RHEL 8 : kernel (RHSA-2024:0930)

high Nessus Plugin ID 190828

Synopsis

The remote Red Hat host is missing one or more security updates for kernel.

Description

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2024:0930 advisory.

The kernel packages contain the Linux kernel, the core of any Linux operating system.

Security Fix(es):

* kernel: GSM multiplexing race condition leads to privilege escalation (CVE-2023-6546)

* kernel: malicious data for FBIOPUT_VSCREENINFO ioctl may cause OOB write memory (CVE-2021-33655)

* kernel: KVM: nVMX: missing IBPB when exiting from nested guest can lead to Spectre v2 attacks (CVE-2022-2196)

* kernel: media: em28xx: initialize refcount before kref_get (CVE-2022-3239)

* kernel: use-after-free after failed devlink reload in devlink_param_get (CVE-2022-3625)

* kernel: net/packet: slab-out-of-bounds access in packet_recvmsg() (CVE-2022-20368)

* hw: cpu: arm64: Spectre-BHB (CVE-2022-23960)

* kernel: use-after-free due to improper update of reference count in net/sched/cls_u32.c (CVE-2022-29581)

* kernel: vmwgfx: integer overflow in vmwgfx_execbuf.c (CVE-2022-36402)

* kernel: vmwgfx: NULL pointer dereference in vmw_cmd_dx_define_query (CVE-2022-38096)

* kernel: vmwgfx: use-after-free in vmw_cmd_res_check (CVE-2022-38457)

* kernel: vmwgfx: use-after-free in vmw_execbuf_tie_context (CVE-2022-40133)

* kernel: sctp: fail if no bound addresses can be used for a given scope (CVE-2023-1074)

* kernel: Out of boundary write in perf_read_group() as result of overflow a perf_event's read_size (CVE-2023-6931)

* kernel: KVM: nVMX: missing consistency checks for CR0 and CR4 (CVE-2023-30456)

* kernel: blocking operation in dvb_frontend_get_event and wait_event_interruptible (CVE-2023-31084)

* kernel: use-after-free in amdgpu_cs_wait_all_fences in drivers/gpu/drm/amd/amdgpu/amdgpu_cs.c (CVE-2023-51042)

* kernel: nf_tables: use-after-free vulnerability in the nft_verdict_init() function (CVE-2024-1086)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

Solution

Update the RHEL kernel package based on the guidance in RHSA-2024:0930.

See Also

http://www.nessus.org/u?bff0b1c5

https://access.redhat.com/security/updates/classification/#important

https://bugzilla.redhat.com/show_bug.cgi?id=2062284

https://bugzilla.redhat.com/show_bug.cgi?id=2088021

https://bugzilla.redhat.com/show_bug.cgi?id=2108691

https://bugzilla.redhat.com/show_bug.cgi?id=2123695

https://bugzilla.redhat.com/show_bug.cgi?id=2127985

https://bugzilla.redhat.com/show_bug.cgi?id=2133451

https://bugzilla.redhat.com/show_bug.cgi?id=2133452

https://bugzilla.redhat.com/show_bug.cgi?id=2133453

https://bugzilla.redhat.com/show_bug.cgi?id=2133455

https://bugzilla.redhat.com/show_bug.cgi?id=2144720

https://bugzilla.redhat.com/show_bug.cgi?id=2160023

https://bugzilla.redhat.com/show_bug.cgi?id=2173430

https://bugzilla.redhat.com/show_bug.cgi?id=2188468

https://bugzilla.redhat.com/show_bug.cgi?id=2213139

https://bugzilla.redhat.com/show_bug.cgi?id=2252731

https://bugzilla.redhat.com/show_bug.cgi?id=2255498

https://bugzilla.redhat.com/show_bug.cgi?id=2259866

https://bugzilla.redhat.com/show_bug.cgi?id=2262126

https://access.redhat.com/errata/RHSA-2024:0930

Plugin Details

Severity: High

ID: 190828

File Name: redhat-RHSA-2024-0930.nasl

Version: 1.7

Type: local

Agent: unix

Published: 2/21/2024

Updated: 11/7/2024

Supported Sensors: Agentless Assessment, Continuous Assessment, Frictionless Assessment Agent, Frictionless Assessment AWS, Frictionless Assessment Azure, Nessus Agent, Nessus

Risk Information

VPR

Risk Factor: Critical

Score: 9.6

Vendor

Vendor Severity: Important

CVSS v2

Risk Factor: High

Base Score: 7.2

Temporal Score: 6.3

Vector: CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C

CVSS Score Source: CVE-2022-29581

CVSS v3

Risk Factor: High

Base Score: 8.8

Temporal Score: 8.4

Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H

Temporal Vector: CVSS:3.0/E:H/RL:O/RC:C

CVSS Score Source: CVE-2022-2196

Vulnerability Information

CPE: p-cpe:/a:redhat:enterprise_linux:kernel-debug-core, p-cpe:/a:redhat:enterprise_linux:kernel-tools-libs-devel, p-cpe:/a:redhat:enterprise_linux:kernel-debug-devel, p-cpe:/a:redhat:enterprise_linux:kernel-core, p-cpe:/a:redhat:enterprise_linux:kernel-cross-headers, p-cpe:/a:redhat:enterprise_linux:kernel-tools-libs, p-cpe:/a:redhat:enterprise_linux:perf, p-cpe:/a:redhat:enterprise_linux:bpftool, p-cpe:/a:redhat:enterprise_linux:kernel-tools, p-cpe:/a:redhat:enterprise_linux:kernel-zfcpdump, p-cpe:/a:redhat:enterprise_linux:kernel-debug-modules-extra, p-cpe:/a:redhat:enterprise_linux:kernel-devel, p-cpe:/a:redhat:enterprise_linux:kernel-zfcpdump-core, p-cpe:/a:redhat:enterprise_linux:kernel, cpe:/o:redhat:enterprise_linux:8, p-cpe:/a:redhat:enterprise_linux:kernel-zfcpdump-modules-extra, p-cpe:/a:redhat:enterprise_linux:kernel-modules-extra, cpe:/o:redhat:rhel_eus:8.6, p-cpe:/a:redhat:enterprise_linux:kernel-modules, p-cpe:/a:redhat:enterprise_linux:kernel-zfcpdump-modules, p-cpe:/a:redhat:enterprise_linux:kernel-zfcpdump-devel, p-cpe:/a:redhat:enterprise_linux:kernel-debug-modules, p-cpe:/a:redhat:enterprise_linux:kernel-debug, p-cpe:/a:redhat:enterprise_linux:python3-perf

Required KB Items: Host/local_checks_enabled, Host/RedHat/release, Host/RedHat/rpm-list, Host/cpu

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 2/21/2024

Vulnerability Publication Date: 3/13/2022

CISA Known Exploited Vulnerability Due Dates: 6/20/2024

Exploitable With

Core Impact

Reference Information

CVE: CVE-2021-33655, CVE-2022-20368, CVE-2022-2196, CVE-2022-23960, CVE-2022-29581, CVE-2022-3239, CVE-2022-3625, CVE-2022-36402, CVE-2022-38096, CVE-2022-38457, CVE-2022-40133, CVE-2023-1074, CVE-2023-30456, CVE-2023-31084, CVE-2023-51042, CVE-2023-6546, CVE-2023-6931, CVE-2024-1086

CWE: 1188, 190, 358, 401, 416, 476, 787

RHSA: 2024:0930