CVSS2
Attack Vector
ADJACENT_NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:A/AC:L/Au:N/C:C/I:C/A:C
CVSS3
Attack Vector
ADJACENT
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
AI Score
Confidence
High
EPSS
Percentile
76.9%
The SUSE Linux Enterprise 12 SP2 LTSS kernel was updated to receive various security and bugfixes.
The following security bugs were fixed :
CVE-2020-36312: Fixed an issue in virt/kvm/kvm_main.c that had a kvm_io_bus_unregister_dev memory leak upon a kmalloc failure (bnc#1184509).
CVE-2021-29650: Fixed an issue inside the netfilter subsystem that allowed attackers to cause a denial of service (panic) because net/netfilter/x_tables.c and include/linux/netfilter/x_tables.h lack a full memory barrier upon the assignment of a new table value (bnc#1184208).
CVE-2020-27673: Fixed an issue in Xen where a guest OS users could have caused a denial of service (host OS hang) via a high rate of events to dom0 (bnc#1177411, bnc#1184583).
CVE-2021-29154: Fixed BPF JIT compilers that allowed to execute arbitrary code within the kernel context (bnc#1184391).
CVE-2020-25673: Fixed NFC endless loops caused by repeated llcp_sock_connect() (bsc#1178181).
CVE-2020-25672: Fixed NFC memory leak in llcp_sock_connect() (bsc#1178181).
CVE-2020-25671: Fixed NFC refcount leak in llcp_sock_connect() (bsc#1178181).
CVE-2020-25670: Fixed NFC refcount leak in llcp_sock_bind() (bsc#1178181).
CVE-2021-28950: Fixed an issue in fs/fuse/fuse_i.h where a ‘stall on CPU’ could have occured because a retry loop continually finds the same bad inode (bnc#1184194, bnc#1184211).
CVE-2020-36322: Fixed an issue inside the FUSE filesystem implementation where fuse_do_getattr() calls make_bad_inode() in inappropriate situations, could have caused a system crash. NOTE: the original fix for this vulnerability was incomplete, and its incompleteness is tracked as CVE-2021-28950 (bnc#1184211).
CVE-2021-30002: Fixed a memory leak issue when a webcam device exists (bnc#1184120).
CVE-2021-3483: Fixed a use-after-free bug in nosy_ioctl() (bsc#1184393).
CVE-2021-20219: Fixed a denial of service vulnerability in drivers/tty/n_tty.c of the Linux kernel. In this flaw a local attacker with a normal user privilege could have delayed the loop and cause a threat to the system availability (bnc#1184397).
CVE-2021-29265: Fixed an issue in usbip_sockfd_store in drivers/usb/usbip/stub_dev.c that allowed attackers to cause a denial of service (GPF) because the stub-up sequence has race conditions during an update of the local and shared status (bnc#1184167).
CVE-2021-29264: Fixed an issue in drivers/net/ethernet/freescale/gianfar.c in the Freescale Gianfar Ethernet driver that allowed attackers to cause a system crash because a negative fragment size is calculated in situations involving an rx queue overrun when jumbo packets are used and NAPI is enabled (bnc#1184168).
CVE-2021-28972: Fixed an issue in drivers/pci/hotplug/rpadlpar_sysfs.c where the RPA PCI Hotplug driver had a user-tolerable buffer overflow when writing a new device name to the driver from userspace, allowing userspace to write data to the kernel stack frame directly. This occurs because add_slot_store and remove_slot_store mishandle drc_name ‘\0’ termination (bnc#1184198).
CVE-2021-28660: Fixed rtw_wx_set_scan in drivers/staging/rtl8188eu/os_dep/ioctl_linux.c that allowed writing beyond the end of the ssid array (bnc#1183593).
CVE-2020-0433: Fixed blk_mq_queue_tag_busy_iter of blk-mq-tag.c, where a possible use after free due to improper locking could have happened.
This could have led to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation (bnc#1176720).
CVE-2021-28038: Fixed an issue with Xen PV. A certain part of the netback driver lacks necessary treatment of errors such as failed memory allocations (as a result of changes to the handling of grant mapping errors). A host OS denial of service may occur during misbehavior of a networking frontend driver. NOTE: this issue exists because of an incomplete fix for CVE-2021-26931 (bnc#1183022, bnc#1183069).
