Detections
Analytics
RHEL 8 : kernel (RHSA-2021:4356)
high Nessus Plugin ID 155219
Language:
Synopsis
The remote Red Hat host is missing one or more security updates.Description
The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2021:4356 advisory.- kernel: Intel graphics card information leak. (CVE-2019-14615)
- kernel: out-of-bounds reads in pinctrl subsystem. (CVE-2020-0427)
- kernel: Improper input validation in some Intel(R) Ethernet E810 Adapter drivers (CVE-2020-24502)
- kernel: Insufficient access control in some Intel(R) Ethernet E810 Adapter drivers (CVE-2020-24503)
- kernel: Uncontrolled resource consumption in some Intel(R) Ethernet E810 Adapter drivers (CVE-2020-24504)
- kernel: Fragmentation cache not cleared on reconnection (CVE-2020-24586)
- kernel: Reassembling fragments encrypted under different keys (CVE-2020-24587)
- kernel: wifi frame payload being parsed incorrectly as an L2 frame (CVE-2020-24588)
- kernel: Forwarding EAPOL from unauthenticated wifi client (CVE-2020-26139)
- kernel: accepting plaintext data frames in protected networks (CVE-2020-26140)
- kernel: not verifying TKIP MIC of fragmented frames (CVE-2020-26141)
- kernel: accepting fragmented plaintext frames in protected networks (CVE-2020-26143)
- kernel: accepting unencrypted A-MSDU frames that start with RFC1042 header (CVE-2020-26144)
- kernel: accepting plaintext broadcast fragments as full frames (CVE-2020-26145)
- kernel: reassembling encrypted fragments with non-consecutive packet numbers (CVE-2020-26146)
- kernel: reassembling mixed encrypted/plaintext fragments (CVE-2020-26147)
- kernel: powerpc: RTAS calls can be used to compromise kernel integrity (CVE-2020-27777)
- kernel: the copy-on-write implementation can grant unintended write access because of a race condition in a THP mapcount check (CVE-2020-29368)
- kernel: locking inconsistency in drivers/tty/tty_io.c and drivers/tty/tty_jobctrl.c can lead to a read- after-free (CVE-2020-29660)
- kernel: buffer overflow in mwifiex_cmd_802_11_ad_hoc_start function in drivers/net/wireless/marvell/mwifiex/join.c via a long SSID value (CVE-2020-36158)
- kernel: memory leak upon a kmalloc failure in kvm_io_bus_unregister_dev function in virt/kvm/kvm_main.c (CVE-2020-36312)
- kernel: slab out-of-bounds read in hci_extended_inquiry_result_evt() in net/bluetooth/hci_event.c (CVE-2020-36386)
- kernel: Improper access control in BlueZ may allow information disclosure vulnerability. (CVE-2021-0129)
- kernel: Use-after-free in ndb_queue_rq() in drivers/block/nbd.c (CVE-2021-3348)
- kernel: Linux kernel eBPF RINGBUF map oversized allocation (CVE-2021-3489)
- kernel: double free in bluetooth subsystem when the HCI device initialization fails (CVE-2021-3564)
- kernel: use-after-free in function hci_sock_bound_ioctl() (CVE-2021-3573)
- kernel: eBPF 32-bit source register truncation on div/mod (CVE-2021-3600)
- kernel: flowtable list del corruption with kernel BUG at lib/list_debug.c:50 (CVE-2021-3635)
- kernel: NULL pointer dereference in llsec_key_alloc() in net/mac802154/llsec.c (CVE-2021-3659)
- kernel: DoS in rb_per_cpu_empty() (CVE-2021-3679)
- kernel: overlayfs: Mounting overlayfs inside an unprivileged user namespace can reveal files (CVE-2021-3732)
- kernel: heap overflow in __cgroup_bpf_run_filter_getsockopt() (CVE-2021-20194)
- kernel: setsockopt System Call Untrusted Pointer Dereference Information Disclosure (CVE-2021-20239)
- kernel: Race condition in sctp_destroy_sock list_del (CVE-2021-23133)
- kernel: fuse: stall on CPU can occur because a retry loop continually finds the same bad inode (CVE-2021-28950)
- kernel: System crash in intel_pmu_drain_pebs_nhm in arch/x86/events/intel/ds.c (CVE-2021-28971)
- kernel: protection for sequences of pointer arithmetic operations against speculatively out-of-bounds loads can be bypassed to leak content of kernel memory (CVE-2021-29155)
- kernel: improper input validation in tipc_nl_retrieve_key function in net/tipc/node.c (CVE-2021-29646)
- kernel: lack a full memory barrier upon the assignment of a new table value in net/netfilter/x_tables.c and include/linux/netfilter/x_tables.h may lead to DoS (CVE-2021-29650)
- kernel: local escalation of privileges in handling of eBPF programs (CVE-2021-31440)
- kernel: protection of stack pointer against speculative pointer arithmetic can be bypassed to leak content of kernel memory (CVE-2021-31829)
- kernel: out of bounds array access in drivers/md/dm-ioctl.c (CVE-2021-31916)
- kernel: use-after-free in cipso_v4_genopt in net/ipv4/cipso_ipv4.c (CVE-2021-33033)
- kernel: Improper input validation in the Intel(R) Ethernet ixgbe driver may allow an authenticated user to potentially enable DoS via local access (CVE-2021-33098)
- kernel: out-of-bounds reads and writes due to enforcing incorrect limits for pointer arithmetic operations by BPF verifier (CVE-2021-33200)
- kernel: possible buffer overflow in sysfs reading (CVE-2022-20166)
Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.
