Detections
Analytics

CentOS 9 : kernel-5.14.0-347.el9

critical Nessus Plugin ID 191192

Language:

Synopsis

The remote CentOS host is missing one or more security updates for bpftool.

Description

The remote CentOS Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the kernel-5.14.0-347.el9 build changelog.

 - A stack overflow flaw was found in the Linux kernel's TIPC protocol functionality in the way a user sends a packet with malicious content where the number of domain member nodes is higher than the 64 allowed.
 This flaw allows a remote user to crash the system or possibly escalate their privileges if they have access to the TIPC network. (CVE-2022-0435)

 - An issue was discovered in net/tipc/crypto.c in the Linux kernel before 5.14.16. The Transparent Inter- Process Communication (TIPC) functionality allows remote attackers to exploit insufficient validation of user-supplied sizes for the MSG_CRYPTO message type. (CVE-2021-43267)

 - A vulnerability was found in Linux kernel, where a use-after-frees in nouveau's postclose() handler could happen if removing device (that is not common to remove video card physically without power-off, but same happens if unbind the driver). (CVE-2020-27820)

 - An issue was discovered in the Linux kernel through 5.16.11. The mixed IPID assignment method with the hash-based IPID assignment policy allows an off-path attacker to inject data into a victim's TCP session or terminate that session. (CVE-2020-36516)

 - A flaw in the processing of received ICMP errors (ICMP fragment needed and ICMP redirect) in the Linux kernel functionality was found to allow the ability to quickly scan open UDP ports. This flaw allows an off-path remote user to effectively bypass the source port UDP randomization. The highest threat from this vulnerability is to confidentiality and possibly integrity, because software that relies on UDP source port randomization are indirectly affected as well. (CVE-2021-20322)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

Solution

Update the CentOS 9 Stream bpftool package.

See Also

https://kojihub.stream.centos.org/koji/buildinfo?buildID=35523

Plugin Details

Severity: Critical

ID: 191192

File Name: centos9_kernel-5_14_0-347.nasl

Version: 1.12

Type: local

Agent: unix

Published: 2/29/2024

Updated: 9/25/2025

Supported Sensors: Frictionless Assessment AWS, Frictionless Assessment Azure, Frictionless Assessment Agent, Nessus Agent, Agentless Assessment, Continuous Assessment, Nessus

Risk Information

VPR

Risk Factor: Critical

Score: 9.8

CVSS v2

Risk Factor: High

Base Score: 9

Temporal Score: 7.8

Vector: CVSS2#AV:N/AC:L/Au:S/C:C/I:C/A:C

CVSS Score Source: CVE-2022-0435

CVSS v3

Risk Factor: Critical

Base Score: 9.8

Temporal Score: 9.4

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Temporal Vector: CVSS:3.0/E:H/RL:O/RC:C