CVE-2021-27365: Fixed an issue inside the iSCSI data structures that does not have appropriate length constraints or checks, and can exceed the PAGE_SIZE value. An unprivileged user can send a Netlink message that is associated with iSCSI, and has a length up to the maximum length of a Netlink message (bnc#1182715).
CVE-2021-27363: Fixed an issue with a kernel pointer leak that could have been used to determine the address of the iscsi_transport structure. When an iSCSI transport is registered with the iSCSI subsystem, the transport’s handle is available to unprivileged users via the sysfs file system, at /sys/class/iscsi_transport/$TRANSPORT_NAME/handle. When read, the show_transport_handle function (in drivers/scsi/scsi_transport_iscsi.c) is called, which leaks the handle. This handle is actually the pointer to an iscsi_transport struct in the kernel module’s global variables (bnc#1182716).
CVE-2021-27364: Fixed an issue in drivers/scsi/scsi_transport_iscsi.c where an unprivileged user can craft Netlink messages (bnc#1182717).
CVE-2020-1749: Fixed a flaw inside of some networking protocols in IPsec, such as VXLAN and GENEVE tunnels over IPv6. When an encrypted tunnel is created between two hosts, the kernel isn’t correctly routing tunneled data over the encrypted link; rather sending the data unencrypted. This would allow anyone in between the two endpoints to read the traffic unencrypted. The main threat from this vulnerability is to data confidentiality (bnc#1165629).
The update package also includes non-security fixes. See advisory for details.
Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
#%NASL_MIN_LEVEL 70300
#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were
# extracted from SUSE update advisory SUSE-SU-2021:1623-1.
# The text itself is copyright (C) SUSE.
#
include('deprecated_nasl_level.inc');
include('compat.inc');
if (description)
{
script_id(149716);
script_version("1.5");
script_set_attribute(attribute:"plugin_modification_date", value:"2024/01/01");
script_cve_id(
"CVE-2020-0433",
"CVE-2020-1749",
"CVE-2020-25670",
"CVE-2020-25671",
"CVE-2020-25672",
"CVE-2020-25673",
"CVE-2020-27673",
"CVE-2020-36312",
"CVE-2020-36322",
"CVE-2021-3483",
"CVE-2021-20219",
"CVE-2021-26931",
"CVE-2021-27363",
"CVE-2021-27364",
"CVE-2021-27365",
"CVE-2021-28038",
"CVE-2021-28660",
"CVE-2021-28950",
"CVE-2021-28972",
"CVE-2021-29154",
"CVE-2021-29264",
"CVE-2021-29265",
"CVE-2021-29650",
"CVE-2021-30002"
);
script_name(english:"SUSE SLES12 Security Update : kernel (SUSE-SU-2021:1623-1)");
script_set_attribute(attribute:"synopsis", value:
"The remote SUSE host is missing one or more security updates.");
script_set_attribute(attribute:"description", value:
"The SUSE Linux Enterprise 12 SP2 LTSS kernel was updated to receive
various security and bugfixes.
The following security bugs were fixed :
CVE-2020-36312: Fixed an issue in virt/kvm/kvm_main.c that had a
kvm_io_bus_unregister_dev memory leak upon a kmalloc failure
(bnc#1184509).
CVE-2021-29650: Fixed an issue inside the netfilter subsystem that
allowed attackers to cause a denial of service (panic) because
net/netfilter/x_tables.c and include/linux/netfilter/x_tables.h lack a
full memory barrier upon the assignment of a new table value
(bnc#1184208).
CVE-2020-27673: Fixed an issue in Xen where a guest OS users could
have caused a denial of service (host OS hang) via a high rate of
events to dom0 (bnc#1177411, bnc#1184583).
CVE-2021-29154: Fixed BPF JIT compilers that allowed to execute
arbitrary code within the kernel context (bnc#1184391).
CVE-2020-25673: Fixed NFC endless loops caused by repeated
llcp_sock_connect() (bsc#1178181).
CVE-2020-25672: Fixed NFC memory leak in llcp_sock_connect()
(bsc#1178181).
CVE-2020-25671: Fixed NFC refcount leak in llcp_sock_connect()
(bsc#1178181).
