RHEL 7 : kernel (RHSA-2020:4060)
high Nessus Plugin ID 141057
Language:
Synopsis
The remote Red Hat host is missing one or more security updates.Description
The remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2020:4060 advisory.- kernel: out of bounds write in function i2c_smbus_xfer_emulated in drivers/i2c/i2c-core-smbus.c (CVE-2017-18551)
- kernel: race condition in smp_task_timedout() and smp_task_done() in drivers/scsi/libsas/sas_expander.c leads to use-after-free (CVE-2018-20836)
- kernel: null pointer dereference in dlpar_parse_cc_property in arch/powerrc/platforms/pseries/dlpar.c causing denial of service (CVE-2019-12614)
- kernel: null pointer dereference in drivers/media/usb/zr364xx/zr364xx.c driver (CVE-2019-15217)
- kernel: Memory leak in drivers/scsi/libsas/sas_expander.c (CVE-2019-15807)
- kernel: use-after-free in drivers/bluetooth/hci_ldisc.c (CVE-2019-15917)
- kernel: null-pointer dereference in drivers/net/fjes/fjes_main.c (CVE-2019-16231)
- kernel: null pointer dereference in drivers/scsi/qla2xxx/qla_os.c (CVE-2019-16233)
- kernel: Memory leak in sit_init_net() in net/ipv6/sit.c (CVE-2019-16994)
- kernel: unprivileged users able to create RAW sockets in AF_IEEE802154 network protocol (CVE-2019-17053)
- kernel: unprivileged users able to create RAW sockets in AF_ISDN network protocol (CVE-2019-17055)
- kernel: memory leak in ccp_run_sha_cmd() function in drivers/crypto/ccp/ccp-ops.c (CVE-2019-18808)
- kernel: Denial Of Service in the __ipmi_bmc_register() function in drivers/char/ipmi/ipmi_msghandler.c (CVE-2019-19046)
- kernel: memory leak in the nl80211_get_ftm_responder_stats() function in net/wireless/nl80211.c allows DoS (CVE-2019-19055)
- kernel: A memory leak in the alloc_sgtable() function in drivers/net/wireless/intel/iwlwifi/fw/dbg.c allows for a DoS (CVE-2019-19058)
- kernel: Multiple memory leaks in the iwl_pcie_ctxt_info_gen3_init() function in drivers/net/wireless/intel/iwlwifi/pcie/ctxt-info-gen3.c allows for a DoS (CVE-2019-19059)
- kernel: memory leak in the crypto_report() function in crypto/crypto_user_base.c allows for DoS (CVE-2019-19062)
- kernel: Two memory leaks in the rtl_usb_probe() function in drivers/net/wireless/realtek/rtlwifi/usb.c allow for a DoS (CVE-2019-19063)
- Kernel: kvm: OOB memory write via kvm_dev_ioctl_get_cpuid (CVE-2019-19332)
- kernel: mounting a crafted ext4 filesystem image, performing some operations, and unmounting can lead to a use-after-free in ext4_put_super in fs/ext4/super.c (CVE-2019-19447)
- kernel: use-after-free caused by a malicious USB device in the drivers/usb/misc/adutux.c driver (CVE-2019-19523)
- kernel: a malicious USB device in the drivers/input/ff-memless.c leads to use-after-free (CVE-2019-19524)
- kernel: use-after-free caused by a malicious USB device in the drivers/usb/class/cdc-acm.c driver (CVE-2019-19530)
- kernel: information leak bug caused by a malicious USB device in the drivers/net/can/usb/peak_usb/pcan_usb_core.c driver (CVE-2019-19534)
- kernel: race condition caused by a malicious USB device in the USB character device driver layer (CVE-2019-19537)
- kernel: use-after-free in __ext4_expand_extra_isize and ext4_xattr_set_entry related to fs/ext4/inode.c and fs/ext4/super.c (CVE-2019-19767)
- kernel: use-after-free in sound/core/timer.c (CVE-2019-19807)
- kernel: Null pointer dereference in drop_sysctl_table() in fs/proc/proc_sysctl.c (CVE-2019-20054)
- kernel: memory leak in mwifiex_tm_cmd in drivers/net/wireless/marvell/mwifiex/cfg80211.c (CVE-2019-20095)
- kernel: out-of-bounds write via crafted keycode table (CVE-2019-20636)
- kernel: out of bounds write in i2c driver leads to local escalation of privilege (CVE-2019-9454)
- kernel: use after free due to race condition in the video driver leads to local privilege escalation (CVE-2019-9458)
- kernel: use-after-free in cdev_put() when a PTP device is removed while it's chardev is open (CVE-2020-10690)
- kernel: uninitialized kernel data leak in userspace coredumps (CVE-2020-10732)
- kernel: NFS client crash due to index buffer overflow during Direct IO write causing kernel panic (CVE-2020-10742)
- kernel: SELinux netlink permission check bypass (CVE-2020-10751)
- kernel: vhost-net: stack overflow in get_raw_socket while checking sk_family field (CVE-2020-10942)
- kernel: out-of-bounds write in mpol_parse_str function in mm/mempolicy.c (CVE-2020-11565)
- kernel: sg_write function lacks an sg_remove_request call in a certain failure case (CVE-2020-12770)
- kernel: possible to send arbitrary signals to a privileged (suidroot) parent process (CVE-2020-12826)
- kernel: memory corruption in Voice over IP nf_conntrack_h323 module (CVE-2020-14305)
- kernel: some ipv6 protocols not encrypted over ipsec tunnel (CVE-2020-1749)
- Kernel: kvm: nVMX: L2 guest may trick the L0 hypervisor to access sensitive L1 resources (CVE-2020-2732)
- kernel: out-of-bounds read in in vc_do_resize function in drivers/tty/vt/vt.c (CVE-2020-8647)
- kernel: invalid read location in vgacon_invert_region function in drivers/video/console/vgacon.c (CVE-2020-8649)
- kernel: out-of-bounds read in set_fdc in drivers/block/floppy.c (CVE-2020-9383)
Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.
