RHEL 8 : kernel (RHSA-2023:1554)

high Nessus Plugin ID 173872

Synopsis

The remote Red Hat host is missing one or more security updates.

Description

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2023:1554 advisory.

The kernel packages contain the Linux kernel, the core of any Linux operating system.

Security Fix(es):

* ALSA: pcm: Move rwsem lock inside snd_ctl_elem_read to prevent UAF (CVE-2023-0266)

* kernel: FUSE filesystem low-privileged user privileges escalation (CVE-2023-0386)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Bug Fix(es):

* RHEL 8.7: please integrate powerpc/64/kdump: Limit kdump base to 512MB patch. (BZ#2154272)

* Redhat OpenShift: Error downloading big ZIP files inside pod on power OCP and pod getting restarted (BZ#2160222)

* RHEL8.4: s390/kexec: fix ipl report address for kdump (BZ#2166297)

* Unable to get QinQ working with ConnectX-4 Lx in SR-IOV scenario (BZ#2166666)

* mlx5: lag and sriov fixes (BZ#2167648)

* New algorithm limits needed in FIPS mode (BZ#2167771)

* RHEL8.4: dasd: fix no record found for raw_track_access (BZ#2167777)

* kernel panics if iwlwifi firmware can not be loaded (BZ#2169664)

* CSB.V bit never becomes valid for NX Gzip job during LPAR migration (BZ#2170855)

* Backport Request for locking/rwsem commits (BZ#2170940)

* ipv6 traffic stop when an sriov vf have ipv6 address (BZ#2172551)

* Hyper-V RHEL8.8: Update MANA driver (BZ#2173104)

* Disable 3DES in FIPS mode (BZ#2176523)

* Soft lockup occurred during __page_mapcount (BZ#2177139)

* Task hangs in blk_mq_get_tag while no tags are in use (BZ#2178225)

* Node locked up and not responsive due to potential rcu stall (BZ#2178273)

Enhancement(s):

* Intel 8.8 FEAT SPR CPU: AMX: Improve the init_fpstate setup code (BZ#2168385)

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

Solution

Update the affected packages.

See Also

http://www.nessus.org/u?966c9981

https://access.redhat.com/security/updates/classification/#important

https://bugzilla.redhat.com/show_bug.cgi?id=2159505

https://bugzilla.redhat.com/show_bug.cgi?id=2163379

https://access.redhat.com/errata/RHSA-2023:1554

Plugin Details

Severity: High

ID: 173872

File Name: redhat-RHSA-2023-1554.nasl

Version: 1.7

Type: local

Agent: unix

Published: 4/5/2023

Updated: 11/7/2024

Supported Sensors: Agentless Assessment, Continuous Assessment, Frictionless Assessment Agent, Frictionless Assessment AWS, Frictionless Assessment Azure, Nessus Agent, Nessus

Risk Information

VPR

Risk Factor: High

Score: 8.9

Vendor

Vendor Severity: Important

CVSS v2

Risk Factor: Medium

Base Score: 6.8

Temporal Score: 5.9

Vector: CVSS2#AV:L/AC:L/Au:S/C:C/I:C/A:C

CVSS Score Source: CVE-2023-0386

CVSS v3

Risk Factor: High

Base Score: 7.8

Temporal Score: 7.5

Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Temporal Vector: CVSS:3.0/E:H/RL:O/RC:C

Vulnerability Information

CPE: p-cpe:/a:redhat:enterprise_linux:kernel-debug-core, p-cpe:/a:redhat:enterprise_linux:kernel-tools-libs-devel, p-cpe:/a:redhat:enterprise_linux:kernel-debug-devel, p-cpe:/a:redhat:enterprise_linux:kernel-core, p-cpe:/a:redhat:enterprise_linux:kernel-cross-headers, p-cpe:/a:redhat:enterprise_linux:kernel-tools-libs, p-cpe:/a:redhat:enterprise_linux:perf, p-cpe:/a:redhat:enterprise_linux:bpftool, p-cpe:/a:redhat:enterprise_linux:kernel-tools, p-cpe:/a:redhat:enterprise_linux:kernel-zfcpdump, p-cpe:/a:redhat:enterprise_linux:kernel-debug-modules-extra, p-cpe:/a:redhat:enterprise_linux:kernel-devel, p-cpe:/a:redhat:enterprise_linux:kernel-zfcpdump-core, p-cpe:/a:redhat:enterprise_linux:kernel, cpe:/o:redhat:enterprise_linux:8, p-cpe:/a:redhat:enterprise_linux:kernel-zfcpdump-modules-extra, p-cpe:/a:redhat:enterprise_linux:kernel-modules-extra, cpe:/o:redhat:rhel_eus:8.6, p-cpe:/a:redhat:enterprise_linux:kernel-modules, p-cpe:/a:redhat:enterprise_linux:kernel-zfcpdump-modules, p-cpe:/a:redhat:enterprise_linux:kernel-zfcpdump-devel, p-cpe:/a:redhat:enterprise_linux:kernel-debug-modules, p-cpe:/a:redhat:enterprise_linux:kernel-debug, p-cpe:/a:redhat:enterprise_linux:python3-perf

Required KB Items: Host/local_checks_enabled, Host/RedHat/release, Host/RedHat/rpm-list, Host/cpu

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 4/4/2023

Vulnerability Publication Date: 1/30/2023

CISA Known Exploited Vulnerability Due Dates: 4/20/2023

Exploitable With

Core Impact

Metasploit (Local Privilege Escalation via CVE-2023-0386)

Reference Information

CVE: CVE-2023-0266, CVE-2023-0386

CWE: 282, 416

RHSA: 2023:1554