The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2024:1404 advisory.

    The kernel packages contain the Linux kernel, the core of any Linux operating system.

    Security Fix(es):

    * kernel: out-of-bounds write in hw_atl_utils_fw_rpc_wait() in     drivers/net/ethernet/aquantia/atlantic/hw_atl/hw_atl_utils.c (CVE-2021-43975)

    * kernel: double free in usb_8dev_start_xmit in drivers/net/can/usb/usb_8dev.c (CVE-2022-28388)

    * kernel: null-ptr-deref vulnerabilities in sl_tx_timeout in drivers/net/slip (CVE-2022-41858)

    * kernel: Rate limit overflow messages in r8152 in intr_callback (CVE-2022-3594)

    * kernel: tun: avoid double free in tun_free_netdev (CVE-2022-4744)

    * kernel: nfp: use-after-free in area_cache_get() (CVE-2022-3545)

    * kernel: denial of service in tipc_conn_close (CVE-2023-1382)

    * kernel: lib/seq_buf.c has a seq_buf_putmem_hex buffer overflow (CVE-2023-28772)

    * kernel: NULL pointer dereference in can_rcv_filter (CVE-2023-2166)

    * kernel: Slab-out-of-bound read in compare_netdev_and_ip (CVE-2023-2176)

    * kernel: use-after-free in l2cap_sock_release in net/bluetooth/l2cap_sock.c (CVE-2023-40283)

    * kernel: use-after-free in sch_qfq network scheduler (CVE-2023-4921)

    * kernel: Out-Of-Bounds Read vulnerability in smbCalcSize (CVE-2023-6606)

    * kernel: ktls overwrites readonly memory pages when using function splice with a ktls socket as     destination (CVE-2024-0646)

    * kernel: inactive elements in nft_pipapo_walk (CVE-2023-6817)

    * kernel: refcount leak in ctnetlink_create_conntrack() (CVE-2023-7192)

    Bug Fix(es):

    * The kernel is still getting hung up even after converting kernfs_mutex to kernfs_rwsem with massive     concurrent kernfs access (open & lookup) performed by kubelet/node_exporter threads. (JIRA:RHEL-17149)

    * kernel: Rate limit overflow messages in r8152 in intr_callback (JIRA:RHEL-18810)

    * kernel: tun: avoid double free in tun_free_netdev (JIRA:RHEL-18813)

    * kernel: lib/seq_buf.c has a seq_buf_putmem_hex buffer overflow (JIRA:RHEL-18850)

    * kernel: NULL pointer dereference in can_rcv_filter (JIRA:RHEL-19461)

    * ipoib mcast lockup fix (JIRA:RHEL-19698)

    * kernel: denial of service in tipc_conn_close (JIRA:RHEL-18824)

    * Rhel-8.6 crash at  qed_get_current_link+0x11 during tx_timeout recovery  (JIRA:RHEL-20923)

    * kernel: use-after-free in sch_qfq network scheduler (JIRA:RHEL-14402)

    * RHEL8.6 - s390/qeth: NET2016 - fix use-after-free in HSCI (JIRA:RHEL-15849)

    * RHEL8.6 - s390/qeth: recovery and set offline lose routes and IPv6 addr (JIRA:RHEL-17883)

    * kernel: null-ptr-deref vulnerabilities in sl_tx_timeout in drivers/net/slip (JIRA:RHEL-18582)

    * kernel: out-of-bounds write in hw_atl_utils_fw_rpc_wait() in     drivers/net/ethernet/aquantia/atlantic/hw_atl/hw_atl_utils.c (JIRA:RHEL-18799)

    * kernel: double free in usb_8dev_start_xmit in drivers/net/can/usb/usb_8dev.c (JIRA:RHEL-18814)

    * kernel: use-after-free in l2cap_sock_release in net/bluetooth/l2cap_sock.c (JIRA:RHEL-18998)

    * dm multipath device suspend deadlocks waiting on a flush request (JIRA:RHEL-19110)

    * kernel: Slab-out-of-bound read in compare_netdev_and_ip (JIRA:RHEL-19327)

    * kernel: A flaw leading to a use-after-free in area_cache_get() (JIRA:RHEL-19451)

    * [RHEL8] I/O blocked during fio background with IO schedule switch, cpu offline/online, pci nvme     rescan/reset (JIRA:RHEL-20231)

    * kernel: refcount leak in ctnetlink_create_conntrack() (JIRA:RHEL-20298)

    * kernel: inactive elements in nft_pipapo_walk (JIRA:RHEL-20697)

    * kernel: Out-Of-Bounds Read vulnerability in smbCalcSize (JIRA:RHEL-21661)

    * kernel NULL pointer at RIP: 0010:kyber_has_work+0x1c/0x60 (JIRA:RHEL-21784)

    * kernel: ktls overwrites readonly memory pages when using function splice with a ktls socket as     destination (JIRA:RHEL-22090)

    * backport timerlat user-space support (JIRA:RHEL-20361)

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

Detections

Analytics

RHEL 8 : kernel (RHSA-2024:1404)

high Nessus Plugin ID 192277

Version 1.5

Version 1.4

Version 1.3

Version 1.2

Version 1.1

Version 1.0

Version 1.5 Nov 7, 2024, 11:28 PM CVSS metrics ("Cvssv4 score" set to 0.0) CVSSv2 severity (based on None, severity decreased from "High" to "Low") Plugin metadata Reference Plugin Feed: 202411072328
Version 1.4 Jun 4, 2024, 3:18 AM Plugin metadata Plugin Feed: 202406040318
Version 1.3 May 31, 2024, 1:01 AM CISA reference Plugin Feed: 202405310101
Version 1.2 Apr 23, 2024, 11:13 PM Detection (updated detection logic) Plugin metadata Reference Plugin Feed: 202404232313
Version 1.1 Apr 5, 2024, 1:58 PM CVSS temporal metrics ("CVSSv2 temporal vector" set to "CVSS2#E:H/RL:OF/RC:C") CVSS temporal metrics ("CVSSv3 temporal vector" set to "CVSS:3.0/E:H/RL:O/RC:C") Exploit attributes ("Exploited by malware" set to "True") Plugin Feed: 202404051358
Version 1.0 Mar 20, 2024, 5:38 AM New Plugin Feed: 202403200538