CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
EPSS
Percentile
89.4%
The remote SUSE Linux SLES15 / SLES_SAP15 / openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2023:3391-1 advisory.
Information exposure through microarchitectural state after transient execution in certain vector execution units for some Intel® Processors may allow an authenticated user to potentially enable information disclosure via local access. (CVE-2022-40982)
Copy_from_user on 64-bit versions of the Linux kernel does not implement the __uaccess_begin_nospec allowing a user to bypass the access_ok check and pass a kernel pointer to copy_from_user(). This would allow an attacker to leak information. We recommend upgrading beyond commit 74e19ef0ff8061ef55957c3abd71614ef0f42f47 (CVE-2023-0459)
A side channel vulnerability on some of the AMD CPUs may allow an attacker to influence the return address prediction. This may result in speculative execution at an attacker-controlled?address, potentially leading to information disclosure. (CVE-2023-20569)
An issue in Zen 2 CPUs, under specific microarchitectural circumstances, may allow an attacker to potentially access sensitive information. (CVE-2023-20593)
A flaw was found in the networking subsystem of the Linux kernel within the handling of the RPL protocol.
This issue results from the lack of proper handling of user-supplied data, which can lead to an assertion failure. This may allow an unauthenticated remote attacker to create a denial of service condition on the system. (CVE-2023-2156)
A use after free flaw was found in hfsplus_put_super in fs/hfsplus/super.c in the Linux Kernel. This flaw could allow a local user to cause a denial of service problem. (CVE-2023-2985)
REJECT Duplicate of CVE-2023-3390. (CVE-2023-3117)
Linux Kernel nftables Use-After-Free Local Privilege Escalation Vulnerability; nft_chain_lookup_byid()
failed to check whether a chain was active and CAP_NET_ADMIN is in any user or network namespace (CVE-2023-31248)
A use-after-free vulnerability was found in the Linux kernel’s netfilter subsystem in net/netfilter/nf_tables_api.c. Mishandled error handling with NFT_MSG_NEWRULE makes it possible to use a dangling pointer in the same transaction causing a use-after-free vulnerability. This flaw allows a local attacker with user access to cause a privilege escalation issue. We recommend upgrading past commit 1240eb93f0616b21c675416516ff3d74798fdc97. (CVE-2023-3390)
Linux Kernel nftables Out-Of-Bounds Read/Write Vulnerability; nft_byteorder poorly handled vm register contents when CAP_NET_ADMIN is in any user or network namespace (CVE-2023-35001)
A use-after-free flaw was found in vcs_read in drivers/tty/vt/vc_screen.c in vc_screen in the Linux Kernel. This flaw allows an attacker with local user access to cause a system crash or leak internal kernel information. (CVE-2023-3567)
A use-after-free vulnerability in the Linux kernel’s net/sched: cls_u32 component can be exploited to achieve local privilege escalation. If tcf_change_indev() fails, u32_set_parms() will immediately return an error after incrementing or decrementing the reference counter in tcf_bind_filter(). If an attacker can control the reference counter and set it to zero, they can cause the reference to be freed, leading to a use-after-free vulnerability. We recommend upgrading past commit 04c55383fa5689357bcdd2c8036725a55ed632bc.
(CVE-2023-3609)
An out-of-bounds write vulnerability in the Linux kernel’s net/sched: sch_qfq component can be exploited to achieve local privilege escalation. The qfq_change_agg() function in net/sched/sch_qfq.c allows an out- of-bounds write because lmax is updated according to packet sizes without bounds checks. We recommend upgrading past commit 3e337087c3b5805fe0b8a46ba622a962880b5d64. (CVE-2023-3611)
A use-after-free vulnerability in the Linux kernel’s net/sched: cls_fw component can be exploited to achieve local privilege escalation. If tcf_change_indev() fails, fw_set_parms() will immediately return an error after incrementing or decrementing the reference counter in tcf_bind_filter(). If an attacker can control the reference counter and set it to zero, they can cause the reference to be freed, leading to a use-after-free vulnerability. We recommend upgrading past commit 0323bce598eea038714f941ce2b22541c46d488f.
(CVE-2023-3776)
An out-of-bounds memory access flaw was found in the Linux kernel’s TUN/TAP device driver functionality in how a user generates a malicious (too big) networking packet when napi frags is enabled. This flaw allows a local user to crash or potentially escalate their privileges on the system. (CVE-2023-3812)
Note that Nessus has not tested for these issues but has instead relied only on the application’s self-reported version number.
