The remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2018:0151 advisory.

  - kernel: local privesc in key management (CVE-2015-8539)

  - hw: cpu: speculative execution bounds-check bypass (CVE-2017-5753)

  - kernel: keyctl_set_reqkey_keyring() leaks thread keyrings (CVE-2017-7472)

  - kernel: NULL pointer dereference due to KEYCTL_READ on negative key (CVE-2017-12192)

  - kernel: Null pointer dereference due to incorrect node-splitting in assoc_array implementation     (CVE-2017-12193)

  - kernel: Use-after-free in the af_packet.c (CVE-2017-15649)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

Detections

Analytics

RHEL 7 : kernel (RHSA-2018:0151)

high Nessus Plugin ID 106330

Version 1.19