Detections
Analytics

MiracleLinux 8 : kernel-4.18.0-513.5.1.el8_9 (AXSA:2023-7313:32)

high Nessus Plugin ID 292841

Synopsis

The remote MiracleLinux host is missing one or more security updates.

Description

The remote MiracleLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2023-7313:32 advisory.

 * kernel: tun: avoid double free in tun_free_netdev (CVE-2022-4744)
 * kernel: net/sched: multiple vulnerabilities (CVE-2023-3609, CVE-2023-3611, CVE-2023-4128, CVE-2023-4206, CVE-2023-4207, CVE-2023-4208)
 * kernel: out-of-bounds write in qfq_change_class function (CVE-2023-31436)
 * kernel: out-of-bounds write in hw_atl_utils_fw_rpc_wait (CVE-2021-43975)
 * kernel: Rate limit overflow messages in r8152 in intr_callback (CVE-2022-3594)
 * kernel: use after free flaw in l2cap_conn_del (CVE-2022-3640)
 * kernel: double free in usb_8dev_start_xmit (CVE-2022-28388)
 * kernel: vmwgfx: multiple vulnerabilities (CVE-2022-38457, CVE-2022-40133, CVE-2023-33951, CVE-2023-33952)
 * hw: Intel: Gather Data Sampling (GDS) side channel vulnerability (CVE-2022-40982)
 * kernel: Information leak in l2cap_parse_conf_req (CVE-2022-42895)
 * kernel: KVM: multiple vulnerabilities (CVE-2022-45869, CVE-2023-4155, CVE-2023-30456)
 * kernel: memory leak in ttusb_dec_exit_dvb (CVE-2022-45887)
 * kernel: speculative pointer dereference in do_prlimit (CVE-2023-0458)
 * kernel: use-after-free due to race condition in qdisc_graft (CVE-2023-0590)
 * kernel: x86/mm: Randomize per-cpu entry area (CVE-2023-0597)
 * kernel: HID: check empty report_list in hid_validate_values (CVE-2023-1073)
 * kernel: sctp: fail if no bound addresses can be used for a given scope (CVE-2023-1074)
 * kernel: hid: Use After Free in asus_remove (CVE-2023-1079)
 * kernel: use-after-free in drivers/media/rc/ene_ir.c (CVE-2023-1118)
 * kernel: hash collisions in the IPv6 connection lookup table (CVE-2023-1206)
 * kernel: ovl: fix use after free in struct ovl_aio_req (CVE-2023-1252)
 * kernel: denial of service in tipc_conn_close (CVE-2023-1382)
 * kernel: Use after free bug in btsdio_remove due to race condition (CVE-2023-1989)
 * kernel: Spectre v2 SMT mitigations problem (CVE-2023-1998)
 * kernel: ext4: use-after-free in ext4_xattr_set_entry (CVE-2023-2513)
 * kernel: fbcon: shift-out-of-bounds in fbcon_set_font (CVE-2023-3161)
 * kernel: out-of-bounds access in relay_file_read (CVE-2023-3268)
 * kernel: xfrm: NULL pointer dereference in xfrm_update_ae_params (CVE-2023-3772)
 * kernel: smsusb: use-after-free caused by do_submit_urb (CVE-2023-4132)
 * kernel: Race between task migrating pages and another task calling exit_mmap (CVE-2023-4732)
 * Kernel: denial of service in atm_tc_enqueue due to type confusion (CVE-2023-23455)
 * kernel: mpls: double free on sysctl allocation failure (CVE-2023-26545)
 * kernel: Denial of service issue in az6027 driver (CVE-2023-28328)
 * kernel: lib/seq_buf.c has a seq_buf_putmem_hex buffer overflow (CVE-2023-28772)
 * kernel: blocking operation in dvb_frontend_get_event and wait_event_interruptible (CVE-2023-31084)
 * kernel: net: qcom/emac: race condition leading to use-after-free in emac_remove (CVE-2023-33203)
 * kernel: saa7134: race condition leading to use-after-free in saa7134_finidev (CVE-2023-35823)
 * kernel: dm1105: race condition leading to use-after-free in dm1105_remove.c (CVE-2023-35824)
 * kernel: r592: race condition leading to use-after-free in r592_remove (CVE-2023-35825)
 * kernel: net/tls: tls_is_tx_ready() checked list_entry (CVE-2023-1075)
 * kernel: use-after-free bug in remove function xgene_hwmon_remove (CVE-2023-1855)
 * kernel: Use after free bug in r592_remove (CVE-2023-3141)
 * kernel: gfs2: NULL pointer dereference in gfs2_evict_inode (CVE-2023-3212)

Tenable has extracted the preceding description block directly from the MiracleLinux security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

Solution

Update the affected packages.