CVE-2020-25670: Fixed NFC refcount leak in llcp_sock_bind()
(bsc#1178181).
CVE-2021-28950: Fixed an issue in fs/fuse/fuse_i.h where a 'stall on
CPU' could have occured because a retry loop continually finds the
same bad inode (bnc#1184194, bnc#1184211).
CVE-2020-36322: Fixed an issue inside the FUSE filesystem
implementation where fuse_do_getattr() calls make_bad_inode() in
inappropriate situations, could have caused a system crash. NOTE: the
original fix for this vulnerability was incomplete, and its
incompleteness is tracked as CVE-2021-28950 (bnc#1184211).
CVE-2021-30002: Fixed a memory leak issue when a webcam device exists
(bnc#1184120).
CVE-2021-3483: Fixed a use-after-free bug in nosy_ioctl()
(bsc#1184393).
CVE-2021-20219: Fixed a denial of service vulnerability in
drivers/tty/n_tty.c of the Linux kernel. In this flaw a local attacker
with a normal user privilege could have delayed the loop and cause a
threat to the system availability (bnc#1184397).
CVE-2021-29265: Fixed an issue in usbip_sockfd_store in
drivers/usb/usbip/stub_dev.c that allowed attackers to cause a denial
of service (GPF) because the stub-up sequence has race conditions
during an update of the local and shared status (bnc#1184167).
CVE-2021-29264: Fixed an issue in
drivers/net/ethernet/freescale/gianfar.c in the Freescale Gianfar
Ethernet driver that allowed attackers to cause a system crash because
a negative fragment size is calculated in situations involving an rx
queue overrun when jumbo packets are used and NAPI is enabled
(bnc#1184168).
CVE-2021-28972: Fixed an issue in drivers/pci/hotplug/rpadlpar_sysfs.c
where the RPA PCI Hotplug driver had a user-tolerable buffer overflow
when writing a new device name to the driver from userspace, allowing
userspace to write data to the kernel stack frame directly. This
occurs because add_slot_store and remove_slot_store mishandle drc_name
'\0' termination (bnc#1184198).
CVE-2021-28660: Fixed rtw_wx_set_scan in
drivers/staging/rtl8188eu/os_dep/ioctl_linux.c that allowed writing
beyond the end of the ssid array (bnc#1183593).
CVE-2020-0433: Fixed blk_mq_queue_tag_busy_iter of blk-mq-tag.c, where
a possible use after free due to improper locking could have happened.
This could have led to local escalation of privilege with no
additional execution privileges needed. User interaction is not needed
for exploitation (bnc#1176720).
CVE-2021-28038: Fixed an issue with Xen PV. A certain part of the
netback driver lacks necessary treatment of errors such as failed
memory allocations (as a result of changes to the handling of grant
mapping errors). A host OS denial of service may occur during
misbehavior of a networking frontend driver. NOTE: this issue exists
because of an incomplete fix for CVE-2021-26931 (bnc#1183022,
bnc#1183069).
CVE-2021-27365: Fixed an issue inside the iSCSI data structures that
does not have appropriate length constraints or checks, and can exceed
the PAGE_SIZE value. An unprivileged user can send a Netlink message
that is associated with iSCSI, and has a length up to the maximum
length of a Netlink message (bnc#1182715).
CVE-2021-27363: Fixed an issue with a kernel pointer leak that could
have been used to determine the address of the iscsi_transport
structure. When an iSCSI transport is registered with the iSCSI
subsystem, the transport's handle is available to unprivileged users
via the sysfs file system, at
/sys/class/iscsi_transport/$TRANSPORT_NAME/handle. When read, the
show_transport_handle function (in
drivers/scsi/scsi_transport_iscsi.c) is called, which leaks the
handle. This handle is actually the pointer to an iscsi_transport
struct in the kernel module's global variables (bnc#1182716).
CVE-2021-27364: Fixed an issue in drivers/scsi/scsi_transport_iscsi.c
where an unprivileged user can craft Netlink messages (bnc#1182717).
CVE-2020-1749: Fixed a flaw inside of some networking protocols in
IPsec, such as VXLAN and GENEVE tunnels over IPv6. When an encrypted
tunnel is created between two hosts, the kernel isn't correctly
routing tunneled data over the encrypted link; rather sending the data
unencrypted. This would allow anyone in between the two endpoints to
read the traffic unencrypted. The main threat from this vulnerability
is to data confidentiality (bnc#1165629).