CVSS Score Source: CVE-2021-43267

Vulnerability Information

CPE: p-cpe:/a:centos:centos:kernel, p-cpe:/a:centos:centos:kernel-debug, p-cpe:/a:centos:centos:kernel-tools-libs-devel, p-cpe:/a:centos:centos:kernel-debug-core, p-cpe:/a:centos:centos:kernel-debug-modules, p-cpe:/a:centos:centos:kernel-modules, p-cpe:/a:centos:centos:kernel-rt, p-cpe:/a:centos:centos:kernel-rt-core, p-cpe:/a:centos:centos:kernel-rt-debug-devel, p-cpe:/a:centos:centos:kernel-rt-modules-extra, p-cpe:/a:centos:centos:kernel-rt-debug-kvm, p-cpe:/a:centos:centos:kernel-64k-debug, p-cpe:/a:centos:centos:kernel-64k-debug-core, p-cpe:/a:centos:centos:kernel-64k-debug-modules, p-cpe:/a:centos:centos:kernel-64k-debug-modules-internal, p-cpe:/a:centos:centos:kernel-64k-debug-modules-partner, p-cpe:/a:centos:centos:kernel-64k-devel-matched, p-cpe:/a:centos:centos:kernel-64k-modules, p-cpe:/a:centos:centos:kernel-64k-modules-core, p-cpe:/a:centos:centos:kernel-64k-modules-internal, p-cpe:/a:centos:centos:kernel-debug-devel-matched, p-cpe:/a:centos:centos:kernel-debug-modules-core, p-cpe:/a:centos:centos:kernel-debug-modules-internal, p-cpe:/a:centos:centos:kernel-debug-modules-partner, p-cpe:/a:centos:centos:kernel-debug-uki-virt, p-cpe:/a:centos:centos:kernel-devel-matched, p-cpe:/a:centos:centos:kernel-ipaclones-internal, p-cpe:/a:centos:centos:kernel-modules-internal, p-cpe:/a:centos:centos:kernel-rt-debug-devel-matched, p-cpe:/a:centos:centos:kernel-rt-debug-modules-internal, p-cpe:/a:centos:centos:kernel-rt-debug-modules-partner, p-cpe:/a:centos:centos:kernel-rt-devel-matched, p-cpe:/a:centos:centos:kernel-rt-modules-partner, p-cpe:/a:centos:centos:kernel-selftests-internal, p-cpe:/a:centos:centos:kernel-zfcpdump, p-cpe:/a:centos:centos:kernel-zfcpdump-modules, p-cpe:/a:centos:centos:kernel-zfcpdump-modules-core, p-cpe:/a:centos:centos:kernel-zfcpdump-modules-partner, p-cpe:/a:centos:centos:libperf, p-cpe:/a:centos:centos:libperf-devel, p-cpe:/a:centos:centos:rv, p-cpe:/a:centos:centos:kernel-devel, p-cpe:/a:centos:centos:kernel-headers, p-cpe:/a:centos:centos:kernel-debug-devel, p-cpe:/a:centos:centos:perf, p-cpe:/a:centos:centos:kernel-tools, p-cpe:/a:centos:centos:kernel-tools-libs, p-cpe:/a:centos:centos:bpftool, p-cpe:/a:centos:centos:kernel-core, p-cpe:/a:centos:centos:kernel-cross-headers, p-cpe:/a:centos:centos:kernel-debug-modules-extra, p-cpe:/a:centos:centos:kernel-modules-extra, p-cpe:/a:centos:centos:python3-perf, p-cpe:/a:centos:centos:kernel-abi-stablelists, p-cpe:/a:centos:centos:kernel-rt-debug, p-cpe:/a:centos:centos:kernel-rt-debug-core, p-cpe:/a:centos:centos:kernel-rt-debug-modules, p-cpe:/a:centos:centos:kernel-rt-debug-modules-extra, p-cpe:/a:centos:centos:kernel-rt-devel, p-cpe:/a:centos:centos:kernel-rt-modules, p-cpe:/a:centos:centos:kernel-rt-kvm, cpe:/a:centos:centos:9, p-cpe:/a:centos:centos:kernel-64k, p-cpe:/a:centos:centos:kernel-64k-core, p-cpe:/a:centos:centos:kernel-64k-debug-devel, p-cpe:/a:centos:centos:kernel-64k-debug-devel-matched, p-cpe:/a:centos:centos:kernel-64k-debug-modules-core, p-cpe:/a:centos:centos:kernel-64k-debug-modules-extra, p-cpe:/a:centos:centos:kernel-64k-devel, p-cpe:/a:centos:centos:kernel-64k-modules-extra, p-cpe:/a:centos:centos:kernel-64k-modules-partner, p-cpe:/a:centos:centos:kernel-modules-core, p-cpe:/a:centos:centos:kernel-modules-partner, p-cpe:/a:centos:centos:kernel-rt-debug-modules-core, p-cpe:/a:centos:centos:kernel-rt-modules-core, p-cpe:/a:centos:centos:kernel-rt-modules-internal, p-cpe:/a:centos:centos:kernel-uki-virt, p-cpe:/a:centos:centos:kernel-zfcpdump-core, p-cpe:/a:centos:centos:kernel-zfcpdump-devel, p-cpe:/a:centos:centos:kernel-zfcpdump-devel-matched, p-cpe:/a:centos:centos:kernel-zfcpdump-modules-extra, p-cpe:/a:centos:centos:kernel-zfcpdump-modules-internal, p-cpe:/a:centos:centos:rtla

