RHEL 8 : kernel (RHSA-2024:0930)

high Nessus Plugin ID 190828

Language:

Synopsis

The remote Red Hat host is missing one or more security updates for kernel.

Description

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2024:0930 advisory.

The kernel packages contain the Linux kernel, the core of any Linux operating system.

Security Fix(es):

* kernel: GSM multiplexing race condition leads to privilege escalation (CVE-2023-6546)

* kernel: malicious data for FBIOPUT_VSCREENINFO ioctl may cause OOB write memory (CVE-2021-33655)

* kernel: KVM: nVMX: missing IBPB when exiting from nested guest can lead to Spectre v2 attacks (CVE-2022-2196)

* kernel: media: em28xx: initialize refcount before kref_get (CVE-2022-3239)

* kernel: use-after-free after failed devlink reload in devlink_param_get (CVE-2022-3625)

* kernel: net/packet: slab-out-of-bounds access in packet_recvmsg() (CVE-2022-20368)

* hw: cpu: arm64: Spectre-BHB (CVE-2022-23960)

* kernel: use-after-free due to improper update of reference count in net/sched/cls_u32.c (CVE-2022-29581)

* kernel: vmwgfx: integer overflow in vmwgfx_execbuf.c (CVE-2022-36402)

* kernel: vmwgfx: NULL pointer dereference in vmw_cmd_dx_define_query (CVE-2022-38096)

* kernel: vmwgfx: use-after-free in vmw_cmd_res_check (CVE-2022-38457)

* kernel: vmwgfx: use-after-free in vmw_execbuf_tie_context (CVE-2022-40133)

* kernel: sctp: fail if no bound addresses can be used for a given scope (CVE-2023-1074)

* kernel: Out of boundary write in perf_read_group() as result of overflow a perf_event's read_size (CVE-2023-6931)

* kernel: KVM: nVMX: missing consistency checks for CR0 and CR4 (CVE-2023-30456)

* kernel: blocking operation in dvb_frontend_get_event and wait_event_interruptible (CVE-2023-31084)

* kernel: use-after-free in amdgpu_cs_wait_all_fences in drivers/gpu/drm/amd/amdgpu/amdgpu_cs.c (CVE-2023-51042)

* kernel: nf_tables: use-after-free vulnerability in the nft_verdict_init() function (CVE-2024-1086)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

Solution

Update the RHEL kernel package based on the guidance in RHSA-2024:0930.

Plugin Details

Severity: High

ID: 190828

File Name: redhat-RHSA-2024-0930.nasl

Version: 1.5

Type: local

Agent: unix

Family: Red Hat Local Security Checks

Published: 2/21/2024

Updated: 6/4/2024

Supported Sensors: Frictionless Assessment AWS, Frictionless Assessment Azure, Frictionless Assessment Agent, Nessus Agent, Agentless Assessment, Nessus

Risk Information

VPR

Risk Factor: Critical

Score: 9.6

CVSS v2

Risk Factor: High

Base Score: 7.2

Temporal Score: 6.3

Vector: CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C

CVSS Score Source: CVE-2022-29581

CVSS v3

Risk Factor: High

Base Score: 8.8

Temporal Score: 8.4

Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H

Temporal Vector: CVSS:3.0/E:H/RL:O/RC:C

CVSS Score Source: CVE-2022-2196

Vulnerability Information

CPE: p-cpe:/a:redhat:enterprise_linux:kernel-debug-core, p-cpe:/a:redhat:enterprise_linux:kernel-tools-libs-devel, p-cpe:/a:redhat:enterprise_linux:kernel-debug-devel, p-cpe:/a:redhat:enterprise_linux:kernel-core, p-cpe:/a:redhat:enterprise_linux:kernel-cross-headers, p-cpe:/a:redhat:enterprise_linux:kernel-tools-libs, p-cpe:/a:redhat:enterprise_linux:perf, p-cpe:/a:redhat:enterprise_linux:bpftool, p-cpe:/a:redhat:enterprise_linux:kernel-tools, p-cpe:/a:redhat:enterprise_linux:kernel-zfcpdump, p-cpe:/a:redhat:enterprise_linux:kernel-debug-modules-extra, p-cpe:/a:redhat:enterprise_linux:kernel-devel, p-cpe:/a:redhat:enterprise_linux:kernel-zfcpdump-core, p-cpe:/a:redhat:enterprise_linux:kernel, cpe:/o:redhat:enterprise_linux:8, p-cpe:/a:redhat:enterprise_linux:kernel-zfcpdump-modules-extra, p-cpe:/a:redhat:enterprise_linux:kernel-modules-extra, cpe:/o:redhat:rhel_eus:8.6, p-cpe:/a:redhat:enterprise_linux:kernel-modules, p-cpe:/a:redhat:enterprise_linux:kernel-zfcpdump-modules, p-cpe:/a:redhat:enterprise_linux:kernel-zfcpdump-devel, p-cpe:/a:redhat:enterprise_linux:kernel-debug-modules, p-cpe:/a:redhat:enterprise_linux:kernel-debug, p-cpe:/a:redhat:enterprise_linux:python3-perf

Required KB Items: Host/local_checks_enabled, Host/RedHat/release, Host/RedHat/rpm-list, Host/cpu

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 2/21/2024

Vulnerability Publication Date: 3/13/2022

CISA Known Exploited Vulnerability Due Dates: 6/20/2024

Exploitable With

Core Impact

Reference Information

CVE: CVE-2021-33655, CVE-2022-20368, CVE-2022-2196, CVE-2022-23960, CVE-2022-29581, CVE-2022-3239, CVE-2022-3625, CVE-2022-36402, CVE-2022-38096, CVE-2022-38457, CVE-2022-40133, CVE-2023-1074, CVE-2023-30456, CVE-2023-31084, CVE-2023-51042, CVE-2023-6546, CVE-2023-6931, CVE-2024-1086

CWE: 1188, 190, 358, 401, 416, 476, 787

RHSA: 2024:0930

Detections

Analytics