The remote Rocky Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2021:4356 advisory.

  - Improper access control in BlueZ may allow an authenticated user to potentially enable information     disclosure via adjacent access. (CVE-2021-0129)

  - A use-after-free in function hci_sock_bound_ioctl() of the Linux kernel HCI subsystem was found in the way     user calls ioct HCIUNBLOCKADDR or other way triggers race condition of the call hci_unregister_dev()     together with one of the calls hci_sock_blacklist_add(), hci_sock_blacklist_del(), hci_get_conn_info(),     hci_get_auth_info(). A privileged local user could use this flaw to crash the system or escalate their     privileges on the system. This flaw affects the Linux kernel versions prior to 5.13-rc5. (CVE-2021-3573)

  - A flaw was found in the Linux kernel netfilter implementation in versions prior to 5.5-rc7. A user with     root (CAP_SYS_ADMIN) access is able to panic the system when issuing netfilter netflow commands.
    (CVE-2021-3635)

  - An issue was discovered in fs/fuse/fuse_i.h in the Linux kernel before 5.11.8. A stall on CPU can occur     because a retry loop continually finds the same bad inode, aka CID-775c5033a0d1. (CVE-2021-28950)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

Detections

Analytics

Rocky Linux 8 : kernel (RLSA-2021:4356)

high Nessus Plugin ID 157815

Version 1.5

Version 1.4

Version 1.4

Version 1.5 Jan 16, 2024, 3:43 PM CVSSv3 severity (based on CVE-2021-3600, severity increased from "Medium" to "High") CVSSv3 score source (set to "CVE-2021-3600") CVSS metrics ("CVSSv3 score" set to 7.8. "CVSSv3 vector" set to "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H") Plugin Feed: 202401161543
Version 1.4 Jan 16, 2024, 1:47 PM CVSSv3 severity (based on CVE-2021-3600, severity increased from "Medium" to "High") CVSS metrics ("CVSSv3 score" set to 7.8) CVSS metrics ("CVSSv3 vector" set to "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H") CVSSv3 score source (set to "CVE-2021-3600") Plugin Feed: 202401161347
Version 1.4 Nov 9, 2023, 5:53 PM CVSS temporal metrics ("CVSSv2 temporal vector" set to "CVSS2#E:POC/RL:OF/RC:C". "CVSSv3 temporal vector" set to "CVSS:3.0/E:P/RL:O/RC:C") Exploit attributes ("Exploit available" set to "True". "Exploitability ease" changed from "No known exploits are available" to "Exploits are available") Plugin Feed: 202311091753