CVSS2
Attack Vector
ADJACENT_NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:A/AC:M/Au:N/C:C/I:C/A:C
CVSS3
Attack Vector
ADJACENT
Attack Complexity
HIGH
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:A/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
EPSS
Percentile
46.8%
The remote SUSE Linux SLES15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2021:3338-1 advisory.
u’Specifically timed and handcrafted traffic can cause internal errors in a WLAN device that lead to improper layer 2 Wi-Fi encryption with a consequent possibility of information disclosure over the air for a discrete set of traffic’ in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables, Snapdragon Wired Infrastructure and Networking in APQ8053, IPQ4019, IPQ8064, MSM8909W, MSM8996AU, QCA9531, QCN5502, QCS405, SDX20, SM6150, SM7150 (CVE-2020-3702)
A flaw was found in the Linux kernel. Measuring usage of the shared memory does not scale with large shared memory segment counts which could lead to resource exhaustion and DoS. (CVE-2021-3669)
A memory leak flaw was found in the Linux kernel in the ccp_run_aes_gcm_cmd() function in drivers/crypto/ccp/ccp-ops.c, which allows attackers to cause a denial of service (memory consumption).
This vulnerability is similar with the older CVE-2019-18808. (CVE-2021-3744)
A use-after-free flaw was found in the Linux kernel’s Bluetooth subsystem in the way user calls connect to the socket and disconnect simultaneously due to a race condition. This flaw allows a user to crash the system or escalate their privileges. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability. (CVE-2021-3752)
A memory leak flaw was found in the Linux kernel’s ccp_run_aes_gcm_cmd() function that allows an attacker to cause a denial of service. The vulnerability is similar to the older CVE-2019-18808. The highest threat from this vulnerability is to system availability. (CVE-2021-3764)
A race condition was discovered in ext4_write_inline_data_end in fs/ext4/inline.c in the ext4 subsystem in the Linux kernel through 5.13.13. (CVE-2021-40490)
Note that Nessus has not tested for these issues but has instead relied only on the application’s self-reported version number.
#%NASL_MIN_LEVEL 70300
##
# (C) Tenable, Inc.
#
# The package checks in this plugin were extracted from
# SUSE update advisory SUSE-SU-2021:3338-1. The text itself
# is copyright (C) SUSE.
##
include('deprecated_nasl_level.inc');
include('compat.inc');
if (description)
{
script_id(154087);
script_version("1.9");
script_set_attribute(attribute:"plugin_modification_date", value:"2023/07/13");
script_cve_id(
"CVE-2020-3702",
"CVE-2021-3669",
"CVE-2021-3744",
"CVE-2021-3752",
"CVE-2021-3764",
"CVE-2021-40490"
);
script_xref(name:"SuSE", value:"SUSE-SU-2021:3338-1");
script_name(english:"SUSE SLES15 Security Update : kernel (SUSE-SU-2021:3338-1)");
script_set_attribute(attribute:"synopsis", value:
"The remote SUSE host is missing one or more security updates.");
script_set_attribute(attribute:"description", value:
"The remote SUSE Linux SLES15 host has packages installed that are affected by multiple vulnerabilities as referenced in
the SUSE-SU-2021:3338-1 advisory.
- u'Specifically timed and handcrafted traffic can cause internal errors in a WLAN device that lead to
improper layer 2 Wi-Fi encryption with a consequent possibility of information disclosure over the air for
a discrete set of traffic' in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon
Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon
Wearables, Snapdragon Wired Infrastructure and Networking in APQ8053, IPQ4019, IPQ8064, MSM8909W,
MSM8996AU, QCA9531, QCN5502, QCS405, SDX20, SM6150, SM7150 (CVE-2020-3702)
- A flaw was found in the Linux kernel. Measuring usage of the shared memory does not scale with large
shared memory segment counts which could lead to resource exhaustion and DoS. (CVE-2021-3669)
- A memory leak flaw was found in the Linux kernel in the ccp_run_aes_gcm_cmd() function in
drivers/crypto/ccp/ccp-ops.c, which allows attackers to cause a denial of service (memory consumption).
