RHEL 8 : kernel (RHSA-2023:1566)

high Nessus Plugin ID 173871

Synopsis

The remote Red Hat host is missing one or more security updates.

Description

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2023:1566 advisory.

The kernel packages contain the Linux kernel, the core of any Linux operating system.

Security Fix(es):

* kernel: stack overflow in do_proc_dointvec and proc_skip_spaces (CVE-2022-4378)

* ALSA: pcm: Move rwsem lock inside snd_ctl_elem_read to prevent UAF (CVE-2023-0266)

* kernel: FUSE filesystem low-privileged user privileges escalation (CVE-2023-0386)

* kernel: net: CPU soft lockup in TC mirred egress-to-ingress action (CVE-2022-4269)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Bug Fix(es):

* kernel panic on reboot due to a bug in mei_wdt module (BZ#2139770)

* RHEL8: Practically limit Dummy wait workaround to old Intel systems (BZ#2142170)

* AMDSERVER 8.7: amdpstate driver incorrectly designed to load as default for Genoa (BZ#2151275)

* RHEL-8.8: Update RDMA core to Linux v6.0 (BZ#2161750)

* Kernel panic observed during VxFS module unload (BZ#2162763)

* Client not able to connect to rhel server: SYN is answered by chalange ACK and RST is ignored (BZ#2165587)

* RHEL8.4: s390/kexec: fix ipl report address for kdump (BZ#2166296)

* kvm-unit-test reports unhandled exception on AMD (BZ#2166362)

* Windows Server 2019 guest randomly pauses with KVM: entry failed, hardware error 0x80000021 (BZ#2166368)

* Unable to get QinQ working with ConnectX-4 Lx in SR-IOV scenario (BZ#2166665)

* panic in fib6_rule_suppress+0x22 with custom xdp prog involved in (BZ#2167602)

* net/mlx5e: Fix use-after-free when reverting termination table (BZ#2167640)

* RHEL 8.7: EEH injection failed to recover on Mellanox adapter. (BZ#2167645)

* mlx5: lag and sriov fixes (BZ#2167647)

* RHEL8.4: dasd: fix no record found for raw_track_access (BZ#2167776)

* GSS: Set of fixes in ceph kernel module to prevent OCS node kernel crash - blocklist the kclient when receiving corrupted snap trace (BZ#2168896)

* Azure RHEL8 scsi: storvsc: Fix swiotlb bounce buffer leak in confidential VM (BZ#2170228)

* fast_isolate_freepages scans out of target zone (BZ#2170576)

* Backport Request for locking/rwsem commits (BZ#2170939)

* ipv6 traffic stop when an sriov vf have ipv6 address (BZ#2172550)

* Hyper-V RHEL8.8: Update MANA driver (BZ#2173103)

Enhancement(s):

* Intel 8.8 FEAT SPR CPU: AMX: Improve the init_fpstate setup code (BZ#2168384)

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

Solution

Update the affected packages.

See Also

http://www.nessus.org/u?80d0f385

https://access.redhat.com/security/updates/classification/#important

https://bugzilla.redhat.com/show_bug.cgi?id=2150272

https://bugzilla.redhat.com/show_bug.cgi?id=2152548

https://bugzilla.redhat.com/show_bug.cgi?id=2159505

https://bugzilla.redhat.com/show_bug.cgi?id=2163379

https://access.redhat.com/errata/RHSA-2023:1566

Plugin Details

Severity: High

ID: 173871

File Name: redhat-RHSA-2023-1566.nasl

Version: 1.8

Type: local

Agent: unix

Published: 4/5/2023

Updated: 11/7/2024

Supported Sensors: Agentless Assessment, Continuous Assessment, Frictionless Assessment Agent, Frictionless Assessment AWS, Frictionless Assessment Azure, Nessus Agent, Nessus

Risk Information

VPR

Risk Factor: High

Score: 8.9

Vendor

Vendor Severity: Important

CVSS v2

Risk Factor: Medium

Base Score: 6.8

Temporal Score: 5.9

Vector: CVSS2#AV:L/AC:L/Au:S/C:C/I:C/A:C

CVSS Score Source: CVE-2023-0386

CVSS v3

Risk Factor: High

Base Score: 7.8

Temporal Score: 7.5

Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Temporal Vector: CVSS:3.0/E:H/RL:O/RC:C

Vulnerability Information

CPE: p-cpe:/a:redhat:enterprise_linux:kernel-debug-core, p-cpe:/a:redhat:enterprise_linux:kernel-tools-libs-devel, p-cpe:/a:redhat:enterprise_linux:kernel-debug-devel, p-cpe:/a:redhat:enterprise_linux:kernel-cross-headers, p-cpe:/a:redhat:enterprise_linux:kernel-core, p-cpe:/a:redhat:enterprise_linux:kernel-tools-libs, p-cpe:/a:redhat:enterprise_linux:perf, p-cpe:/a:redhat:enterprise_linux:bpftool, p-cpe:/a:redhat:enterprise_linux:kernel-tools, p-cpe:/a:redhat:enterprise_linux:kernel-zfcpdump, p-cpe:/a:redhat:enterprise_linux:kernel-debug-modules-extra, p-cpe:/a:redhat:enterprise_linux:kernel-devel, p-cpe:/a:redhat:enterprise_linux:kernel-zfcpdump-core, p-cpe:/a:redhat:enterprise_linux:kernel, cpe:/o:redhat:enterprise_linux:8, p-cpe:/a:redhat:enterprise_linux:kernel-zfcpdump-modules-extra, p-cpe:/a:redhat:enterprise_linux:kernel-modules-extra, p-cpe:/a:redhat:enterprise_linux:kernel-modules, p-cpe:/a:redhat:enterprise_linux:kernel-zfcpdump-modules, p-cpe:/a:redhat:enterprise_linux:kernel-zfcpdump-devel, p-cpe:/a:redhat:enterprise_linux:kernel-debug-modules, p-cpe:/a:redhat:enterprise_linux:kernel-debug, p-cpe:/a:redhat:enterprise_linux:python3-perf

Required KB Items: Host/local_checks_enabled, Host/RedHat/release, Host/RedHat/rpm-list, Host/cpu

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 4/4/2023

Vulnerability Publication Date: 12/5/2022

CISA Known Exploited Vulnerability Due Dates: 4/20/2023

Exploitable With

Core Impact

Metasploit (Local Privilege Escalation via CVE-2023-0386)

Reference Information

CVE: CVE-2022-4269, CVE-2022-4378, CVE-2023-0266, CVE-2023-0386

CWE: 282, 416, 787, 833

RHSA: 2023:1566