The remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2018:1130 advisory.

  - hw: cpu: speculative execution branch target injection (CVE-2017-5715)

  - kernel: Use-after-free vulnerability in DCCP socket (CVE-2017-8824)

  - kernel: Incorrect type conversion for size during dma allocation (CVE-2017-9725)

  - kernel: v4l2: disabled memory access protection mechanism allowing privilege escalation (CVE-2017-13166)

  - kernel: Use-after-free in snd_seq_ioctl_create_port() (CVE-2017-15265)

  - kernel: Missing namespace check in net/netlink/af_netlink.c allows for network monitors to observe     systemwide activity (CVE-2017-17449)

  - kernel: netfilter: use-after-free in tcpmss_mangle_packet function in net/netfilter/xt_TCPMSS.c     (CVE-2017-18017)

  - kernel: kvm: Reachable BUG() on out-of-bounds guest IRQ (CVE-2017-1000252)

  - kernel: Stack information leak in the EFS element (CVE-2017-1000410)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

Detections

Analytics

RHEL 7 : kernel (RHSA-2018:1130)

critical Nessus Plugin ID 109116

Version 1.11