The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2019:2703 advisory.

  - kernel: Use-after-free in sound/usb/card.c:usb_audio_probe() (CVE-2018-19824)

  - kernel: Heap overflow in mwifiex_update_bss_desc_with_ie function in marvell/mwifiex/scan.c     (CVE-2019-3846)

  - Kernel: KVM: nVMX: guest accesses L0 MSR causes potential DoS (CVE-2019-3887)

  - kernel: brcmfmac heap buffer overflow in brcmf_wowl_nd_results (CVE-2019-9500)

  - kernel: brcmfmac frame validation bypass (CVE-2019-9503)

  - kernel: Count overflow in FUSE request leading to use-after-free issues. (CVE-2019-11487)

  - kernel: ppc: unrelated processes being able to read/write to each other's virtual memory (CVE-2019-12817)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

Detections

Analytics

RHEL 8 : kernel (RHSA-2019:2703)

high Nessus Plugin ID 128665

Version 1.8

Version 1.7

Version 1.8 Apr 28, 2024, 1:01 AM Detection (updated detection logic) Plugin metadata Reference Plugin Feed: 202404280101
Version 1.7 Apr 26, 2024, 7:45 AM CVSS temporal metrics ("CVSSv3 temporal vector" set to "CVSS:3.0/E:P/RL:O/RC:C") CVSS temporal metrics ("CVSSv2 temporal vector" set to "CVSS2#E:POC/RL:OF/RC:C") Exploit attributes ("Exploitability ease" changed from "No known exploits are available" to "Exploits are available") Exploit attributes ("Exploit available" set to "True") CVSSv2 score source (set to "CVE-2019-3846") Plugin Feed: 202404260745