The remote Redhat Enterprise Linux 6 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2013:0744 advisory.

    Security:

    * An integer overflow flaw, leading to a heap-based buffer overflow, was     found in the way the Intel i915 driver in the Linux kernel handled the     allocation of the buffer used for relocation copies. A local user with     console access could use this flaw to cause a denial of service or escalate     their privileges. (CVE-2013-0913, Important)

    * A buffer overflow flaw was found in the way UTF-8 characters were     converted to UTF-16 in the utf8s_to_utf16s() function of the Linux kernel's     FAT file system implementation. A local user able to mount a FAT file     system with the utf8=1 option could use this flaw to crash the system or,     potentially, to escalate their privileges. (CVE-2013-1773, Important)

    * A flaw was found in the way KVM handled guest time updates when the     buffer the guest registered by writing to the MSR_KVM_SYSTEM_TIME machine     state register (MSR) crossed a page boundary. A privileged guest user could     use this flaw to crash the host or, potentially, escalate their privileges,     allowing them to execute arbitrary code at the host kernel level.
    (CVE-2013-1796, Important)

    * A potential use-after-free flaw was found in the way KVM handled guest     time updates when the GPA (guest physical address) the guest registered by     writing to the MSR_KVM_SYSTEM_TIME machine state register (MSR) fell into a     movable or removable memory region of the hosting user-space process (by     default, QEMU-KVM) on the host. If that memory region is deregistered from     KVM using KVM_SET_USER_MEMORY_REGION and the allocated virtual memory     reused, a privileged guest user could potentially use this flaw to     escalate their privileges on the host. (CVE-2013-1797, Important)

    * A flaw was found in the way KVM emulated IOAPIC (I/O Advanced     Programmable Interrupt Controller). A missing validation check in the     ioapic_read_indirect() function could allow a privileged guest user to     crash the host, or read a substantial portion of host kernel memory.
    (CVE-2013-1798, Important)

    * A race condition in install_user_keyrings(), leading to a NULL pointer     dereference, was found in the key management facility. A local,     unprivileged user could use this flaw to cause a denial of service.
    (CVE-2013-1792, Moderate)

    * A NULL pointer dereference in the XFRM implementation could allow a local     user who has the CAP_NET_ADMIN capability to cause a denial of service.
    (CVE-2013-1826, Moderate)

    * A NULL pointer dereference in the Datagram Congestion Control Protocol     (DCCP) implementation could allow a local user to cause a denial of     service. (CVE-2013-1827, Moderate)

    * Information leak flaws in the XFRM implementation could allow a local     user who has the CAP_NET_ADMIN capability to leak kernel stack memory to     user-space. (CVE-2012-6537, Low)

    * Two information leak flaws in the Asynchronous Transfer Mode (ATM)     subsystem could allow a local, unprivileged user to leak kernel stack     memory to user-space. (CVE-2012-6546, Low)

    * An information leak was found in the TUN/TAP device driver in the     networking implementation. A local user with access to a TUN/TAP virtual     interface could use this flaw to leak kernel stack memory to user-space.
    (CVE-2012-6547, Low)

    * An information leak in the Bluetooth implementation could allow a local     user who has the CAP_NET_ADMIN capability to leak kernel stack memory to     user-space. (CVE-2013-0349, Low)

    * A use-after-free flaw was found in the tmpfs implementation. A local user     able to mount and unmount a tmpfs file system could use this flaw to cause     a denial of service or, potentially, escalate their privileges.
    (CVE-2013-1767, Low)

    * A NULL pointer dereference was found in the Linux kernel's USB Inside Out     Edgeport Serial Driver implementation. An attacker with physical access to     a system could use this flaw to cause a denial of service. (CVE-2013-1774,     Low)

    Red Hat would like to thank Andrew Honig of Google for reporting     CVE-2013-1796, CVE-2013-1797, and CVE-2013-1798. CVE-2013-1792 was     discovered by Mateusz Guzik of Red Hat EMEA GSS SEG Team.

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

Detections

Analytics

RHEL 6 : kernel (RHSA-2013:0744)

medium Nessus Plugin ID 66192

Version 1.24

Version 1.23

Version 1.24 Aug 17, 2025, 5:05 AM CISA reference Exploit attributes ("Exploit framework canvas" set to "True") Exploit attributes ("Exploit framework core" set to "True") Exploit attributes ("Exploited by malware" set to "True") Plugin Feed: 202508170505
Version 1.23 Aug 15, 2025, 7:38 PM CVE (set "CVE" coverage to "CVE-2012-6537,CVE-2012-6538,CVE-2012-6546,CVE-2012-6547,CVE-2013-0349,CVE-2013-0913,CVE-2013-1767,CVE-2013-1773,CVE-2013-1774,CVE-2013-1792,CVE-2013-1796,CVE-2013-1797,CVE-2013-1798,CVE-2013-1826,CVE-2013-1827,CVE-2014-0196") CVSS metrics ("CVSSv3 score" set to 5.5) CVSS metrics ("CVSSv3 vector" set to "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H") CVSS metrics ("Cvssv4 score" set to 0.0) CVSS temporal metrics ("CVSSv2 temporal vector" set to "CVSS2#E:H/RL:OF/RC:C") CVSS temporal metrics ("CVSSv3 temporal vector" set to "CVSS:3.0/E:H/RL:O/RC:C") CVSSv2 score source (set to "CVE-2013-0913") CVSSv2 severity (based on None, severity decreased from "High" to "Low") CVSSv3 score source (set to "CVE-2014-0196") CVSSv3 severity (based on CVE-2014-0196, severity decreased from "High" to "Medium") Detection (updated detection logic) Plugin metadata Reference Plugin Feed: 202508151938