RHEL 9 : kernel (RHSA-2023:6583)

high Nessus Plugin ID 194262

Synopsis

The remote Red Hat host is missing one or more security updates.

Description

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2023:6583 advisory.

The kernel packages contain the Linux kernel, the core of any Linux operating system.

Security Fix(es):

* kernel: net/sched: cls_u32 component reference counter leak if tcf_change_indev() fails (CVE-2023-3609)

* kernel: net/sched: Use-after-free vulnerabilities in the net/sched classifiers: cls_fw, cls_u32 and cls_route (CVE-2023-4128, CVE-2023-4206, CVE-2023-4207, CVE-2023-4208)

* kernel: eBPF: insufficient stack type checks in dynptr (CVE-2023-39191)

* Kernel: race when faulting a device private page in memory manager (CVE-2022-3523)

* kernel: use-after-free in l1oip timer handlers (CVE-2022-3565)

* kernel: Rate limit overflow messages in r8152 in intr_callback (CVE-2022-3594)

* kernel: vmwgfx: use-after-free in vmw_cmd_res_check (CVE-2022-38457)

* kernel: vmwgfx: use-after-free in vmw_execbuf_tie_context (CVE-2022-40133)

* hw: Intel: Gather Data Sampling (GDS) side channel vulnerability (CVE-2022-40982)

* kernel: Information leak in l2cap_parse_conf_req in net/bluetooth/l2cap_core.c (CVE-2022-42895)

* kernel: x86/mm: Randomize per-cpu entry area (CVE-2023-0597)

* kernel: HID: check empty report_list in hid_validate_values() (CVE-2023-1073)

* kernel: sctp: fail if no bound addresses can be used for a given scope (CVE-2023-1074)

* kernel: hid: Use After Free in asus_remove() (CVE-2023-1079)

* kernel: hash collisions in the IPv6 connection lookup table (CVE-2023-1206)

* kernel: ovl: fix use after free in struct ovl_aio_req (CVE-2023-1252)

* Kernel: use-after-free in nfsd4_ssc_setup_dul in fs/nfsd/nfs4proc.c (CVE-2023-1652)

* kernel: Use after free bug in btsdio_remove due to race condition (CVE-2023-1989)

* kernel: fbcon: shift-out-of-bounds in fbcon_set_font() (CVE-2023-3161)

* kernel: out-of-bounds access in relay_file_read (CVE-2023-3268)

* kernel: xfrm: NULL pointer dereference in xfrm_update_ae_params() (CVE-2023-3772)

* kernel: xfrm: out-of-bounds read of XFRMA_MTIMER_THRESH nlattr (CVE-2023-3773)

* kernel: KVM: SEV-ES / SEV-SNP VMGEXIT double fetch vulnerability (CVE-2023-4155)

* kernel: exFAT: stack overflow in exfat_get_uniname_from_ext_entry (CVE-2023-4273)

* kernel: mpls: double free on sysctl allocation failure (CVE-2023-26545)

* kernel: KVM: nVMX: missing consistency checks for CR0 and CR4 (CVE-2023-30456)

* kernel: net: qcom/emac: race condition leading to use-after-free in emac_remove() (CVE-2023-33203)

* kernel: vmwgfx: race condition leading to information disclosure vulnerability (CVE-2023-33951)

* kernel: vmwgfx: double free within the handling of vmw_buffer_object objects (CVE-2023-33952)

* kernel: r592: race condition leading to use-after-free in r592_remove() (CVE-2023-35825)

* kernel: net/tls: tls_is_tx_ready() checked list_entry (CVE-2023-1075)

* kernel: tap: tap_open(): correctly initialize socket uid (CVE-2023-1076)

* kernel: missing mmap_lock in file_files_note that could possibly lead to a use after free in the coredump code (CVE-2023-1249)

* kernel: use-after-free bug in remove function xgene_hwmon_remove (CVE-2023-1855)

* kernel: Use after free bug in r592_remove (CVE-2023-3141)

* kernel: gfs2: NULL pointer dereference in gfs2_evict_inode() (CVE-2023-3212)

* kernel: NULL pointer dereference due to missing kalloc() return value check in shtp_cl_get_dma_send_buf() (CVE-2023-3358)

* kernel: tap: tap_open(): correctly initialize socket uid next fix of i_uid to current_fsuid (CVE-2023-4194)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Additional Changes:

For detailed information on changes in this release, see the Red Hat Enterprise Linux 9.3 Release Notes linked from the References section.

