RHEL 8 : kernel (RHSA-2021:4356)

high Nessus Plugin ID 155219

Synopsis

The remote Red Hat host is missing one or more security updates.

Description

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2021:4356 advisory.

- kernel: Intel graphics card information leak. (CVE-2019-14615)

- kernel: out-of-bounds reads in pinctrl subsystem. (CVE-2020-0427)

- kernel: Improper input validation in some Intel(R) Ethernet E810 Adapter drivers (CVE-2020-24502)

- kernel: Insufficient access control in some Intel(R) Ethernet E810 Adapter drivers (CVE-2020-24503)

- kernel: Uncontrolled resource consumption in some Intel(R) Ethernet E810 Adapter drivers (CVE-2020-24504)

- kernel: Fragmentation cache not cleared on reconnection (CVE-2020-24586)

- kernel: Reassembling fragments encrypted under different keys (CVE-2020-24587)

- kernel: wifi frame payload being parsed incorrectly as an L2 frame (CVE-2020-24588)

- kernel: Forwarding EAPOL from unauthenticated wifi client (CVE-2020-26139)

- kernel: accepting plaintext data frames in protected networks (CVE-2020-26140)

- kernel: not verifying TKIP MIC of fragmented frames (CVE-2020-26141)

- kernel: accepting fragmented plaintext frames in protected networks (CVE-2020-26143)

- kernel: accepting unencrypted A-MSDU frames that start with RFC1042 header (CVE-2020-26144)

- kernel: accepting plaintext broadcast fragments as full frames (CVE-2020-26145)

- kernel: reassembling encrypted fragments with non-consecutive packet numbers (CVE-2020-26146)

- kernel: reassembling mixed encrypted/plaintext fragments (CVE-2020-26147)

- kernel: powerpc: RTAS calls can be used to compromise kernel integrity (CVE-2020-27777)

- kernel: the copy-on-write implementation can grant unintended write access because of a race condition in a THP mapcount check (CVE-2020-29368)

- kernel: locking inconsistency in drivers/tty/tty_io.c and drivers/tty/tty_jobctrl.c can lead to a read- after-free (CVE-2020-29660)

- kernel: buffer overflow in mwifiex_cmd_802_11_ad_hoc_start function in drivers/net/wireless/marvell/mwifiex/join.c via a long SSID value (CVE-2020-36158)

- kernel: memory leak upon a kmalloc failure in kvm_io_bus_unregister_dev function in virt/kvm/kvm_main.c (CVE-2020-36312)

- kernel: slab out-of-bounds read in hci_extended_inquiry_result_evt() in net/bluetooth/hci_event.c (CVE-2020-36386)

- kernel: Improper access control in BlueZ may allow information disclosure vulnerability. (CVE-2021-0129)

- kernel: heap overflow in __cgroup_bpf_run_filter_getsockopt() (CVE-2021-20194)

- kernel: setsockopt System Call Untrusted Pointer Dereference Information Disclosure (CVE-2021-20239)

- kernel: Race condition in sctp_destroy_sock list_del (CVE-2021-23133)

- kernel: fuse: stall on CPU can occur because a retry loop continually finds the same bad inode (CVE-2021-28950)

- kernel: System crash in intel_pmu_drain_pebs_nhm in arch/x86/events/intel/ds.c (CVE-2021-28971)

- kernel: protection for sequences of pointer arithmetic operations against speculatively out-of-bounds loads can be bypassed to leak content of kernel memory (CVE-2021-29155)

- kernel: improper input validation in tipc_nl_retrieve_key function in net/tipc/node.c (CVE-2021-29646)

- kernel: lack a full memory barrier upon the assignment of a new table value in net/netfilter/x_tables.c and include/linux/netfilter/x_tables.h may lead to DoS (CVE-2021-29650)

- kernel: local escalation of privileges in handling of eBPF programs (CVE-2021-31440)

- kernel: protection of stack pointer against speculative pointer arithmetic can be bypassed to leak content of kernel memory (CVE-2021-31829)

- kernel: out of bounds array access in drivers/md/dm-ioctl.c (CVE-2021-31916)

