Detections
Analytics
Fedora 38 : kernel (2023-ee241dcf80)
medium Nessus Plugin ID 179732
Language:
Synopsis
The remote Fedora host is missing one or more security updates.Description
The remote Fedora 38 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2023-ee241dcf80 advisory.- A flaw was found in KVM AMD Secure Encrypted Virtualization (SEV) in the Linux kernel. A KVM guest using SEV-ES or SEV-SNP with multiple vCPUs can trigger a double fetch race condition vulnerability and invoke the `VMGEXIT` handler recursively. If an attacker manages to call the handler multiple times, they can trigger a stack overflow and cause a denial of service or potentially guest-to-host escape in kernel configurations without stack guard pages (`CONFIG_VMAP_STACK`). (CVE-2023-4155)
- A flaw was found in the exFAT driver of the Linux kernel. The vulnerability exists in the implementation of the file name reconstruction function, which is responsible for reading file name entries from a directory index and merging file name parts belonging to one file into a single long file name. Since the file name characters are copied into a stack variable, a local privileged attacker could use this flaw to overflow the kernel stack. (CVE-2023-4273)
- A flaw was found in the Linux kernel's TUN/TAP functionality. This issue could allow a local user to bypass network filters and gain unauthorized access to some resources. The original patches fixing CVE-2023-1076 are incorrect or incomplete. The problem is that the following upstream commits - a096ccca6e50 (tun: tun_chr_open(): correctly initialize socket uid), - 66b2c338adce (tap: tap_open():
correctly initialize socket uid), pass inode->i_uid to sock_init_data_uid() as the last parameter and that turns out to not be accurate. (CVE-2023-4194)
Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.
Solution
Update the affected kernel package.See Also
https://bodhi.fedoraproject.org/updates/FEDORA-2023-ee241dcf80
Plugin Details
Severity: Medium
ID: 179732
File Name: fedora_2023-ee241dcf80.nasl
Version: 1.6
Type: local
Agent: unix
Family: Fedora Local Security Checks
Published: 8/14/2023
Updated: 4/30/2024
Supported Sensors: Agentless Assessment, Frictionless Assessment Agent, Nessus Agent, Nessus
Risk Information
VPR
Risk Factor: Medium
Score: 6.7
CVSS v2
Risk Factor: Medium
Base Score: 6.5
Temporal Score: 5.1
Vector: CVSS2#AV:L/AC:L/Au:M/C:C/I:C/A:C
CVSS Score Source: CVE-2023-4273
CVSS v3
Risk Factor: Medium
Base Score: 6.7
Temporal Score: 6
Vector: CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Temporal Vector: CVSS:3.0/E:P/RL:O/RC:C
Vulnerability Information
CPE: cpe:/o:fedoraproject:fedora:38, p-cpe:/a:fedoraproject:fedora:kernel
Required KB Items: Host/local_checks_enabled, Host/RedHat/release, Host/RedHat/rpm-list
Exploit Available: true
Exploit Ease: Exploits are available
Patch Publication Date: 8/11/2023
Vulnerability Publication Date: 8/7/2023
Reference Information
CVE: CVE-2023-4128, CVE-2023-4155, CVE-2023-4194, CVE-2023-4273
FEDORA: 2023-ee241dcf80