Solution
Update the affected packages.See Also
http://www.nessus.org/u?7240878e
http://www.nessus.org/u?fd67c969
https://access.redhat.com/errata/RHSA-2021:4356
https://bugzilla.redhat.com/show_bug.cgi?id=1992700
https://bugzilla.redhat.com/show_bug.cgi?id=1995249
https://bugzilla.redhat.com/show_bug.cgi?id=1996854
https://access.redhat.com/security/updates/classification/#moderate
https://bugzilla.redhat.com/show_bug.cgi?id=1509204
https://bugzilla.redhat.com/show_bug.cgi?id=1793880
https://bugzilla.redhat.com/show_bug.cgi?id=1816493
https://bugzilla.redhat.com/show_bug.cgi?id=1894101
https://bugzilla.redhat.com/show_bug.cgi?id=1900844
https://bugzilla.redhat.com/show_bug.cgi?id=1903244
https://bugzilla.redhat.com/show_bug.cgi?id=1906522
https://bugzilla.redhat.com/show_bug.cgi?id=1912683
https://bugzilla.redhat.com/show_bug.cgi?id=1913348
https://bugzilla.redhat.com/show_bug.cgi?id=1915825
https://bugzilla.redhat.com/show_bug.cgi?id=1919893
https://bugzilla.redhat.com/show_bug.cgi?id=1921958
https://bugzilla.redhat.com/show_bug.cgi?id=1923636
https://bugzilla.redhat.com/show_bug.cgi?id=1930376
https://bugzilla.redhat.com/show_bug.cgi?id=1930379
https://bugzilla.redhat.com/show_bug.cgi?id=1930381
https://bugzilla.redhat.com/show_bug.cgi?id=1933527
https://bugzilla.redhat.com/show_bug.cgi?id=1939341
https://bugzilla.redhat.com/show_bug.cgi?id=1941762
https://bugzilla.redhat.com/show_bug.cgi?id=1941784
https://bugzilla.redhat.com/show_bug.cgi?id=1945345
https://bugzilla.redhat.com/show_bug.cgi?id=1945388
https://bugzilla.redhat.com/show_bug.cgi?id=1946965
https://bugzilla.redhat.com/show_bug.cgi?id=1948772
https://bugzilla.redhat.com/show_bug.cgi?id=1951595
https://bugzilla.redhat.com/show_bug.cgi?id=1953847
https://bugzilla.redhat.com/show_bug.cgi?id=1954588
https://bugzilla.redhat.com/show_bug.cgi?id=1957788
https://bugzilla.redhat.com/show_bug.cgi?id=1959559
https://bugzilla.redhat.com/show_bug.cgi?id=1959642
https://bugzilla.redhat.com/show_bug.cgi?id=1959654
https://bugzilla.redhat.com/show_bug.cgi?id=1959657
https://bugzilla.redhat.com/show_bug.cgi?id=1959663
https://bugzilla.redhat.com/show_bug.cgi?id=1960490
https://bugzilla.redhat.com/show_bug.cgi?id=1960492
https://bugzilla.redhat.com/show_bug.cgi?id=1960496
https://bugzilla.redhat.com/show_bug.cgi?id=1960498
https://bugzilla.redhat.com/show_bug.cgi?id=1960500
https://bugzilla.redhat.com/show_bug.cgi?id=1960502
https://bugzilla.redhat.com/show_bug.cgi?id=1960504
https://bugzilla.redhat.com/show_bug.cgi?id=1960708
https://bugzilla.redhat.com/show_bug.cgi?id=1964028
https://bugzilla.redhat.com/show_bug.cgi?id=1964139
https://bugzilla.redhat.com/show_bug.cgi?id=1965038
https://bugzilla.redhat.com/show_bug.cgi?id=1965360
https://bugzilla.redhat.com/show_bug.cgi?id=1965458
https://bugzilla.redhat.com/show_bug.cgi?id=1966578
https://bugzilla.redhat.com/show_bug.cgi?id=1969489
https://bugzilla.redhat.com/show_bug.cgi?id=1971101
https://bugzilla.redhat.com/show_bug.cgi?id=1972278
https://bugzilla.redhat.com/show_bug.cgi?id=1974627
https://bugzilla.redhat.com/show_bug.cgi?id=1975182
https://bugzilla.redhat.com/show_bug.cgi?id=1975949
https://bugzilla.redhat.com/show_bug.cgi?id=1976679
https://bugzilla.redhat.com/show_bug.cgi?id=1976699
https://bugzilla.redhat.com/show_bug.cgi?id=1976946
https://bugzilla.redhat.com/show_bug.cgi?id=1976969
https://bugzilla.redhat.com/show_bug.cgi?id=1977162
https://bugzilla.redhat.com/show_bug.cgi?id=1977422
