Detections
Analytics
RHEL 7 : kernel-rt (RHSA-2018:3096)
high Nessus Plugin ID 118528
Language:
Synopsis
The remote Red Hat host is missing one or more security updates.Description
The remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2018:3096 advisory.- kernel: AIO write triggers integer overflow in some protocols (CVE-2015-8830)
- kernel: Information leak when handling NM entries containing NUL (CVE-2016-4913)
- kernel: Use-after-free in snd_pcm_info function in ALSA subsystem potentially leads to privilege escalation (CVE-2017-0861)
- kernel: Handling of might_cancel queueing is not properly pretected against race (CVE-2017-10661)
- kernel: Salsa20 encryption algorithm does not correctly handle zero-length inputs allowing local attackers to cause denial-of-service (CVE-2017-17805)
- kernel: Inifinite loop vulnerability in mm/madvise.c:madvise_willneed() function allows local denial of service (CVE-2017-18208)
- kernel: Mishandling mutex within libsas allowing local Denial of Service (CVE-2017-18232)
- kernel: out-of-bounds access in the show_timer function in kernel/time/posix-timers.c (CVE-2017-18344)
- kernel: Division by zero in change_port_settings in drivers/usb/serial/io_ti.c resulting in a denial of service (CVE-2017-18360)
- kernel: NULL pointer dereference in ext4/mballoc.c:ext4_process_freed_data() when mounting crafted ext4 image (CVE-2018-1092)
- kernel: NULL pointer dereference in ext4/xattr.c:ext4_xattr_inode_hash() causes crash with crafted ext4 image (CVE-2018-1094)
- kernel: vhost: Information disclosure in vhost/vhost.c:vhost_new_msg() (CVE-2018-1118)
- kernel: fuse-backed file mmap-ed onto process cmdline arguments causes denial of service (CVE-2018-1120)
- kernel: a null pointer dereference in net/dccp/output.c:dccp_write_xmit() leads to a system crash (CVE-2018-1130)
- kernel: drivers/block/loop.c mishandles lo_release serialization allowing denial-of-service (CVE-2018-5344)
- kernel: IP fragments with random offsets allow a remote denial of service (FragmentSmack) (CVE-2018-5391)
- kernel: Missing length check of payload in net/sctp/sm_make_chunk.c:_sctp_make_chunk() function allows denial of service (CVE-2018-5803)
- kernel: buffer overflow in drivers/net/wireless/ath/wil6210/wmi.c:wmi_set_ie() may lead to memory corruption (CVE-2018-5848)
- kernel: Denial of service in resv_map_release function in mm/hugetlb.c (CVE-2018-7740)
- kernel: Memory leak in the sas_smp_get_phy_events function in drivers/scsi/libsas/sas_expander.c (CVE-2018-7757)
- kernel: Integer overflow in drivers/gpu/drm/udl/udl_fb.c:udl_fb_mmap() can allow attackers to execute code in kernel space (CVE-2018-8781)
- kernel: Invalid pointer dereference in xfs_ilock_attr_map_shared() when mounting crafted xfs image allowing denial of service (CVE-2018-10322)
- kernel: out-of-bound write in ext4_init_block_bitmap function with a crafted ext4 image (CVE-2018-10878)
- kernel: use-after-free detected in ext4_xattr_set_entry with a crafted file (CVE-2018-10879)
- kernel: out-of-bound access in ext4_get_group_info() when mounting and operating a crafted ext4 image (CVE-2018-10881)
- kernel: stack-out-of-bounds write in jbd2_journal_dirty_metadata function (CVE-2018-10883)
- kernel: MIDI driver race condition leads to a double-free (CVE-2018-10902)
- kernel: incorrect memory bounds check in drivers/cdrom/cdrom.c (CVE-2018-10940)
- kernel: Missing check in fs/inode.c:inode_init_owner() does not clear SGID bit on non-directories for non- members (CVE-2018-13405)
- kernel: filesystem corruption due to an unchecked error condition during an xfs attribute change (CVE-2018-18690)
- kernel: Improper validation in bnx2x network card driver can allow for denial of service attacks via crafted packet (CVE-2018-1000026)
Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.
