE-release-15.5']},
{'reference':'kernel-default-extra-5.14.21-150500.55.28.1', 'release':'SUSE15.5', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['openSUSE-release-15.5']},
{'reference':'kernel-default-livepatch-5.14.21-150500.55.28.1', 'release':'SUSE15.5', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['openSUSE-release-15.5']},
{'reference':'kernel-default-livepatch-devel-5.14.21-150500.55.28.1', 'release':'SUSE15.5', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['openSUSE-release-15.5']},
{'reference':'kernel-default-optional-5.14.21-150500.55.28.1', 'release':'SUSE15.5', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['openSUSE-release-15.5']},
{'reference':'kernel-default-vdso-5.14.21-150500.55.28.1', 'cpu':'x86_64', 'release':'SUSE15.5', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['openSUSE-release-15.5']},
{'reference':'kernel-devel-5.14.21-150500.55.28.1', 'release':'SUSE15.5', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['openSUSE-release-15.5']},
{'reference':'kernel-kvmsmall-5.14.21-150500.55.28.1', 'cpu':'aarch64', 'release':'SUSE15.5', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['openSUSE-release-15.5']},
{'reference':'kernel-kvmsmall-5.14.21-150500.55.28.1', 'cpu':'x86_64', 'release':'SUSE15.5', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['openSUSE-release-15.5']},
{'reference':'kernel-kvmsmall-devel-5.14.21-150500.55.28.1', 'cpu':'aarch64', 'release':'SUSE15.5', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['openSUSE-release-15.5']},
{'reference':'kernel-kvmsmall-devel-5.14.21-150500.55.28.1', 'cpu':'x86_64', 'release':'SUSE15.5', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['openSUSE-release-15.5']},
{'reference':'kernel-kvmsmall-livepatch-devel-5.14.21-150500.55.28.1', 'cpu':'aarch64', 'release':'SUSE15.5', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['openSUSE-release-15.5']},
{'reference':'kernel-kvmsmall-livepatch-devel-5.14.21-150500.55.28.1', 'cpu':'x86_64', 'release':'SUSE15.5', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['openSUSE-release-15.5']},
{'reference':'kernel-kvmsmall-vdso-5.14.21-150500.55.28.1', 'cpu':'x86_64', 'release':'SUSE15.5', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['openSUSE-release-15.5']},
{'reference':'kernel-macros-5.14.21-150500.55.28.1', 'release':'SUSE15.5', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['openSUSE-release-15.5']},
{'reference':'kernel-obs-build-5.14.21-150500.55.28.1', 'release':'SUSE15.5', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['openSUSE-release-15.5']},
{'reference':'kernel-obs-qa-5.14.21-150500.55.28.1', 'release':'SUSE15.5', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['openSUSE-release-15.5']},
{'reference':'kernel-source-5.14.21-150500.55.28.1', 'release':'SUSE15.5', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['openSUSE-release-15.5']},
{'reference':'kernel-source-vanilla-5.14.21-150500.55.28.1', 'release':'SUSE15.5', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['openSUSE-release-15.5']},
{'reference':'kernel-syms-5.14.21-150500.55.28.1', 'release':'SUSE15.5', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['openSUSE-release-15.5']},
{'reference':'kernel-zfcpdump-5.14.21-150500.55.28.1', 'cpu':'s390x', 'release':'SUSE15.5', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['openSUSE-release-15.5']},
{'reference':'kselftests-kmp-64kb-5.14.21-150500.55.28.1', 'cpu':'aarch64', 'release':'SUSE15.5', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['openSUSE-release-15.5']},
{'reference':'kselftests-kmp-default-5.14.21-150500.55.28.1', 'release':'SUSE15.5', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['openSUSE-release-15.5']},
{'reference':'ocfs2-kmp-64kb-5.14.21-150500.55.28.1', 'cpu':'aarch64', 'release':'SUSE15.5', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['openSUSE-release-15.5']},
{'reference':'ocfs2-kmp-default-5.14.21-150500.55.28.1', 'release':'SUSE15.5', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['openSUSE-release-15.5']},