https://bugzilla.redhat.com/show_bug.cgi?id=1977537
https://bugzilla.redhat.com/show_bug.cgi?id=1977850
https://bugzilla.redhat.com/show_bug.cgi?id=1978369
https://bugzilla.redhat.com/show_bug.cgi?id=1979070
https://bugzilla.redhat.com/show_bug.cgi?id=1979680
https://bugzilla.redhat.com/show_bug.cgi?id=1981954
https://bugzilla.redhat.com/show_bug.cgi?id=1986138
https://bugzilla.redhat.com/show_bug.cgi?id=1989165
Plugin Details
Severity: High
ID: 155219
File Name: redhat-RHSA-2021-4356.nasl
Version: 1.10
Type: local
Agent: unix
Family: Red Hat Local Security Checks
Published: 11/11/2021
Updated: 4/28/2024
Supported Sensors: Frictionless Assessment AWS, Frictionless Assessment Azure, Frictionless Assessment Agent, Nessus Agent, Agentless Assessment, Nessus
Risk Information
VPR
Risk Factor: Medium
Score: 6.7
CVSS v2
Risk Factor: High
Base Score: 7.2
Temporal Score: 5.6
Vector: CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C
CVSS Score Source: CVE-2021-3489
CVSS v3
Risk Factor: High
Base Score: 7.8
Temporal Score: 7
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Temporal Vector: CVSS:3.0/E:P/RL:O/RC:C
CVSS Score Source: CVE-2021-3600
Vulnerability Information
CPE: p-cpe:/a:redhat:enterprise_linux:kernel-devel, p-cpe:/a:redhat:enterprise_linux:kernel-headers, p-cpe:/a:redhat:enterprise_linux:kernel-modules, cpe:/o:redhat:enterprise_linux:8, p-cpe:/a:redhat:enterprise_linux:bpftool, p-cpe:/a:redhat:enterprise_linux:kernel, p-cpe:/a:redhat:enterprise_linux:kernel-core, p-cpe:/a:redhat:enterprise_linux:kernel-cross-headers, p-cpe:/a:redhat:enterprise_linux:kernel-debug, p-cpe:/a:redhat:enterprise_linux:kernel-debug-core, p-cpe:/a:redhat:enterprise_linux:kernel-debug-devel, p-cpe:/a:redhat:enterprise_linux:kernel-debug-modules, p-cpe:/a:redhat:enterprise_linux:kernel-debug-modules-extra, p-cpe:/a:redhat:enterprise_linux:kernel-zfcpdump-core, p-cpe:/a:redhat:enterprise_linux:kernel-zfcpdump-devel, p-cpe:/a:redhat:enterprise_linux:kernel-zfcpdump-modules, p-cpe:/a:redhat:enterprise_linux:kernel-zfcpdump-modules-extra, p-cpe:/a:redhat:enterprise_linux:kernel-modules-extra, p-cpe:/a:redhat:enterprise_linux:kernel-tools, p-cpe:/a:redhat:enterprise_linux:kernel-tools-libs, p-cpe:/a:redhat:enterprise_linux:kernel-tools-libs-devel, p-cpe:/a:redhat:enterprise_linux:kernel-zfcpdump, p-cpe:/a:redhat:enterprise_linux:perf, p-cpe:/a:redhat:enterprise_linux:python3-perf
Required KB Items: Host/local_checks_enabled, Host/RedHat/release, Host/RedHat/rpm-list, Host/cpu
Exploit Available: true
Exploit Ease: Exploits are available
Patch Publication Date: 11/9/2021
Vulnerability Publication Date: 1/15/2020
Reference Information
CVE: CVE-2019-14615, CVE-2020-0427, CVE-2020-24502, CVE-2020-24503, CVE-2020-24504, CVE-2020-24586, CVE-2020-24587, CVE-2020-24588, CVE-2020-26139, CVE-2020-26140, CVE-2020-26141, CVE-2020-26143, CVE-2020-26144, CVE-2020-26145, CVE-2020-26146, CVE-2020-26147, CVE-2020-27777, CVE-2020-29368, CVE-2020-29660, CVE-2020-36158, CVE-2020-36312, CVE-2020-36386, CVE-2021-0129, CVE-2021-20194, CVE-2021-20239, CVE-2021-23133, CVE-2021-28950, CVE-2021-28971, CVE-2021-29155, CVE-2021-29646, CVE-2021-29650, CVE-2021-31440, CVE-2021-31829, CVE-2021-31916, CVE-2021-33033, CVE-2021-33098, CVE-2021-33200, CVE-2021-3348, CVE-2021-3489, CVE-2021-3564, CVE-2021-3573, CVE-2021-3600, CVE-2021-3635, CVE-2021-3659, CVE-2021-3679, CVE-2021-3732, CVE-2022-20166