Rocky Linux 8 : kernel (RLSA-2021:4356)

high Nessus Plugin ID 157815

Synopsis

The remote Rocky Linux host is missing one or more security updates.

Description

The remote Rocky Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2021:4356 advisory.

- Improper access control in BlueZ may allow an authenticated user to potentially enable information disclosure via adjacent access. (CVE-2021-0129)

- A use-after-free in function hci_sock_bound_ioctl() of the Linux kernel HCI subsystem was found in the way user calls ioct HCIUNBLOCKADDR or other way triggers race condition of the call hci_unregister_dev() together with one of the calls hci_sock_blacklist_add(), hci_sock_blacklist_del(), hci_get_conn_info(), hci_get_auth_info(). A privileged local user could use this flaw to crash the system or escalate their privileges on the system. This flaw affects the Linux kernel versions prior to 5.13-rc5. (CVE-2021-3573)

- A flaw was found in the Linux kernel netfilter implementation in versions prior to 5.5-rc7. A user with root (CAP_SYS_ADMIN) access is able to panic the system when issuing netfilter netflow commands.
(CVE-2021-3635)

- An issue was discovered in fs/fuse/fuse_i.h in the Linux kernel before 5.11.8. A stall on CPU can occur because a retry loop continually finds the same bad inode, aka CID-775c5033a0d1. (CVE-2021-28950)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

Solution

Update the affected packages.

