The remote AlmaLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALSA-2022:7933 advisory.

  - An issue was discovered in the Linux kernel through 5.16.11. The mixed IPID assignment method with the     hash-based IPID assignment policy allows an off-path attacker to inject data into a victim's TCP session     or terminate that session. (CVE-2020-36516)

  - A flaw use-after-free in function sco_sock_sendmsg() of the Linux kernel HCI subsystem was found in the     way user calls ioct UFFDIO_REGISTER or other way triggers race condition of the call sco_conn_del()     together with the call sco_sock_sendmsg() with the expected controllable faulting memory page. A     privileged local user could use this flaw to crash the system or escalate their privileges on the system.
    (CVE-2021-3640)

  - A denial of service (DOS) issue was found in the Linux kernel's smb2_ioctl_query_info function in the     fs/cifs/smb2ops.c Common Internet File System (CIFS) due to an incorrect return from the memdup_user     function. This flaw allows a local, privileged (CAP_SYS_ADMIN) attacker to crash the system.
    (CVE-2022-0168)

  - A flaw null pointer dereference in the Linux kernel UDF file system functionality was found in the way     user triggers udf_file_write_iter function for the malicious UDF image. A local user could use this flaw     to crash the system. Actual from Linux kernel 4.2-rc1 till 5.17-rc2. (CVE-2022-0617)

  - A memory leak flaw was found in the Linux kernel's DMA subsystem, in the way a user calls DMA_FROM_DEVICE.
    This flaw allows a local user to read random memory from the kernel space. (CVE-2022-0854)

  - A flaw was found in the Linux kernel in net/netfilter/nf_tables_core.c:nft_do_chain, which can cause a     use-after-free. This issue needs to handle 'return' with proper preconditions, as it can lead to a kernel     information leak problem caused by a local, unprivileged attacker. (CVE-2022-1016)

  - A use-after-free flaw was found in the Linux kernel's sound subsystem in the way a user triggers     concurrent calls of PCM hw_params. The hw_free ioctls or similar race condition happens inside ALSA PCM     for other ioctls. This flaw allows a local user to crash or potentially escalate their privileges on the     system. (CVE-2022-1048)

  - A use-after-free flaw was found in fs/ext4/namei.c:dx_insert_block() in the Linux kernel's filesystem sub-     component. This flaw allows a local attacker with a user privilege to cause a denial of service.
    (CVE-2022-1184)

  - A use-after-free vulnerability was found in drm_lease_held in drivers/gpu/drm/drm_lease.c in the Linux     kernel due to a race problem. This flaw allows a local user privilege attacker to cause a denial of     service (DoS) or a kernel information leak. (CVE-2022-1280)

  - A vulnerability was found in the pfkey_register function in net/key/af_key.c in the Linux kernel. This     flaw allows a local, unprivileged user to gain access to kernel memory, leading to a system crash or a     leak of internal kernel information. (CVE-2022-1353)

  - A use-after-free flaw was found in the Linux kernel's Atheros wireless adapter driver in the way a user     forces the ath9k_htc_wait_for_target function to fail with some input messages. This flaw allows a local     user to crash or potentially escalate their privileges on the system. (CVE-2022-1679)

  - A NULL pointer dereference flaw was found in the Linux kernel's KVM module, which can lead to a denial of     service in the x86_emulate_insn in arch/x86/kvm/emulate.c. This flaw occurs while executing an illegal     instruction in guest in the Intel CPU. (CVE-2022-1852)

  - A use after free in the Linux kernel File System notify functionality was found in the way user triggers     copy_info_records_to_user() call to fail in copy_event_to_user(). A local user could use this flaw to     crash the system or potentially escalate their privileges on the system. (CVE-2022-1998)

  - Product: AndroidVersions: Android kernelAndroid ID: A-224546354References: Upstream kernel     (CVE-2022-20368)

  - Incomplete cleanup of multi-core shared buffers for some Intel(R) Processors may allow an authenticated     user to potentially enable information disclosure via local access. (CVE-2022-21123)

  - Incomplete cleanup of microarchitectural fill buffers on some Intel(R) Processors may allow an     authenticated user to potentially enable information disclosure via local access. (CVE-2022-21125)

  - Incomplete cleanup in specific special register write operations for some Intel(R) Processors may allow an     authenticated user to potentially enable information disclosure via local access. (CVE-2022-21166)