#%NASL_MIN_LEVEL 80900
##
# (C) Tenable, Inc.
#
# The package checks in this plugin were extracted from
# SUSE update advisory SUSE-SU-2023:3391-1. The text itself
# is copyright (C) SUSE.
##
include('compat.inc');
if (description)
{
script_id(180137);
script_version("1.0");
script_set_attribute(attribute:"plugin_modification_date", value:"2023/08/24");
script_cve_id(
"CVE-2022-40982",
"CVE-2023-0459",
"CVE-2023-2156",
"CVE-2023-2985",
"CVE-2023-3117",
"CVE-2023-3390",
"CVE-2023-3567",
"CVE-2023-3609",
"CVE-2023-3611",
"CVE-2023-3776",
"CVE-2023-3812",
"CVE-2023-20569",
"CVE-2023-20593",
"CVE-2023-31248",
"CVE-2023-35001"
);
script_xref(name:"SuSE", value:"SUSE-SU-2023:3391-1");
script_name(english:"SUSE SLES15 / openSUSE 15 Security Update : kernel (SUSE-SU-2023:3391-1)");
script_set_attribute(attribute:"synopsis", value:
"The remote SUSE host is missing one or more security updates.");
script_set_attribute(attribute:"description", value:
"The remote SUSE Linux SLES15 / SLES_SAP15 / openSUSE 15 host has packages installed that are affected by multiple
vulnerabilities as referenced in the SUSE-SU-2023:3391-1 advisory.
- Information exposure through microarchitectural state after transient execution in certain vector
execution units for some Intel(R) Processors may allow an authenticated user to potentially enable
information disclosure via local access. (CVE-2022-40982)
- Copy_from_user on 64-bit versions of the Linux kernel does not implement the __uaccess_begin_nospec
allowing a user to bypass the access_ok check and pass a kernel pointer to copy_from_user(). This would
allow an attacker to leak information. We recommend upgrading beyond commit
74e19ef0ff8061ef55957c3abd71614ef0f42f47 (CVE-2023-0459)
- A side channel vulnerability on some of the AMD CPUs may allow an attacker to influence the return address
prediction. This may result in speculative execution at an attacker-controlled?address, potentially
leading to information disclosure. (CVE-2023-20569)
- An issue in Zen 2 CPUs, under specific microarchitectural circumstances, may allow an attacker to
potentially access sensitive information. (CVE-2023-20593)
- A flaw was found in the networking subsystem of the Linux kernel within the handling of the RPL protocol.
This issue results from the lack of proper handling of user-supplied data, which can lead to an assertion
failure. This may allow an unauthenticated remote attacker to create a denial of service condition on the
system. (CVE-2023-2156)
- A use after free flaw was found in hfsplus_put_super in fs/hfsplus/super.c in the Linux Kernel. This flaw
could allow a local user to cause a denial of service problem. (CVE-2023-2985)
- ** REJECT ** Duplicate of CVE-2023-3390. (CVE-2023-3117)
- Linux Kernel nftables Use-After-Free Local Privilege Escalation Vulnerability; `nft_chain_lookup_byid()`
failed to check whether a chain was active and CAP_NET_ADMIN is in any user or network namespace
(CVE-2023-31248)
- A use-after-free vulnerability was found in the Linux kernel's netfilter subsystem in
net/netfilter/nf_tables_api.c. Mishandled error handling with NFT_MSG_NEWRULE makes it possible to use a
dangling pointer in the same transaction causing a use-after-free vulnerability. This flaw allows a local
attacker with user access to cause a privilege escalation issue. We recommend upgrading past commit
1240eb93f0616b21c675416516ff3d74798fdc97. (CVE-2023-3390)
- Linux Kernel nftables Out-Of-Bounds Read/Write Vulnerability; nft_byteorder poorly handled vm register
contents when CAP_NET_ADMIN is in any user or network namespace (CVE-2023-35001)
- A use-after-free flaw was found in vcs_read in drivers/tty/vt/vc_screen.c in vc_screen in the Linux
Kernel. This flaw allows an attacker with local user access to cause a system crash or leak internal
kernel information. (CVE-2023-3567)
- A use-after-free vulnerability in the Linux kernel's net/sched: cls_u32 component can be exploited to
achieve local privilege escalation. If tcf_change_indev() fails, u32_set_parms() will immediately return
an error after incrementing or decrementing the reference counter in tcf_bind_filter(). If an attacker can
control the reference counter and set it to zero, they can cause the reference to be freed, leading to a
use-after-free vulnerability. We recommend upgrading past commit 04c55383fa5689357bcdd2c8036725a55ed632bc.
