Detections
Analytics
RHEL 7 : kernel (RHSA-2020:4060)
high Nessus Plugin ID 141057
Language:
Synopsis
The remote Red Hat host is missing one or more security updates.Description
The remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2020:4060 advisory.The kernel packages contain the Linux kernel, the core of any Linux operating system.
Security Fix(es):
* kernel: use-after-free in sound/core/timer.c (CVE-2019-19807)
* kernel: out of bounds write in function i2c_smbus_xfer_emulated in drivers/i2c/i2c-core-smbus.c (CVE-2017-18551)
* kernel: race condition in smp_task_timedout() and smp_task_done() in drivers/scsi/libsas/sas_expander.c leads to use-after-free (CVE-2018-20836)
* kernel: out of bounds write in i2c driver leads to local escalation of privilege (CVE-2019-9454)
* kernel: use after free due to race condition in the video driver leads to local privilege escalation (CVE-2019-9458)
Space precludes documenting all of the security fixes in this advisory. See the descriptions of the remaining security fixes in the related Knowledge Article:
https://access.redhat.com/articles/5442421
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Additional Changes:
For detailed information on changes in this release, see the Red Hat Enterprise Linux 7.9 Release Notes linked from the References section.
Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.
Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.
Solution
Update the affected packages.See Also
http://www.nessus.org/u?84c678f9
http://www.nessus.org/u?dd3afe18
https://access.redhat.com/articles/5442421
https://access.redhat.com/security/updates/classification/#important
https://access.redhat.com/errata/RHSA-2020:4060
https://bugzilla.redhat.com/show_bug.cgi?id=1448750
https://bugzilla.redhat.com/show_bug.cgi?id=1699402
https://bugzilla.redhat.com/show_bug.cgi?id=1707796
https://bugzilla.redhat.com/show_bug.cgi?id=1718176
https://bugzilla.redhat.com/show_bug.cgi?id=1724345
https://bugzilla.redhat.com/show_bug.cgi?id=1745528
https://bugzilla.redhat.com/show_bug.cgi?id=1747216
https://bugzilla.redhat.com/show_bug.cgi?id=1757368
https://bugzilla.redhat.com/show_bug.cgi?id=1758242
https://bugzilla.redhat.com/show_bug.cgi?id=1758248
https://bugzilla.redhat.com/show_bug.cgi?id=1759681
https://bugzilla.redhat.com/show_bug.cgi?id=1760100
https://bugzilla.redhat.com/show_bug.cgi?id=1760310
https://bugzilla.redhat.com/show_bug.cgi?id=1760420
https://bugzilla.redhat.com/show_bug.cgi?id=1774988
https://bugzilla.redhat.com/show_bug.cgi?id=1775015
https://bugzilla.redhat.com/show_bug.cgi?id=1775021
https://bugzilla.redhat.com/show_bug.cgi?id=1775042
https://bugzilla.redhat.com/show_bug.cgi?id=1775047
https://bugzilla.redhat.com/show_bug.cgi?id=1775074
https://bugzilla.redhat.com/show_bug.cgi?id=1777239
https://bugzilla.redhat.com/show_bug.cgi?id=1777418
https://bugzilla.redhat.com/show_bug.cgi?id=1779594
https://bugzilla.redhat.com/show_bug.cgi?id=1781679
https://bugzilla.redhat.com/show_bug.cgi?id=1783434
https://bugzilla.redhat.com/show_bug.cgi?id=1783459
https://bugzilla.redhat.com/show_bug.cgi?id=1783518
https://bugzilla.redhat.com/show_bug.cgi?id=1783540
https://bugzilla.redhat.com/show_bug.cgi?id=1783554
https://bugzilla.redhat.com/show_bug.cgi?id=1783561
https://bugzilla.redhat.com/show_bug.cgi?id=1786078
https://bugzilla.redhat.com/show_bug.cgi?id=1786160
https://bugzilla.redhat.com/show_bug.cgi?id=1790063
https://bugzilla.redhat.com/show_bug.cgi?id=1791954