This vulnerability is similar with the older CVE-2019-18808. (CVE-2021-3744)
- A use-after-free flaw was found in the Linux kernel's Bluetooth subsystem in the way user calls connect to
the socket and disconnect simultaneously due to a race condition. This flaw allows a user to crash the
system or escalate their privileges. The highest threat from this vulnerability is to confidentiality,
integrity, as well as system availability. (CVE-2021-3752)
- A memory leak flaw was found in the Linux kernel's ccp_run_aes_gcm_cmd() function that allows an attacker
to cause a denial of service. The vulnerability is similar to the older CVE-2019-18808. The highest threat
from this vulnerability is to system availability. (CVE-2021-3764)
- A race condition was discovered in ext4_write_inline_data_end in fs/ext4/inline.c in the ext4 subsystem in
the Linux kernel through 5.13.13. (CVE-2021-40490)
Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version
number.");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/1065729");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/1148868");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/1152489");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/1154353");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/1159886");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/1167773");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/1170774");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/1171688");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/1173746");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/1174003");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/1176447");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/1176940");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/1177028");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/1178134");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/1184439");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/1184804");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/1185302");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/1185550");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/1185677");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/1185726");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/1185762");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/1187211");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/1188067");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/1188418");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/1188651");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/1188986");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/1189257");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/1189297");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/1189841");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/1189884");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/1190023");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/1190062");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/1190115");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/1190138");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/1190159");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/1190358");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/1190406");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/1190432");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/1190467");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/1190523");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/1190534");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/1190543");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/1190544");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/1190561");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/1190576");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/1190595");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/1190596");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/1190598");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/1190620");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/1190626");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/1190679");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/1190705");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/1190717");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/1190746");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/1190758");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/1190784");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/1190785");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/1191172");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/1191193");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/1191292");
script_set_attribute(attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2020-3702");
script_set_attribute(attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2021-3669");
script_set_attribute(attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2021-3744");
script_set_attribute(attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2021-3752");
script_set_attribute(attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2021-3764");
script_set_attribute(attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2021-40490");
# https://lists.suse.com/pipermail/sle-security-updates/2021-October/009565.html
script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?2614b84e");
script_set_attribute(attribute:"solution", value:
"Update the affected packages.");
script_set_cvss_base_vector("CVSS2#AV:A/AC:M/Au:N/C:C/I:C/A:C");
script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C");
script_set_cvss3_base_vector("CVSS:3.0/AV:A/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H");
script_set_cvss3_temporal_vector("CVSS:3.0/E:P/RL:O/RC:C");
script_set_attribute(attribute:"cvss_score_source", value:"CVE-2021-3752");
script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
script_set_attribute(attribute:"exploit_available", value:"true");
script_set_attribute(attribute:"vuln_publication_date", value:"2020/09/08");
script_set_attribute(attribute:"patch_publication_date", value:"2021/10/12");
script_set_attribute(attribute:"plugin_publication_date", value:"2021/10/13");
