The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2021:3704 advisory.

    The Advanced Virtualization module provides the user-space component for running virtual machines that use     KVM in environments managed by Red Hat products.

    Security Fix(es):

    * QEMU: usbredir: free() call on invalid pointer in bufp_alloc() (CVE-2021-3682)

    * ntfs-3g: Out-of-bounds heap buffer access in ntfs_get_attribute_value() due to incorrect check of     bytes_in_use value in MFT records (CVE-2021-33285)

    * ntfs-3g: Heap buffer overflow triggered by a specially crafted Unicode string (CVE-2021-33286)

    * ntfs-3g: Heap buffer overflow in ntfs_attr_pread_i() triggered by specially crafted NTFS attributes     (CVE-2021-33287)

    * ntfs-3g: Heap buffer overflow triggered by a specially crafted MFT section (CVE-2021-33289)

    * ntfs-3g: Heap buffer overflow triggered by a specially crafted NTFS inode pathname (CVE-2021-35266)

    * ntfs-3g: Stack buffer overflow triggered when correcting differences between MFT and MFTMirror sections     (CVE-2021-35267)

    * ntfs-3g: Heap buffer overflow in ntfs_inode_real_open() triggered by a specially crafted NTFS inode     (CVE-2021-35268)

    * ntfs-3g: Heap buffer overflow in ntfs_attr_setup_flag() triggered by a specially crafted NTFS attribute     from MFT (CVE-2021-35269)

    * ntfs-3g: NULL pointer dereference in ntfs_extent_inode_open() (CVE-2021-39251)

    * ntfs-3g: Out-of-bounds read in ntfs_ie_lookup() (CVE-2021-39252)

    * ntfs-3g: Out-of-bounds read in ntfs_runlists_merge_i() (CVE-2021-39253)

    * ntfs-3g: Integer overflow in memmove() leading to heap buffer overflow in ntfs_attr_record_resize()     (CVE-2021-39254)

    * ntfs-3g: Out-of-bounds read ntfs_attr_find_in_attrdef() triggered by an invalid attribute     (CVE-2021-39255)

    * ntfs-3g: Heap buffer overflow in ntfs_inode_lookup_by_name() (CVE-2021-39256)

    * ntfs-3g: Endless recursion from ntfs_attr_pwrite() triggered by an unallocated bitmap (CVE-2021-39257)

    * ntfs-3g: Out-of-bounds reads in ntfs_attr_find() and ntfs_external_attr_find() (CVE-2021-39258)

    * ntfs-3g: Out-of-bounds access in ntfs_inode_lookup_by_name() caused by an unsanitized attribute length     (CVE-2021-39259)

    * ntfs-3g: Out-of-bounds access in ntfs_inode_sync_standard_information() (CVE-2021-39260)

    * ntfs-3g: Heap buffer overflow in ntfs_compressed_pwrite() (CVE-2021-39261)

    * ntfs-3g: Out-of-bounds access in ntfs_decompress() (CVE-2021-39262)

    * ntfs-3g: Heap buffer overflow in ntfs_get_attribute_value() caused by an unsanitized attribute     (CVE-2021-39263)

    * libvirt: Insecure sVirt label generation (CVE-2021-3631)

    * libvirt: Improper locking on ACL failure in virStoragePoolLookupByTargetPath API (CVE-2021-3667)

    For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and     other related information, refer to the CVE page(s) listed in the References section.

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

Detections

Analytics

RHEL 8 : virt:8.2 and virt-devel:8.2 (RHSA-2021:3704)

high Nessus Plugin ID 153804

Version 1.11

Version 1.10

Version 1.9

Version 1.8

Version 1.7

Version 1.6

Version 1.11 Nov 7, 2024, 8:25 PM CVSS metrics ("Cvssv4 score" set to 0.0) CVSSv2 severity (based on None, severity decreased from "High" to "Low") Detection (updated detection logic) Plugin metadata Plugin Feed: 202411072025
Version 1.10 Nov 5, 2024, 12:50 PM CVSS metrics ("Cvssv4 score" set to 0.0) CVSSv2 severity (based on None, severity decreased from "High" to "Low") Plugin metadata Plugin Feed: 202411051250
Version 1.9 Apr 28, 2024, 2:25 PM Detection (updated detection logic) Plugin metadata Plugin Feed: 202404281425
Version 1.8 Apr 17, 2023, 4:09 PM CVSS temporal metrics ("CVSSv2 temporal vector" set to "CVSS2#E:H/RL:OF/RC:C". "CVSSv2 temporal vector" set to "CVSS2#E:H/RL:OF/RC:C". "CVSSv2 temporal vector" set to "CVSS2#E:H/RL:OF/RC:C". "CVSSv3 temporal vector" set to "CVSS:3.0/E:H/RL:O/RC:C". "CVSSv3 temporal vector" set to "CVSS:3.0/E:H/RL:O/RC:C") Exploit attributes ("Exploit available" set to "True". "Exploit available" set to "True". "Exploited by malware" set to "True". "Exploitability ease" changed from "No known exploits are available" to "Exploits are available". "Exploited by malware" set to "True". "Exploitability ease" changed from "No known exploits are available" to "Exploits are available". "Exploited by malware" set to "True") Plugin Feed: 202304171609
Version 1.7 Apr 17, 2023, 2:09 PM CVSS temporal metrics ("CVSSv2 temporal vector" set to "CVSS2#E:H/RL:OF/RC:C". "CVSSv2 temporal vector" set to "CVSS2#E:H/RL:OF/RC:C". "CVSSv2 temporal vector" set to "CVSS2#E:H/RL:OF/RC:C". "CVSSv2 temporal vector" set to "CVSS2#E:H/RL:OF/RC:C". "CVSSv3 temporal vector" set to "CVSS:3.0/E:H/RL:O/RC:C". "CVSSv3 temporal vector" set to "CVSS:3.0/E:H/RL:O/RC:C". "CVSSv3 temporal vector" set to "CVSS:3.0/E:H/RL:O/RC:C") Exploit attributes ("Exploit available" set to "True". "Exploit available" set to "True". "Exploit available" set to "True". "Exploited by malware" set to "True". "Exploitability ease" changed from "No known exploits are available" to "Exploits are available". "Exploited by malware" set to "True". "Exploitability ease" changed from "No known exploits are available" to "Exploits are available". "Exploited by malware" set to "True". "Exploitability ease" changed from "No known exploits are available" to "Exploits are available". "Exploited by malware" set to "True") Plugin Feed: 202304171409
Version 1.6 Jan 23, 2023, 7:12 PM Logic Changes (Added support for repository relative URLs) Plugin Feed: 202301231912