(CVE-2023-3609)
- An out-of-bounds write vulnerability in the Linux kernel's net/sched: sch_qfq component can be exploited
to achieve local privilege escalation. The qfq_change_agg() function in net/sched/sch_qfq.c allows an out-
of-bounds write because lmax is updated according to packet sizes without bounds checks. We recommend
upgrading past commit 3e337087c3b5805fe0b8a46ba622a962880b5d64. (CVE-2023-3611)
- A use-after-free vulnerability in the Linux kernel's net/sched: cls_fw component can be exploited to
achieve local privilege escalation. If tcf_change_indev() fails, fw_set_parms() will immediately return an
error after incrementing or decrementing the reference counter in tcf_bind_filter(). If an attacker can
control the reference counter and set it to zero, they can cause the reference to be freed, leading to a
use-after-free vulnerability. We recommend upgrading past commit 0323bce598eea038714f941ce2b22541c46d488f.
(CVE-2023-3776)
- An out-of-bounds memory access flaw was found in the Linux kernel's TUN/TAP device driver functionality in
how a user generates a malicious (too big) networking packet when napi frags is enabled. This flaw allows
a local user to crash or potentially escalate their privileges on the system. (CVE-2023-3812)
Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version
number.");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/1199304");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/1206418");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/1207270");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/1210584");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/1211131");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/1211738");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/1211867");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/1212301");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/1212741");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/1212835");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/1212846");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/1213059");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/1213061");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/1213167");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/1213245");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/1213286");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/1213287");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/1213354");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/1213543");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/1213585");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/1213586");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/1213588");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/1213653");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/1213868");
script_set_attribute(attribute:"see_also", value:"https://lists.suse.com/pipermail/sle-updates/2023-August/031135.html");
script_set_attribute(attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2022-40982");
script_set_attribute(attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2023-0459");
script_set_attribute(attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2023-20569");
script_set_attribute(attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2023-20593");
script_set_attribute(attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2023-2156");
script_set_attribute(attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2023-2985");
script_set_attribute(attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2023-3117");
script_set_attribute(attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2023-31248");
script_set_attribute(attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2023-3390");
script_set_attribute(attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2023-35001");
script_set_attribute(attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2023-3567");
script_set_attribute(attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2023-3609");
script_set_attribute(attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2023-3611");
script_set_attribute(attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2023-3776");
script_set_attribute(attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2023-3812");
script_set_attribute(attribute:"solution", value:
"Update the affected packages.");
script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:N/A:N");
script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C");
script_set_cvss3_base_vector("CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H");
script_set_cvss3_temporal_vector("CVSS:3.0/E:P/RL:O/RC:C");
script_set_attribute(attribute:"cvss_score_source", value:"CVE-2023-20569");