- kernel: use-after-free in cipso_v4_genopt in net/ipv4/cipso_ipv4.c (CVE-2021-33033)

- kernel: out-of-bounds reads and writes due to enforcing incorrect limits for pointer arithmetic operations by BPF verifier (CVE-2021-33200)

- kernel: Use-after-free in ndb_queue_rq() in drivers/block/nbd.c (CVE-2021-3348)

- kernel: Linux kernel eBPF RINGBUF map oversized allocation (CVE-2021-3489)

- kernel: double free in bluetooth subsystem when the HCI device initialization fails (CVE-2021-3564)

- kernel: use-after-free in function hci_sock_bound_ioctl() (CVE-2021-3573)

- kernel: eBPF 32-bit source register truncation on div/mod (CVE-2021-3600)

- kernel: flowtable list del corruption with kernel BUG at lib/list_debug.c:50 (CVE-2021-3635)

- kernel: NULL pointer dereference in llsec_key_alloc() in net/mac802154/llsec.c (CVE-2021-3659)

- kernel: DoS in rb_per_cpu_empty() (CVE-2021-3679)

- kernel: overlayfs: Mounting overlayfs inside an unprivileged user namespace can reveal files (CVE-2021-3732)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

Solution

Update the affected packages.

See Also

https://cwe.mitre.org/data/definitions/20.html

https://cwe.mitre.org/data/definitions/119.html

https://cwe.mitre.org/data/definitions/120.html

https://cwe.mitre.org/data/definitions/125.html

https://cwe.mitre.org/data/definitions/200.html

https://cwe.mitre.org/data/definitions/212.html

https://cwe.mitre.org/data/definitions/252.html

https://cwe.mitre.org/data/definitions/287.html

https://cwe.mitre.org/data/definitions/290.html

https://cwe.mitre.org/data/definitions/307.html

https://cwe.mitre.org/data/definitions/345.html

https://cwe.mitre.org/data/definitions/346.html

https://cwe.mitre.org/data/definitions/362.html

https://cwe.mitre.org/data/definitions/400.html

https://cwe.mitre.org/data/definitions/415.html

https://cwe.mitre.org/data/definitions/416.html

https://cwe.mitre.org/data/definitions/476.html

https://cwe.mitre.org/data/definitions/662.html

https://cwe.mitre.org/data/definitions/667.html

https://cwe.mitre.org/data/definitions/682.html

https://cwe.mitre.org/data/definitions/772.html

https://cwe.mitre.org/data/definitions/787.html

https://cwe.mitre.org/data/definitions/822.html

https://cwe.mitre.org/data/definitions/829.html

https://cwe.mitre.org/data/definitions/835.html

https://cwe.mitre.org/data/definitions/862.html

https://cwe.mitre.org/data/definitions/863.html

https://access.redhat.com/security/cve/CVE-2019-14615

https://access.redhat.com/security/cve/CVE-2020-0427

https://access.redhat.com/security/cve/CVE-2020-24502

https://access.redhat.com/security/cve/CVE-2020-24503

https://access.redhat.com/security/cve/CVE-2020-24504

https://access.redhat.com/security/cve/CVE-2020-24586

https://access.redhat.com/security/cve/CVE-2020-24587

https://access.redhat.com/security/cve/CVE-2020-24588

https://access.redhat.com/security/cve/CVE-2020-26139

https://access.redhat.com/security/cve/CVE-2020-26140

https://access.redhat.com/security/cve/CVE-2020-26141

https://access.redhat.com/security/cve/CVE-2020-26143

https://access.redhat.com/security/cve/CVE-2020-26144

https://access.redhat.com/security/cve/CVE-2020-26145

https://access.redhat.com/security/cve/CVE-2020-26146

https://access.redhat.com/security/cve/CVE-2020-26147

https://access.redhat.com/security/cve/CVE-2020-27777

https://access.redhat.com/security/cve/CVE-2020-29368

https://access.redhat.com/security/cve/CVE-2020-29660