The update package also includes non-security fixes. See advisory for
details.
Note that Tenable Network Security has extracted the preceding
description block directly from the SUSE security advisory. Tenable
has attempted to automatically clean and format it as much as possible
without introducing additional issues.");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=1120163");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=1152974");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=1152975");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=1155179");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=1155184");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=1155186");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=1159483");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=1165629");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=1165823");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=1172247");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=1173485");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=1176720");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=1177411");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=1177855");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=1177856");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=1178181");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=1178634");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=1179575");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=1182047");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=1182261");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=1182715");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=1182716");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=1182717");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=1183022");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=1183069");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=1183593");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=1184120");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=1184167");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=1184168");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=1184194");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=1184198");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=1184208");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=1184211");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=1184391");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=1184393");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=1184397");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=1184509");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=1184583");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=1184611");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=1185248");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=1185555");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=1185556");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=1185557");
script_set_attribute(attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2020-0433/");
script_set_attribute(attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2020-1749/");
script_set_attribute(attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2020-25670/");
script_set_attribute(attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2020-25671/");
script_set_attribute(attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2020-25672/");
script_set_attribute(attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2020-25673/");
script_set_attribute(attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2020-27673/");
script_set_attribute(attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2020-36312/");
script_set_attribute(attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2020-36322/");
script_set_attribute(attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2021-20219/");
script_set_attribute(attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2021-27363/");
script_set_attribute(attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2021-27364/");
script_set_attribute(attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2021-27365/");
script_set_attribute(attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2021-28038/");
script_set_attribute(attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2021-28660/");
script_set_attribute(attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2021-28950/");
script_set_attribute(attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2021-28972/");
script_set_attribute(attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2021-29154/");
script_set_attribute(attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2021-29264/");
script_set_attribute(attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2021-29265/");
script_set_attribute(attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2021-29650/");
script_set_attribute(attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2021-30002/");
