Detections
Analytics

MiracleLinux 7 : kernel-3.10.0-327.28.2.el7 (AXSA:2016-647:05)

high Nessus Plugin ID 291575

Language:

Synopsis

The remote MiracleLinux host is missing one or more security updates.

Description

The remote MiracleLinux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2016-647:05 advisory.

 The kernel package contains the Linux kernel (vmlinuz), the core of any Linux operating system. The kernel handles the basic functions of the operating system: memory allocation, process allocation, device input and output, etc.
 Security issues fixed with this release:
 CVE-2015-8660 The ovl_setattr function in fs/overlayfs/inode.c in the Linux kernel through 4.3.3 attempts to merge distinct setattr operations, which allows local users to bypass intended access restrictions and modify the attributes of arbitrary overlay files via a crafted application.
 CVE-2016-2143 The fork implementation in the Linux kernel before 4.5 on s390 platforms mishandles the case of four page-table levels, which allows local users to cause a denial of service (system crash) or possibly have unspecified other impact via a crafted application, related to arch/s390/include/asm/mmu_context.h and arch/s390/include/asm/pgalloc.h.
 CVE-2016-4470 The key_reject_and_link function in security/keys/key.c in the Linux kernel through 4.6.3 does not ensure that a certain data structure is initialized, which allows local users to cause a denial of service (system crash) via vectors involving a crafted keyctl request2 command.
 Fixed bugs:
 * The glibc headers and the Linux headers share certain definitions of key structures that are required to be defined in kernel and in userspace. In some instances both userspace and sanitized kernel headers have to be included in order to get the structure definitions required by the user program. Unfortunately because the glibc and Linux headers don't coordinate this can result in compilation errors. The glibc headers have therefore been fixed to coordinate with Linux UAPI-based headers. With the header coordination compilation errors no longer occur.
 * When running the TCP/IPv6 traffic over the mlx4_en networking interface on the big endian architectures, call traces reporting about a hw csum failure could occur. With this update, the mlx4_en driver has been fixed by correction of the checksum calculation for the big endian architectures. As a result, the call trace error no longer appears in the log messages.
 * Under significant load, some applications such as logshifter could generate bursts of log messages too large for the system logger to spool. Due to a race condition, log messages from that application could then be lost even after the log volume dropped to manageable levels. This update fixes the kernel mechanism used to notify the transmitter end of the socket used by the system logger that more space is available on the receiver side, removing a race condition which previously caused the sender to stop transmitting new messages and allowing all log messages to be processed correctly.
 * Previously, after heavy open or close of the Accelerator Function Unit (AFU) contexts, the interrupt packet went out and the AFU context did not see any interrupts. Consequently, a kernel panic could occur.
 The provided patch set fixes handling of the interrupt requests, and kernel panic no longer occurs in the described situation.
 * net: recvfrom would fail on short buffer.
 These updated kernel packages include several security issues and numerous bug fixes, some of which you can see below.

Tenable has extracted the preceding description block directly from the MiracleLinux security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

Solution

Update the affected packages.

See Also

https://tsn.miraclelinux.com/en/node/7079

Plugin Details

Severity: High

ID: 291575

File Name: miracle_linux_AXSA-2016-647.nasl

Version: 1.1

Type: local

Published: 1/19/2026

Updated: 1/19/2026

Supported Sensors: Nessus Agent, Nessus

Risk Information

VPR

Risk Factor: Critical

Score: 9.6

Vendor

Vendor Severity: High

CVSS v2

Risk Factor: High

Base Score: 7.2

Temporal Score: 6.3

Vector: CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C

CVSS Score Source: CVE-2015-8660

CVSS v3

Risk Factor: High

Base Score: 7.8

Temporal Score: 7.5

Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Temporal Vector: CVSS:3.0/E:H/RL:O/RC:C

CVSS Score Source: CVE-2016-2143

Vulnerability Information

CPE: p-cpe:/a:miracle:linux:kernel-tools, cpe:/o:miracle:linux:7, p-cpe:/a:miracle:linux:kernel-debug, p-cpe:/a:miracle:linux:kernel-tools-libs, p-cpe:/a:miracle:linux:python-perf, p-cpe:/a:miracle:linux:perf, p-cpe:/a:miracle:linux:kernel, p-cpe:/a:miracle:linux:kernel-headers, p-cpe:/a:miracle:linux:kernel-abi-whitelists, p-cpe:/a:miracle:linux:kernel-debug-devel, p-cpe:/a:miracle:linux:kernel-devel

Required KB Items: Host/local_checks_enabled, Host/cpu, Host/MiracleLinux/release, Host/MiracleLinux/rpm-list

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 8/31/2016

Vulnerability Publication Date: 12/23/2015

Reference Information

CVE: CVE-2015-8660, CVE-2016-2143, CVE-2016-4470