Detections
Analytics

RHEL 8 : kernel (RHSA-2024:0724)

high Nessus Plugin ID 190110

Language:

Synopsis

The remote Red Hat host is missing one or more security updates for kernel.

Description

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2024:0724 advisory.

 The kernel packages contain the Linux kernel, the core of any Linux operating system.

 Security Fix(es):

 * kernel: use-after-free in sch_qfq network scheduler (CVE-2023-4921)

 * kernel: inactive elements in nft_pipapo_walk (CVE-2023-6817)

 * kernel: ktls overwrites readonly memory pages when using function splice with a ktls socket as destination (CVE-2024-0646)

 * kernel: use-after-free vulnerability in function sco_sock_sendmsg() (CVE-2021-3640)

 * kernel: improper input validation may lead to privilege escalation (CVE-2021-4204)

 * kernel: memory leak for large arguments in video_usercopy function in drivers/media/v4l2-core/v4l2-ioctl.c (CVE-2021-30002)

 * kernel: eBPF verification flaw (CVE-2021-34866)

 * kernel: smb2_ioctl_query_info NULL pointer dereference (CVE-2022-0168)

 * kernel: Linux ebpf logic vulnerability leads to critical memory read and write gaining root privileges (CVE-2022-0500)

 * kernel: NULL pointer dereference in udf_expand_file_adinicbdue() during writeback (CVE-2022-0617)

 * kernel: possible race condition in drivers/tty/tty_buffers.c (CVE-2022-1462)

 * kernel: buffer overflow in nft_set_desc_concat_parse() (CVE-2022-2078)

 * kernel: nf_tables cross-table potential use-after-free may lead to local privilege escalation (CVE-2022-2586)

 * kernel: netfilter: nf_conntrack_irc message handling issue (CVE-2022-2663)

 * kernel: memory leak in ipv6_renew_options() (CVE-2022-3524)

 * kernel: nfp: use-after-free in area_cache_get() (CVE-2022-3545)

 * kernel: data races around icsk->icsk_af_ops in do_ipv6_setsockopt (CVE-2022-3566)

 * kernel: Rate limit overflow messages in r8152 in intr_callback (CVE-2022-3594)

 * kernel: memory leak in l2cap_recv_acldata of the file net/bluetooth/l2cap_core.c (CVE-2022-3619)

 * kernel: denial of service in follow_page_pte in mm/gup.c due to poisoned pte entry (CVE-2022-3623)

 * kernel: Double-free in split_2MB_gtt_entry when function intel_gvt_dma_map_guest_page failed (CVE-2022-3707)

 * kernel: possible to use the debugger to write zero into a location of choice (CVE-2022-21499)

 * kernel: local privileges escalation in kernel/bpf/verifier.c (CVE-2022-23222)

 * kernel: Executable Space Protection Bypass (CVE-2022-25265)

 * kernel: double free in usb_8dev_start_xmit in drivers/net/can/usb/usb_8dev.c (CVE-2022-28388)

 * kernel: double free in ems_usb_start_xmit in drivers/net/can/usb/ems_usb.c (CVE-2022-28390)

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

Solution

Update the RHEL kernel package based on the guidance in RHSA-2024:0724.