Solution
Update the affected packages.See Also
https://access.redhat.com/security/cve/CVE-2019-20054
https://access.redhat.com/security/cve/CVE-2019-20095
https://access.redhat.com/security/cve/CVE-2019-17053
https://access.redhat.com/security/cve/CVE-2019-17055
https://access.redhat.com/security/cve/CVE-2019-19055
https://access.redhat.com/security/cve/CVE-2019-19058
https://access.redhat.com/security/cve/CVE-2019-19059
https://access.redhat.com/security/cve/CVE-2019-19534
https://access.redhat.com/security/cve/CVE-2020-1749
https://bugzilla.redhat.com/1758242
https://bugzilla.redhat.com/1758248
https://bugzilla.redhat.com/1783540
https://bugzilla.redhat.com/1809833
https://access.redhat.com/security/cve/CVE-2017-18551
https://access.redhat.com/security/cve/CVE-2019-12614
https://access.redhat.com/security/cve/CVE-2019-19447
https://access.redhat.com/security/cve/CVE-2019-19524
https://access.redhat.com/security/cve/CVE-2019-9454
https://access.redhat.com/security/cve/CVE-2020-9383
https://bugzilla.redhat.com/1718176
https://bugzilla.redhat.com/1757368
https://bugzilla.redhat.com/1781679
https://bugzilla.redhat.com/1783459
https://bugzilla.redhat.com/1810685
https://bugzilla.redhat.com/1818818
https://access.redhat.com/security/cve/CVE-2020-2732
https://bugzilla.redhat.com/1805135
https://access.redhat.com/security/cve/CVE-2019-19807
https://bugzilla.redhat.com/1786078
https://access.redhat.com/security/cve/CVE-2020-10732
https://access.redhat.com/security/cve/CVE-2020-12826
https://access.redhat.com/security/cve/CVE-2020-10751
https://access.redhat.com/security/cve/CVE-2020-12770
https://access.redhat.com/security/cve/CVE-2020-10942
https://access.redhat.com/security/cve/CVE-2019-19062
https://access.redhat.com/security/cve/CVE-2019-19332
https://access.redhat.com/security/cve/CVE-2019-19046
https://bugzilla.redhat.com/1774988
https://access.redhat.com/security/cve/CVE-2019-18808
https://access.redhat.com/security/cve/CVE-2018-20836
https://access.redhat.com/security/cve/CVE-2019-9458
https://access.redhat.com/security/cve/CVE-2019-15217
https://access.redhat.com/security/cve/CVE-2019-15807
https://access.redhat.com/security/cve/CVE-2019-15917
https://access.redhat.com/security/cve/CVE-2019-16231
https://access.redhat.com/security/cve/CVE-2019-16233
https://access.redhat.com/security/cve/CVE-2019-16994
https://access.redhat.com/security/cve/CVE-2019-19063
https://access.redhat.com/security/cve/CVE-2019-19523
https://access.redhat.com/security/cve/CVE-2019-19530
https://access.redhat.com/security/cve/CVE-2019-19537
https://access.redhat.com/security/cve/CVE-2019-19767
https://access.redhat.com/security/cve/CVE-2019-20636
https://access.redhat.com/security/cve/CVE-2020-8647
https://access.redhat.com/security/cve/CVE-2020-8649
https://access.redhat.com/security/cve/CVE-2020-10690
https://access.redhat.com/security/cve/CVE-2020-10742
https://access.redhat.com/security/cve/CVE-2020-11565
https://access.redhat.com/security/cve/CVE-2020-14305
https://bugzilla.redhat.com/1707796
https://bugzilla.redhat.com/1745528
https://bugzilla.redhat.com/1747216
https://bugzilla.redhat.com/1759681
https://bugzilla.redhat.com/1760100
https://bugzilla.redhat.com/1760310
https://bugzilla.redhat.com/1760420
https://bugzilla.redhat.com/1775015
https://bugzilla.redhat.com/1775021
https://bugzilla.redhat.com/1775042
https://bugzilla.redhat.com/1775047
https://bugzilla.redhat.com/1775074
https://bugzilla.redhat.com/1777418