https://bugzilla.redhat.com/show_bug.cgi?id=1802555
https://bugzilla.redhat.com/show_bug.cgi?id=1802563
https://bugzilla.redhat.com/show_bug.cgi?id=1805135
https://bugzilla.redhat.com/show_bug.cgi?id=1809833
https://bugzilla.redhat.com/show_bug.cgi?id=1810685
https://bugzilla.redhat.com/show_bug.cgi?id=1817141
https://bugzilla.redhat.com/show_bug.cgi?id=1817718
https://bugzilla.redhat.com/show_bug.cgi?id=1818818
https://bugzilla.redhat.com/show_bug.cgi?id=1819377
https://bugzilla.redhat.com/show_bug.cgi?id=1822077
https://bugzilla.redhat.com/show_bug.cgi?id=1824059
https://bugzilla.redhat.com/show_bug.cgi?id=1824270
https://bugzilla.redhat.com/show_bug.cgi?id=1824918
https://bugzilla.redhat.com/show_bug.cgi?id=1829662
https://bugzilla.redhat.com/show_bug.cgi?id=1831399
https://bugzilla.redhat.com/show_bug.cgi?id=1832332
https://bugzilla.redhat.com/show_bug.cgi?id=1834845
https://bugzilla.redhat.com/show_bug.cgi?id=1835127
https://bugzilla.redhat.com/show_bug.cgi?id=1839634
Plugin Details
Severity: High
ID: 141057
File Name: redhat-RHSA-2020-4060.nasl
Version: 1.11
Type: local
Agent: unix
Family: Red Hat Local Security Checks
Published: 9/30/2020
Updated: 11/7/2024
Supported Sensors: Frictionless Assessment AWS, Frictionless Assessment Azure, Frictionless Assessment Agent, Nessus Agent, Agentless Assessment, Nessus
Risk Information
VPR
Risk Factor: High
Score: 7.4
Vendor
Vendor Severity: Important
CVSS v2
Risk Factor: High
Base Score: 9.3
Temporal Score: 7.3
Vector: CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C
CVSS Score Source: CVE-2018-20836
CVSS v3
Risk Factor: High
Base Score: 8.1
Temporal Score: 7.3
Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
Temporal Vector: CVSS:3.0/E:P/RL:O/RC:C
CVSS Score Source: CVE-2020-14305
Vulnerability Information
CPE: p-cpe:/a:redhat:enterprise_linux:bpftool, p-cpe:/a:redhat:enterprise_linux:kernel-tools, p-cpe:/a:redhat:enterprise_linux:kernel-headers, cpe:/o:redhat:enterprise_linux:7, p-cpe:/a:redhat:enterprise_linux:kernel-devel, p-cpe:/a:redhat:enterprise_linux:kernel-tools-libs-devel, p-cpe:/a:redhat:enterprise_linux:kernel-debug-devel, p-cpe:/a:redhat:enterprise_linux:kernel-kdump, p-cpe:/a:redhat:enterprise_linux:kernel-bootwrapper, p-cpe:/a:redhat:enterprise_linux:kernel-tools-libs, p-cpe:/a:redhat:enterprise_linux:python-perf, p-cpe:/a:redhat:enterprise_linux:kernel-kdump-devel, p-cpe:/a:redhat:enterprise_linux:kernel, p-cpe:/a:redhat:enterprise_linux:kernel-debug, p-cpe:/a:redhat:enterprise_linux:perf
Required KB Items: Host/local_checks_enabled, Host/RedHat/release, Host/RedHat/rpm-list, Host/cpu
Exploit Available: true
Exploit Ease: Exploits are available
Patch Publication Date: 9/29/2020
Vulnerability Publication Date: 5/7/2019
Reference Information
CVE: CVE-2017-18551, CVE-2018-20836, CVE-2019-12614, CVE-2019-15217, CVE-2019-15807, CVE-2019-15917, CVE-2019-16231, CVE-2019-16233, CVE-2019-16994, CVE-2019-17053, CVE-2019-17055, CVE-2019-18808, CVE-2019-19046, CVE-2019-19055, CVE-2019-19058, CVE-2019-19059, CVE-2019-19062, CVE-2019-19063, CVE-2019-19332, CVE-2019-19447, CVE-2019-19523, CVE-2019-19524, CVE-2019-19530, CVE-2019-19534, CVE-2019-19537, CVE-2019-19767, CVE-2019-19807, CVE-2019-20054, CVE-2019-20095, CVE-2019-20636, CVE-2019-9454, CVE-2019-9458, CVE-2020-10690, CVE-2020-10732, CVE-2020-10742, CVE-2020-10751, CVE-2020-10942, CVE-2020-11565, CVE-2020-12770, CVE-2020-12826, CVE-2020-14305, CVE-2020-1749, CVE-2020-2732, CVE-2020-8647, CVE-2020-8649, CVE-2020-9383