See Also

http://www.nessus.org/u?a8792938

https://access.redhat.com/security/updates/classification/#important

https://bugzilla.redhat.com/show_bug.cgi?id=1946279

https://bugzilla.redhat.com/show_bug.cgi?id=1980646

https://bugzilla.redhat.com/show_bug.cgi?id=2000457

https://bugzilla.redhat.com/show_bug.cgi?id=2037386

https://bugzilla.redhat.com/show_bug.cgi?id=2039178

https://bugzilla.redhat.com/show_bug.cgi?id=2043520

https://bugzilla.redhat.com/show_bug.cgi?id=2044578

https://bugzilla.redhat.com/show_bug.cgi?id=2051444

https://bugzilla.redhat.com/show_bug.cgi?id=2053632

https://bugzilla.redhat.com/show_bug.cgi?id=2055499

https://bugzilla.redhat.com/show_bug.cgi?id=2073064

https://bugzilla.redhat.com/show_bug.cgi?id=2073091

https://bugzilla.redhat.com/show_bug.cgi?id=2074208

https://bugzilla.redhat.com/show_bug.cgi?id=2078466

https://bugzilla.redhat.com/show_bug.cgi?id=2084183

https://bugzilla.redhat.com/show_bug.cgi?id=2096178

https://bugzilla.redhat.com/show_bug.cgi?id=2114878

https://bugzilla.redhat.com/show_bug.cgi?id=2115278

https://bugzilla.redhat.com/show_bug.cgi?id=2123056

https://bugzilla.redhat.com/show_bug.cgi?id=2124788

https://bugzilla.redhat.com/show_bug.cgi?id=2137979

https://bugzilla.redhat.com/show_bug.cgi?id=2143893

https://bugzilla.redhat.com/show_bug.cgi?id=2148520

https://bugzilla.redhat.com/show_bug.cgi?id=2149024

https://bugzilla.redhat.com/show_bug.cgi?id=2150947

https://bugzilla.redhat.com/show_bug.cgi?id=2154235

https://bugzilla.redhat.com/show_bug.cgi?id=2161310

https://bugzilla.redhat.com/show_bug.cgi?id=2165721

https://bugzilla.redhat.com/show_bug.cgi?id=2168332

https://bugzilla.redhat.com/show_bug.cgi?id=2173434

https://bugzilla.redhat.com/show_bug.cgi?id=2176140

https://bugzilla.redhat.com/show_bug.cgi?id=2177389

https://bugzilla.redhat.com/show_bug.cgi?id=2181330

https://bugzilla.redhat.com/show_bug.cgi?id=2185945

https://bugzilla.redhat.com/show_bug.cgi?id=2187813

https://bugzilla.redhat.com/show_bug.cgi?id=2187931

https://bugzilla.redhat.com/show_bug.cgi?id=2193219

https://bugzilla.redhat.com/show_bug.cgi?id=2207625

https://bugzilla.redhat.com/show_bug.cgi?id=2213199

https://bugzilla.redhat.com/show_bug.cgi?id=2215837

https://bugzilla.redhat.com/show_bug.cgi?id=2221707

https://bugzilla.redhat.com/show_bug.cgi?id=2231800

https://bugzilla.redhat.com/show_bug.cgi?id=2244715

https://bugzilla.redhat.com/show_bug.cgi?id=2245514

https://bugzilla.redhat.com/show_bug.cgi?id=2246944

https://bugzilla.redhat.com/show_bug.cgi?id=2246945

https://bugzilla.redhat.com/show_bug.cgi?id=2253614

https://bugzilla.redhat.com/show_bug.cgi?id=2253908

https://bugzilla.redhat.com/show_bug.cgi?id=2254052

https://bugzilla.redhat.com/show_bug.cgi?id=2254053

https://bugzilla.redhat.com/show_bug.cgi?id=2254054

https://bugzilla.redhat.com/show_bug.cgi?id=2255139

https://bugzilla.redhat.com/show_bug.cgi?id=2255283

https://access.redhat.com/errata/RHSA-2024:0724

Plugin Details

Severity: High

ID: 190110

File Name: redhat-RHSA-2024-0724.nasl

Version: 1.6

Type: local

Agent: unix

Published: 2/7/2024

Updated: 11/7/2024

Supported Sensors: Agentless Assessment, Continuous Assessment, Frictionless Assessment Agent, Frictionless Assessment AWS, Frictionless Assessment Azure, Nessus Agent, Nessus

Risk Information

VPR

Risk Factor: High

Score: 8.4

Vendor

Vendor Severity: Important

CVSS v2

Risk Factor: High

Base Score: 7.2

Temporal Score: 6

Vector: CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C

CVSS Score Source: CVE-2022-28893

CVSS v3

Risk Factor: High

Base Score: 7.8

Temporal Score: 7.2

Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Temporal Vector: CVSS:3.0/E:F/RL:O/RC:C

