CVSS2
Attack Vector
LOCAL
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:L/AC:L/Au:N/C:C/I:C/A:C
CVSS3
Attack Vector
ADJACENT
Attack Complexity
HIGH
Privileges Required
NONE
User Interaction
NONE
Scope
CHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H
AI Score
Confidence
Low
EPSS
Percentile
70.8%
The remote host is missing an update for the
# SPDX-FileCopyrightText: 2021 Greenbone AG
# Some text descriptions might be excerpted from (a) referenced
# source(s), and are Copyright (C) by the respective right holder(s).
#
# SPDX-License-Identifier: GPL-2.0-only
if(description)
{
script_oid("1.3.6.1.4.1.25623.1.1.4.2021.2422.1");
script_cve_id("CVE-2020-24588", "CVE-2020-26558", "CVE-2020-36385", "CVE-2020-36386", "CVE-2021-0129", "CVE-2021-0512", "CVE-2021-0605", "CVE-2021-22555", "CVE-2021-33200", "CVE-2021-33624", "CVE-2021-33909", "CVE-2021-34693", "CVE-2021-3609");
script_tag(name:"creation_date", value:"2021-07-22 02:21:52 +0000 (Thu, 22 Jul 2021)");
script_version("2024-02-02T14:37:50+0000");
script_tag(name:"last_modification", value:"2024-02-02 14:37:50 +0000 (Fri, 02 Feb 2024)");
script_tag(name:"cvss_base", value:"7.2");
script_tag(name:"cvss_base_vector", value:"AV:L/AC:L/Au:N/C:C/I:C/A:C");
script_tag(name:"severity_vector", value:"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H");
script_tag(name:"severity_origin", value:"NVD");
script_tag(name:"severity_date", value:"2021-07-29 17:46:52 +0000 (Thu, 29 Jul 2021)");
script_name("SUSE: Security Advisory (SUSE-SU-2021:2422-1)");
script_category(ACT_GATHER_INFO);
script_copyright("Copyright (C) 2021 Greenbone AG");
script_family("SuSE Local Security Checks");
script_dependencies("gather-package-list.nasl");
script_mandatory_keys("ssh/login/suse_sles", "ssh/login/rpms", re:"ssh/login/release=(SLES12\.0SP4)");
script_xref(name:"Advisory-ID", value:"SUSE-SU-2021:2422-1");
script_xref(name:"URL", value:"https://www.suse.com/support/update/announcement/2021/suse-su-20212422-1/");
script_tag(name:"summary", value:"The remote host is missing an update for the 'Linux Kernel' package(s) announced via the SUSE-SU-2021:2422-1 advisory.");
script_tag(name:"vuldetect", value:"Checks if a vulnerable package version is present on the target host.");
script_tag(name:"insight", value:"The SUSE Linux Enterprise 12 SP4 LTSS kernel was updated to receive various security and bugfixes.
The following security bugs were fixed:
CVE-2021-22555: A heap out-of-bounds write was discovered in
net/netfilter/x_tables.c (bnc#1188116).
CVE-2021-33909: Extremely large seq buffer allocations in seq_file could
lead to buffer underruns and code execution (bsc#1188062).
CVE-2021-3609: A use-after-free in can/bcm could have led to privilege
escalation (bsc#1187215).
CVE-2021-33624: In kernel/bpf/verifier.c a branch can be mispredicted
(e.g., because of type confusion) and consequently an unprivileged BPF
program can read arbitrary memory locations via a side-channel attack,
aka CID-9183671af6db (bnc#1187554).
CVE-2021-0605: In pfkey_dump of af_key.c, there is a possible
out-of-bounds read due to a missing bounds check. This could lead to
local information disclosure in the kernel with System execution
privileges needed. User interaction is not needed for exploitation
(bnc#1187601).
CVE-2021-0512: In __hidinput_change_resolution_multipliers of
hid-input.c, there is a possible out of bounds write due to a heap
buffer overflow. This could lead to local escalation of privilege with
no additional execution privileges needed. User interaction is not
needed for exploitation (bnc#1187595).
CVE-2020-26558: Bluetooth LE and BR/EDR secure pairing in Bluetooth Core
Specification 2.1 may permit a nearby man-in-the-middle attacker to
identify the Passkey used during pairing (in the Passkey authentication
procedure) by reflection of the public key and the authentication
evidence of the initiating device, potentially permitting this attacker
to complete authenticated pairing with the responding device using the
correct Passkey for the pairing session. The attack methodology
determines the Passkey value one bit at a time (bnc#1179610 bnc#1186463).
