Detections
Analytics
RHEL 8 : kernel (RHSA-2024:1404)
high Nessus Plugin ID 192277
Language:
Synopsis
The remote Red Hat host is missing one or more security updates for kernel.Description
The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2024:1404 advisory.- kernel: out-of-bounds write in hw_atl_utils_fw_rpc_wait() in drivers/net/ethernet/aquantia/atlantic/hw_atl/hw_atl_utils.c (CVE-2021-43975)
- kernel: nfp: use-after-free in area_cache_get() (CVE-2022-3545)
- kernel: Rate limit overflow messages in r8152 in intr_callback (CVE-2022-3594)
- kernel: tun: avoid double free in tun_free_netdev (CVE-2022-4744)
- kernel: double free in usb_8dev_start_xmit in drivers/net/can/usb/usb_8dev.c (CVE-2022-28388)
- kernel: vmwgfx: integer overflow in vmwgfx_execbuf.c (CVE-2022-36402)
- kernel: vmwgfx: NULL pointer dereference in vmw_cmd_dx_define_query (CVE-2022-38096)
- kernel: vmwgfx: use-after-free in vmw_cmd_res_check (CVE-2022-38457)
- kernel: vmwgfx: use-after-free in vmw_execbuf_tie_context (CVE-2022-40133)
- kernel: null-ptr-deref vulnerabilities in sl_tx_timeout in drivers/net/slip (CVE-2022-41858)
- kernel: KVM: x86/mmu: race condition in direct_page_fault() (CVE-2022-45869)
- kernel: memory leak in ttusb_dec_exit_dvb() in media/usb/ttusb-dec/ttusb_dec.c (CVE-2022-45887)
- kernel: denial of service in tipc_conn_close (CVE-2023-1382)
- kernel: NULL pointer dereference in can_rcv_filter (CVE-2023-2166)
- kernel: Slab-out-of-bound read in compare_netdev_and_ip (CVE-2023-2176)
- kernel: use-after-free in sch_qfq network scheduler (CVE-2023-4921)
- kernel: vmwgfx: reference count issue leads to use-after-free in surface handling (CVE-2023-5633)
- kernel: Out-Of-Bounds Read vulnerability in smbCalcSize (CVE-2023-6606)
- kernel: OOB Access in smb2_dump_detail (CVE-2023-6610)
- kernel: inactive elements in nft_pipapo_walk (CVE-2023-6817)
- kernel: Out of boundary write in perf_read_group() as result of overflow a perf_event's read_size (CVE-2023-6931)
- kernel: use-after-free in IPv4 IGMP (CVE-2023-6932)
- kernel: refcount leak in ctnetlink_create_conntrack() (CVE-2023-7192)
- kernel: lib/seq_buf.c has a seq_buf_putmem_hex buffer overflow (CVE-2023-28772)
- kernel: KVM: nVMX: missing consistency checks for CR0 and CR4 (CVE-2023-30456)
- kernel: blocking operation in dvb_frontend_get_event and wait_event_interruptible (CVE-2023-31084)
- kernel: vmwgfx: race condition leading to information disclosure vulnerability (CVE-2023-33951)
- kernel: vmwgfx: double free within the handling of vmw_buffer_object objects (CVE-2023-33952)
- kernel: use-after-free in l2cap_sock_release in net/bluetooth/l2cap_sock.c (CVE-2023-40283)
- kernel: drivers/usb/storage/ene_ub6250.c (CVE-2023-45862)
- kernel: use-after-free in amdgpu_cs_wait_all_fences in drivers/gpu/drm/amd/amdgpu/amdgpu_cs.c (CVE-2023-51042)
- kernel: use-after-free during a race condition between a nonblocking atomic commit and a driver unload in drivers/gpu/drm/drm_atomic.c (CVE-2023-51043)
- kernel: CIFS Filesystem Decryption Improper Input Validation Remote Code Execution Vulnerability in function receive_encrypted_standard of client (CVE-2024-0565)
- kernel: ktls overwrites readonly memory pages when using function splice with a ktls socket as destination (CVE-2024-0646)
- kernel: nf_tables: use-after-free vulnerability in the nft_verdict_init() function (CVE-2024-1086)
Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.