CVSS Score Source: CVE-2024-0646

Vulnerability Information

CPE: p-cpe:/a:redhat:enterprise_linux:kernel-debug-core, p-cpe:/a:redhat:enterprise_linux:kernel-tools-libs-devel, p-cpe:/a:redhat:enterprise_linux:kernel-debug-devel, p-cpe:/a:redhat:enterprise_linux:kernel-core, p-cpe:/a:redhat:enterprise_linux:kernel-cross-headers, p-cpe:/a:redhat:enterprise_linux:kernel-tools-libs, p-cpe:/a:redhat:enterprise_linux:perf, p-cpe:/a:redhat:enterprise_linux:bpftool, p-cpe:/a:redhat:enterprise_linux:kernel-tools, p-cpe:/a:redhat:enterprise_linux:kernel-zfcpdump, p-cpe:/a:redhat:enterprise_linux:kernel-debug-modules-extra, p-cpe:/a:redhat:enterprise_linux:kernel-devel, p-cpe:/a:redhat:enterprise_linux:kernel-zfcpdump-core, p-cpe:/a:redhat:enterprise_linux:kernel, cpe:/o:redhat:enterprise_linux:8, p-cpe:/a:redhat:enterprise_linux:kernel-zfcpdump-modules-extra, p-cpe:/a:redhat:enterprise_linux:kernel-modules-extra, cpe:/o:redhat:rhel_eus:8.6, p-cpe:/a:redhat:enterprise_linux:kernel-modules, p-cpe:/a:redhat:enterprise_linux:kernel-zfcpdump-modules, p-cpe:/a:redhat:enterprise_linux:kernel-zfcpdump-devel, p-cpe:/a:redhat:enterprise_linux:kernel-debug-modules, p-cpe:/a:redhat:enterprise_linux:kernel-debug, p-cpe:/a:redhat:enterprise_linux:python3-perf

Required KB Items: Host/local_checks_enabled, Host/RedHat/release, Host/RedHat/rpm-list, Host/cpu

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 2/7/2024

Vulnerability Publication Date: 4/2/2021

CISA Known Exploited Vulnerability Due Dates: 7/17/2024

Exploitable With

Core Impact

Reference Information

CVE: CVE-2021-30002, CVE-2021-34866, CVE-2021-3640, CVE-2021-4204, CVE-2022-0168, CVE-2022-0500, CVE-2022-0617, CVE-2022-1462, CVE-2022-2078, CVE-2022-21499, CVE-2022-23222, CVE-2022-24448, CVE-2022-25265, CVE-2022-2586, CVE-2022-2663, CVE-2022-28388, CVE-2022-28390, CVE-2022-28893, CVE-2022-3524, CVE-2022-3545, CVE-2022-3566, CVE-2022-3594, CVE-2022-3619, CVE-2022-3623, CVE-2022-36946, CVE-2022-3707, CVE-2022-39189, CVE-2022-45887, CVE-2023-0458, CVE-2023-1075, CVE-2023-1252, CVE-2023-1989, CVE-2023-20569, CVE-2023-2166, CVE-2023-2176, CVE-2023-23455, CVE-2023-28328, CVE-2023-28772, CVE-2023-3141, CVE-2023-35825, CVE-2023-40283, CVE-2023-4132, CVE-2023-45862, CVE-2023-46813, CVE-2023-4921, CVE-2023-5717, CVE-2023-6356, CVE-2023-6535, CVE-2023-6536, CVE-2023-6610, CVE-2023-6817, CVE-2023-6932, CVE-2024-0646

CWE: 119, 120, 123, 125, 1314, 269, 281, 366, 401, 415, 416, 476, 697, 763, 772, 779, 787, 843, 908, 923

RHSA: 2024:0724