Detections
Analytics

MiracleLinux 9 : kernel-5.14.0-362.18.1.el9_3 (AXSA:2024-7499:06)

high Nessus Plugin ID 293644

Synopsis

The remote MiracleLinux host is missing one or more security updates.

Description

The remote MiracleLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2024-7499:06 advisory.

 kernel: tun: bugs for oversize packet when napi frags enabled in tun_napi_alloc_frags (CVE-2023-3812) kernel: use after free in unix_stream_sendpage (CVE-2023-4622) kernel: net/sched: sch_hfsc UAF (CVE-2023-4623) kernel: use after free in nvmet_tcp_free_crypto in NVMe (CVE-2023-5178) kernel: vmwgfx: reference count issue leads to use-after-free in surface handling (CVE-2023-5633) kernel: netfilter: potential slab-out-of-bound access due to integer underflow (CVE-2023-42753) kernel: nfp: use-after-free in area_cache_get() (CVE-2022-3545) kernel: vmwgfx: integer overflow in vmwgfx_execbuf.c (CVE-2022-36402) kernel: null-ptr-deref vulnerabilities in sl_tx_timeout in drivers/net/slip (CVE-2022-41858) kernel: NULL pointer dereference in can_rcv_filter (CVE-2023-2166) kernel: Slab-out-of-bound read in compare_netdev_and_ip (CVE-2023-2176) kernel: use-after-free in netfilter: nf_tables (CVE-2023-3777) kernel: use after free in nft_immediate_deactivate (CVE-2023-4015) kernel: fbcon: out-of-sync arrays in fbcon_mode_deleted due to wrong con2fb_map assignment (CVE-2023-38409) kernel: use-after-free in l2cap_sock_release in net/bluetooth/l2cap_sock.c (CVE-2023-40283) kernel: SEV-ES local priv escalation (CVE-2023-46813) kernel: NULL pointer dereference in dpll_pin_parent_pin_set() in drivers/dpll/dpll_netlink.c (CVE-2023-6679)

Tenable has extracted the preceding description block directly from the MiracleLinux security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

Solution

Update the affected packages.

See Also

https://tsn.miraclelinux.com/en/node/18683

Plugin Details

Severity: High

ID: 293644

File Name: miracle_linux_AXSA-2024-7499.nasl

Version: 1.1

Type: local

Published: 1/20/2026

Updated: 1/20/2026

Supported Sensors: Nessus Agent, Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 6.7

Vendor

Vendor Severity: High

CVSS v2

Risk Factor: High

Base Score: 9

Temporal Score: 7

Vector: CVSS2#AV:N/AC:L/Au:S/C:C/I:C/A:C

CVSS Score Source: CVE-2023-5178

CVSS v3

Risk Factor: High

Base Score: 8.8

Temporal Score: 7.9

Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Temporal Vector: CVSS:3.0/E:P/RL:O/RC:C

Vulnerability Information

CPE: p-cpe:/a:miracle:linux:kernel-modules, p-cpe:/a:miracle:linux:rv, p-cpe:/a:miracle:linux:kernel-uki-virt, p-cpe:/a:miracle:linux:rtla, p-cpe:/a:miracle:linux:kernel-tools-libs-devel, p-cpe:/a:miracle:linux:kernel-debug-modules-core, p-cpe:/a:miracle:linux:kernel-devel, p-cpe:/a:miracle:linux:kernel-core, p-cpe:/a:miracle:linux:kernel-abi-stablelists, p-cpe:/a:miracle:linux:kernel-modules-extra, p-cpe:/a:miracle:linux:kernel-debug, p-cpe:/a:miracle:linux:kernel-tools-libs, p-cpe:/a:miracle:linux:perf, p-cpe:/a:miracle:linux:libperf, p-cpe:/a:miracle:linux:kernel-debug-modules, p-cpe:/a:miracle:linux:kernel-debug-devel, p-cpe:/a:miracle:linux:kernel-cross-headers, p-cpe:/a:miracle:linux:kernel-tools, p-cpe:/a:miracle:linux:kernel-modules-core, cpe:/o:miracle:linux:9, p-cpe:/a:miracle:linux:kernel-debug-devel-matched, p-cpe:/a:miracle:linux:kernel, p-cpe:/a:miracle:linux:kernel-debug-uki-virt, p-cpe:/a:miracle:linux:kernel-devel-matched, p-cpe:/a:miracle:linux:python3-perf, p-cpe:/a:miracle:linux:bpftool, p-cpe:/a:miracle:linux:kernel-headers, p-cpe:/a:miracle:linux:kernel-debug-core, p-cpe:/a:miracle:linux:kernel-debug-modules-extra

Required KB Items: Host/local_checks_enabled, Host/cpu, Host/MiracleLinux/release, Host/MiracleLinux/rpm-list

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 2/2/2024

Vulnerability Publication Date: 9/4/2021

Reference Information

CVE: CVE-2022-3545, CVE-2022-36402, CVE-2022-41858, CVE-2023-2166, CVE-2023-2176, CVE-2023-3777, CVE-2023-3812, CVE-2023-38409, CVE-2023-4015, CVE-2023-40283, CVE-2023-42753, CVE-2023-4622, CVE-2023-4623, CVE-2023-46813, CVE-2023-5178, CVE-2023-5633, CVE-2023-6679