script_set_attribute(attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2021-3483/");
# https://www.suse.com/support/update/announcement/2021/suse-su-20211623-1
script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?8d4ebd1e");
script_set_attribute(attribute:"solution", value:
"To install this SUSE Security Update use the SUSE recommended
installation methods like YaST online_update or 'zypper patch'.
Alternatively you can run the command listed for your product :
SUSE OpenStack Cloud Crowbar 8 :
zypper in -t patch SUSE-OpenStack-Cloud-Crowbar-8-2021-1623=1
SUSE OpenStack Cloud 8 :
zypper in -t patch SUSE-OpenStack-Cloud-8-2021-1623=1
SUSE Linux Enterprise Server for SAP 12-SP3 :
zypper in -t patch SUSE-SLE-SAP-12-SP3-2021-1623=1
SUSE Linux Enterprise Server 12-SP3-LTSS :
zypper in -t patch SUSE-SLE-SERVER-12-SP3-2021-1623=1
SUSE Linux Enterprise Server 12-SP3-BCL :
zypper in -t patch SUSE-SLE-SERVER-12-SP3-BCL-2021-1623=1
SUSE Linux Enterprise High Availability 12-SP3 :
zypper in -t patch SUSE-SLE-HA-12-SP3-2021-1623=1
HPE Helion Openstack 8 :
zypper in -t patch HPE-Helion-OpenStack-8-2021-1623=1");
script_set_cvss_base_vector("CVSS2#AV:A/AC:L/Au:N/C:C/I:C/A:C");
script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C");
script_set_cvss3_base_vector("CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H");
script_set_cvss3_temporal_vector("CVSS:3.0/E:P/RL:O/RC:C");
script_set_attribute(attribute:"cvss_score_source", value:"CVE-2021-28660");
script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
script_set_attribute(attribute:"exploit_available", value:"true");
script_set_attribute(attribute:"vuln_publication_date", value:"2020/09/09");
script_set_attribute(attribute:"patch_publication_date", value:"2021/05/18");
script_set_attribute(attribute:"plugin_publication_date", value:"2021/05/19");
script_set_attribute(attribute:"plugin_type", value:"local");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:kernel-default");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:kernel-default-base");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:kernel-default-base-debuginfo");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:kernel-default-debuginfo");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:kernel-default-debugsource");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:kernel-default-devel");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:kernel-default-kgraft");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:kernel-default-man");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:kernel-syms");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:kgraft-patch-4_4_180-94_144-default");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:kgraft-patch-4_4_180-94_144-default-debuginfo");
script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:suse_linux:12");
script_set_attribute(attribute:"generated_plugin", value:"current");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_family(english:"SuSE Local Security Checks");
script_copyright(english:"This script is Copyright (C) 2021-2024 and is owned by Tenable, Inc. or an Affiliate thereof.");
script_dependencies("ssh_get_info.nasl");
script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/SuSE/release", "Host/SuSE/rpm-list");
exit(0);
}
include("audit.inc");
include("global_settings.inc");
include("rpm.inc");
if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
release = get_kb_item("Host/SuSE/release");
if (isnull(release) || release !~ "^(SLED|SLES)") audit(AUDIT_OS_NOT, "SUSE");
os_ver = pregmatch(pattern: "^(SLE(S|D)\d+)", string:release);
if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "SUSE");
os_ver = os_ver[1];
if (! preg(pattern:"^(SLES12)$", string:os_ver)) audit(AUDIT_OS_NOT, "SUSE SLES12", "SUSE " + os_ver);
if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
cpu = get_kb_item("Host/cpu");
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if (cpu !~ "^i[3-6]86$" && "x86_64" >!< cpu && "s390x" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "SUSE " + os_ver, cpu);
sp = get_kb_item("Host/SuSE/patchlevel");
if (isnull(sp)) sp = "0";
if (os_ver == "SLES12" && (! preg(pattern:"^(3)$", string:sp))) audit(AUDIT_OS_NOT, "SLES12 SP3", os_ver + " SP" + sp);
flag = 0;
if (rpm_check(release:"SLES12", sp:"3", cpu:"x86_64", reference:"kernel-default-kgraft-4.4.180-94.144.1")) flag++;
if (rpm_check(release:"SLES12", sp:"3", cpu:"x86_64", reference:"kgraft-patch-4_4_180-94_144-default-1-4.3.1")) flag++;
if (rpm_check(release:"SLES12", sp:"3", cpu:"x86_64", reference:"kgraft-patch-4_4_180-94_144-default-debuginfo-1-4.3.1")) flag++;
if (rpm_check(release:"SLES12", sp:"3", cpu:"s390x", reference:"kernel-default-man-4.4.180-94.144.1")) flag++;
if (rpm_check(release:"SLES12", sp:"3", reference:"kernel-default-4.4.180-94.144.1")) flag++;
if (rpm_check(release:"SLES12", sp:"3", reference:"kernel-default-base-4.4.180-94.144.1")) flag++;
if (rpm_check(release:"SLES12", sp:"3", reference:"kernel-default-base-debuginfo-4.4.180-94.144.1")) flag++;
