CentOS 7 : kernel (CESA-2020:0375) (deprecated)

critical Nessus Plugin ID 133508
New! Plugin Severity Now Using CVSS v3

The calculated severity for Plugins has been updated to use CVSS v3 by default. Plugins that do not have a CVSS v3 score will fall back to CVSS v2 for calculating severity. Severity display preferences can be toggled in the settings dropdown.

Synopsis

This plugin has been deprecated.

Description

An update for kernel-rt is now available for Red Hat Enterprise Linux 7.

Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements.

Security Fix(es) :

* kernel: heap overflow in mwifiex_update_vs_ie() function of Marvell WiFi driver (CVE-2019-14816)

* kernel: heap-based buffer overflow in mwifiex_process_country_ie() function in drivers/net/wireless/marvell/mwifiex/sta_ioctl.c (CVE-2019-14895)

* kernel: heap overflow in marvell/mwifiex/tdls.c (CVE-2019-14901)

* kernel: buffer overflow in cfg80211_mgd_wext_giwessid in net/wireless/ wext-sme.c (CVE-2019-17133)

* kernel: incomplete fix for race condition between mmget_not_zero()/ get_task_mm() and core dumping in CVE-2019-11599 (CVE-2019-14898)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Bug Fix(es) :

* patchset for x86/atomic: Fix smp_mb__{before,after}_atomic() [kernel-rt] (BZ#1772522)

* kernel-rt: update to the RHEL7.7.z batch#4 source tree (BZ#1780322)

* kvm nx_huge_pages_recovery_ratio=0 is needed to meet KVM-RT low latency requirement (BZ#1781157)

* kernel-rt: hard lockup panic in during execution of CFS bandwidth period timer (BZ#1788057)

This plugin has been deprecated. Although RHSA-2020:0375 exists, it is for kernel-rt, which does not exist on CentOS. This CentOS copy of the advisory duplicates the CVEs and packages from the non-rt kernel in RHSA-2020:0374.

See Also

http://www.nessus.org/u?633091f1

Plugin Details

Severity: Critical

ID: 133508

File Name: centos_RHSA-2020-0375.nasl

Version: 1.4

Type: local

Agent: unix

Published: 2/6/2020

Updated: 3/9/2020

Dependencies: ssh_get_info.nasl

Risk Information

CVSS Score Source: CVE-2019-14901

VPR

Risk Factor: Critical

Score: 9.2

CVSS v2

Risk Factor: Critical

Base Score: 10

Temporal Score: 7.4

Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C

Temporal Vector: E:U/RL:OF/RC:C

CVSS v3

Risk Factor: Critical

Base Score: 9.8

Temporal Score: 8.5

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Temporal Vector: E:U/RL:O/RC:C

Vulnerability Information

CPE: p-cpe:/a:centos:centos:bpftool, p-cpe:/a:centos:centos:kernel, p-cpe:/a:centos:centos:kernel-abi-whitelists, p-cpe:/a:centos:centos:kernel-debug, p-cpe:/a:centos:centos:kernel-debug-devel, p-cpe:/a:centos:centos:kernel-devel, p-cpe:/a:centos:centos:kernel-doc, p-cpe:/a:centos:centos:kernel-headers, p-cpe:/a:centos:centos:kernel-tools, p-cpe:/a:centos:centos:kernel-tools-libs, p-cpe:/a:centos:centos:kernel-tools-libs-devel, p-cpe:/a:centos:centos:perf, p-cpe:/a:centos:centos:python-perf, cpe:/o:centos:centos:7

Required KB Items: Host/local_checks_enabled, Host/CentOS/release, Host/CentOS/rpm-list

Exploit Ease: No known exploits are available

Patch Publication Date: 2/5/2020

Vulnerability Publication Date: 9/20/2019

Reference Information

CVE: CVE-2019-14816, CVE-2019-14895, CVE-2019-14898, CVE-2019-14901, CVE-2019-17133

RHSA: 2020:0375