Solution
Update the RHEL kernel package based on the guidance in RHSA-2024:1404.See Also
http://www.nessus.org/u?7b89ac3c
https://access.redhat.com/security/updates/classification/#important
https://bugzilla.redhat.com/show_bug.cgi?id=2024989
https://bugzilla.redhat.com/show_bug.cgi?id=2073091
https://bugzilla.redhat.com/show_bug.cgi?id=2133451
https://bugzilla.redhat.com/show_bug.cgi?id=2133452
https://bugzilla.redhat.com/show_bug.cgi?id=2133453
https://bugzilla.redhat.com/show_bug.cgi?id=2133455
https://bugzilla.redhat.com/show_bug.cgi?id=2144379
https://bugzilla.redhat.com/show_bug.cgi?id=2148520
https://bugzilla.redhat.com/show_bug.cgi?id=2149024
https://bugzilla.redhat.com/show_bug.cgi?id=2151317
https://bugzilla.redhat.com/show_bug.cgi?id=2156322
https://bugzilla.redhat.com/show_bug.cgi?id=2161310
https://bugzilla.redhat.com/show_bug.cgi?id=2177371
https://bugzilla.redhat.com/show_bug.cgi?id=2181330
https://bugzilla.redhat.com/show_bug.cgi?id=2187813
https://bugzilla.redhat.com/show_bug.cgi?id=2187931
https://bugzilla.redhat.com/show_bug.cgi?id=2188468
https://bugzilla.redhat.com/show_bug.cgi?id=2213139
https://bugzilla.redhat.com/show_bug.cgi?id=2218195
https://bugzilla.redhat.com/show_bug.cgi?id=2218212
https://bugzilla.redhat.com/show_bug.cgi?id=2231800
https://bugzilla.redhat.com/show_bug.cgi?id=2244715
https://bugzilla.redhat.com/show_bug.cgi?id=2245514
https://bugzilla.redhat.com/show_bug.cgi?id=2245663
https://bugzilla.redhat.com/show_bug.cgi?id=2252731
https://bugzilla.redhat.com/show_bug.cgi?id=2253611
https://bugzilla.redhat.com/show_bug.cgi?id=2253614
https://bugzilla.redhat.com/show_bug.cgi?id=2253908
https://bugzilla.redhat.com/show_bug.cgi?id=2255139
https://bugzilla.redhat.com/show_bug.cgi?id=2255283
https://bugzilla.redhat.com/show_bug.cgi?id=2256279
https://bugzilla.redhat.com/show_bug.cgi?id=2258518
https://bugzilla.redhat.com/show_bug.cgi?id=2259866
https://bugzilla.redhat.com/show_bug.cgi?id=2260005
Plugin Details
Severity: High
ID: 192277
File Name: redhat-RHSA-2024-1404.nasl
Version: 1.2
Type: local
Agent: unix
Family: Red Hat Local Security Checks
Published: 3/19/2024
Updated: 4/23/2024
Supported Sensors: Frictionless Assessment AWS, Frictionless Assessment Azure, Frictionless Assessment Agent, Nessus Agent, Agentless Assessment, Nessus
Risk Information
VPR
Risk Factor: Critical
Score: 9.5
CVSS v2
Risk Factor: Medium
Base Score: 4.6
Temporal Score: 4
Vector: CVSS2#AV:L/AC:L/Au:N/C:P/I:P/A:P
CVSS Score Source: CVE-2021-43975
CVSS v3
Risk Factor: High
Base Score: 7.8
Temporal Score: 7.5
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Temporal Vector: CVSS:3.0/E:H/RL:O/RC:C
CVSS Score Source: CVE-2024-1086
Vulnerability Information
CPE: cpe:/o:redhat:rhel_eus:8.8, p-cpe:/a:redhat:enterprise_linux:bpftool, p-cpe:/a:redhat:enterprise_linux:kernel, p-cpe:/a:redhat:enterprise_linux:kernel-core, p-cpe:/a:redhat:enterprise_linux:kernel-cross-headers, p-cpe:/a:redhat:enterprise_linux:kernel-debug, p-cpe:/a:redhat:enterprise_linux:kernel-debug-core, p-cpe:/a:redhat:enterprise_linux:kernel-debug-devel, p-cpe:/a:redhat:enterprise_linux:kernel-debug-modules, p-cpe:/a:redhat:enterprise_linux:kernel-debug-modules-extra, p-cpe:/a:redhat:enterprise_linux:kernel-devel, p-cpe:/a:redhat:enterprise_linux:kernel-modules, p-cpe:/a:redhat:enterprise_linux:kernel-modules-extra, p-cpe:/a:redhat:enterprise_linux:kernel-tools, p-cpe:/a:redhat:enterprise_linux:kernel-tools-libs, p-cpe:/a:redhat:enterprise_linux:kernel-tools-libs-devel, p-cpe:/a:redhat:enterprise_linux:kernel-zfcpdump, p-cpe:/a:redhat:enterprise_linux:kernel-zfcpdump-core, p-cpe:/a:redhat:enterprise_linux:kernel-zfcpdump-devel, p-cpe:/a:redhat:enterprise_linux:kernel-zfcpdump-modules, p-cpe:/a:redhat:enterprise_linux:kernel-zfcpdump-modules-extra, p-cpe:/a:redhat:enterprise_linux:perf, p-cpe:/a:redhat:enterprise_linux:python3-perf
Required KB Items: Host/local_checks_enabled, Host/RedHat/release, Host/RedHat/rpm-list, Host/cpu
Exploit Available: true
Exploit Ease: Exploits are available
Patch Publication Date: 3/19/2024
Vulnerability Publication Date: 11/9/2021
Reference Information
CVE: CVE-2021-43975, CVE-2022-28388, CVE-2022-3545, CVE-2022-3594, CVE-2022-36402, CVE-2022-38096, CVE-2022-38457, CVE-2022-40133, CVE-2022-41858, CVE-2022-45869, CVE-2022-45887, CVE-2022-4744, CVE-2023-1382, CVE-2023-2166, CVE-2023-2176, CVE-2023-28772, CVE-2023-30456, CVE-2023-31084, CVE-2023-33951, CVE-2023-33952, CVE-2023-40283, CVE-2023-45862, CVE-2023-4921, CVE-2023-51042, CVE-2023-51043, CVE-2023-5633, CVE-2023-6606, CVE-2023-6610, CVE-2023-6817, CVE-2023-6931, CVE-2023-6932, CVE-2023-7192, CVE-2024-0565, CVE-2024-0646, CVE-2024-1086