RHEL 8 : kernel (RHSA-2020:1769)
critical Nessus Plugin ID 136115
Language:
New! Plugin Severity Now Using CVSS v3
The calculated severity for Plugins has been updated to use CVSS v3 by default. Plugins that do not have a CVSS v3 score will fall back to CVSS v2 for calculating severity. Severity display preferences can be toggled in the settings dropdown.
Synopsis
The remote Red Hat host is missing one or more security updates.Description
The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2020:1769 advisory.- kernel: nfs: NULL pointer dereference due to an anomalized NFS message sequence (CVE-2018-16871)
- Kernel: net: using kernel space address bits to derive IP ID may potentially break KASLR (CVE-2019-10639)
- kernel: use-after-free in function __mdiobus_register() in drivers/net/phy/mdio_bus.c (CVE-2019-12819)
- kernel: An out-of-bounds read in drivers/scsi/qedi/qedi_dbg.c leading to crash or information disclosure (CVE-2019-15090)
- kernel: a NULL pointer dereference in drivers/net/wireless/ath/ath10k/usb.c leads to a crash (CVE-2019-15099)
- kernel: Null pointer dereference in the sound/usb/line6/pcm.c (CVE-2019-15221)
- kernel: Null pointer dereference in the sound/usb/line6/driver.c (CVE-2019-15223)
- kernel: null pointer dereference in drivers/net/wireless/intel/iwlwifi/pcie/trans.c (CVE-2019-16234)
- kernel: buffer-overflow hardening in WiFi beacon validation code. (CVE-2019-16746)
- kernel: unprivileged users able to create RAW sockets in AF_IEEE802154 network protocol (CVE-2019-17053)
- kernel: unprivileged users able to create RAW sockets in AF_ISDN network protocol (CVE-2019-17055)
- kernel: The flow_dissector feature allows device tracking (CVE-2019-18282)
- kernel: integer overflow in tcp_ack_update_rtt in net/ipv4/tcp_input.c (CVE-2019-18805)
- kernel: dos in mlx5_fpga_conn_create_cq() function in drivers/net/ethernet/mellanox/mlx5/core/fpga/conn.c (CVE-2019-19045)
- kernel: dos in mlx5_fw_fatal_reporter_dump() function in drivers/net/ethernet/mellanox/mlx5/core/health.c (CVE-2019-19047)
- kernel: memory leak in the nl80211_get_ftm_responder_stats() function in net/wireless/nl80211.c allows DoS (CVE-2019-19055)
- kernel: Two memory leaks in the mwifiex_pcie_init_evt_ring() function in drivers/net/wireless/marvell/mwifiex/pcie.c allows for a DoS (CVE-2019-19057)
- kernel: A memory leak in the alloc_sgtable() function in drivers/net/wireless/intel/iwlwifi/fw/dbg.c allows for a DoS (CVE-2019-19058)
- kernel: Multiple memory leaks in the iwl_pcie_ctxt_info_gen3_init() function in drivers/net/wireless/intel/iwlwifi/pcie/ctxt-info-gen3.c allows for a DoS (CVE-2019-19059)
- kernel: A memory leak in the sdma_init() function in drivers/infiniband/hw/hfi1/sdma.c allows for a DoS (CVE-2019-19065)
- kernel: Four memory leaks in the acp_hw_init() function in drivers/gpu/drm/amd/amdgpu/amdgpu_acp.c allow for a DoS (CVE-2019-19067)
- kernel: Memory leaks in drivers/net/wireless/ath/ath9k/htc_hst.c in the Linux kernel (DOS) (CVE-2019-19073)
- kernel: a memory leak in the ath9k management function in allows local DoS (CVE-2019-19074)
- kernel: memory leak in bnxt_re_create_srq function in drivers/infiniband/hw/bnxt_re/ib_verbs.c (CVE-2019-19077)
- kernel: malicious USB devices can lead to multiple out-of-bounds write (CVE-2019-19532)
- kernel: information leak bug caused by a malicious USB device in the drivers/net/can/usb/peak_usb/pcan_usb_core.c driver (CVE-2019-19534)
- kernel: use-after-free in __blk_add_trace in kernel/trace/blktrace.c (CVE-2019-19768)
- kernel: when cpu.cfs_quota_us is used allows attackers to cause a denial of service against non-cpu-bound applications (CVE-2019-19922)
- kernel: triggering AP to send IAPP location updates for stations before the required authentication process has completed can lead to DoS (CVE-2019-5108)
- kernel: memory leak in the kernel_read_file function in fs/exec.c allows to cause a denial of service (CVE-2019-8980)
- kernel: use-after-free in cdev_put() when a PTP device is removed while it's chardev is open (CVE-2020-10690)
- kernel: some ipv6 protocols not encrypted over ipsec tunnel (CVE-2020-1749)
- kernel: use-after-free in i915_ppgtt_close in drivers/gpu/drm/i915/i915_gem_gtt.c (CVE-2020-7053)
Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.
