The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2020:1567 advisory.

    The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with     extremely high determinism requirements.

    Security Fix(es):

    * kernel: use-after-free in __blk_add_trace in kernel/trace/blktrace.c (CVE-2019-19768)

    * kernel: nfs: NULL pointer dereference due to an anomalized NFS message sequence (CVE-2018-16871)

    * kernel: memory leak in the kernel_read_file function in fs/exec.c allows to cause a denial of service     (CVE-2019-8980)

    * kernel: unprivileged users able to create RAW sockets  in AF_IEEE802154 network protocol.
    (CVE-2019-17053)

    * kernel: unprivileged users able to create RAW sockets in AF_ISDN  network protocol. (CVE-2019-17055)

    * kernel: integer overflow in tcp_ack_update_rtt in net/ipv4/tcp_input.c (CVE-2019-18805)

    * kernel: information leak bug caused  by a malicious USB device in the     drivers/net/can/usb/peak_usb/pcan_usb_core.c driver (CVE-2019-19534)

    * kernel: some ipv6 protocols not encrypted over ipsec tunnel. (CVE-2020-1749)

    * Kernel: net: using kernel space address bits to derive IP ID may potentially break KASLR     (CVE-2019-10639)

    * kernel: An out-of-bounds read in drivers/scsi/qedi/qedi_dbg.c leading to crash or information disclosure     (CVE-2019-15090)

    * kernel: a NULL pointer dereference in drivers/net/wireless/ath/ath10k/usb.c leads to a crash     (CVE-2019-15099)

    * kernel: Null pointer dereference in the sound/usb/line6/pcm.c (CVE-2019-15221)

    * kernel: Two memory leaks in the mwifiex_pcie_init_evt_ring() function in     drivers/net/wireless/marvell/mwifiex/pcie.c allows for a DoS (CVE-2019-19057)

    * kernel: Memory leaks in drivers/net/wireless/ath/ath9k/htc_hst.c in the Linux kernel (DOS)     (CVE-2019-19073)

    * kernel: a memory leak in the ath9k management function in allows local DoS (CVE-2019-19074)

    * kernel: when cpu.cfs_quota_us is used allows attackers to cause a denial of service against non-cpu-     bound applications (CVE-2019-19922)

    For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and     other related information, refer to the CVE page(s) listed in the References section.

    Bug Fix(es):

    * RT: update RT source tree to the RHEL-8.2 tree (BZ#1708716)

    * KVM-RT guest fails boot with emulatorsched (BZ#1712781)

    * 8 vCPU guest need max latency < 20 us with stress [RT-8.2] (BZ#1757165)

    * Request nx_huge_pages=N as default value to avoid kvm-rt guest large latency spike [rt-8] (BZ#1788352)

    * RT: Add rpm Provide of 'kernel' to indicate that this is a kernel package (BZ#1796284)

    * [RHEL8] RT kernel signed by test certificate and not Red Hat Secure Boot (BZ#1806871)

    Enhancement(s):

    * update to the upstream 5.x RT patchset (BZ#1680161)

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

Detections

Analytics

RHEL 8 : kernel-rt (RHSA-2020:1567)

critical Nessus Plugin ID 136116

Version 1.10

Version 1.9

Version 1.8

Version 1.7

Version 1.10 Nov 7, 2024, 5:39 AM CVSS metrics ("Cvssv4 score" set to 0.0) CVSSv2 severity (based on None, severity decreased from "High" to "Low") Plugin metadata Plugin Feed: 202411070539
Version 1.9 Jun 4, 2024, 9:37 PM CVE (set "CVE" coverage to "CVE-2018-16871,CVE-2019-8980,CVE-2020-10690,CVE-2019-10639,CVE-2019-12819,CVE-2019-15090,CVE-2019-15099,CVE-2019-15221,CVE-2019-15223,CVE-2019-16234,CVE-2019-17053,CVE-2019-17055,CVE-2019-18282,CVE-2019-18805,CVE-2019-19045,CVE-2019-19047,CVE-2019-19055,CVE-2019-19057,CVE-2019-19058,CVE-2019-19059,CVE-2019-19065,CVE-2019-19067,CVE-2019-19073,CVE-2019-19074,CVE-2019-19077,CVE-2019-19532,CVE-2019-19534,CVE-2019-19768,CVE-2019-19922,CVE-2019-5108,CVE-2020-1749,CVE-2020-7053,CVE-2021-33630") Detection (updated detection logic) Plugin metadata Reference Plugin Feed: 202406042137
Version 1.8 Mar 14, 2024, 3:54 PM CVSS temporal metrics ("CVSSv2 temporal vector" set to "CVSS2#E:POC/RL:OF/RC:C". "CVSSv3 temporal vector" set to "CVSS:3.0/E:P/RL:O/RC:C") Exploit attributes ("Exploit available" set to "True". "Exploitability ease" changed from "No known exploits are available" to "Exploits are available") Plugin Feed: 202403141554
Version 1.7 Jan 23, 2023, 7:12 PM Logic Changes (Added support for repository relative URLs) Plugin Feed: 202301231912