script_set_attribute(attribute:"plugin_type", value:"local");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:kernel-azure");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:kernel-azure-devel");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:kernel-devel-azure");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:kernel-source-azure");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:kernel-syms-azure");
script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:suse_linux:15");
script_set_attribute(attribute:"generated_plugin", value:"current");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_family(english:"SuSE Local Security Checks");
script_copyright(english:"This script is Copyright (C) 2021-2023 and is owned by Tenable, Inc. or an Affiliate thereof.");
script_dependencies("ssh_get_info.nasl");
script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/SuSE/release", "Host/SuSE/rpm-list");
exit(0);
}
include('rpm.inc');
if (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
var os_release = get_kb_item("Host/SuSE/release");
if (isnull(os_release) || os_release !~ "^(SLED|SLES)") audit(AUDIT_OS_NOT, "SUSE");
var os_ver = pregmatch(pattern: "^(SLE(S|D)\d+)", string:os_release);
if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'SUSE');
os_ver = os_ver[1];
if (! preg(pattern:"^(SLES15)$", string:os_ver)) audit(AUDIT_OS_NOT, 'SUSE SLES15', 'SUSE (' + os_ver + ')');
if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
var cpu = get_kb_item('Host/cpu');
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if ('x86_64' >!< cpu && cpu !~ "^i[3-6]86$" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'SUSE (' + os_ver + ')', cpu);
var service_pack = get_kb_item("Host/SuSE/patchlevel");
if (isnull(service_pack)) service_pack = "0";
if (os_ver == "SLES15" && (! preg(pattern:"^(3)$", string:service_pack))) audit(AUDIT_OS_NOT, "SLES15 SP3", os_ver + " SP" + service_pack);
var pkgs = [
{'reference':'kernel-azure-5.3.18-38.25.2', 'sp':'3', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sle-module-public-cloud-release-15.3']},
{'reference':'kernel-azure-devel-5.3.18-38.25.2', 'sp':'3', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sle-module-public-cloud-release-15.3']},
{'reference':'kernel-devel-azure-5.3.18-38.25.2', 'sp':'3', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sle-module-public-cloud-release-15.3']},
{'reference':'kernel-source-azure-5.3.18-38.25.2', 'sp':'3', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sle-module-public-cloud-release-15.3']},
{'reference':'kernel-syms-azure-5.3.18-38.25.1', 'sp':'3', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sle-module-public-cloud-release-15.3']}
];
var ltss_caveat_required = FALSE;
var flag = 0;
foreach var package_array ( pkgs ) {
var reference = NULL;
var _release = NULL;
var sp = NULL;
var _cpu = NULL;
var exists_check = NULL;
var rpm_spec_vers_cmp = NULL;
if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];
if (!empty_or_null(package_array['release'])) _release = package_array['release'];
if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];
if (!empty_or_null(package_array['cpu'])) _cpu = package_array['cpu'];
if (!empty_or_null(package_array['exists_check'])) exists_check = package_array['exists_check'];
if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];
if (reference && _release) {
if (exists_check) {
var check_flag = 0;
foreach var check (exists_check) {
if (!rpm_exists(release:_release, rpm:check)) continue;
check_flag++;
}
if (!check_flag) continue;
}
if (rpm_check(release:_release, sp:sp, cpu:_cpu, reference:reference, rpm_spec_vers_cmp:rpm_spec_vers_cmp)) flag++;
}
}
if (flag)
{
security_report_v4(
port : 0,
severity : SECURITY_HOLE,
extra : rpm_report_get()
);
exit(0);
}
else
{
var tested = pkg_tests_get();
if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'kernel-azure / kernel-azure-devel / kernel-devel-azure / etc');
}
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-3702
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3669
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3744
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3752
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3764
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-40490
www.nessus.org/u?2614b84e
bugzilla.suse.com/1065729
bugzilla.suse.com/1148868
bugzilla.suse.com/1152489
bugzilla.suse.com/1154353
bugzilla.suse.com/1159886
bugzilla.suse.com/1167773
bugzilla.suse.com/1170774
bugzilla.suse.com/1171688
bugzilla.suse.com/1173746
bugzilla.suse.com/1174003
bugzilla.suse.com/1176447
bugzilla.suse.com/1176940
bugzilla.suse.com/1177028
bugzilla.suse.com/1178134
bugzilla.suse.com/1184439
bugzilla.suse.com/1184804
bugzilla.suse.com/1185302
bugzilla.suse.com/1185550
bugzilla.suse.com/1185677
bugzilla.suse.com/1185726
bugzilla.suse.com/1185762
bugzilla.suse.com/1187211
bugzilla.suse.com/1188067
bugzilla.suse.com/1188418
bugzilla.suse.com/1188651
bugzilla.suse.com/1188986
bugzilla.suse.com/1189257
bugzilla.suse.com/1189297
bugzilla.suse.com/1189841
bugzilla.suse.com/1189884
bugzilla.suse.com/1190023
bugzilla.suse.com/1190062
bugzilla.suse.com/1190115
bugzilla.suse.com/1190138
bugzilla.suse.com/1190159
bugzilla.suse.com/1190358
bugzilla.suse.com/1190406
bugzilla.suse.com/1190432
bugzilla.suse.com/1190467
bugzilla.suse.com/1190523
bugzilla.suse.com/1190534
bugzilla.suse.com/1190543
bugzilla.suse.com/1190544
bugzilla.suse.com/1190561
bugzilla.suse.com/1190576
bugzilla.suse.com/1190595
bugzilla.suse.com/1190596
bugzilla.suse.com/1190598
bugzilla.suse.com/1190620
bugzilla.suse.com/1190626
bugzilla.suse.com/1190679
bugzilla.suse.com/1190705
bugzilla.suse.com/1190717
bugzilla.suse.com/1190746
bugzilla.suse.com/1190758
bugzilla.suse.com/1190784
bugzilla.suse.com/1190785
bugzilla.suse.com/1191172
bugzilla.suse.com/1191193
bugzilla.suse.com/1191292
www.suse.com/security/cve/CVE-2020-3702
www.suse.com/security/cve/CVE-2021-3669
www.suse.com/security/cve/CVE-2021-3744
www.suse.com/security/cve/CVE-2021-3752
www.suse.com/security/cve/CVE-2021-3764
www.suse.com/security/cve/CVE-2021-40490
CVSS2
Attack Vector
ADJACENT_NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:A/AC:M/Au:N/C:C/I:C/A:C
CVSS3
Attack Vector
ADJACENT
Attack Complexity
HIGH
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:A/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
EPSS
Percentile
46.8%