https://access.redhat.com/security/cve/CVE-2020-36158

https://access.redhat.com/security/cve/CVE-2020-36312

https://access.redhat.com/security/cve/CVE-2020-36386

https://access.redhat.com/security/cve/CVE-2021-0129

https://access.redhat.com/security/cve/CVE-2021-3348

https://access.redhat.com/security/cve/CVE-2021-3489

https://access.redhat.com/security/cve/CVE-2021-3564

https://access.redhat.com/security/cve/CVE-2021-3573

https://access.redhat.com/security/cve/CVE-2021-3600

https://access.redhat.com/security/cve/CVE-2021-3635

https://access.redhat.com/security/cve/CVE-2021-3659

https://access.redhat.com/security/cve/CVE-2021-3679

https://access.redhat.com/security/cve/CVE-2021-3732

https://access.redhat.com/security/cve/CVE-2021-20194

https://access.redhat.com/security/cve/CVE-2021-20239

https://access.redhat.com/security/cve/CVE-2021-23133

https://access.redhat.com/security/cve/CVE-2021-28950

https://access.redhat.com/security/cve/CVE-2021-28971

https://access.redhat.com/security/cve/CVE-2021-29155

https://access.redhat.com/security/cve/CVE-2021-29646

https://access.redhat.com/security/cve/CVE-2021-29650

https://access.redhat.com/security/cve/CVE-2021-31440

https://access.redhat.com/security/cve/CVE-2021-31829

https://access.redhat.com/security/cve/CVE-2021-31916

https://access.redhat.com/security/cve/CVE-2021-33033

https://access.redhat.com/security/cve/CVE-2021-33200

https://access.redhat.com/errata/RHSA-2021:4356

https://bugzilla.redhat.com/1789209

https://bugzilla.redhat.com/1900844

https://bugzilla.redhat.com/1903244

https://bugzilla.redhat.com/1906522

https://bugzilla.redhat.com/1912683

https://bugzilla.redhat.com/1913348

https://bugzilla.redhat.com/1919893

https://bugzilla.redhat.com/1921958

https://bugzilla.redhat.com/1923636

https://bugzilla.redhat.com/1930376

https://bugzilla.redhat.com/1930379

https://bugzilla.redhat.com/1930381

https://bugzilla.redhat.com/1941762

https://bugzilla.redhat.com/1941784

https://bugzilla.redhat.com/1945345

https://bugzilla.redhat.com/1945388

https://bugzilla.redhat.com/1946965

https://bugzilla.redhat.com/1947991

https://bugzilla.redhat.com/1948772

https://bugzilla.redhat.com/1951595

https://bugzilla.redhat.com/1957788

https://bugzilla.redhat.com/1959559

https://bugzilla.redhat.com/1959642

https://bugzilla.redhat.com/1959654

https://bugzilla.redhat.com/1959657

https://bugzilla.redhat.com/1959663

https://bugzilla.redhat.com/1960490

https://bugzilla.redhat.com/1960492

https://bugzilla.redhat.com/1960496

https://bugzilla.redhat.com/1960498

https://bugzilla.redhat.com/1960500

https://bugzilla.redhat.com/1960502

https://bugzilla.redhat.com/1960504

https://bugzilla.redhat.com/1961300

https://bugzilla.redhat.com/1964028

https://bugzilla.redhat.com/1964139

https://bugzilla.redhat.com/1965038

https://bugzilla.redhat.com/1965458

https://bugzilla.redhat.com/1966578

https://bugzilla.redhat.com/1969489

https://bugzilla.redhat.com/1975949

https://bugzilla.redhat.com/1976946

https://bugzilla.redhat.com/1981954

https://bugzilla.redhat.com/1989165

https://bugzilla.redhat.com/1995249

Plugin Details

Severity: High

ID: 155219

File Name: redhat-RHSA-2021-4356.nasl

Version: 1.2

Type: local

Agent: unix

Published: 11/11/2021

Updated: 11/11/2021

Supported Sensors: Frictionless Assessment Agent, Frictionless Assessment AWS, Frictionless Assessment Azure, Nessus Agent

