CentOS 7 : kernel (CESA-2020:3220)

High Nessus Plugin ID 139235

Synopsis

The remote CentOS Linux host is missing one or more security updates.

Description

The remote CentOS Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the CESA-2020:3220 advisory.

- kernel: use-after-free caused by a malicious USB device in the drivers/hid/usbhid/hiddev.c driver (CVE-2019-19527)

- kernel: kernel: DAX hugepages not considered during mremap (CVE-2020-10757)

- kernel: buffer overflow in mwifiex_cmd_append_vsie_tlv function in drivers/net/wireless/marvell/mwifiex/scan.c (CVE-2020-12653)

- kernel: heap-based buffer overflow in mwifiex_ret_wmm_get_status function in drivers/net/wireless/marvell/mwifiex/wmm.c (CVE-2020-12654)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

Solution

Update the affected packages.

CPE: cpe:/o:centos:centos:7, p-cpe:/a:centos:centos:bpftool, p-cpe:/a:centos:centos:kernel, p-cpe:/a:centos:centos:kernel-abi-whitelists, p-cpe:/a:centos:centos:kernel-debug, p-cpe:/a:centos:centos:kernel-debug-devel, p-cpe:/a:centos:centos:kernel-devel, p-cpe:/a:centos:centos:kernel-headers, p-cpe:/a:centos:centos:kernel-tools, p-cpe:/a:centos:centos:kernel-tools-libs, p-cpe:/a:centos:centos:kernel-tools-libs-devel, p-cpe:/a:centos:centos:perf, p-cpe:/a:centos:centos:python-perf

Required KB Items: Host/local_checks_enabled, Host/CentOS/release, Host/CentOS/rpm-list, Host/cpu

Patch Publication Date: 2020/07/30

Vulnerability Publication Date: 2019/12/03

Reference Information

CVE: CVE-2019-19527, CVE-2020-10757, CVE-2020-12653, CVE-2020-12654

RHSA: 2020:3220

CWE: 119, 120, 122, 416

CentOS 7 : kernel (CESA-2020:3220)

High Nessus Plugin ID 139235

Synopsis

Description

Solution

See Also

Plugin Details

Risk Information

CVSS v2.0

CVSS v3.0

Vulnerability Information

Reference Information