See Also

https://tsn.miraclelinux.com/en/node/18497

Plugin Details

Severity: High

ID: 292841

File Name: miracle_linux_AXSA-2023-7313.nasl

Version: 1.1

Type: local

Published: 1/20/2026

Updated: 1/20/2026

Supported Sensors: Nessus Agent, Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 6.7

Vendor

Vendor Severity: High

CVSS v2

Risk Factor: Medium

Base Score: 4.6

Temporal Score: 3.6

Vector: CVSS2#AV:L/AC:L/Au:N/C:P/I:P/A:P

CVSS Score Source: CVE-2021-43975

CVSS v3

Risk Factor: High

Base Score: 8.8

Temporal Score: 7.9

Vector: CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Temporal Vector: CVSS:3.0/E:P/RL:O/RC:C

CVSS Score Source: CVE-2022-3640

Vulnerability Information

CPE: p-cpe:/a:miracle:linux:kernel-modules, p-cpe:/a:miracle:linux:kernel-tools-libs-devel, p-cpe:/a:miracle:linux:kernel-devel, p-cpe:/a:miracle:linux:kernel-core, p-cpe:/a:miracle:linux:kernel-abi-stablelists, p-cpe:/a:miracle:linux:kernel-modules-extra, p-cpe:/a:miracle:linux:kernel-debug, p-cpe:/a:miracle:linux:kernel-tools-libs, p-cpe:/a:miracle:linux:perf, p-cpe:/a:miracle:linux:kernel-debug-modules, p-cpe:/a:miracle:linux:kernel-debug-devel, p-cpe:/a:miracle:linux:kernel-cross-headers, p-cpe:/a:miracle:linux:kernel-tools, cpe:/o:miracle:linux:8, p-cpe:/a:miracle:linux:kernel, p-cpe:/a:miracle:linux:python3-perf, p-cpe:/a:miracle:linux:bpftool, p-cpe:/a:miracle:linux:kernel-headers, p-cpe:/a:miracle:linux:kernel-debug-core, p-cpe:/a:miracle:linux:kernel-debug-modules-extra

Required KB Items: Host/local_checks_enabled, Host/cpu, Host/MiracleLinux/release, Host/MiracleLinux/rpm-list

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 12/27/2023

Vulnerability Publication Date: 7/21/2021

Reference Information

CVE: CVE-2021-43975, CVE-2022-28388, CVE-2022-3594, CVE-2022-3640, CVE-2022-38457, CVE-2022-40133, CVE-2022-40982, CVE-2022-42895, CVE-2022-45869, CVE-2022-45887, CVE-2022-4744, CVE-2023-0458, CVE-2023-0590, CVE-2023-0597, CVE-2023-1073, CVE-2023-1074, CVE-2023-1075, CVE-2023-1079, CVE-2023-1118, CVE-2023-1206, CVE-2023-1252, CVE-2023-1382, CVE-2023-1855, CVE-2023-1989, CVE-2023-1998, CVE-2023-23455, CVE-2023-2513, CVE-2023-26545, CVE-2023-28328, CVE-2023-28772, CVE-2023-30456, CVE-2023-31084, CVE-2023-3141, CVE-2023-31436, CVE-2023-3161, CVE-2023-3212, CVE-2023-3268, CVE-2023-33203, CVE-2023-33951, CVE-2023-33952, CVE-2023-35823, CVE-2023-35824, CVE-2023-3609, CVE-2023-3611, CVE-2023-3772, CVE-2023-4132, CVE-2023-4155, CVE-2023-4206, CVE-2023-4207, CVE-2023-4208, CVE-2023-4732