Solution
Update the affected packages.See Also
https://access.redhat.com/articles/3553061
http://www.nessus.org/u?a3064613
http://www.nessus.org/u?b296ae64
https://access.redhat.com/errata/RHSA-2018:3096
https://access.redhat.com/security/updates/classification/#important
https://bugzilla.redhat.com/show_bug.cgi?id=1314275
https://bugzilla.redhat.com/show_bug.cgi?id=1337528
https://bugzilla.redhat.com/show_bug.cgi?id=1481136
https://bugzilla.redhat.com/show_bug.cgi?id=1510602
https://bugzilla.redhat.com/show_bug.cgi?id=1512875
https://bugzilla.redhat.com/show_bug.cgi?id=1528312
https://bugzilla.redhat.com/show_bug.cgi?id=1533909
https://bugzilla.redhat.com/show_bug.cgi?id=1541846
https://bugzilla.redhat.com/show_bug.cgi?id=1551051
https://bugzilla.redhat.com/show_bug.cgi?id=1551565
https://bugzilla.redhat.com/show_bug.cgi?id=1552867
https://bugzilla.redhat.com/show_bug.cgi?id=1553351
https://bugzilla.redhat.com/show_bug.cgi?id=1553361
https://bugzilla.redhat.com/show_bug.cgi?id=1558066
https://bugzilla.redhat.com/show_bug.cgi?id=1560777
https://bugzilla.redhat.com/show_bug.cgi?id=1560788
https://bugzilla.redhat.com/show_bug.cgi?id=1563994
https://bugzilla.redhat.com/show_bug.cgi?id=1569910
https://bugzilla.redhat.com/show_bug.cgi?id=1571062
https://bugzilla.redhat.com/show_bug.cgi?id=1571623
https://bugzilla.redhat.com/show_bug.cgi?id=1573699
https://bugzilla.redhat.com/show_bug.cgi?id=1575472
https://bugzilla.redhat.com/show_bug.cgi?id=1576419
https://bugzilla.redhat.com/show_bug.cgi?id=1577408
https://bugzilla.redhat.com/show_bug.cgi?id=1590720
https://bugzilla.redhat.com/show_bug.cgi?id=1590799
https://bugzilla.redhat.com/show_bug.cgi?id=1596802
https://bugzilla.redhat.com/show_bug.cgi?id=1596806
https://bugzilla.redhat.com/show_bug.cgi?id=1596828
https://bugzilla.redhat.com/show_bug.cgi?id=1596846
https://bugzilla.redhat.com/show_bug.cgi?id=1599161
https://bugzilla.redhat.com/show_bug.cgi?id=1608672
Plugin Details
Severity: High
ID: 118528
File Name: redhat-RHSA-2018-3096.nasl
Version: 1.17
Type: local
Agent: unix
Family: Red Hat Local Security Checks
Published: 10/31/2018
Updated: 4/27/2024
Supported Sensors: Frictionless Assessment AWS, Frictionless Assessment Azure, Frictionless Assessment Agent, Nessus Agent, Agentless Assessment, Nessus
Risk Information
VPR
Risk Factor: High
Score: 7.4
CVSS v2
Risk Factor: High
Base Score: 7.6
Temporal Score: 6.6
Vector: CVSS2#AV:N/AC:H/Au:N/C:C/I:C/A:C
CVSS Score Source: CVE-2017-10661
CVSS v3
Risk Factor: High
Base Score: 7.8
Temporal Score: 7.5
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Temporal Vector: CVSS:3.0/E:H/RL:O/RC:C
CVSS Score Source: CVE-2018-8781
Vulnerability Information
CPE: p-cpe:/a:redhat:enterprise_linux:kernel-rt, p-cpe:/a:redhat:enterprise_linux:kernel-rt-debug, p-cpe:/a:redhat:enterprise_linux:kernel-rt-debug-devel, p-cpe:/a:redhat:enterprise_linux:kernel-rt-debug-kvm, p-cpe:/a:redhat:enterprise_linux:kernel-rt-devel, p-cpe:/a:redhat:enterprise_linux:kernel-rt-doc, p-cpe:/a:redhat:enterprise_linux:kernel-rt-kvm, p-cpe:/a:redhat:enterprise_linux:kernel-rt-trace, p-cpe:/a:redhat:enterprise_linux:kernel-rt-trace-devel, p-cpe:/a:redhat:enterprise_linux:kernel-rt-trace-kvm, cpe:/o:redhat:enterprise_linux:7
Required KB Items: Host/local_checks_enabled, Host/RedHat/release, Host/RedHat/rpm-list, Host/cpu
Exploit Available: true
Exploit Ease: Exploits are available
Patch Publication Date: 10/30/2018
Vulnerability Publication Date: 5/2/2016
Exploitable With
CANVAS (CANVAS)
Reference Information
CVE: CVE-2015-8830, CVE-2016-4913, CVE-2017-0861, CVE-2017-10661, CVE-2017-17805, CVE-2017-18208, CVE-2017-18232, CVE-2017-18344, CVE-2017-18360, CVE-2018-1000026, CVE-2018-10322, CVE-2018-10878, CVE-2018-10879, CVE-2018-10881, CVE-2018-10883, CVE-2018-10902, CVE-2018-1092, CVE-2018-1094, CVE-2018-10940, CVE-2018-1118, CVE-2018-1120, CVE-2018-1130, CVE-2018-13405, CVE-2018-18690, CVE-2018-5344, CVE-2018-5391, CVE-2018-5803, CVE-2018-5848, CVE-2018-7740, CVE-2018-7757, CVE-2018-8781