Solution
Update the affected packages.See Also
https://cwe.mitre.org/data/definitions/20.html
https://cwe.mitre.org/data/definitions/119.html
https://cwe.mitre.org/data/definitions/120.html
https://cwe.mitre.org/data/definitions/125.html
https://cwe.mitre.org/data/definitions/190.html
https://cwe.mitre.org/data/definitions/200.html
https://cwe.mitre.org/data/definitions/250.html
https://cwe.mitre.org/data/definitions/319.html
https://cwe.mitre.org/data/definitions/400.html
https://cwe.mitre.org/data/definitions/416.html
https://cwe.mitre.org/data/definitions/440.html
https://cwe.mitre.org/data/definitions/476.html
https://cwe.mitre.org/data/definitions/772.html
https://access.redhat.com/security/cve/CVE-2018-16871
https://access.redhat.com/security/cve/CVE-2019-5108
https://access.redhat.com/security/cve/CVE-2019-8980
https://access.redhat.com/security/cve/CVE-2019-10639
https://access.redhat.com/security/cve/CVE-2019-12819
https://access.redhat.com/security/cve/CVE-2019-15090
https://access.redhat.com/security/cve/CVE-2019-15099
https://access.redhat.com/security/cve/CVE-2019-15221
https://access.redhat.com/security/cve/CVE-2019-15223
https://access.redhat.com/security/cve/CVE-2019-16234
https://access.redhat.com/security/cve/CVE-2019-16746
https://access.redhat.com/security/cve/CVE-2019-17053
https://access.redhat.com/security/cve/CVE-2019-17055
https://access.redhat.com/security/cve/CVE-2019-18282
https://access.redhat.com/security/cve/CVE-2019-18805
https://access.redhat.com/security/cve/CVE-2019-19045
https://access.redhat.com/security/cve/CVE-2019-19047
https://access.redhat.com/security/cve/CVE-2019-19055
https://access.redhat.com/security/cve/CVE-2019-19057
https://access.redhat.com/security/cve/CVE-2019-19058
https://access.redhat.com/security/cve/CVE-2019-19059
https://access.redhat.com/security/cve/CVE-2019-19065
https://access.redhat.com/security/cve/CVE-2019-19067
https://access.redhat.com/security/cve/CVE-2019-19073
https://access.redhat.com/security/cve/CVE-2019-19074
https://access.redhat.com/security/cve/CVE-2019-19077
https://access.redhat.com/security/cve/CVE-2019-19532
https://access.redhat.com/security/cve/CVE-2019-19534
https://access.redhat.com/security/cve/CVE-2019-19768
https://access.redhat.com/security/cve/CVE-2019-19922
https://access.redhat.com/security/cve/CVE-2020-1749
https://access.redhat.com/security/cve/CVE-2020-7053
https://access.redhat.com/security/cve/CVE-2020-10690
https://access.redhat.com/errata/RHSA-2020:1769
https://bugzilla.redhat.com/1655162
https://bugzilla.redhat.com/1679972
https://bugzilla.redhat.com/1721962
https://bugzilla.redhat.com/1729933
https://bugzilla.redhat.com/1743526
https://bugzilla.redhat.com/1743560
https://bugzilla.redhat.com/1749974
https://bugzilla.redhat.com/1749976
https://bugzilla.redhat.com/1758242
https://bugzilla.redhat.com/1758248
https://bugzilla.redhat.com/1760306
https://bugzilla.redhat.com/1760441
https://bugzilla.redhat.com/1771496
https://bugzilla.redhat.com/1774933
https://bugzilla.redhat.com/1774937
https://bugzilla.redhat.com/1774968
https://bugzilla.redhat.com/1774983
https://bugzilla.redhat.com/1774991
https://bugzilla.redhat.com/1775000
https://bugzilla.redhat.com/1775042
