RHEL 9 : kernel (RHSA-2023:6583)

high Nessus Plugin ID 194262

Language:

Synopsis

The remote Red Hat host is missing one or more security updates.

Description

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2023:6583 advisory.

- Kernel: race when faulting a device private page in memory manager (CVE-2022-3523)

- kernel: use-after-free in l1oip timer handlers (CVE-2022-3565)

- kernel: Rate limit overflow messages in r8152 in intr_callback (CVE-2022-3594)

- kernel: vmwgfx: use-after-free in vmw_cmd_res_check (CVE-2022-38457)

- kernel: vmwgfx: use-after-free in vmw_execbuf_tie_context (CVE-2022-40133)

- hw: Intel: Gather Data Sampling (GDS) side channel vulnerability (CVE-2022-40982)

- kernel: Information leak in l2cap_parse_conf_req in net/bluetooth/l2cap_core.c (CVE-2022-42895)

- kernel: x86/mm: Randomize per-cpu entry area (CVE-2023-0597)

- kernel: HID: check empty report_list in hid_validate_values() (CVE-2023-1073)

- kernel: sctp: fail if no bound addresses can be used for a given scope (CVE-2023-1074)

- kernel: net/tls: tls_is_tx_ready() checked list_entry (CVE-2023-1075)

- kernel: tap: tap_open(): correctly initialize socket uid (CVE-2023-1076)

- kernel: hid: Use After Free in asus_remove() (CVE-2023-1079)

- kernel: hash collisions in the IPv6 connection lookup table (CVE-2023-1206)

- kernel: missing mmap_lock in file_files_note that could possibly lead to a use after free in the coredump code (CVE-2023-1249)

- kernel: ovl: fix use after free in struct ovl_aio_req (CVE-2023-1252)

- Kernel: use-after-free in nfsd4_ssc_setup_dul in fs/nfsd/nfs4proc.c (CVE-2023-1652)

- kernel: use-after-free bug in remove function xgene_hwmon_remove (CVE-2023-1855)

- kernel: Use after free bug in btsdio_remove due to race condition (CVE-2023-1989)

- kernel: A possible deadlock in dm_get_inactive_table in dm- ioctl.c leads to dos (CVE-2023-2269)

- kernel: Use after free bug in r592_remove (CVE-2023-3141)

- kernel: fbcon: shift-out-of-bounds in fbcon_set_font() (CVE-2023-3161)

- kernel: gfs2: NULL pointer dereference in gfs2_evict_inode() (CVE-2023-3212)

- kernel: out-of-bounds access in relay_file_read (CVE-2023-3268)

- kernel: NULL pointer dereference due to missing kalloc() return value check in shtp_cl_get_dma_send_buf() (CVE-2023-3358)

- kernel: net/sched: cls_u32 component reference counter leak if tcf_change_indev() fails (CVE-2023-3609)

- kernel: xfrm: NULL pointer dereference in xfrm_update_ae_params() (CVE-2023-3772)

- kernel: xfrm: out-of-bounds read of XFRMA_MTIMER_THRESH nlattr (CVE-2023-3773)

- kernel: KVM: SEV-ES / SEV-SNP VMGEXIT double fetch vulnerability (CVE-2023-4155)

- kernel: tap: tap_open(): correctly initialize socket uid next fix of i_uid to current_fsuid (CVE-2023-4194)

- kernel: net/sched: Use-after-free vulnerabilities in the net/sched classifiers: cls_fw, cls_u32 and cls_route (CVE-2023-4206, CVE-2023-4207, CVE-2023-4208)

- kernel: exFAT: stack overflow in exfat_get_uniname_from_ext_entry (CVE-2023-4273)

- kernel: mpls: double free on sysctl allocation failure (CVE-2023-26545)

- kernel: KVM: nVMX: missing consistency checks for CR0 and CR4 (CVE-2023-30456)

- kernel: net: qcom/emac: race condition leading to use-after-free in emac_remove() (CVE-2023-33203)

- kernel: vmwgfx: race condition leading to information disclosure vulnerability (CVE-2023-33951)

- kernel: vmwgfx: double free within the handling of vmw_buffer_object objects (CVE-2023-33952)

- kernel: r592: race condition leading to use-after-free in r592_remove() (CVE-2023-35825)

- kernel: eBPF: insufficient stack type checks in dynptr (CVE-2023-39191)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

Solution

Update the affected packages.