  - KGDB and KDB allow read and write access to kernel memory, and thus should be restricted during lockdown.
    An attacker with access to a serial port could trigger the debugger so it is important that the debugger     respect the lockdown mode when/if it is triggered. (CVE-2022-21499)

  - AMD: CVE-2022-23816 AMD CPU Branch Type Confusion (CVE-2022-23816)

  - Aliases in the branch predictor may cause some AMD processors to predict the wrong branch type potentially     leading to information disclosure. (CVE-2022-23825)

  - An issue was discovered in fs/nfs/dir.c in the Linux kernel before 5.16.5. If an application sets the     O_DIRECTORY flag, and tries to open a regular file, nfs_atomic_open() performs a regular lookup. If a     regular file is found, ENOTDIR should occur, but the server instead returns uninitialized data in the file     descriptor. (CVE-2022-24448)

  - kernel: nf_tables cross-table potential use-after-free may lead to local privilege escalation     (CVE-2022-2586)

  - Non-transparent sharing of return predictor targets between contexts in some Intel(R) Processors may allow     an authorized user to potentially enable information disclosure via local access. (CVE-2022-26373)

  - An integer coercion error was found in the openvswitch kernel module. Given a sufficiently large number of     actions, while copying and reserving memory for a new action of a new flow, the reserve_sfa_size()     function does not return -EMSGSIZE as expected, potentially leading to an out-of-bounds write access. This     flaw allows a local user to crash or potentially escalate their privileges on the system. (CVE-2022-2639)

  - ems_usb_start_xmit in drivers/net/can/usb/ems_usb.c in the Linux kernel through 5.17.1 has a double free.
    (CVE-2022-28390)

  - The SUNRPC subsystem in the Linux kernel through 5.17.2 can call xs_xprt_free before ensuring that sockets     are in the intended state. (CVE-2022-28893)

  - Improper Update of Reference Count vulnerability in net/sched of Linux Kernel allows local attacker to     cause privilege escalation to root. This issue affects: Linux Kernel versions prior to 5.18; version 4.14     and later versions. (CVE-2022-29581)

  - Mis-trained branch predictions for return instructions may allow arbitrary speculative code execution     under certain microarchitecture-dependent conditions. (CVE-2022-29900)

  - Intel microprocessor generations 6 to 8 are affected by a new Spectre variant that is able to bypass their     retpoline mitigation in the kernel to leak arbitrary data. An attacker with unprivileged user access can     hijack return instructions to achieve arbitrary speculative code execution under certain     microarchitecture-dependent conditions. (CVE-2022-29901)

  - nfqnl_mangle in net/netfilter/nfnetlink_queue.c in the Linux kernel through 5.18.14 allows remote     attackers to cause a denial of service (panic) because, in the case of an nf_queue verdict with a one-byte     nfta_payload attribute, an skb_pull can encounter a negative skb->len. (CVE-2022-36946)

  - An issue was discovered in net/netfilter/nf_tables_api.c in the Linux kernel before 5.19.6. A denial of     service can occur upon binding to an already bound chain. (CVE-2022-39190)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

Detections

Analytics

AlmaLinux 9 : kernel-rt (ALSA-2022:7933)

high Nessus Plugin ID 167989

Version 1.5

Version 1.4

Version 1.3

Version 1.2

Version 1.5 Dec 13, 2022, 2:03 PM CVSS temporal metrics ("CVSSv2 temporal vector" set to "CVSS2#E:H/RL:OF/RC:C") CVSS temporal metrics ("CVSSv3 temporal vector" set to "CVSS:3.0/E:H/RL:O/RC:C") Exploit attributes ("Exploit available" set to "True") Exploit attributes ("Exploitability ease" changed from "No known exploits are available" to "Exploits are available") Exploit attributes ("Exploited by malware" set to "True") Plugin Feed: 202212131403
Version 1.4 Dec 5, 2022, 10:02 PM Reference Plugin Feed: 202212052202
Version 1.3 Nov 21, 2022, 1:49 PM CVSS metrics CVSSv2 score source (Changed from CVE-2022-39190 to CVE-2022-29581) CVSSv3 score source (Changed from None to CVE-2022-29581) CVSSv2 severity (Based on CVE-2022-29581 severity increased from Medium to High) Plugin Feed: 202211211349
Version 1.2 Nov 19, 2022, 7:45 PM New Plugin Feed: 202211191945