CVE-2021-34693: net/can/bcm.c allowed local users to obtain sensitive
information from kernel stack memory because parts of a data structure
are uninitialized (bnc#1187452).
CVE-2020-36385: An issue was discovered in
drivers/infiniband/core/ucma.c has a use-after-free because the ctx is
reached via the ctx_list in some ucma_migrate_id situations where
ucma_close is called, aka CID-f5449e74802c (bnc#1187050).
CVE-2021-0129: Improper access control in BlueZ may have allowed an
authenticated user to potentially enable information disclosure via
adjacent access (bnc#1186463).
CVE-2020-36386: An issue was discovered net/bluetooth/hci_event.c has a
slab out-of-bounds read in hci_extended_inquiry_result_evt, aka
CID-51c19bf3d5cf (bnc#1187038).
CVE-2020-24588: The 802.11 standard that underpins Wi-Fi Protected
Access (WPA, WPA2, and WPA3) and Wired Equivalent Privacy (WEP) doesn't
require that the A-MSDU flag in the plaintext QoS header field is
authenticated. Against devices that support receiving non-SSP ... [Please see the references for more information on the vulnerabilities]");
script_tag(name:"affected", value:"'Linux Kernel' package(s) on SUSE Linux Enterprise High Availability 12-SP4, SUSE Linux Enterprise Live Patching 12-SP4, SUSE Linux Enterprise Server 12-SP4, SUSE Linux Enterprise Server for SAP 12-SP4, SUSE OpenStack Cloud 9, SUSE OpenStack Cloud Crowbar 9.");
script_tag(name:"solution", value:"Please install the updated package(s).");
script_tag(name:"solution_type", value:"VendorFix");
script_tag(name:"qod_type", value:"package");
exit(0);
}
include("revisions-lib.inc");
include("pkg-lib-rpm.inc");
release = rpm_get_ssh_release();
if(!release)
exit(0);
res = "";
report = "";
if(release == "SLES12.0SP4") {
if(!isnull(res = isrpmvuln(pkg:"kernel-default", rpm:"kernel-default~4.12.14~95.80.1", rls:"SLES12.0SP4"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"kernel-default-base", rpm:"kernel-default-base~4.12.14~95.80.1", rls:"SLES12.0SP4"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"kernel-default-base-debuginfo", rpm:"kernel-default-base-debuginfo~4.12.14~95.80.1", rls:"SLES12.0SP4"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"kernel-default-debuginfo", rpm:"kernel-default-debuginfo~4.12.14~95.80.1", rls:"SLES12.0SP4"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"kernel-default-debugsource", rpm:"kernel-default-debugsource~4.12.14~95.80.1", rls:"SLES12.0SP4"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"kernel-default-devel", rpm:"kernel-default-devel~4.12.14~95.80.1", rls:"SLES12.0SP4"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"kernel-default-devel-debuginfo", rpm:"kernel-default-devel-debuginfo~4.12.14~95.80.1", rls:"SLES12.0SP4"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"kernel-default-man", rpm:"kernel-default-man~4.12.14~95.80.1", rls:"SLES12.0SP4"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"kernel-devel", rpm:"kernel-devel~4.12.14~95.80.1", rls:"SLES12.0SP4"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"kernel-macros", rpm:"kernel-macros~4.12.14~95.80.1", rls:"SLES12.0SP4"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"kernel-source", rpm:"kernel-source~4.12.14~95.80.1", rls:"SLES12.0SP4"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"kernel-syms", rpm:"kernel-syms~4.12.14~95.80.1", rls:"SLES12.0SP4"))) {
report += res;
}
if(report != "") {
security_message(data:report);
} else if(__pkg_match) {
exit(99);
}
exit(0);
}
exit(0);
CVSS2
Attack Vector
LOCAL
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:L/AC:L/Au:N/C:C/I:C/A:C
CVSS3
Attack Vector
ADJACENT
Attack Complexity
HIGH
Privileges Required
NONE
User Interaction
NONE
Scope
CHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H
AI Score
Confidence
Low
EPSS
Percentile
70.8%