The remote Oracle Linux 7 / 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2023-12206 advisory.

  - An issue was discovered in the Linux kernel through 6.0.10. l2cap_config_req in net/bluetooth/l2cap_core.c     has an integer wraparound via L2CAP_CONF_REQ packets. (CVE-2022-45934)

  - cbq_classify in net/sched/sch_cbq.c in the Linux kernel through 6.1.4 allows attackers to cause a denial     of service (slab-out-of-bounds read) because of type confusion (non-negative numbers can sometimes     indicate a TC_ACT_SHOT condition rather than valid classification results). (CVE-2023-23454)

  - In drivers/media/dvb-core/dmxdev.c in the Linux kernel through 5.19.10, there is a use-after-free caused     by refcount races, affecting dvb_demux_open and dvb_dmxdev_release. (CVE-2022-41218)

  - An issue was discovered in the Linux kernel through 6.0.9. drivers/media/dvb-core/dvbdev.c has a use-     after-free, related to dvb_register_device dynamically allocating fops. (CVE-2022-45884)

  - In the Linux kernel before 6.1.6, a NULL pointer dereference bug in the traffic control subsystem allows     an unprivileged user to trigger a denial of service (system crash) via a crafted traffic control     configuration that is set up with tc qdisc and tc class commands. This affects qdisc_graft in     net/sched/sch_api.c. (CVE-2022-47929)

  - An issue was discovered in the Linux kernel through 6.0.9. drivers/media/dvb-core/dvb_frontend.c has a     race condition that can cause a use-after-free when a device is disconnected. (CVE-2022-45885)

  - An issue was discovered in the Linux kernel through 6.0.9. drivers/media/dvb-core/dvb_net.c has a     .disconnect versus dvb_device_open race condition that leads to a use-after-free. (CVE-2022-45886)

  - atm_tc_enqueue in net/sched/sch_atm.c in the Linux kernel through 6.1.4 allows attackers to cause a denial     of service because of type confusion (non-negative numbers can sometimes indicate a TC_ACT_SHOT condition     rather than valid classification results). (CVE-2023-23455)

  - An out-of-bounds memory access flaw was found in the Linux kernel Intel's iSMT SMBus host controller     driver in the way a user triggers the I2C_SMBUS_BLOCK_DATA (with the ioctl I2C_SMBUS) with malicious input     data. This flaw allows a local user to crash the system. (CVE-2022-2873)

  - An issue was discovered in the Linux kernel through 6.0.9. drivers/media/usb/ttusb-dec/ttusb_dec.c has a     memory leak because of the lack of a dvb_frontend_detach call. (CVE-2022-45887)

  - A NULL pointer dereference flaw was found in rawv6_push_pending_frames in net/ipv6/raw.c in the network     subcomponent in the Linux kernel. This flaw causes the system to crash. (CVE-2023-0394)

  - An issue was discovered in the Linux kernel through 6.0.10. In drivers/media/dvb-core/dvb_ca_en50221.c, a     use-after-free can occur is there is a disconnect after an open, because of the lack of a wait_event.
    (CVE-2022-45919)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

Detections

Analytics

Oracle Linux 7 / 8 : Unbreakable Enterprise kernel (ELSA-2023-12206)

high Nessus Plugin ID 173058

Version 1.2

Version 1.1

Version 1.0

Version 1.2 Sep 16, 2023, 2:14 AM Detection Plugin Feed: 202309160214
Version 1.1 Apr 21, 2023, 2:04 PM CVSS temporal metrics ("CVSSv2 temporal vector" set to "CVSS2#E:POC/RL:OF/RC:C". "CVSSv2 temporal vector" set to "CVSS2#E:POC/RL:OF/RC:C". "CVSSv2 temporal vector" set to "CVSS2#E:POC/RL:OF/RC:C". "CVSSv2 temporal vector" set to "CVSS2#E:POC/RL:OF/RC:C". "CVSSv3 temporal vector" set to "CVSS:3.0/E:P/RL:O/RC:C". "CVSSv3 temporal vector" set to "CVSS:3.0/E:P/RL:O/RC:C". "CVSSv3 temporal vector" set to "CVSS:3.0/E:P/RL:O/RC:C") Exploit attributes ("Exploit available" set to "True". "Exploit available" set to "True". "Exploit available" set to "True". "Exploit available" set to "True". "Exploitability ease" changed from "No known exploits are available" to "Exploits are available". "Exploitability ease" changed from "No known exploits are available" to "Exploits are available". "Exploitability ease" changed from "No known exploits are available" to "Exploits are available") Plugin Feed: 202304211404
Version 1.0 Mar 21, 2023, 10:07 PM New Plugin Feed: 202303212207