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

Solution

Update the affected packages.

See Also

https://access.redhat.com/security/updates/classification/#important

http://www.nessus.org/u?619e5320

http://www.nessus.org/u?d8766dc0

https://access.redhat.com/solutions/7027704

https://bugzilla.redhat.com/show_bug.cgi?id=2008229

https://bugzilla.redhat.com/show_bug.cgi?id=2063818

https://bugzilla.redhat.com/show_bug.cgi?id=2090016

https://bugzilla.redhat.com/show_bug.cgi?id=2133453

https://bugzilla.redhat.com/show_bug.cgi?id=2133455

https://bugzilla.redhat.com/show_bug.cgi?id=2140017

https://bugzilla.redhat.com/show_bug.cgi?id=2143906

https://bugzilla.redhat.com/show_bug.cgi?id=2147356

https://bugzilla.redhat.com/show_bug.cgi?id=2149024

https://bugzilla.redhat.com/show_bug.cgi?id=2150953

https://bugzilla.redhat.com/show_bug.cgi?id=2165926

https://bugzilla.redhat.com/show_bug.cgi?id=2169343

https://bugzilla.redhat.com/show_bug.cgi?id=2169719

https://bugzilla.redhat.com/show_bug.cgi?id=2170423

https://bugzilla.redhat.com/show_bug.cgi?id=2172087

https://bugzilla.redhat.com/show_bug.cgi?id=2173403

https://bugzilla.redhat.com/show_bug.cgi?id=2173430

https://bugzilla.redhat.com/show_bug.cgi?id=2173434

https://bugzilla.redhat.com/show_bug.cgi?id=2173435

https://bugzilla.redhat.com/show_bug.cgi?id=2173444

https://bugzilla.redhat.com/show_bug.cgi?id=2174224

https://bugzilla.redhat.com/show_bug.cgi?id=2175323

https://bugzilla.redhat.com/show_bug.cgi?id=2175903

https://bugzilla.redhat.com/show_bug.cgi?id=2176140

https://bugzilla.redhat.com/show_bug.cgi?id=2176554

https://bugzilla.redhat.com/show_bug.cgi?id=2178302

https://bugzilla.redhat.com/show_bug.cgi?id=2178741

https://bugzilla.redhat.com/show_bug.cgi?id=2179877

https://bugzilla.redhat.com/show_bug.cgi?id=2180124

https://bugzilla.redhat.com/show_bug.cgi?id=2181134

https://bugzilla.redhat.com/show_bug.cgi?id=2181272

https://bugzilla.redhat.com/show_bug.cgi?id=2181277

https://bugzilla.redhat.com/show_bug.cgi?id=2182031

https://bugzilla.redhat.com/show_bug.cgi?id=2182443

https://bugzilla.redhat.com/show_bug.cgi?id=2183556

https://bugzilla.redhat.com/show_bug.cgi?id=2184476

https://bugzilla.redhat.com/show_bug.cgi?id=2184578

https://bugzilla.redhat.com/show_bug.cgi?id=2185945

https://bugzilla.redhat.com/show_bug.cgi?id=2188468

https://bugzilla.redhat.com/show_bug.cgi?id=2189292

https://bugzilla.redhat.com/show_bug.cgi?id=2192667

https://bugzilla.redhat.com/show_bug.cgi?id=2203922

https://bugzilla.redhat.com/show_bug.cgi?id=2207969

https://bugzilla.redhat.com/show_bug.cgi?id=2209707

https://bugzilla.redhat.com/show_bug.cgi?id=2213199

https://bugzilla.redhat.com/show_bug.cgi?id=2213485

https://bugzilla.redhat.com/show_bug.cgi?id=2213802

https://bugzilla.redhat.com/show_bug.cgi?id=2214348

https://bugzilla.redhat.com/show_bug.cgi?id=2215362

https://bugzilla.redhat.com/show_bug.cgi?id=2215429

https://bugzilla.redhat.com/show_bug.cgi?id=2215502

https://bugzilla.redhat.com/show_bug.cgi?id=2215837

https://bugzilla.redhat.com/show_bug.cgi?id=2217459

https://bugzilla.redhat.com/show_bug.cgi?id=2217659

https://bugzilla.redhat.com/show_bug.cgi?id=2217964

https://bugzilla.redhat.com/show_bug.cgi?id=2218195

https://bugzilla.redhat.com/show_bug.cgi?id=2218212

https://bugzilla.redhat.com/show_bug.cgi?id=2218682

https://bugzilla.redhat.com/show_bug.cgi?id=2218844

https://bugzilla.redhat.com/show_bug.cgi?id=2218943

https://bugzilla.redhat.com/show_bug.cgi?id=2218944

https://bugzilla.redhat.com/show_bug.cgi?id=2221609

https://bugzilla.redhat.com/show_bug.cgi?id=2223719

https://bugzilla.redhat.com/show_bug.cgi?id=2223949

https://bugzilla.redhat.com/show_bug.cgi?id=2225201

https://bugzilla.redhat.com/show_bug.cgi?id=2225511

https://bugzilla.redhat.com/show_bug.cgi?id=2226783

https://bugzilla.redhat.com/show_bug.cgi?id=2229498

https://issues.redhat.com/browse/RHEL-406

https://access.redhat.com/errata/RHSA-2023:6583

Plugin Details

Severity: High

ID: 194262

File Name: redhat-RHSA-2023-6583.nasl

Version: 1.2

Type: local

Agent: unix

Published: 4/28/2024

Updated: 11/7/2024

Supported Sensors: Frictionless Assessment AWS, Frictionless Assessment Azure, Frictionless Assessment Agent, Nessus Agent, Agentless Assessment, Continuous Assessment, Nessus