https://bugzilla.redhat.com/1779594
https://bugzilla.redhat.com/1783434
https://bugzilla.redhat.com/1783518
https://bugzilla.redhat.com/1783561
https://bugzilla.redhat.com/1786160
https://bugzilla.redhat.com/1790063
https://bugzilla.redhat.com/1791954
https://bugzilla.redhat.com/1802555
https://bugzilla.redhat.com/1802563
https://bugzilla.redhat.com/1817141
https://bugzilla.redhat.com/1817718
https://bugzilla.redhat.com/1819377
https://bugzilla.redhat.com/1822077
https://bugzilla.redhat.com/1824059
https://bugzilla.redhat.com/1824918
https://bugzilla.redhat.com/1831399
https://bugzilla.redhat.com/1834845
https://bugzilla.redhat.com/1835127
https://bugzilla.redhat.com/1839634
Plugin Details
Severity: High
ID: 141057
File Name: redhat-RHSA-2020-4060.nasl
Version: 1.7
Type: local
Agent: unix
Family: Red Hat Local Security Checks
Published: 9/30/2020
Updated: 1/23/2023
Supported Sensors: Frictionless Assessment AWS, Frictionless Assessment Azure, Frictionless Assessment Agent, Nessus Agent, Agentless Assessment
Risk Information
VPR
Risk Factor: Medium
Score: 6.7
CVSS v2
Risk Factor: High
Base Score: 9.3
Temporal Score: 6.9
Vector: CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C
Temporal Vector: CVSS2#E:U/RL:OF/RC:C
CVSS Score Source: CVE-2018-20836
CVSS v3
Risk Factor: High
Base Score: 8.1
Temporal Score: 7.1
Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
Temporal Vector: CVSS:3.0/E:U/RL:O/RC:C
Vulnerability Information
CPE: cpe:2.3:o:redhat:enterprise_linux:7:*:*:*:*:*:*:*, p-cpe:2.3:a:redhat:enterprise_linux:kernel:*:*:*:*:*:*:*, p-cpe:2.3:a:redhat:enterprise_linux:kernel-debug:*:*:*:*:*:*:*, p-cpe:2.3:a:redhat:enterprise_linux:kernel-debug-devel:*:*:*:*:*:*:*, p-cpe:2.3:a:redhat:enterprise_linux:kernel-devel:*:*:*:*:*:*:*, p-cpe:2.3:a:redhat:enterprise_linux:kernel-headers:*:*:*:*:*:*:*, p-cpe:2.3:a:redhat:enterprise_linux:perf:*:*:*:*:*:*:*, p-cpe:2.3:a:redhat:enterprise_linux:python-perf:*:*:*:*:*:*:*, p-cpe:2.3:a:redhat:enterprise_linux:kernel-abi-whitelists:*:*:*:*:*:*:*, p-cpe:2.3:a:redhat:enterprise_linux:kernel-kdump:*:*:*:*:*:*:*, p-cpe:2.3:a:redhat:enterprise_linux:kernel-kdump-devel:*:*:*:*:*:*:*, p-cpe:2.3:a:redhat:enterprise_linux:kernel-tools:*:*:*:*:*:*:*, p-cpe:2.3:a:redhat:enterprise_linux:kernel-tools-libs:*:*:*:*:*:*:*, p-cpe:2.3:a:redhat:enterprise_linux:kernel-tools-libs-devel:*:*:*:*:*:*:*, p-cpe:2.3:a:redhat:enterprise_linux:bpftool:*:*:*:*:*:*:*, p-cpe:2.3:a:redhat:enterprise_linux:kernel-bootwrapper:*:*:*:*:*:*:*
Required KB Items: Host/local_checks_enabled, Host/RedHat/release, Host/RedHat/rpm-list, Host/cpu
Exploit Ease: No known exploits are available
Patch Publication Date: 9/29/2020
Vulnerability Publication Date: 5/7/2019
Reference Information
CVE: CVE-2017-18551, CVE-2018-20836, CVE-2019-12614, CVE-2019-15807, CVE-2019-15917, CVE-2019-15217, CVE-2019-16231, CVE-2019-16233, CVE-2019-16994, CVE-2019-17053, CVE-2019-17055, CVE-2019-9454, CVE-2019-9458, CVE-2019-18808, CVE-2019-19055, CVE-2019-19059, CVE-2019-19046, CVE-2019-19063, CVE-2019-19062, CVE-2019-19058, CVE-2019-19534, CVE-2019-19523, CVE-2019-19524, CVE-2019-19537, CVE-2019-19530, CVE-2019-19447, CVE-2019-19767, CVE-2019-19807, CVE-2019-19332, CVE-2019-20054, CVE-2019-20095, CVE-2020-8649, CVE-2020-8647, CVE-2020-9383, CVE-2020-2732, CVE-2020-10942, CVE-2020-11565, CVE-2020-1749, CVE-2019-20636, CVE-2020-10690, CVE-2020-12770, CVE-2020-12826, CVE-2020-10751, CVE-2020-10732, CVE-2020-10742, CVE-2020-14305