{'reference':'reiserfs-kmp-64kb-5.14.21-150500.55.28.1', 'cpu':'aarch64', 'release':'SUSE15.5', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['openSUSE-release-15.5']},
{'reference':'reiserfs-kmp-default-5.14.21-150500.55.28.1', 'release':'SUSE15.5', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['openSUSE-release-15.5']},
{'reference':'cluster-md-kmp-default-5.14.21-150500.55.28.1', 'sp':'5', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sle-ha-release-15.5']},
{'reference':'dlm-kmp-default-5.14.21-150500.55.28.1', 'sp':'5', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sle-ha-release-15.5']},
{'reference':'gfs2-kmp-default-5.14.21-150500.55.28.1', 'sp':'5', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sle-ha-release-15.5']},
{'reference':'ocfs2-kmp-default-5.14.21-150500.55.28.1', 'sp':'5', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sle-ha-release-15.5']},
{'reference':'kernel-default-livepatch-5.14.21-150500.55.28.1', 'sp':'5', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sle-module-live-patching-release-15.5']},
{'reference':'kernel-default-livepatch-devel-5.14.21-150500.55.28.1', 'sp':'5', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sle-module-live-patching-release-15.5']},
{'reference':'kernel-livepatch-5_14_21-150500_55_28-default-1-150500.11.5.1', 'sp':'5', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sle-module-live-patching-release-15.5']},
{'reference':'kernel-default-extra-5.14.21-150500.55.28.1', 'sp':'5', 'cpu':'x86_64', 'release':'SLED15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sle-we-release-15.5', 'sled-release-15.5', 'sles-release-15.5']},
{'reference':'kernel-default-extra-5.14.21-150500.55.28.1', 'sp':'5', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sle-we-release-15.5', 'sled-release-15.5', 'sles-release-15.5']}
];
var ltss_caveat_required = FALSE;
var flag = 0;
foreach var package_array ( pkgs ) {
var reference = NULL;
var _release = NULL;
var sp = NULL;
var _cpu = NULL;
var exists_check = NULL;
var rpm_spec_vers_cmp = NULL;
if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];
if (!empty_or_null(package_array['release'])) _release = package_array['release'];
if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];
if (!empty_or_null(package_array['cpu'])) _cpu = package_array['cpu'];
if (!empty_or_null(package_array['exists_check'])) exists_check = package_array['exists_check'];
if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];
if (reference && _release) {
if (exists_check) {
var check_flag = 0;
foreach var check (exists_check) {
if (!rpm_exists(release:_release, rpm:check)) continue;
check_flag++;
}
if (!check_flag) continue;
}
if (rpm_check(release:_release, sp:sp, cpu:_cpu, reference:reference, rpm_spec_vers_cmp:rpm_spec_vers_cmp)) flag++;
}
}
if (flag)
{
security_report_v4(
port : 0,
severity : SECURITY_WARNING,
extra : rpm_report_get()
);
exit(0);
}
else
{
var tested = pkg_tests_get();
if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'cluster-md-kmp-64kb / cluster-md-kmp-default / dlm-kmp-64kb / etc');
}
Vendor | Product | Version | CPE |
---|---|---|---|
novell | suse_linux | kernel-livepatch-5_14_21-150500_55_28-default | p-cpe:/a:novell:suse_linux:kernel-livepatch-5_14_21-150500_55_28-default |
novell | suse_linux | kernel-macros | p-cpe:/a:novell:suse_linux:kernel-macros |
novell | suse_linux | kernel-zfcpdump | p-cpe:/a:novell:suse_linux:kernel-zfcpdump |
novell | suse_linux | kernel-64kb-devel | p-cpe:/a:novell:suse_linux:kernel-64kb-devel |
novell | suse_linux | ocfs2-kmp-default | p-cpe:/a:novell:suse_linux:ocfs2-kmp-default |
novell | suse_linux | dlm-kmp-default | p-cpe:/a:novell:suse_linux:dlm-kmp-default |
novell | suse_linux | kernel-default-base | p-cpe:/a:novell:suse_linux:kernel-default-base |
novell | suse_linux | kernel-default-livepatch | p-cpe:/a:novell:suse_linux:kernel-default-livepatch |
novell | suse_linux | kernel-default-devel | p-cpe:/a:novell:suse_linux:kernel-default-devel |
novell | suse_linux | kernel-devel | p-cpe:/a:novell:suse_linux:kernel-devel |