See Also

https://bugzilla.redhat.com/show_bug.cgi?id=1960502

https://bugzilla.redhat.com/show_bug.cgi?id=1960504

https://bugzilla.redhat.com/show_bug.cgi?id=1960708

https://bugzilla.redhat.com/show_bug.cgi?id=1964028

https://bugzilla.redhat.com/show_bug.cgi?id=1964139

https://bugzilla.redhat.com/show_bug.cgi?id=1965038

https://bugzilla.redhat.com/show_bug.cgi?id=1965360

https://bugzilla.redhat.com/show_bug.cgi?id=1965458

https://bugzilla.redhat.com/show_bug.cgi?id=1966578

https://bugzilla.redhat.com/show_bug.cgi?id=1969489

https://bugzilla.redhat.com/show_bug.cgi?id=1971101

https://bugzilla.redhat.com/show_bug.cgi?id=1972278

https://bugzilla.redhat.com/show_bug.cgi?id=1974627

https://bugzilla.redhat.com/show_bug.cgi?id=1975182

https://bugzilla.redhat.com/show_bug.cgi?id=1975949

https://bugzilla.redhat.com/show_bug.cgi?id=1976679

https://bugzilla.redhat.com/show_bug.cgi?id=1976699

https://bugzilla.redhat.com/show_bug.cgi?id=1976946

https://bugzilla.redhat.com/show_bug.cgi?id=1976969

https://bugzilla.redhat.com/show_bug.cgi?id=1977162

https://bugzilla.redhat.com/show_bug.cgi?id=1977422

https://bugzilla.redhat.com/show_bug.cgi?id=1977537

https://bugzilla.redhat.com/show_bug.cgi?id=1977850

https://bugzilla.redhat.com/show_bug.cgi?id=1978369

https://bugzilla.redhat.com/show_bug.cgi?id=1979070

https://bugzilla.redhat.com/show_bug.cgi?id=1979680

https://bugzilla.redhat.com/show_bug.cgi?id=1981954

https://bugzilla.redhat.com/show_bug.cgi?id=1986138

https://bugzilla.redhat.com/show_bug.cgi?id=1989165

https://errata.rockylinux.org/RLSA-2021:4356

https://bugzilla.redhat.com/show_bug.cgi?id=1509204

https://bugzilla.redhat.com/show_bug.cgi?id=1793880

https://bugzilla.redhat.com/show_bug.cgi?id=1816493

https://bugzilla.redhat.com/show_bug.cgi?id=1900844

https://bugzilla.redhat.com/show_bug.cgi?id=1903244

https://bugzilla.redhat.com/show_bug.cgi?id=1906522

https://bugzilla.redhat.com/show_bug.cgi?id=1912683

https://bugzilla.redhat.com/show_bug.cgi?id=1913348

https://bugzilla.redhat.com/show_bug.cgi?id=1915825

https://bugzilla.redhat.com/show_bug.cgi?id=1919893

https://bugzilla.redhat.com/show_bug.cgi?id=1921958

https://bugzilla.redhat.com/show_bug.cgi?id=1923636

https://bugzilla.redhat.com/show_bug.cgi?id=1930376

https://bugzilla.redhat.com/show_bug.cgi?id=1930379

https://bugzilla.redhat.com/show_bug.cgi?id=1930381

https://bugzilla.redhat.com/show_bug.cgi?id=1933527

https://bugzilla.redhat.com/show_bug.cgi?id=1939341

https://bugzilla.redhat.com/show_bug.cgi?id=1941762

https://bugzilla.redhat.com/show_bug.cgi?id=1941784

https://bugzilla.redhat.com/show_bug.cgi?id=1945345

https://bugzilla.redhat.com/show_bug.cgi?id=1945388

https://bugzilla.redhat.com/show_bug.cgi?id=1946965

https://bugzilla.redhat.com/show_bug.cgi?id=1948772

https://bugzilla.redhat.com/show_bug.cgi?id=1951595

https://bugzilla.redhat.com/show_bug.cgi?id=1953847

https://bugzilla.redhat.com/show_bug.cgi?id=1954588

https://bugzilla.redhat.com/show_bug.cgi?id=1957788

https://bugzilla.redhat.com/show_bug.cgi?id=1959559

https://bugzilla.redhat.com/show_bug.cgi?id=1959642

https://bugzilla.redhat.com/show_bug.cgi?id=1959654

https://bugzilla.redhat.com/show_bug.cgi?id=1959657

https://bugzilla.redhat.com/show_bug.cgi?id=1959663

https://bugzilla.redhat.com/show_bug.cgi?id=1960490

https://bugzilla.redhat.com/show_bug.cgi?id=1960492

https://bugzilla.redhat.com/show_bug.cgi?id=1960496

https://bugzilla.redhat.com/show_bug.cgi?id=1960498

https://bugzilla.redhat.com/show_bug.cgi?id=1960500

https://bugzilla.redhat.com/show_bug.cgi?id=1989999

https://bugzilla.redhat.com/show_bug.cgi?id=1991976

https://bugzilla.redhat.com/show_bug.cgi?id=1992700

https://bugzilla.redhat.com/show_bug.cgi?id=1995249

https://bugzilla.redhat.com/show_bug.cgi?id=1996854

Plugin Details

Severity: High

ID: 157815

File Name: rocky_linux_RLSA-2021-4356.nasl

Version: 1.5

Type: local

Published: 2/9/2022

Updated: 1/16/2024

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 6.7

CVSS v2

Risk Factor: Medium

Base Score: 6.9

Temporal Score: 5.4

Vector: CVSS2#AV:L/AC:M/Au:N/C:C/I:C/A:C

CVSS Score Source: CVE-2021-3573

CVSS v3

Risk Factor: High

Base Score: 7.8

Temporal Score: 7

Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Temporal Vector: CVSS:3.0/E:P/RL:O/RC:C

CVSS Score Source: CVE-2021-3600

Vulnerability Information

CPE: p-cpe:/a:rocky:linux:kernel-rt-debug-modules-extra, p-cpe:/a:rocky:linux:kernel-rt-debuginfo, p-cpe:/a:rocky:linux:kernel-rt-debuginfo-common-x86_64, p-cpe:/a:rocky:linux:kernel-rt-devel, p-cpe:/a:rocky:linux:kernel-rt-modules, p-cpe:/a:rocky:linux:kernel-rt-modules-extra, p-cpe:/a:rocky:linux:kernel-tools, p-cpe:/a:rocky:linux:kernel-tools-debuginfo, p-cpe:/a:rocky:linux:kernel-tools-libs, p-cpe:/a:rocky:linux:kernel-tools-libs-devel, p-cpe:/a:rocky:linux:bpftool, p-cpe:/a:rocky:linux:bpftool-debuginfo, p-cpe:/a:rocky:linux:kernel, p-cpe:/a:rocky:linux:kernel-abi-stablelists, p-cpe:/a:rocky:linux:kernel-core, p-cpe:/a:rocky:linux:kernel-cross-headers, p-cpe:/a:rocky:linux:kernel-debug, p-cpe:/a:rocky:linux:kernel-debug-core, p-cpe:/a:rocky:linux:kernel-debug-debuginfo, p-cpe:/a:rocky:linux:kernel-debug-devel, p-cpe:/a:rocky:linux:kernel-debug-modules, p-cpe:/a:rocky:linux:kernel-debug-modules-extra, p-cpe:/a:rocky:linux:kernel-debuginfo, p-cpe:/a:rocky:linux:kernel-debuginfo-common-aarch64, p-cpe:/a:rocky:linux:kernel-debuginfo-common-x86_64, p-cpe:/a:rocky:linux:kernel-devel, p-cpe:/a:rocky:linux:kernel-headers, p-cpe:/a:rocky:linux:kernel-modules, p-cpe:/a:rocky:linux:kernel-modules-extra, p-cpe:/a:rocky:linux:kernel-rt, p-cpe:/a:rocky:linux:kernel-rt-core, p-cpe:/a:rocky:linux:kernel-rt-debug, p-cpe:/a:rocky:linux:kernel-rt-debug-core, p-cpe:/a:rocky:linux:kernel-rt-debug-debuginfo, p-cpe:/a:rocky:linux:kernel-rt-debug-devel, p-cpe:/a:rocky:linux:kernel-rt-debug-modules, p-cpe:/a:rocky:linux:perf, p-cpe:/a:rocky:linux:perf-debuginfo, p-cpe:/a:rocky:linux:python3-perf, p-cpe:/a:rocky:linux:python3-perf-debuginfo, cpe:/o:rocky:linux:8

Required KB Items: Host/local_checks_enabled, Host/cpu, Host/RockyLinux/release, Host/RockyLinux/rpm-list

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 11/16/2021

Vulnerability Publication Date: 3/20/2021

Reference Information

CVE: CVE-2021-0129, CVE-2021-28950, CVE-2021-3573, CVE-2021-3600, CVE-2021-3635