Detections
Analytics

MiracleLinux 8 : kernel-4.18.0-513.9.1.el8_9 (AXSA:2024-7403:01)

high Nessus Plugin ID 292548

Synopsis

The remote MiracleLinux host is missing one or more security updates.

Description

The remote MiracleLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2024-7403:01 advisory.

 kernel: bpf: Incorrect verifier pruning leads to unsafe code paths being incorrectly marked as safe (CVE-2023-2163) kernel: tun: bugs for oversize packet when napi frags enabled in tun_napi_alloc_frags (CVE-2023-3812) kernel: use after free in nvmet_tcp_free_crypto in NVMe (CVE-2023-5178) kernel: use-after-free due to race condition occurring in dvb_register_device() (CVE-2022-45884) kernel: use-after-free due to race condition occurring in dvb_net.c (CVE-2022-45886) kernel: use-after-free due to race condition occurring in dvb_ca_en50221.c (CVE-2022-45919) kernel: use-after-free in smb2_is_status_io_timeout() (CVE-2023-1192) CVE(s):
 CVE-2022-45884 CVE-2022-45886 CVE-2022-45919 CVE-2023-1192 CVE-2023-2163 CVE-2023-3812 CVE-2023-5178

Tenable has extracted the preceding description block directly from the MiracleLinux security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

Solution

Update the affected packages.

See Also

https://tsn.miraclelinux.com/en/node/18587

Plugin Details

Severity: High

ID: 292548

File Name: miracle_linux_AXSA-2024-7403.nasl

Version: 1.1

Type: local

Published: 1/20/2026

Updated: 1/20/2026

Supported Sensors: Nessus Agent, Nessus

Risk Information

VPR

Risk Factor: High

Score: 7.3

Vendor

Vendor Severity: High

CVSS v2

Risk Factor: High

Base Score: 9

Temporal Score: 7

Vector: CVSS2#AV:N/AC:L/Au:S/C:C/I:C/A:C

CVSS Score Source: CVE-2023-5178

CVSS v3

Risk Factor: High

Base Score: 8.8

Temporal Score: 7.9

Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Temporal Vector: CVSS:3.0/E:P/RL:O/RC:C

Vulnerability Information

CPE: p-cpe:/a:miracle:linux:kernel-modules, p-cpe:/a:miracle:linux:kernel-tools-libs-devel, p-cpe:/a:miracle:linux:kernel-devel, p-cpe:/a:miracle:linux:kernel-core, p-cpe:/a:miracle:linux:kernel-abi-stablelists, p-cpe:/a:miracle:linux:kernel-modules-extra, p-cpe:/a:miracle:linux:kernel-debug, p-cpe:/a:miracle:linux:kernel-tools-libs, p-cpe:/a:miracle:linux:perf, p-cpe:/a:miracle:linux:kernel-debug-modules, p-cpe:/a:miracle:linux:kernel-debug-devel, p-cpe:/a:miracle:linux:kernel-cross-headers, p-cpe:/a:miracle:linux:kernel-tools, cpe:/o:miracle:linux:8, p-cpe:/a:miracle:linux:kernel, p-cpe:/a:miracle:linux:python3-perf, p-cpe:/a:miracle:linux:bpftool, p-cpe:/a:miracle:linux:kernel-headers, p-cpe:/a:miracle:linux:kernel-debug-core, p-cpe:/a:miracle:linux:kernel-debug-modules-extra

Required KB Items: Host/local_checks_enabled, Host/cpu, Host/MiracleLinux/release, Host/MiracleLinux/rpm-list

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 1/16/2024

Vulnerability Publication Date: 9/4/2021

Reference Information

CVE: CVE-2022-45884, CVE-2022-45886, CVE-2022-45919, CVE-2023-1192, CVE-2023-2163, CVE-2023-3812, CVE-2023-5178