4.6 Medium
CVSS2
Attack Vector
LOCAL
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:L/AC:L/Au:N/C:P/I:P/A:P
7.8 High
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
8.7 High
AI Score
Confidence
High
0.005 Low
EPSS
Percentile
76.5%
The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2024:1404 advisory.
The kernel packages contain the Linux kernel, the core of any Linux operating system.
Security Fix(es):
* kernel: out-of-bounds write in hw_atl_utils_fw_rpc_wait() in drivers/net/ethernet/aquantia/atlantic/hw_atl/hw_atl_utils.c (CVE-2021-43975)
* kernel: double free in usb_8dev_start_xmit in drivers/net/can/usb/usb_8dev.c (CVE-2022-28388)
* kernel: null-ptr-deref vulnerabilities in sl_tx_timeout in drivers/net/slip (CVE-2022-41858)
* kernel: Rate limit overflow messages in r8152 in intr_callback (CVE-2022-3594)
* kernel: tun: avoid double free in tun_free_netdev (CVE-2022-4744)
* kernel: nfp: use-after-free in area_cache_get() (CVE-2022-3545)
* kernel: denial of service in tipc_conn_close (CVE-2023-1382)
* kernel: lib/seq_buf.c has a seq_buf_putmem_hex buffer overflow (CVE-2023-28772)
* kernel: NULL pointer dereference in can_rcv_filter (CVE-2023-2166)
* kernel: Slab-out-of-bound read in compare_netdev_and_ip (CVE-2023-2176)
* kernel: use-after-free in l2cap_sock_release in net/bluetooth/l2cap_sock.c (CVE-2023-40283)
* kernel: use-after-free in sch_qfq network scheduler (CVE-2023-4921)
* kernel: Out-Of-Bounds Read vulnerability in smbCalcSize (CVE-2023-6606)
* kernel: ktls overwrites readonly memory pages when using function splice with a ktls socket as destination (CVE-2024-0646)
* kernel: inactive elements in nft_pipapo_walk (CVE-2023-6817)
* kernel: refcount leak in ctnetlink_create_conntrack() (CVE-2023-7192)
Bug Fix(es):
* The kernel is still getting hung up even after converting kernfs_mutex to kernfs_rwsem with massive concurrent kernfs access (open & lookup) performed by kubelet/node_exporter threads. (JIRA:RHEL-17149)
* kernel: Rate limit overflow messages in r8152 in intr_callback (JIRA:RHEL-18810)
* kernel: tun: avoid double free in tun_free_netdev (JIRA:RHEL-18813)
* kernel: lib/seq_buf.c has a seq_buf_putmem_hex buffer overflow (JIRA:RHEL-18850)
* kernel: NULL pointer dereference in can_rcv_filter (JIRA:RHEL-19461)
* ipoib mcast lockup fix (JIRA:RHEL-19698)
* kernel: denial of service in tipc_conn_close (JIRA:RHEL-18824)
* Rhel-8.6 crash at qed_get_current_link+0x11 during tx_timeout recovery (JIRA:RHEL-20923)
* kernel: use-after-free in sch_qfq network scheduler (JIRA:RHEL-14402)
* RHEL8.6 - s390/qeth: NET2016 - fix use-after-free in HSCI (JIRA:RHEL-15849)
* RHEL8.6 - s390/qeth: recovery and set offline lose routes and IPv6 addr (JIRA:RHEL-17883)
* kernel: null-ptr-deref vulnerabilities in sl_tx_timeout in drivers/net/slip (JIRA:RHEL-18582)
* kernel: out-of-bounds write in hw_atl_utils_fw_rpc_wait() in drivers/net/ethernet/aquantia/atlantic/hw_atl/hw_atl_utils.c (JIRA:RHEL-18799)
* kernel: double free in usb_8dev_start_xmit in drivers/net/can/usb/usb_8dev.c (JIRA:RHEL-18814)
* kernel: use-after-free in l2cap_sock_release in net/bluetooth/l2cap_sock.c (JIRA:RHEL-18998)
* dm multipath device suspend deadlocks waiting on a flush request (JIRA:RHEL-19110)
* kernel: Slab-out-of-bound read in compare_netdev_and_ip (JIRA:RHEL-19327)
* kernel: A flaw leading to a use-after-free in area_cache_get() (JIRA:RHEL-19451)
* [RHEL8] I/O blocked during fio background with IO schedule switch, cpu offline/online, pci nvme rescan/reset (JIRA:RHEL-20231)
* kernel: refcount leak in ctnetlink_create_conntrack() (JIRA:RHEL-20298)
* kernel: inactive elements in nft_pipapo_walk (JIRA:RHEL-20697)
* kernel: Out-Of-Bounds Read vulnerability in smbCalcSize (JIRA:RHEL-21661)
* kernel NULL pointer at RIP: 0010:kyber_has_work+0x1c/0x60 (JIRA:RHEL-21784)
* kernel: ktls overwrites readonly memory pages when using function splice with a ktls socket as destination (JIRA:RHEL-22090)
* backport timerlat user-space support (JIRA:RHEL-20361)
Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.
