Detections
Analytics

RHEL 8 : kernel (RHSA-2022:5316)

high Nessus Plugin ID 162647

Language:

Synopsis

The remote Red Hat host is missing one or more security updates for kernel.

Description

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2022:5316 advisory.

 The kernel packages contain the Linux kernel, the core of any Linux operating system.

 Security Fix(es):

 * kernel: buffer overflow in IPsec ESP transformation code (CVE-2022-27666)

 * kernel: out-of-bounds read in fbcon_get_font function (CVE-2020-28915)

 For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

 Bug Fix(es):

 * weird port mapping with asymmetric traffic (BZ#2065266)

 * HBR3 is malfunction via MST HUB against Intel ADL-HX CPU (BZ#2066644)

 * openvswitch connection tracking sends incorrect flow key for some upcalls (BZ#2068476)

 * sctp connection abort unexpected. (BZ#2070959)

 * soft quota cannot exceed more the 5 warns which breaks timer functionality (BZ#2071713)

 * VirtIO Throughput for VM on host with OVS HW-Offload is very low (BZ#2074221)

 * SR-IOV performance > 50% degradation (BZ#2074829)

 * Call trace with parallel rules insertion and deletion (BZ#2075553)

 * Enable nested virtualization (BZ#2079069)

 * iscsi_ttx (iSERT) completions hung while waiting for mlx5_ib_drain_sq (BZ#2079433)

 * WARNING: CPU: 2 PID: 969 at kernel/locking/lockdep.c:895 register_lock_class+0x234/0x1640 (BZ#2079856)

 * mlx5: Some rule are not offloaded to HW in OVN K8s Pod 2 External use case (BZ#2079918)

 * OCP node kernel crash due to ceph_fsync - unsafe_request_wait+0x143 (BZ#2080071)

 * TCP doesn't retransmit if in reorder state and waits for RTO (BZ#2080972)

 * pnfs NFSv4.1 IO causes a soft lockup (after a server reboot) and an unresponsive client (BZ#2080998)

 * BlueField2: DPU can't switch to switchdev mode (BZ#2081011)

 * Important ice bug fixes (BZ#2081794)

 * For isolated CPUs (with nohz_full enabled for isolated CPUs) CPU utilization statistics are not getting reflected continuously (BZ#2084138)

 * Host is getting crash/abrupt reboot while the guest has been assigned with more than 128 GB RAM while it is using NVIDIA proprietary module. (BZ#2085572)

 * s_pf0vf2: hw csum failure for mlx5 (BZ#2086549)

 * kernel memory leak while freeing nested actions (BZ#2086590)

 * Regression: Bluetooth will not activate after 8.5 update (BZ#2087641)

 * mlx5,Internal port - traffic not offloaded on tunnel interface rules on chain > 0 when internal port is the vtep device. (BZ#2088610)

 * rule not offloaded on server side with syndrome(0x389e56) when direction is in (BZ#2088611)

 * TTL decrease only on the first packet (BZ#2088638)

 * TC HWOL of inbound traffic over geneve with ovs bridge as VTEP is not working (BZ#2088639)

 * Audio No Function on Orchid Bay(Mini Config) (BZ#2090423)

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

Solution

Update the RHEL kernel package based on the guidance in RHSA-2022:5316.

See Also

http://www.nessus.org/u?42e0a384

https://access.redhat.com/security/updates/classification/#important

https://access.redhat.com/errata/RHSA-2022:5316

https://bugzilla.redhat.com/show_bug.cgi?id=1899177

https://bugzilla.redhat.com/show_bug.cgi?id=2061633

Plugin Details

Severity: High

ID: 162647

File Name: redhat-RHSA-2022-5316.nasl

Version: 1.12

Type: local

Agent: unix

Published: 7/1/2022

Updated: 11/7/2024

Supported Sensors: Agentless Assessment, Continuous Assessment, Frictionless Assessment Agent, Frictionless Assessment AWS, Frictionless Assessment Azure, Nessus Agent, Nessus

Risk Information

VPR

Risk Factor: High

Score: 7.4

Vendor

Vendor Severity: Important

CVSS v2

Risk Factor: Medium

Base Score: 6.1

Temporal Score: 5

Vector: CVSS2#AV:L/AC:L/Au:N/C:P/I:P/A:C

CVSS Score Source: CVE-2020-28915

CVSS v3

Risk Factor: High

Base Score: 7.8

Temporal Score: 7.2

Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Temporal Vector: CVSS:3.0/E:F/RL:O/RC:C

CVSS Score Source: CVE-2022-27666

Vulnerability Information

CPE: p-cpe:/a:redhat:enterprise_linux:kernel-debug-core, p-cpe:/a:redhat:enterprise_linux:kernel-tools-libs-devel, p-cpe:/a:redhat:enterprise_linux:kernel-debug-devel, p-cpe:/a:redhat:enterprise_linux:kernel-core, p-cpe:/a:redhat:enterprise_linux:kernel-cross-headers, p-cpe:/a:redhat:enterprise_linux:kernel-tools-libs, p-cpe:/a:redhat:enterprise_linux:perf, p-cpe:/a:redhat:enterprise_linux:bpftool, p-cpe:/a:redhat:enterprise_linux:kernel-tools, p-cpe:/a:redhat:enterprise_linux:kernel-zfcpdump, p-cpe:/a:redhat:enterprise_linux:kernel-debug-modules-extra, p-cpe:/a:redhat:enterprise_linux:kernel-devel, p-cpe:/a:redhat:enterprise_linux:kernel-zfcpdump-core, p-cpe:/a:redhat:enterprise_linux:kernel, cpe:/o:redhat:enterprise_linux:8, p-cpe:/a:redhat:enterprise_linux:kernel-zfcpdump-modules-extra, p-cpe:/a:redhat:enterprise_linux:kernel-modules-extra, cpe:/o:redhat:rhel_eus:8.6, p-cpe:/a:redhat:enterprise_linux:kernel-modules, p-cpe:/a:redhat:enterprise_linux:kernel-zfcpdump-modules, p-cpe:/a:redhat:enterprise_linux:kernel-zfcpdump-devel, p-cpe:/a:redhat:enterprise_linux:kernel-debug-modules, p-cpe:/a:redhat:enterprise_linux:kernel-debug, p-cpe:/a:redhat:enterprise_linux:python3-perf

Required KB Items: Host/local_checks_enabled, Host/RedHat/release, Host/RedHat/rpm-list, Host/cpu

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 6/30/2022

Vulnerability Publication Date: 11/18/2020

Exploitable With

CANVAS (CANVAS)

Reference Information

CVE: CVE-2020-28915, CVE-2022-27666

CWE: 122, 125

RHSA: 2022:5316