if (rpm_check(release:"SLES12", sp:"3", reference:"kernel-default-debuginfo-4.4.180-94.144.1")) flag++;
if (rpm_check(release:"SLES12", sp:"3", reference:"kernel-default-debugsource-4.4.180-94.144.1")) flag++;
if (rpm_check(release:"SLES12", sp:"3", reference:"kernel-default-devel-4.4.180-94.144.1")) flag++;
if (rpm_check(release:"SLES12", sp:"3", reference:"kernel-syms-4.4.180-94.144.1")) flag++;
if (flag)
{
if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());
else security_hole(0);
exit(0);
}
else
{
tested = pkg_tests_get();
if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
else audit(AUDIT_PACKAGE_NOT_INSTALLED, "kernel");
}
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-0433
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-1749
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25670
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25671
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25672
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25673
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-27673
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-36312
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-36322
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-20219
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-26931
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-27363
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-27364
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-27365
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-28038
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-28660
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-28950
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-28972
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-29154
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-29264
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-29265
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-29650
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30002
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3483
www.nessus.org/u?8d4ebd1e
bugzilla.suse.com/show_bug.cgi?id=1120163
bugzilla.suse.com/show_bug.cgi?id=1152974
bugzilla.suse.com/show_bug.cgi?id=1152975
bugzilla.suse.com/show_bug.cgi?id=1155179
bugzilla.suse.com/show_bug.cgi?id=1155184
bugzilla.suse.com/show_bug.cgi?id=1155186
bugzilla.suse.com/show_bug.cgi?id=1159483
bugzilla.suse.com/show_bug.cgi?id=1165629
bugzilla.suse.com/show_bug.cgi?id=1165823
bugzilla.suse.com/show_bug.cgi?id=1172247
bugzilla.suse.com/show_bug.cgi?id=1173485
bugzilla.suse.com/show_bug.cgi?id=1176720
bugzilla.suse.com/show_bug.cgi?id=1177411
bugzilla.suse.com/show_bug.cgi?id=1177855
bugzilla.suse.com/show_bug.cgi?id=1177856
bugzilla.suse.com/show_bug.cgi?id=1178181
bugzilla.suse.com/show_bug.cgi?id=1178634
bugzilla.suse.com/show_bug.cgi?id=1179575
bugzilla.suse.com/show_bug.cgi?id=1182047
bugzilla.suse.com/show_bug.cgi?id=1182261
bugzilla.suse.com/show_bug.cgi?id=1182715
bugzilla.suse.com/show_bug.cgi?id=1182716
bugzilla.suse.com/show_bug.cgi?id=1182717
bugzilla.suse.com/show_bug.cgi?id=1183022
bugzilla.suse.com/show_bug.cgi?id=1183069
bugzilla.suse.com/show_bug.cgi?id=1183593
bugzilla.suse.com/show_bug.cgi?id=1184120
bugzilla.suse.com/show_bug.cgi?id=1184167
bugzilla.suse.com/show_bug.cgi?id=1184168
bugzilla.suse.com/show_bug.cgi?id=1184194
bugzilla.suse.com/show_bug.cgi?id=1184198
bugzilla.suse.com/show_bug.cgi?id=1184208
bugzilla.suse.com/show_bug.cgi?id=1184211
bugzilla.suse.com/show_bug.cgi?id=1184391
bugzilla.suse.com/show_bug.cgi?id=1184393
bugzilla.suse.com/show_bug.cgi?id=1184397
bugzilla.suse.com/show_bug.cgi?id=1184509
bugzilla.suse.com/show_bug.cgi?id=1184583
bugzilla.suse.com/show_bug.cgi?id=1184611
bugzilla.suse.com/show_bug.cgi?id=1185248
bugzilla.suse.com/show_bug.cgi?id=1185555
bugzilla.suse.com/show_bug.cgi?id=1185556
bugzilla.suse.com/show_bug.cgi?id=1185557
www.suse.com/security/cve/CVE-2020-0433/
www.suse.com/security/cve/CVE-2020-1749/
www.suse.com/security/cve/CVE-2020-25670/
www.suse.com/security/cve/CVE-2020-25671/
www.suse.com/security/cve/CVE-2020-25672/
www.suse.com/security/cve/CVE-2020-25673/
www.suse.com/security/cve/CVE-2020-27673/
www.suse.com/security/cve/CVE-2020-36312/
www.suse.com/security/cve/CVE-2020-36322/
www.suse.com/security/cve/CVE-2021-20219/
www.suse.com/security/cve/CVE-2021-27363/
www.suse.com/security/cve/CVE-2021-27364/
www.suse.com/security/cve/CVE-2021-27365/
www.suse.com/security/cve/CVE-2021-28038/
www.suse.com/security/cve/CVE-2021-28660/
www.suse.com/security/cve/CVE-2021-28950/
www.suse.com/security/cve/CVE-2021-28972/
www.suse.com/security/cve/CVE-2021-29154/
www.suse.com/security/cve/CVE-2021-29264/
www.suse.com/security/cve/CVE-2021-29265/
www.suse.com/security/cve/CVE-2021-29650/
www.suse.com/security/cve/CVE-2021-30002/
www.suse.com/security/cve/CVE-2021-3483/
CVSS2
Attack Vector
ADJACENT_NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:A/AC:L/Au:N/C:C/I:C/A:C
CVSS3
Attack Vector
ADJACENT
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
AI Score
Confidence
High
EPSS
Percentile
76.9%