https://bugzilla.redhat.com/1775047
https://bugzilla.redhat.com/1775050
https://bugzilla.redhat.com/1775074
https://bugzilla.redhat.com/1775724
https://bugzilla.redhat.com/1781821
https://bugzilla.redhat.com/1783540
https://bugzilla.redhat.com/1786164
https://bugzilla.redhat.com/1789927
https://bugzilla.redhat.com/1792512
https://bugzilla.redhat.com/1795624
https://bugzilla.redhat.com/1796360
Plugin Details
Severity: Critical
ID: 136115
File Name: redhat-RHSA-2020-1769.nasl
Version: 1.5
Type: local
Agent: unix
Family: Red Hat Local Security Checks
Published: 4/29/2020
Updated: 7/21/2021
Dependencies: ssh_get_info.nasl, redhat_repos.nasl, linux_alt_patch_detect.nasl
Risk Information
CVSS Score Source: CVE-2019-18805
VPR
Risk Factor: Medium
Score: 6.7
CVSS v2
Risk Factor: High
Base Score: 7.5
Temporal Score: 5.5
Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P
Temporal Vector: E:U/RL:OF/RC:C
CVSS v3
Risk Factor: Critical
Base Score: 9.8
Temporal Score: 8.5
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Temporal Vector: E:U/RL:O/RC:C
Vulnerability Information
CPE: cpe:/o:redhat:enterprise_linux:8, cpe:/o:redhat:rhel_aus:8.2, cpe:/o:redhat:rhel_aus:8.4, cpe:/o:redhat:rhel_e4s:8.2, cpe:/o:redhat:rhel_e4s:8.4, cpe:/o:redhat:rhel_eus:8.2, cpe:/o:redhat:rhel_eus:8.4, cpe:/o:redhat:rhel_tus:8.2, cpe:/o:redhat:rhel_tus:8.4, p-cpe:/a:redhat:enterprise_linux:bpftool, p-cpe:/a:redhat:enterprise_linux:kernel, p-cpe:/a:redhat:enterprise_linux:kernel-abi-whitelists, p-cpe:/a:redhat:enterprise_linux:kernel-core, p-cpe:/a:redhat:enterprise_linux:kernel-cross-headers, p-cpe:/a:redhat:enterprise_linux:kernel-debug, p-cpe:/a:redhat:enterprise_linux:kernel-debug-core, p-cpe:/a:redhat:enterprise_linux:kernel-debug-devel, p-cpe:/a:redhat:enterprise_linux:kernel-debug-modules, p-cpe:/a:redhat:enterprise_linux:kernel-debug-modules-extra, p-cpe:/a:redhat:enterprise_linux:kernel-devel, p-cpe:/a:redhat:enterprise_linux:kernel-headers, p-cpe:/a:redhat:enterprise_linux:kernel-modules, p-cpe:/a:redhat:enterprise_linux:kernel-modules-extra, p-cpe:/a:redhat:enterprise_linux:kernel-tools, p-cpe:/a:redhat:enterprise_linux:kernel-tools-libs, p-cpe:/a:redhat:enterprise_linux:kernel-tools-libs-devel, p-cpe:/a:redhat:enterprise_linux:kernel-zfcpdump, p-cpe:/a:redhat:enterprise_linux:kernel-zfcpdump-core, p-cpe:/a:redhat:enterprise_linux:kernel-zfcpdump-devel, p-cpe:/a:redhat:enterprise_linux:kernel-zfcpdump-modules, p-cpe:/a:redhat:enterprise_linux:kernel-zfcpdump-modules-extra, p-cpe:/a:redhat:enterprise_linux:perf, p-cpe:/a:redhat:enterprise_linux:python3-perf
Required KB Items: Host/local_checks_enabled, Host/RedHat/release, Host/RedHat/rpm-list, Host/cpu
Exploit Ease: No known exploits are available
Patch Publication Date: 4/28/2020
Vulnerability Publication Date: 11/30/2018
Reference Information
CVE: CVE-2018-16871, CVE-2019-8980, CVE-2019-10639, CVE-2019-15090, CVE-2019-15099, CVE-2019-15221, CVE-2019-17053, CVE-2019-17055, CVE-2019-18805, CVE-2019-19045, CVE-2019-19047, CVE-2019-19055, CVE-2019-19057, CVE-2019-19058, CVE-2019-19059, CVE-2019-19065, CVE-2019-19073, CVE-2019-19074, CVE-2019-19077, CVE-2019-19534, CVE-2019-19768, CVE-2019-19922, CVE-2020-1749