Detections
Analytics

MiracleLinux 3 : kernel-2.6.18-308.3.AXS3 (AXSA:2012-550:04)

high Nessus Plugin ID 284208

Synopsis

The remote MiracleLinux host is missing one or more security updates.

Description

The remote MiracleLinux 3 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2012-550:04 advisory.

 The kernel package contains the Linux kernel (vmlinuz), the core of any Linux operating system. The kernel handles the basic functions of the operating system: memory allocation, process allocation, device input and output, etc.
 Security issues fixed with this release:
 CVE-2012-1583 Double free vulnerability in the xfrm6_tunnel_rcv function in net/ipv6/xfrm6_tunnel.c in the Linux kernel before 2.6.22, when the xfrm6_tunnel module is enabled, allows remote attackers to cause a denial of service (panic) via crafted IPv6 packets.
 CVE-2012-0217 The x86-64 kernel system-call functionality in Xen 4.1.2 and earlier, as used in Citrix XenServer 6.0.2 and earlier and other products; Oracle Solaris 11 and earlier; illumos before r13724; Joyent SmartOS before 20120614T184600Z; FreeBSD before 9.0-RELEASE-p3; NetBSD 6.0 Beta and earlier; and Microsoft Windows Server 2008 R2 and R2 SP1 and Windows 7 Gold and SP1, when running on an Intel processor, incorrectly uses the sysret path in cases where a certain address is not a canonical address, which allows local users to gain privileges via a crafted application. NOTE: this description clearly does not belong in CVE, because a single entry cannot be about independent codebases; however, there was some value in preserving the original mapping of the multi-codebase coordinated-disclosure effort to a single identifier.
 CVE-2012-2136 CVE-2012-2934 No description available at the time of writing, please use the CVE links below.
 Fixed bugs:
 Some machines would hang at start up when nmi_watchdog=1 was added to the boot parameter. This has been fixed by disabling the i8042 driver.
 Improved the support of Intel Sandy Bridge GPUs.

Tenable has extracted the preceding description block directly from the MiracleLinux security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

Solution

Update the affected packages.

See Also

https://tsn.miraclelinux.com/en/node/3065

Plugin Details

Severity: High

ID: 284208

File Name: miracle_linux_AXSA-2012-550.nasl

Version: 1.1

Type: local

Published: 1/14/2026

Updated: 1/14/2026

Supported Sensors: Nessus Agent, Nessus

Risk Information

VPR

Risk Factor: Critical

Score: 9.5

Vendor

Vendor Severity: High

CVSS v2

Risk Factor: High

Base Score: 7.2

Temporal Score: 6.3

Vector: CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C

CVSS Score Source: CVE-2012-2136

CVSS v3

Risk Factor: High

Base Score: 7.8

Temporal Score: 7.5

Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Temporal Vector: CVSS:3.0/E:H/RL:O/RC:C

Vulnerability Information

CPE: p-cpe:/a:miracle:linux:kernel-devel, p-cpe:/a:miracle:linux:kernel, p-cpe:/a:miracle:linux:kernel-headers, cpe:/o:miracle:linux:3, p-cpe:/a:miracle:linux:kernel-pae, p-cpe:/a:miracle:linux:kernel-xen, p-cpe:/a:miracle:linux:kernel-pae-devel, p-cpe:/a:miracle:linux:kernel-xen-devel

Required KB Items: Host/local_checks_enabled, Host/cpu, Host/MiracleLinux/release, Host/MiracleLinux/rpm-list

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 7/23/2012

Vulnerability Publication Date: 4/17/2012

Exploitable With

CANVAS (CANVAS)

Core Impact

Reference Information

CVE: CVE-2012-0217, CVE-2012-1583, CVE-2012-2136, CVE-2012-2934