The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2023:0300 advisory.

    The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with     extremely high determinism requirements.

    Security Fix(es):

    * kernel: watch queue race condition can lead to privilege escalation (CVE-2022-2959)

    * kernel: memory corruption in AX88179_178A based USB ethernet device. (CVE-2022-2964)

    * kernel: i915: Incorrect GPU TLB flush can lead to random memory access (CVE-2022-4139)

    * kernel: nfsd buffer overflow by RPC message over TCP with garbage data (CVE-2022-43945)

    * kernel: i2c: unbounded length leads to buffer overflow in ismt_access() (CVE-2022-3077)

    * kernel: Unprivileged users may use PTRACE_SEIZE to set PTRACE_O_SUSPEND_SECCOMP option (CVE-2022-30594)

    For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and     other related information, refer to the CVE page(s) listed in the References section.

    Bug Fix(es):

    * DELL EMC: System is not booting into RT Kernel with perc12 [kernel-rt] (BZ#2139863)

    * kernel-rt: update RT source tree to the latest RHEL-9.1.z1 Batch (BZ#2141817)

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

Detections

Analytics

RHEL 9 : kernel-rt (RHSA-2023:0300)

high Nessus Plugin ID 170414

Version 1.6

Version 1.5

Version 1.3

Version 1.2

Version 1.2

Version 1.1

Version 1.0

Version 1.6 Nov 7, 2024, 2:36 PM CVSS metrics ("Cvssv4 score" set to 0.0) CVSSv2 severity (based on None, severity decreased from "High" to "Low") Plugin metadata Plugin Feed: 202411071436
Version 1.5 Nov 5, 2024, 6:29 PM Plugin metadata Detection (updated detection logic) CVSS metrics ("Cvssv4 score" set to 0.0) CVSSv2 severity (based on None, severity decreased from "High" to "Low") Plugin Feed: 202411051829
Version 1.3 Jan 26, 2024, 11:18 PM Detection (updated detection logic) Plugin metadata Reference Plugin Feed: 202401262318
Version 1.2 Oct 24, 2023, 4:27 PM CVSSv3 score source (set to "CVE-2022-4139") Plugin Feed: 202310241627
Version 1.2 Jan 26, 2024, 9:00 PM Detection (updated detection logic) Plugin metadata Reference Plugin Feed: 202401262100
Version 1.1 Jan 24, 2023, 7:02 PM Exploit attributes ("Exploit available" set to "True") Exploit attributes ("Exploitability ease" changed from "No known exploits are available" to "Exploits are available") Plugin Feed: 202301241902
Version 1.0 Jan 24, 2023, 3:49 AM New Plugin Feed: 202301240349