script_set_attribute(attribute:"cvss3_score_source", value:"CVE-2023-3812");
script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
script_set_attribute(attribute:"exploit_available", value:"true");
script_set_attribute(attribute:"vuln_publication_date", value:"2022/12/01");
script_set_attribute(attribute:"patch_publication_date", value:"2023/08/23");
script_set_attribute(attribute:"plugin_publication_date", value:"2023/08/24");
script_set_attribute(attribute:"plugin_type", value:"local");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:cluster-md-kmp-default");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:dlm-kmp-default");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:gfs2-kmp-default");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:kernel-64kb");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:kernel-64kb-devel");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:kernel-default");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:kernel-default-base");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:kernel-default-devel");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:kernel-default-livepatch");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:kernel-default-livepatch-devel");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:kernel-devel");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:kernel-livepatch-5_3_18-150300_59_130-default");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:kernel-macros");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:kernel-obs-build");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:kernel-preempt");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:kernel-preempt-devel");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:kernel-source");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:kernel-syms");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:kernel-zfcpdump");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:ocfs2-kmp-default");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:reiserfs-kmp-default");
script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:suse_linux:15");
script_set_attribute(attribute:"generated_plugin", value:"current");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_family(english:"SuSE Local Security Checks");
script_copyright(english:"This script is Copyright (C) 2023 and is owned by Tenable, Inc. or an Affiliate thereof.");
script_dependencies("ssh_get_info.nasl");
script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/SuSE/release", "Host/SuSE/rpm-list");
exit(0);
}
include('rpm.inc');
if (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
var os_release = get_kb_item("Host/SuSE/release");
if (isnull(os_release) || os_release !~ "^(SLED|SLES|SUSE)") audit(AUDIT_OS_NOT, "SUSE / openSUSE");
var os_ver = pregmatch(pattern: "^(SLE(S|D)(?:_SAP)?\d+|SUSE([\d.]+))", string:os_release);
if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'SUSE / openSUSE');
os_ver = os_ver[1];
if (! preg(pattern:"^(SLES15|SLES_SAP15|SUSE15\.4)$", string:os_ver)) audit(AUDIT_OS_NOT, 'SUSE SLES15 / SLES_SAP15 / openSUSE 15', 'SUSE / openSUSE (' + os_ver + ')');
if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
var cpu = get_kb_item('Host/cpu');
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if ('x86_64' >!< cpu && cpu !~ "^i[3-6]86$" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'SUSE / openSUSE (' + os_ver + ')', cpu);
var service_pack = get_kb_item("Host/SuSE/patchlevel");
if (isnull(service_pack)) service_pack = "0";
if (os_ver == "SLES15" && (! preg(pattern:"^(3)$", string:service_pack))) audit(AUDIT_OS_NOT, "SLES15 SP3", os_ver + " SP" + service_pack);
if (os_ver == "SLES_SAP15" && (! preg(pattern:"^(3)$", string:service_pack))) audit(AUDIT_OS_NOT, "SLES_SAP15 SP3", os_ver + " SP" + service_pack);
var pkgs = [
{'reference':'kernel-default-5.3.18-150300.59.130.1', 'sp':'3', 'cpu':'x86_64', 'release':'SLES_SAP15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.3']},
{'reference':'kernel-default-base-5.3.18-150300.59.130.1.150300.18.76.1', 'sp':'3', 'cpu':'x86_64', 'release':'SLES_SAP15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.3']},
{'reference':'kernel-default-devel-5.3.18-150300.59.130.1', 'sp':'3', 'cpu':'x86_64', 'release':'SLES_SAP15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.3']},
{'reference':'kernel-devel-5.3.18-150300.59.130.1', 'sp':'3', 'release':'SLES_SAP15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.3']},
{'reference':'kernel-macros-5.3.18-150300.59.130.1', 'sp':'3', 'release':'SLES_SAP15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.3']},
{'reference':'kernel-obs-build-5.3.18-150300.59.130.1', 'sp':'3', 'cpu':'x86_64', 'release':'SLES_SAP15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.3']},
