The remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2024:1332 advisory.

    The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with     extremely high determinism requirements.

    Security Fix(es):

    * sched/membarrier: reduce the ability to hammer on sys_membarrier (CVE-2024-26602)

    * use-after-free in l2cap_connect and l2cap_le_connect_req in net/bluetooth/l2cap_core.c (CVE-2022-42896)

    * use-after-free in sch_qfq network scheduler (CVE-2023-4921)

    * IGB driver inadequate buffer size for frames larger than MTU (CVE-2023-45871)

    * fbcon: out-of-sync arrays in fbcon_mode_deleted due to wrong con2fb_map assignment (CVE-2023-38409)

    * nf_tables: use-after-free vulnerability in the nft_verdict_init() function (CVE-2024-1086)

    For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and     other related information, refer to the CVE page(s) listed in the References section.

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

Detections

Analytics

RHEL 7 : kernel-rt (RHSA-2024:1332)

high Nessus Plugin ID 192132

Version 1.5

Version 1.4

Version 1.3

Version 1.2

Version 1.1

Version 1.0

Version 1.5 Nov 7, 2024, 5:29 PM CVSS metrics ("Cvssv4 score" set to 0.0) CVSSv2 severity (based on None, severity decreased from "High" to "Low") Detection (updated detection logic) Plugin metadata Plugin Feed: 202411071729
Version 1.4 Jun 4, 2024, 3:18 AM Plugin metadata Plugin Feed: 202406040318
Version 1.3 May 31, 2024, 1:01 AM CISA reference Plugin Feed: 202405310101
Version 1.2 Apr 28, 2024, 2:25 PM Detection (updated detection logic) Plugin metadata Plugin Feed: 202404281425
Version 1.1 Apr 5, 2024, 1:58 PM CVSS temporal metrics ("CVSSv2 temporal vector" set to "CVSS2#E:H/RL:OF/RC:C") CVSS temporal metrics ("CVSSv3 temporal vector" set to "CVSS:3.0/E:H/RL:O/RC:C") Exploit attributes ("Exploited by malware" set to "True") Plugin Feed: 202404051358
Version 1.0 Mar 15, 2024, 5:08 AM New Plugin Feed: 202403150508