Plugin Details

Severity: High

ID: 194262

File Name: redhat-RHSA-2023-6583.nasl

Version: 1.0

Type: local

Agent: unix

Family: Red Hat Local Security Checks

Published: 4/28/2024

Updated: 4/28/2024

Supported Sensors: Frictionless Assessment AWS, Frictionless Assessment Azure, Frictionless Assessment Agent, Nessus Agent, Agentless Assessment, Nessus

Risk Information

VPR

Risk Factor: High

Score: 7.3

CVSS v2

Risk Factor: High

Base Score: 7.2

Temporal Score: 5.6

Vector: CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C

CVSS Score Source: CVE-2023-1079

CVSS v3

Risk Factor: High

Base Score: 8.2

Temporal Score: 7.4

Vector: CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H

Temporal Vector: CVSS:3.0/E:P/RL:O/RC:C

CVSS Score Source: CVE-2023-39191

Vulnerability Information

CPE: cpe:/o:redhat:enterprise_linux:9, p-cpe:/a:redhat:enterprise_linux:bpftool, p-cpe:/a:redhat:enterprise_linux:kernel, p-cpe:/a:redhat:enterprise_linux:kernel-64k, p-cpe:/a:redhat:enterprise_linux:kernel-64k-core, p-cpe:/a:redhat:enterprise_linux:kernel-64k-debug, p-cpe:/a:redhat:enterprise_linux:kernel-64k-debug-core, p-cpe:/a:redhat:enterprise_linux:kernel-64k-debug-devel, p-cpe:/a:redhat:enterprise_linux:kernel-64k-debug-devel-matched, p-cpe:/a:redhat:enterprise_linux:kernel-64k-debug-modules, p-cpe:/a:redhat:enterprise_linux:kernel-64k-debug-modules-core, p-cpe:/a:redhat:enterprise_linux:kernel-64k-debug-modules-extra, p-cpe:/a:redhat:enterprise_linux:kernel-64k-devel, p-cpe:/a:redhat:enterprise_linux:kernel-64k-devel-matched, p-cpe:/a:redhat:enterprise_linux:kernel-64k-modules, p-cpe:/a:redhat:enterprise_linux:kernel-zfcpdump-modules, p-cpe:/a:redhat:enterprise_linux:kernel-zfcpdump-modules-core, p-cpe:/a:redhat:enterprise_linux:kernel-zfcpdump-modules-extra, p-cpe:/a:redhat:enterprise_linux:libperf, p-cpe:/a:redhat:enterprise_linux:perf, p-cpe:/a:redhat:enterprise_linux:python3-perf, p-cpe:/a:redhat:enterprise_linux:rtla, p-cpe:/a:redhat:enterprise_linux:rv, p-cpe:/a:redhat:enterprise_linux:kernel-64k-modules-core, p-cpe:/a:redhat:enterprise_linux:kernel-64k-modules-extra, p-cpe:/a:redhat:enterprise_linux:kernel-core, p-cpe:/a:redhat:enterprise_linux:kernel-cross-headers, p-cpe:/a:redhat:enterprise_linux:kernel-debug, p-cpe:/a:redhat:enterprise_linux:kernel-debug-core, p-cpe:/a:redhat:enterprise_linux:kernel-debug-devel, p-cpe:/a:redhat:enterprise_linux:kernel-debug-devel-matched, p-cpe:/a:redhat:enterprise_linux:kernel-debug-modules, p-cpe:/a:redhat:enterprise_linux:kernel-debug-modules-core, p-cpe:/a:redhat:enterprise_linux:kernel-debug-modules-extra, p-cpe:/a:redhat:enterprise_linux:kernel-debug-uki-virt, p-cpe:/a:redhat:enterprise_linux:kernel-devel, p-cpe:/a:redhat:enterprise_linux:kernel-devel-matched, p-cpe:/a:redhat:enterprise_linux:kernel-headers, p-cpe:/a:redhat:enterprise_linux:kernel-modules, p-cpe:/a:redhat:enterprise_linux:kernel-modules-core, p-cpe:/a:redhat:enterprise_linux:kernel-modules-extra, p-cpe:/a:redhat:enterprise_linux:kernel-rt, p-cpe:/a:redhat:enterprise_linux:kernel-rt-core, p-cpe:/a:redhat:enterprise_linux:kernel-rt-debug, p-cpe:/a:redhat:enterprise_linux:kernel-rt-debug-core, p-cpe:/a:redhat:enterprise_linux:kernel-rt-debug-devel, p-cpe:/a:redhat:enterprise_linux:kernel-rt-debug-kvm, p-cpe:/a:redhat:enterprise_linux:kernel-rt-debug-modules, p-cpe:/a:redhat:enterprise_linux:kernel-rt-debug-modules-core, p-cpe:/a:redhat:enterprise_linux:kernel-rt-debug-modules-extra, p-cpe:/a:redhat:enterprise_linux:kernel-rt-devel, p-cpe:/a:redhat:enterprise_linux:kernel-rt-kvm, p-cpe:/a:redhat:enterprise_linux:kernel-rt-modules, p-cpe:/a:redhat:enterprise_linux:kernel-rt-modules-core, p-cpe:/a:redhat:enterprise_linux:kernel-rt-modules-extra, p-cpe:/a:redhat:enterprise_linux:kernel-tools, p-cpe:/a:redhat:enterprise_linux:kernel-tools-libs, p-cpe:/a:redhat:enterprise_linux:kernel-tools-libs-devel, p-cpe:/a:redhat:enterprise_linux:kernel-uki-virt, p-cpe:/a:redhat:enterprise_linux:kernel-zfcpdump, p-cpe:/a:redhat:enterprise_linux:kernel-zfcpdump-core, p-cpe:/a:redhat:enterprise_linux:kernel-zfcpdump-devel, p-cpe:/a:redhat:enterprise_linux:kernel-zfcpdump-devel-matched

