The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2023:7417 advisory.

  - kernel: Use-after-free vulnerability in the Linux Kernel traffic control index filter (CVE-2023-1829)

  - kernel: net/sched: cls_u32 component reference counter leak if tcf_change_indev() fails (CVE-2023-3609)

  - kernel: net/sched: cls_fw component can be exploited as result of failure in tcf_change_indev function     (CVE-2023-3776)

  - kernel: netfilter: use-after-free due to improper element removal in nft_pipapo_remove() (CVE-2023-4004)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

Detections

Analytics

RHEL 8 : kpatch-patch (RHSA-2023:7417)

high Nessus Plugin ID 186071

Version 1.2

Version 1.0

Version 1.2 Aug 5, 2024, 7:12 AM CVSS temporal metrics ("CVSSv2 temporal vector" set to "CVSS2#E:POC/RL:OF/RC:C") CVSS temporal metrics ("CVSSv3 temporal vector" set to "CVSS:3.0/E:P/RL:O/RC:C") Exploit attributes ("Exploit available" set to "True") Exploit attributes ("Exploitability ease" changed from "No known exploits are available" to "Exploits are available") Plugin Feed: 202408050712
Version 1.0 Nov 21, 2023, 11:48 PM New Plugin Feed: 202311212348