Risk Information

VPR

Risk Factor: High

Score: 7.3

Vendor

Vendor Severity: Important

CVSS v2

Risk Factor: High

Base Score: 7.2

Temporal Score: 5.6

Vector: CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C

CVSS Score Source: CVE-2023-1079

CVSS v3

Risk Factor: High

Base Score: 8.2

Temporal Score: 7.4

Vector: CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H

Temporal Vector: CVSS:3.0/E:P/RL:O/RC:C

CVSS Score Source: CVE-2023-39191

Vulnerability Information

CPE: p-cpe:/a:redhat:enterprise_linux:kernel-debug-modules-core, p-cpe:/a:redhat:enterprise_linux:bpftool, p-cpe:/a:redhat:enterprise_linux:kernel-rt-modules-core, p-cpe:/a:redhat:enterprise_linux:kernel-rt-debug, p-cpe:/a:redhat:enterprise_linux:kernel-debug-devel, p-cpe:/a:redhat:enterprise_linux:kernel-zfcpdump-modules, p-cpe:/a:redhat:enterprise_linux:kernel-debug, p-cpe:/a:redhat:enterprise_linux:kernel-tools, p-cpe:/a:redhat:enterprise_linux:kernel-modules, p-cpe:/a:redhat:enterprise_linux:kernel-debug-modules, p-cpe:/a:redhat:enterprise_linux:kernel-rt-modules, p-cpe:/a:redhat:enterprise_linux:kernel-64k-debug-modules-core, p-cpe:/a:redhat:enterprise_linux:kernel-debug-core, p-cpe:/a:redhat:enterprise_linux:perf, p-cpe:/a:redhat:enterprise_linux:kernel-64k-modules-core, p-cpe:/a:redhat:enterprise_linux:kernel-64k-debug-modules-extra, p-cpe:/a:redhat:enterprise_linux:kernel-rt-debug-modules-extra, p-cpe:/a:redhat:enterprise_linux:kernel-rt, p-cpe:/a:redhat:enterprise_linux:kernel-rt-debug-devel, p-cpe:/a:redhat:enterprise_linux:kernel-zfcpdump, p-cpe:/a:redhat:enterprise_linux:kernel-devel, p-cpe:/a:redhat:enterprise_linux:python3-perf, p-cpe:/a:redhat:enterprise_linux:kernel-rt-modules-extra, p-cpe:/a:redhat:enterprise_linux:kernel-rt-core, p-cpe:/a:redhat:enterprise_linux:kernel-64k, p-cpe:/a:redhat:enterprise_linux:kernel, p-cpe:/a:redhat:enterprise_linux:rtla, p-cpe:/a:redhat:enterprise_linux:kernel-rt-debug-kvm, p-cpe:/a:redhat:enterprise_linux:kernel-tools-libs, p-cpe:/a:redhat:enterprise_linux:kernel-uki-virt, p-cpe:/a:redhat:enterprise_linux:libperf, p-cpe:/a:redhat:enterprise_linux:kernel-devel-matched, p-cpe:/a:redhat:enterprise_linux:kernel-64k-debug-core, p-cpe:/a:redhat:enterprise_linux:kernel-core, cpe:/o:redhat:enterprise_linux:9, p-cpe:/a:redhat:enterprise_linux:kernel-rt-debug-core, p-cpe:/a:redhat:enterprise_linux:kernel-64k-debug-devel-matched, p-cpe:/a:redhat:enterprise_linux:kernel