{'reference':'kernel-preempt-5.3.18-150300.59.130.1', 'sp':'3', 'cpu':'x86_64', 'release':'SLES_SAP15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.3']},
{'reference':'kernel-preempt-devel-5.3.18-150300.59.130.1', 'sp':'3', 'cpu':'x86_64', 'release':'SLES_SAP15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.3']},
{'reference':'kernel-source-5.3.18-150300.59.130.1', 'sp':'3', 'release':'SLES_SAP15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.3']},
{'reference':'kernel-syms-5.3.18-150300.59.130.1', 'sp':'3', 'cpu':'x86_64', 'release':'SLES_SAP15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.3']},
{'reference':'reiserfs-kmp-default-5.3.18-150300.59.130.1', 'sp':'3', 'cpu':'x86_64', 'release':'SLES_SAP15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.3']},
{'reference':'kernel-64kb-5.3.18-150300.59.130.1', 'sp':'3', 'cpu':'aarch64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-ESPOS-release-3']},
{'reference':'kernel-64kb-devel-5.3.18-150300.59.130.1', 'sp':'3', 'cpu':'aarch64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-ESPOS-release-3']},
{'reference':'kernel-default-5.3.18-150300.59.130.1', 'sp':'3', 'cpu':'aarch64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-ESPOS-release-3']},
{'reference':'kernel-default-5.3.18-150300.59.130.1', 'sp':'3', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-ESPOS-release-3', 'SUSE-Manager-Proxy-release-4.2']},
{'reference':'kernel-default-base-5.3.18-150300.59.130.1.150300.18.76.1', 'sp':'3', 'cpu':'aarch64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-ESPOS-release-3']},
{'reference':'kernel-default-base-5.3.18-150300.59.130.1.150300.18.76.1', 'sp':'3', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-ESPOS-release-3', 'SUSE-Manager-Proxy-release-4.2']},
{'reference':'kernel-default-devel-5.3.18-150300.59.130.1', 'sp':'3', 'cpu':'aarch64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-ESPOS-release-3']},
{'reference':'kernel-default-devel-5.3.18-150300.59.130.1', 'sp':'3', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-ESPOS-release-3', 'SUSE-Manager-Proxy-release-4.2']},
{'reference':'kernel-devel-5.3.18-150300.59.130.1', 'sp':'3', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-ESPOS-release-3', 'SUSE-Manager-Proxy-release-4.2', 'SUSE-Manager-Server-release-4.2']},
{'reference':'kernel-macros-5.3.18-150300.59.130.1', 'sp':'3', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-ESPOS-release-3', 'SUSE-Manager-Proxy-release-4.2', 'SUSE-Manager-Server-release-4.2']},
{'reference':'kernel-obs-build-5.3.18-150300.59.130.1', 'sp':'3', 'cpu':'aarch64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-ESPOS-release-3']},
{'reference':'kernel-obs-build-5.3.18-150300.59.130.1', 'sp':'3', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-ESPOS-release-3']},
{'reference':'kernel-preempt-5.3.18-150300.59.130.1', 'sp':'3', 'cpu':'aarch64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-ESPOS-release-3']},
{'reference':'kernel-preempt-5.3.18-150300.59.130.1', 'sp':'3', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-ESPOS-release-3', 'SUSE-Manager-Proxy-release-4.2', 'SUSE-Manager-Server-release-4.2']},
{'reference':'kernel-preempt-devel-5.3.18-150300.59.130.1', 'sp':'3', 'cpu':'aarch64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-ESPOS-release-3']},
{'reference':'kernel-preempt-devel-5.3.18-150300.59.130.1', 'sp':'3', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-ESPOS-release-3']},
{'reference':'kernel-source-5.3.18-150300.59.130.1', 'sp':'3', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-ESPOS-release-3']},
{'reference':'kernel-syms-5.3.18-150300.59.130.1', 'sp':'3', 'cpu':'aarch64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-ESPOS-release-3']},
{'reference':'kernel-syms-5.3.18-150300.59.130.1', 'sp':'3', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-ESPOS-release-3']},
{'reference':'reiserfs-kmp-default-5.3.18-150300.59.130.1', 'sp':'3', 'cpu':'aarch64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-ESPOS-release-3']},
{'reference':'reiserfs-kmp-default-5.3.18-150300.59.130.1', 'sp':'3', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-ESPOS-release-3']},
{'reference':'kernel-64kb-5.3.18-150300.59.130.1', 'sp':'3', 'cpu':'aarch64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-LTSS-release-15.3', 'sles-ltss-release-15.3']},
{'reference':'kernel-64kb-devel-5.3.18-150300.59.130.1', 'sp':'3', 'cpu':'aarch64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-LTSS-release-15.3', 'sles-ltss-release-15.3']},
{'reference':'kernel-default-5.3.18-150300.59.130.1', 'sp':'3', 'cpu':'aarch64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-LTSS-release-15.3']},
{'reference':'kernel-default-5.3.18-150300.59.130.1', 'sp':'3', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-LTSS-release-15.3']},