Risk Information

VPR

Risk Factor: High

Score: 7.4

CVSS v2

Risk Factor: High

Base Score: 7.2

Temporal Score: 5.3

Vector: AV:L/AC:L/Au:N/C:C/I:C/A:C

Temporal Vector: E:U/RL:OF/RC:C

CVSS Score Source: CVE-2021-3489

CVSS v3

Risk Factor: High

Base Score: 7.8

Temporal Score: 6.8

Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Temporal Vector: E:U/RL:O/RC:C

Vulnerability Information

CPE: cpe:/o:redhat:enterprise_linux:8, p-cpe:/a:redhat:enterprise_linux:bpftool, p-cpe:/a:redhat:enterprise_linux:kernel, p-cpe:/a:redhat:enterprise_linux:kernel-abi-stablelists, p-cpe:/a:redhat:enterprise_linux:kernel-core, p-cpe:/a:redhat:enterprise_linux:kernel-cross-headers, p-cpe:/a:redhat:enterprise_linux:kernel-debug, p-cpe:/a:redhat:enterprise_linux:kernel-debug-core, p-cpe:/a:redhat:enterprise_linux:kernel-debug-devel, p-cpe:/a:redhat:enterprise_linux:kernel-debug-modules, p-cpe:/a:redhat:enterprise_linux:kernel-debug-modules-extra, p-cpe:/a:redhat:enterprise_linux:kernel-devel, p-cpe:/a:redhat:enterprise_linux:kernel-headers, p-cpe:/a:redhat:enterprise_linux:kernel-modules, p-cpe:/a:redhat:enterprise_linux:kernel-modules-extra, p-cpe:/a:redhat:enterprise_linux:kernel-tools, p-cpe:/a:redhat:enterprise_linux:kernel-tools-libs, p-cpe:/a:redhat:enterprise_linux:kernel-tools-libs-devel, p-cpe:/a:redhat:enterprise_linux:kernel-zfcpdump, p-cpe:/a:redhat:enterprise_linux:kernel-zfcpdump-core, p-cpe:/a:redhat:enterprise_linux:kernel-zfcpdump-devel, p-cpe:/a:redhat:enterprise_linux:kernel-zfcpdump-modules, p-cpe:/a:redhat:enterprise_linux:kernel-zfcpdump-modules-extra, p-cpe:/a:redhat:enterprise_linux:perf, p-cpe:/a:redhat:enterprise_linux:python3-perf

Required KB Items: Host/local_checks_enabled, Host/RedHat/release, Host/RedHat/rpm-list, Host/cpu

Exploit Ease: No known exploits are available

Patch Publication Date: 11/9/2021

Vulnerability Publication Date: 1/15/2020

Reference Information

CVE: CVE-2019-14615, CVE-2020-0427, CVE-2020-24502, CVE-2020-24503, CVE-2020-24504, CVE-2020-24586, CVE-2020-24587, CVE-2020-24588, CVE-2020-26139, CVE-2020-26140, CVE-2020-26141, CVE-2020-26143, CVE-2020-26144, CVE-2020-26145, CVE-2020-26146, CVE-2020-26147, CVE-2020-27777, CVE-2020-29368, CVE-2020-29660, CVE-2020-36158, CVE-2020-36312, CVE-2020-36386, CVE-2021-0129, CVE-2021-3348, CVE-2021-3489, CVE-2021-3564, CVE-2021-3573, CVE-2021-3600, CVE-2021-3635, CVE-2021-3659, CVE-2021-3679, CVE-2021-3732, CVE-2021-20194, CVE-2021-20239, CVE-2021-23133, CVE-2021-28950, CVE-2021-28971, CVE-2021-29155, CVE-2021-29646, CVE-2021-29650, CVE-2021-31440, CVE-2021-31829, CVE-2021-31916, CVE-2021-33033, CVE-2021-33200

RHSA: 2021:4356

IAVA: 2021-A-0223-S, 2021-A-0222-S

CWE: 20, 119, 120, 125, 200, 212, 252, 287, 290, 307, 345, 346, 362, 400, 415, 416, 476, 662, 667, 682, 772, 787, 822, 829, 835, 862, 863