Required KB Items: Host/local_checks_enabled, Host/RedHat/release, Host/RedHat/rpm-list, Host/cpu

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 11/7/2023

Vulnerability Publication Date: 9/9/2022

Reference Information

CVE: CVE-2022-3523, CVE-2022-3565, CVE-2022-3594, CVE-2022-38457, CVE-2022-40133, CVE-2022-40982, CVE-2022-42895, CVE-2023-0597, CVE-2023-1073, CVE-2023-1074, CVE-2023-1075, CVE-2023-1076, CVE-2023-1079, CVE-2023-1206, CVE-2023-1249, CVE-2023-1252, CVE-2023-1652, CVE-2023-1855, CVE-2023-1989, CVE-2023-2269, CVE-2023-26545, CVE-2023-30456, CVE-2023-3141, CVE-2023-3161, CVE-2023-3212, CVE-2023-3268, CVE-2023-33203, CVE-2023-3358, CVE-2023-33951, CVE-2023-33952, CVE-2023-35825, CVE-2023-3609, CVE-2023-3772, CVE-2023-3773, CVE-2023-39191, CVE-2023-4155, CVE-2023-4194, CVE-2023-4206, CVE-2023-4207, CVE-2023-4208, CVE-2023-4273

CWE: 121, 125, 1335, 20, 200, 358, 367, 400, 401, 415, 416, 476, 667, 779, 787, 824, 843

RHSA: 2023:6583

Detections

Analytics

RHEL 9 : kernel (RHSA-2023:6583)

high Nessus Plugin ID 194262

Synopsis

Description

Solution

See Also

Plugin Details

Risk Information

VPR

CVSS v2

CVSS v3

Vulnerability Information

Reference Information