{'reference':'kernel-default-base-5.3.18-150300.59.130.1.150300.18.76.1', 'sp':'3', 'cpu':'aarch64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-LTSS-release-15.3']},
{'reference':'kernel-default-base-5.3.18-150300.59.130.1.150300.18.76.1', 'sp':'3', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-LTSS-release-15.3']},
{'reference':'kernel-default-devel-5.3.18-150300.59.130.1', 'sp':'3', 'cpu':'aarch64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-LTSS-release-15.3']},
{'reference':'kernel-default-devel-5.3.18-150300.59.130.1', 'sp':'3', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-LTSS-release-15.3']},
{'reference':'kernel-devel-5.3.18-150300.59.130.1', 'sp':'3', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-LTSS-release-15.3', 'sles-ltss-release-15.3']},
{'reference':'kernel-macros-5.3.18-150300.59.130.1', 'sp':'3', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-LTSS-release-15.3', 'sles-ltss-release-15.3']},
{'reference':'kernel-obs-build-5.3.18-150300.59.130.1', 'sp':'3', 'cpu':'aarch64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-LTSS-release-15.3']},
{'reference':'kernel-obs-build-5.3.18-150300.59.130.1', 'sp':'3', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-LTSS-release-15.3']},
{'reference':'kernel-preempt-5.3.18-150300.59.130.1', 'sp':'3', 'cpu':'aarch64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-LTSS-release-15.3', 'sles-ltss-release-15.3']},
{'reference':'kernel-preempt-5.3.18-150300.59.130.1', 'sp':'3', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-LTSS-release-15.3', 'sles-ltss-release-15.3']},
{'reference':'kernel-preempt-devel-5.3.18-150300.59.130.1', 'sp':'3', 'cpu':'aarch64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-LTSS-release-15.3', 'sles-ltss-release-15.3']},
{'reference':'kernel-preempt-devel-5.3.18-150300.59.130.1', 'sp':'3', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-LTSS-release-15.3', 'sles-ltss-release-15.3']},
{'reference':'kernel-source-5.3.18-150300.59.130.1', 'sp':'3', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-LTSS-release-15.3', 'sles-ltss-release-15.3']},
{'reference':'kernel-syms-5.3.18-150300.59.130.1', 'sp':'3', 'cpu':'aarch64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-LTSS-release-15.3']},
{'reference':'kernel-syms-5.3.18-150300.59.130.1', 'sp':'3', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-LTSS-release-15.3']},
{'reference':'reiserfs-kmp-default-5.3.18-150300.59.130.1', 'sp':'3', 'cpu':'aarch64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-LTSS-release-15.3']},
{'reference':'reiserfs-kmp-default-5.3.18-150300.59.130.1', 'sp':'3', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-LTSS-release-15.3']},
{'reference':'kernel-default-5.3.18-150300.59.130.1', 'sp':'3', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SUSE-Manager-Server-release-4.2']},
{'reference':'kernel-default-base-5.3.18-150300.59.130.1.150300.18.76.1', 'sp':'3', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SUSE-Manager-Server-release-4.2']},
{'reference':'kernel-default-devel-5.3.18-150300.59.130.1', 'sp':'3', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SUSE-Manager-Server-release-4.2']},
{'reference':'kernel-zfcpdump-5.3.18-150300.59.130.1', 'sp':'3', 'cpu':'s390x', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SUSE-Manager-Server-release-4.2']},
{'reference':'dtb-al-5.3.18-150300.59.130.1', 'cpu':'aarch64', 'release':'SUSE15.4', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['openSUSE-release-15.4']},
{'reference':'dtb-zte-5.3.18-150300.59.130.1', 'cpu':'aarch64', 'release':'SUSE15.4', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['openSUSE-release-15.4']},
{'reference':'cluster-md-kmp-default-5.3.18-150300.59.130.1', 'sp':'3', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sle-ha-release-15.3']},
{'reference':'dlm-kmp-default-5.3.18-150300.59.130.1', 'sp':'3', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sle-ha-release-15.3']},
{'reference':'gfs2-kmp-default-5.3.18-150300.59.130.1', 'sp':'3', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sle-ha-release-15.3']},
{'reference':'ocfs2-kmp-default-5.3.18-150300.59.130.1', 'sp':'3', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sle-ha-release-15.3']},
{'reference':'kernel-default-livepatch-5.3.18-150300.59.130.1', 'sp':'3', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sle-module-live-patching-release-15.3']},
{'reference':'kernel-default-livepatch-devel-5.3.18-150300.59.130.1', 'sp':'3', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sle-module-live-patching-release-15.3']},
{'reference':'kernel-livepatch-5_3_18-150300_59_130-default-1-150300.7.3.1', 'sp':'3', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sle-module-live-patching-release-15.3']},