Required KB Items: Host/local_checks_enabled, Host/cpu, Host/CentOS/release, Host/CentOS/rpm-list

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 7/28/2023

Vulnerability Publication Date: 1/11/2021

CISA Known Exploited Vulnerability Due Dates: 5/2/2022, 5/16/2022, 4/20/2023, 7/17/2024, 9/11/2024, 7/8/2025

Exploitable With

CANVAS (CANVAS)

Core Impact

Metasploit (vmwgfx Driver File Descriptor Handling Priv Esc)

Reference Information

CVE: CVE-2020-27820, CVE-2020-36516, CVE-2021-20322, CVE-2021-22600, CVE-2021-26341, CVE-2021-26401, CVE-2021-33655, CVE-2021-3669, CVE-2021-3744, CVE-2021-3759, CVE-2021-3764, CVE-2021-3772, CVE-2021-3773, CVE-2021-4001, CVE-2021-4002, CVE-2021-4028, CVE-2021-4083, CVE-2021-4155, CVE-2021-41864, CVE-2021-4197, CVE-2021-4203, CVE-2021-43267, CVE-2021-43389, CVE-2021-44733, CVE-2022-0001, CVE-2022-0002, CVE-2022-0185, CVE-2022-0330, CVE-2022-0435, CVE-2022-0492, CVE-2022-0617, CVE-2022-0742, CVE-2022-0847, CVE-2022-0854, CVE-2022-0995, CVE-2022-1011, CVE-2022-1012, CVE-2022-1015, CVE-2022-1016, CVE-2022-1462, CVE-2022-1679, CVE-2022-1729, CVE-2022-1882, CVE-2022-1998, CVE-2022-20141, CVE-2022-2078, CVE-2022-21123, CVE-2022-21125, CVE-2022-21166, CVE-2022-21499, CVE-2022-21505, CVE-2022-2196, CVE-2022-22942, CVE-2022-23825, CVE-2022-23960, CVE-2022-24122, CVE-2022-25636, CVE-2022-2585, CVE-2022-2586, CVE-2022-2590, CVE-2022-26373, CVE-2022-27666, CVE-2022-28390, CVE-2022-2873, CVE-2022-2959, CVE-2022-2964, CVE-2022-29900, CVE-2022-29901, CVE-2022-3028, CVE-2022-30594, CVE-2022-3077, CVE-2022-33743, CVE-2022-34918, CVE-2022-3564, CVE-2022-3594, CVE-2022-3619, CVE-2022-3628, CVE-2022-36946, CVE-2022-39188, CVE-2022-4129, CVE-2022-4139, CVE-2022-41674, CVE-2022-4269, CVE-2022-42703, CVE-2022-42720, CVE-2022-42721, CVE-2022-42722, CVE-2022-42895, CVE-2022-42896, CVE-2022-43750, CVE-2022-4378, CVE-2022-4379, CVE-2022-43945, CVE-2022-4744, CVE-2023-0179, CVE-2023-0266, CVE-2023-0386, CVE-2023-0394, CVE-2023-0458, CVE-2023-0590, CVE-2023-1079, CVE-2023-1249, CVE-2023-1252, CVE-2023-1637, CVE-2023-1652, CVE-2023-1989, CVE-2023-2002, CVE-2023-2124, CVE-2023-2194, CVE-2023-2235, CVE-2023-26545, CVE-2023-28466, CVE-2023-3090, CVE-2023-31248, CVE-2023-31436, CVE-2023-3161, CVE-2023-3212, CVE-2023-32233, CVE-2023-35001, CVE-2023-35788

IAVA: 2025-A-0456