-headers, p-cpe:/a:redhat:enterprise_linux:kernel-debug-devel-matched, p-cpe:/a:redhat:enterprise_linux:kernel-tools-libs-devel, p-cpe:/a:redhat:enterprise_linux:kernel-cross-headers, p-cpe:/a:redhat:enterprise_linux:kernel-rt-debug-modules, p-cpe:/a:redhat:enterprise_linux:kernel-zfcpdump-devel-matched, p-cpe:/a:redhat:enterprise_linux:rv, p-cpe:/a:redhat:enterprise_linux:kernel-modules-extra, p-cpe:/a:redhat:enterprise_linux:kernel-modules-core, p-cpe:/a:redhat:enterprise_linux:kernel-debug-uki-virt, p-cpe:/a:redhat:enterprise_linux:kernel-rt-kvm, p-cpe:/a:redhat:enterprise_linux:kernel-debug-modules-extra, p-cpe:/a:redhat:enterprise_linux:kernel-64k-devel, p-cpe:/a:redhat:enterprise_linux:kernel-zfcpdump-modules-extra, p-cpe:/a:redhat:enterprise_linux:kernel-64k-core, p-cpe:/a:redhat:enterprise_linux:kernel-64k-modules, p-cpe:/a:redhat:enterprise_linux:kernel-zfcpdump-core, p-cpe:/a:redhat:enterprise_linux:kernel-rt-devel, p-cpe:/a:redhat:enterprise_linux:kernel-64k-debug-modules, p-cpe:/a:redhat:enterprise_linux:kernel-rt-debug-modules-core, p-cpe:/a:redhat:enterprise_linux:kernel-64k-debug-devel, p-cpe:/a:redhat:enterprise_linux:kernel-zfcpdump-modules-core, p-cpe:/a:redhat:enterprise_linux:kernel-64k-modules-extra, p-cpe:/a:redhat:enterprise_linux:kernel-64k-debug, p-cpe:/a:redhat:enterprise_linux:kernel-zfcpdump-devel, p-cpe:/a:redhat:enterprise_linux:kernel-64k-devel-matched

Required KB Items: Host/local_checks_enabled, Host/RedHat/release, Host/RedHat/rpm-list, Host/cpu

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 11/7/2023

Vulnerability Publication Date: 9/9/2022

Reference Information

CVE: CVE-2021-47515, CVE-2022-3523, CVE-2022-3565, CVE-2022-3594, CVE-2022-38457, CVE-2022-40133, CVE-2022-40982, CVE-2022-42895, CVE-2023-0597, CVE-2023-1073, CVE-2023-1074, CVE-2023-1075, CVE-2023-1076, CVE-2023-1079, CVE-2023-1206, CVE-2023-1249, CVE-2023-1252, CVE-2023-1652, CVE-2023-1855, CVE-2023-1989, CVE-2023-2269, CVE-2023-26545, CVE-2023-30456, CVE-2023-3141, CVE-2023-3161, CVE-2023-3212, CVE-2023-3268, CVE-2023-33203, CVE-2023-3358, CVE-2023-33951, CVE-2023-33952, CVE-2023-35825, CVE-2023-3609, CVE-2023-3772, CVE-2023-3773, CVE-2023-39191, CVE-2023-4155, CVE-2023-4194, CVE-2023-4206, CVE-2023-4207, CVE-2023-4208, CVE-2023-4273, CVE-2023-52707, CVE-2024-0443

CWE: 121, 125, 1335, 20, 200, 358, 367, 400, 401, 402, 415, 416, 476, 667, 779, 787, 824, 843, 863

RHSA: 2023:6583