The remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2019:2553 advisory.

  - hardware: Microarchitectural Store Buffer Data Sampling (MSBDS) (CVE-2018-12126)

  - hardware: Micro-architectural Load Port Data Sampling - Information Leak (MLPDS) (CVE-2018-12127)

  - hardware: Microarchitectural Fill Buffer Data Sampling (MFBDS) (CVE-2018-12130)

  - QEMU: rtl8139: integer overflow leads to buffer overflow (CVE-2018-17958)

  - QEMU: net: ignore packets with large size (CVE-2018-17963)

  - QEMU: device_tree: heap buffer overflow while loading device tree blob (CVE-2018-20815)

  - QEMU: scsi-generic: possible OOB access while handling inquiry request (CVE-2019-6501)

  - QEMU: slirp: information leakage in tcp_emu() due to uninitialized stack variables (CVE-2019-9824)

  - hardware: Microarchitectural Data Sampling Uncacheable Memory (MDSUM) (CVE-2019-11091)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

Detections

Analytics

RHEL 7 : qemu-kvm-rhev (RHSA-2019:2553)

critical Nessus Plugin ID 128205

Version 1.8

Version 1.6

Version 1.8 May 1, 2024, 7:16 AM Exploit attributes ("Exploit available" set to "True") Exploit attributes ("Exploitability ease" changed from "No known exploits are available" to "Exploits are available") Plugin Feed: 202405010716
Version 1.6 Dec 6, 2022, 1:01 AM Reference Plugin Feed: 202212060101