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-38457
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-40133
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-2007
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-20588
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-34319
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-3610
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-37453
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-3772
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-3863
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-40283
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-4128
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-4133
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-4134
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-4147
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-4194
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-4273
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-4387
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-4459
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-4563
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-4569
www.nessus.org/u?8fa41c0d
bugzilla.suse.com/1023051
bugzilla.suse.com/1120059
bugzilla.suse.com/1177719
bugzilla.suse.com/1188885
bugzilla.suse.com/1193629
bugzilla.suse.com/1194869
bugzilla.suse.com/1203329
bugzilla.suse.com/1203330
bugzilla.suse.com/1205462
bugzilla.suse.com/1206453
bugzilla.suse.com/1208902
bugzilla.suse.com/1208949
bugzilla.suse.com/1209284
bugzilla.suse.com/1209799
bugzilla.suse.com/1210048
bugzilla.suse.com/1210448
bugzilla.suse.com/1211220
bugzilla.suse.com/1212091
bugzilla.suse.com/1212142
bugzilla.suse.com/1212423
bugzilla.suse.com/1212526
bugzilla.suse.com/1212857
bugzilla.suse.com/1212873
bugzilla.suse.com/1213026
bugzilla.suse.com/1213123
bugzilla.suse.com/1213546
bugzilla.suse.com/1213580
bugzilla.suse.com/1213601
bugzilla.suse.com/1213666
bugzilla.suse.com/1213733
bugzilla.suse.com/1213757
bugzilla.suse.com/1213759
bugzilla.suse.com/1213916
bugzilla.suse.com/1213921
bugzilla.suse.com/1213927
bugzilla.suse.com/1213946
bugzilla.suse.com/1213949
bugzilla.suse.com/1213968
bugzilla.suse.com/1213970
bugzilla.suse.com/1213971
bugzilla.suse.com/1214000
bugzilla.suse.com/1214019
bugzilla.suse.com/1214073
bugzilla.suse.com/1214120
bugzilla.suse.com/1214149
bugzilla.suse.com/1214180
bugzilla.suse.com/1214233
bugzilla.suse.com/1214238
bugzilla.suse.com/1214285
bugzilla.suse.com/1214297
bugzilla.suse.com/1214299
bugzilla.suse.com/1214305
bugzilla.suse.com/1214350
bugzilla.suse.com/1214368
bugzilla.suse.com/1214370
bugzilla.suse.com/1214371
bugzilla.suse.com/1214372
bugzilla.suse.com/1214380
bugzilla.suse.com/1214386
bugzilla.suse.com/1214392
bugzilla.suse.com/1214393
bugzilla.suse.com/1214397
bugzilla.suse.com/1214404
bugzilla.suse.com/1214428
bugzilla.suse.com/1214451
bugzilla.suse.com/1214635
bugzilla.suse.com/1214659
bugzilla.suse.com/1214661
bugzilla.suse.com/1214727
bugzilla.suse.com/1214729
bugzilla.suse.com/1214742
bugzilla.suse.com/1214743
bugzilla.suse.com/1214756
bugzilla.suse.com/1214976
bugzilla.suse.com/1215522
bugzilla.suse.com/1215523
bugzilla.suse.com/1215552
bugzilla.suse.com/1215553
www.suse.com/security/cve/CVE-2022-38457
www.suse.com/security/cve/CVE-2022-40133
www.suse.com/security/cve/CVE-2023-2007
www.suse.com/security/cve/CVE-2023-20588
www.suse.com/security/cve/CVE-2023-34319
www.suse.com/security/cve/CVE-2023-3610
www.suse.com/security/cve/CVE-2023-37453
www.suse.com/security/cve/CVE-2023-3772
www.suse.com/security/cve/CVE-2023-3863
www.suse.com/security/cve/CVE-2023-40283
www.suse.com/security/cve/CVE-2023-4128
www.suse.com/security/cve/CVE-2023-4133
www.suse.com/security/cve/CVE-2023-4134
www.suse.com/security/cve/CVE-2023-4147
www.suse.com/security/cve/CVE-2023-4194
www.suse.com/security/cve/CVE-2023-4273
www.suse.com/security/cve/CVE-2023-4387
www.suse.com/security/cve/CVE-2023-4459
www.suse.com/security/cve/CVE-2023-4563
www.suse.com/security/cve/CVE-2023-4569