The remote NewStart CGSL host, running version CORE 5.04 / MAIN 5.04, has kernel-rt packages installed that are affected by multiple vulnerabilities:

  - Microarchitectural Store Buffer Data Sampling (MSBDS):
    Store buffers on some microprocessors utilizing     speculative execution may allow an authenticated user to     potentially enable information disclosure via a side     channel with local access. A list of impacted products     can be found here: https://www.intel.com/content/dam/www     /public/us/en/documents/corporate-     information/SA00233-microcode-update-     guidance_05132019.pdf (CVE-2018-12126)

  - Microarchitectural Load Port Data Sampling (MLPDS): Load     ports on some microprocessors utilizing speculative     execution may allow an authenticated user to potentially     enable information disclosure via a side channel with     local access. A list of impacted products can be found     here: https://www.intel.com/content/dam/www/public/us/en     /documents/corporate-information/SA00233-microcode-     update-guidance_05132019.pdf (CVE-2018-12127)

  - Microarchitectural Fill Buffer Data Sampling (MFBDS):
    Fill buffers on some microprocessors utilizing     speculative execution may allow an authenticated user to     potentially enable information disclosure via a side     channel with local access. A list of impacted products     can be found here: https://www.intel.com/content/dam/www     /public/us/en/documents/corporate-     information/SA00233-microcode-update-     guidance_05132019.pdf (CVE-2018-12130)

  - An issue was discovered in the Linux kernel before     4.18.7. In block/blk-core.c, there is an
    __blk_drain_queue() use-after-free because a certain     error case is mishandled. (CVE-2018-20856)

  - A flaw was found in the Linux kernel. A heap based     buffer overflow in mwifiex_uap_parse_tail_ies function     in drivers/net/wireless/marvell/mwifiex/ie.c might lead     to memory corruption and possibly other consequences.
    (CVE-2019-10126)

  - A vulnerability was found in Linux kernel's, versions up     to 3.10, implementation of overlayfs. An attacker with     local access can create a denial of service situation     via NULL pointer dereference in ovl_posix_acl_create     function in fs/overlayfs/dir.c. This can allow attackers     with ability to create directories on overlayfs to crash     the kernel creating a denial of service (DOS).
    (CVE-2019-10140)

  - Microarchitectural Data Sampling Uncacheable Memory     (MDSUM): Uncacheable memory on some microprocessors     utilizing speculative execution may allow an     authenticated user to potentially enable information     disclosure via a side channel with local access. A list     of impacted products can be found here: https://www.inte     l.com/content/dam/www/public/us/en/documents/corporate-     information/SA00233-microcode-update-     guidance_05132019.pdf (CVE-2019-11091)

  - An out-of-bounds access issue was found in the Linux     kernel, all versions through 5.3, in the way Linux     kernel's KVM hypervisor implements the Coalesced MMIO     write operation. It operates on an MMIO ring buffer     'struct kvm_coalesced_mmio' object, wherein write     indices 'ring->first' and 'ring->last' value could be     supplied by a host user-space process. An unprivileged     host user or process with access to '/dev/kvm' device     could use this flaw to crash the host kernel, resulting     in a denial of service or potentially escalating     privileges on the system. (CVE-2019-14821)

  - A flaw that allowed an attacker to corrupt memory and     possibly escalate privileges was found in the mwifiex     kernel module while connecting to a malicious wireless     network. (CVE-2019-3846)

  - The Bluetooth BR/EDR specification up to and including     version 5.1 permits sufficiently low encryption key     length and does not prevent an attacker from influencing     the key length negotiation. This allows practical brute-     force attacks (aka KNOB) that can decrypt traffic and     inject arbitrary ciphertext without the victim noticing.
    (CVE-2019-9506)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

Detections

Analytics

NewStart CGSL CORE 5.04 / MAIN 5.04 : kernel-rt Multiple Vulnerabilities (NS-SA-2019-0222)

critical Nessus Plugin ID 131421

Version 1.7

Version 1.6

Version 1.7 Apr 9, 2024, 2:30 PM CVSS temporal metrics ("CVSSv2 temporal vector" set to "CVSS2#E:POC/RL:OF/RC:C") CVSS temporal metrics ("CVSSv3 temporal vector" set to "CVSS:3.0/E:P/RL:O/RC:C") Exploit attributes ("Exploit available" set to "True") Exploit attributes ("Exploitability ease" changed from "No known exploits are available" to "Exploits are available") Plugin Feed: 202404091430
Version 1.6 Dec 6, 2022, 2:54 AM Reference Plugin Feed: 202212060254