Detections
Analytics

MiracleLinux 9 : kernel-5.14.0-427.37.1.el9_4 (AXSA:2024-8865:31)

high Nessus Plugin ID 292775

Synopsis

The remote MiracleLinux host is missing one or more security updates.

Description

The remote MiracleLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2024-8865:31 advisory.

 * kernel: uio: Fix use-after-free in uio_open (CVE-2023-52439)
 * kernel: net/sched: act_mirred: don't override retval if we already lost the skb (CVE-2024-26739)
 * kernel: ARM: 9359/1: flush: check if the folio is reserved for no-mapping addresses (CVE-2024-26947)
 * kernel: scsi: qla2xxx: Fix command flush on cable pull (CVE-2024-26931)
 * kernel: scsi: qla2xxx: Fix double free of the ha->vp_map pointer (CVE-2024-26930)
 * kernel: scsi: qla2xxx: Fix double free of fcport (CVE-2024-26929)
 * kernel: fork: defer linking file vma until vma is fully initialized (CVE-2024-27022)
 * kernel: KVM: x86/mmu: x86: Don't overflow lpage_info when checking attributes (CVE-2024-26991)
 * kernel: bpf, sockmap: Prevent lock inversion deadlock in map delete elem (CVE-2024-35895)
 * kernel: tty: n_gsm: fix possible out-of-bounds in gsm0_receive() (CVE-2024-36016)
 * kernel: gpiolib: cdev: Fix use after free in lineinfo_changed_notify (CVE-2024-36899)
 * kernel: cpufreq: exit() callback is optional (CVE-2024-38615)
 * kernel: ring-buffer: Fix a race between readers and resize checks (CVE-2024-38601)
 * kernel: cppc_cpufreq: Fix possible null pointer dereference (CVE-2024-38573)
 * kernel: gfs2: Fix potential glock use-after-free on unmount (CVE-2024-38570)
 * kernel: wifi: nl80211: Avoid address calculations via out of bounds array indexing (CVE-2024-38562)
 * kernel: Input: cyapa - add missing input core locking to suspend/resume functions (CVE-2023-52884)
 * kernel: ACPICA: Revert ACPICA: avoid Info: mapping multiple BARs. Your kernel is fine.
 (CVE-2024-40984)
 * kernel: wifi: mac80211: Avoid address calculations via out of bounds array indexing (CVE-2024-41071)
 * kernel: wifi: mt76: replace skb_put with skb_put_zero (CVE-2024-42225)
 * kernel: net, sunrpc: Remap EPERM in case of connection failure in xs_tcp_setup_socket (CVE-2024-42246)

Tenable has extracted the preceding description block directly from the MiracleLinux security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

Solution

Update the affected packages.

See Also

https://tsn.miraclelinux.com/en/node/20049

Plugin Details

Severity: High

ID: 292775

File Name: miracle_linux_AXSA-2024-8865.nasl

Version: 1.1

Type: local

Published: 1/20/2026

Updated: 1/20/2026

Supported Sensors: Nessus Agent, Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 6.7

Vendor

Vendor Severity: High

CVSS v2

Risk Factor: Medium

Base Score: 6.8

Temporal Score: 5

Vector: CVSS2#AV:A/AC:H/Au:N/C:C/I:C/A:C

CVSS Score Source: CVE-2024-42225

CVSS v3

Risk Factor: High

Base Score: 7.8

Temporal Score: 6.8

Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Temporal Vector: CVSS:3.0/E:U/RL:O/RC:C

CVSS Score Source: CVE-2024-38570

Vulnerability Information

CPE: p-cpe:/a:miracle:linux:kernel-debug, p-cpe:/a:miracle:linux:kernel-debug-devel, p-cpe:/a:miracle:linux:kernel-tools, cpe:/o:miracle:linux:9, p-cpe:/a:miracle:linux:kernel-debug-core, p-cpe:/a:miracle:linux:kernel-tools-libs, p-cpe:/a:miracle:linux:kernel-cross-headers, p-cpe:/a:miracle:linux:kernel-debug-modules-extra, p-cpe:/a:miracle:linux:bpftool, p-cpe:/a:miracle:linux:rtla, p-cpe:/a:miracle:linux:kernel-modules-core, p-cpe:/a:miracle:linux:kernel-debug-uki-virt, p-cpe:/a:miracle:linux:kernel-debug-modules, p-cpe:/a:miracle:linux:kernel, p-cpe:/a:miracle:linux:kernel-devel-matched, p-cpe:/a:miracle:linux:kernel-abi-stablelists, p-cpe:/a:miracle:linux:perf, p-cpe:/a:miracle:linux:libperf, p-cpe:/a:miracle:linux:kernel-debug-modules-core, p-cpe:/a:miracle:linux:kernel-devel, p-cpe:/a:miracle:linux:kernel-uki-virt, p-cpe:/a:miracle:linux:kernel-debug-devel-matched, p-cpe:/a:miracle:linux:kernel-headers, p-cpe:/a:miracle:linux:kernel-core, p-cpe:/a:miracle:linux:kernel-modules, p-cpe:/a:miracle:linux:kernel-tools-libs-devel, p-cpe:/a:miracle:linux:kernel-modules-extra, p-cpe:/a:miracle:linux:rv, p-cpe:/a:miracle:linux:python3-perf

Required KB Items: Host/local_checks_enabled, Host/cpu, Host/MiracleLinux/release, Host/MiracleLinux/rpm-list

Exploit Ease: No known exploits are available

Patch Publication Date: 9/30/2024

Vulnerability Publication Date: 9/4/2021

Reference Information

CVE: CVE-2023-52439, CVE-2023-52884, CVE-2024-26739, CVE-2024-26930, CVE-2024-26931, CVE-2024-26947, CVE-2024-26991, CVE-2024-27022, CVE-2024-35895, CVE-2024-36016, CVE-2024-36899, CVE-2024-38562, CVE-2024-38570, CVE-2024-38573, CVE-2024-38601, CVE-2024-38615, CVE-2024-40984, CVE-2024-42225, CVE-2024-42246