{'reference':'kernel-default-5.3.18-150300.59.130.1', 'sp':'3', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sles-ltss-release-15.3']},
{'reference':'kernel-default-base-5.3.18-150300.59.130.1.150300.18.76.1', 'sp':'3', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sles-ltss-release-15.3']},
{'reference':'kernel-default-devel-5.3.18-150300.59.130.1', 'sp':'3', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sles-ltss-release-15.3']},
{'reference':'kernel-obs-build-5.3.18-150300.59.130.1', 'sp':'3', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sles-ltss-release-15.3']},
{'reference':'kernel-syms-5.3.18-150300.59.130.1', 'sp':'3', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sles-ltss-release-15.3']},
{'reference':'kernel-zfcpdump-5.3.18-150300.59.130.1', 'sp':'3', 'cpu':'s390x', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sles-ltss-release-15.3']},
{'reference':'reiserfs-kmp-default-5.3.18-150300.59.130.1', 'sp':'3', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sles-ltss-release-15.3']}
];
var ltss_caveat_required = FALSE;
var flag = 0;
foreach var package_array ( pkgs ) {
var reference = NULL;
var _release = NULL;
var sp = NULL;
var _cpu = NULL;
var exists_check = NULL;
var rpm_spec_vers_cmp = NULL;
if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];
if (!empty_or_null(package_array['release'])) _release = package_array['release'];
if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];
if (!empty_or_null(package_array['cpu'])) _cpu = package_array['cpu'];
if (!empty_or_null(package_array['exists_check'])) exists_check = package_array['exists_check'];
if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];
if (reference && _release) {
if (exists_check) {
var check_flag = 0;
foreach var check (exists_check) {
if (!rpm_exists(release:_release, rpm:check)) continue;
if ('ltss' >< tolower(check)) ltss_caveat_required = TRUE;
check_flag++;
}
if (!check_flag) continue;
}
if (rpm_check(release:_release, sp:sp, cpu:_cpu, reference:reference, rpm_spec_vers_cmp:rpm_spec_vers_cmp)) flag++;
}
}
if (flag)
{
var ltss_plugin_caveat = NULL;
if(ltss_caveat_required) ltss_plugin_caveat = '\n' +
'NOTE: This vulnerability check contains fixes that apply to\n' +
'packages only available in SUSE Enterprise Linux Server LTSS\n' +
'repositories. Access to these package security updates require\n' +
'a paid SUSE LTSS subscription.\n';
security_report_v4(
port : 0,
severity : SECURITY_HOLE,
extra : rpm_report_get() + ltss_plugin_caveat
);
exit(0);
}
else
{
var tested = pkg_tests_get();
if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'cluster-md-kmp-default / dlm-kmp-default / dtb-al / dtb-zte / etc');
}
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-40982
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0459
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-20569
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-20593
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-2156
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-2985
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-3117
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-31248
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-3390
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-35001
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-3567
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-3609
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-3611
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-3776
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-3812
bugzilla.suse.com/1199304
bugzilla.suse.com/1206418
bugzilla.suse.com/1207270
bugzilla.suse.com/1210584
bugzilla.suse.com/1211131
bugzilla.suse.com/1211738
bugzilla.suse.com/1211867
bugzilla.suse.com/1212301
bugzilla.suse.com/1212741
bugzilla.suse.com/1212835
bugzilla.suse.com/1212846
bugzilla.suse.com/1213059
bugzilla.suse.com/1213061
bugzilla.suse.com/1213167
bugzilla.suse.com/1213245
bugzilla.suse.com/1213286
bugzilla.suse.com/1213287
bugzilla.suse.com/1213354
bugzilla.suse.com/1213543
bugzilla.suse.com/1213585
bugzilla.suse.com/1213586
bugzilla.suse.com/1213588
bugzilla.suse.com/1213653
bugzilla.suse.com/1213868
lists.suse.com/pipermail/sle-updates/2023-August/031135.html
www.suse.com/security/cve/CVE-2022-40982
www.suse.com/security/cve/CVE-2023-0459
www.suse.com/security/cve/CVE-2023-20569
www.suse.com/security/cve/CVE-2023-20593
www.suse.com/security/cve/CVE-2023-2156
www.suse.com/security/cve/CVE-2023-2985
www.suse.com/security/cve/CVE-2023-3117
www.suse.com/security/cve/CVE-2023-31248
www.suse.com/security/cve/CVE-2023-3390
www.suse.com/security/cve/CVE-2023-35001
www.suse.com/security/cve/CVE-2023-3567
www.suse.com/security/cve/CVE-2023-3609
www.suse.com/security/cve/CVE-2023-3611
www.suse.com/security/cve/CVE-2023-3776
www.suse.com/security/cve/CVE-2023-3812