Note that Nessus has not tested for these issues but has instead relied only on the application’s self-reported version number.
#%NASL_MIN_LEVEL 80900
##
# (C) Tenable, Inc.
#
# The descriptive text and package checks in this plugin were
# extracted from Red Hat Security Advisory RHSA-2024:1404. The text
# itself is copyright (C) Red Hat, Inc.
##
include('compat.inc');
if (description)
{
script_id(192277);
script_version("1.4");
script_set_attribute(attribute:"plugin_modification_date", value:"2024/06/03");
script_cve_id(
"CVE-2021-43975",
"CVE-2022-3545",
"CVE-2022-3594",
"CVE-2022-4744",
"CVE-2022-28388",
"CVE-2022-36402",
"CVE-2022-38096",
"CVE-2022-38457",
"CVE-2022-40133",
"CVE-2022-41858",
"CVE-2022-45869",
"CVE-2022-45887",
"CVE-2023-1382",
"CVE-2023-2166",
"CVE-2023-2176",
"CVE-2023-4921",
"CVE-2023-5633",
"CVE-2023-6606",
"CVE-2023-6610",
"CVE-2023-6817",
"CVE-2023-6931",
"CVE-2023-6932",
"CVE-2023-7192",
"CVE-2023-28772",
"CVE-2023-30456",
"CVE-2023-31084",
"CVE-2023-33951",
"CVE-2023-33952",
"CVE-2023-40283",
"CVE-2023-45862",
"CVE-2023-51042",
"CVE-2023-51043",
"CVE-2024-0565",
"CVE-2024-0646",
"CVE-2024-1086"
);
script_xref(name:"RHSA", value:"2024:1404");
script_xref(name:"CISA-KNOWN-EXPLOITED", value:"2024/06/20");
script_name(english:"RHEL 8 : kernel (RHSA-2024:1404)");
script_set_attribute(attribute:"synopsis", value:
"The remote Red Hat host is missing one or more security updates for kernel.");
script_set_attribute(attribute:"description", value:
"The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as
referenced in the RHSA-2024:1404 advisory.
The kernel packages contain the Linux kernel, the core of any Linux operating system.
Security Fix(es):
* kernel: out-of-bounds write in hw_atl_utils_fw_rpc_wait() in
drivers/net/ethernet/aquantia/atlantic/hw_atl/hw_atl_utils.c (CVE-2021-43975)
* kernel: double free in usb_8dev_start_xmit in drivers/net/can/usb/usb_8dev.c (CVE-2022-28388)
* kernel: null-ptr-deref vulnerabilities in sl_tx_timeout in drivers/net/slip (CVE-2022-41858)
* kernel: Rate limit overflow messages in r8152 in intr_callback (CVE-2022-3594)
* kernel: tun: avoid double free in tun_free_netdev (CVE-2022-4744)
* kernel: nfp: use-after-free in area_cache_get() (CVE-2022-3545)
* kernel: denial of service in tipc_conn_close (CVE-2023-1382)
* kernel: lib/seq_buf.c has a seq_buf_putmem_hex buffer overflow (CVE-2023-28772)
* kernel: NULL pointer dereference in can_rcv_filter (CVE-2023-2166)
* kernel: Slab-out-of-bound read in compare_netdev_and_ip (CVE-2023-2176)
* kernel: use-after-free in l2cap_sock_release in net/bluetooth/l2cap_sock.c (CVE-2023-40283)
* kernel: use-after-free in sch_qfq network scheduler (CVE-2023-4921)
* kernel: Out-Of-Bounds Read vulnerability in smbCalcSize (CVE-2023-6606)
* kernel: ktls overwrites readonly memory pages when using function splice with a ktls socket as
destination (CVE-2024-0646)
* kernel: inactive elements in nft_pipapo_walk (CVE-2023-6817)
* kernel: refcount leak in ctnetlink_create_conntrack() (CVE-2023-7192)
Bug Fix(es):
* The kernel is still getting hung up even after converting kernfs_mutex to kernfs_rwsem with massive
concurrent kernfs access (open & lookup) performed by kubelet/node_exporter threads. (JIRA:RHEL-17149)
* kernel: Rate limit overflow messages in r8152 in intr_callback (JIRA:RHEL-18810)
* kernel: tun: avoid double free in tun_free_netdev (JIRA:RHEL-18813)
* kernel: lib/seq_buf.c has a seq_buf_putmem_hex buffer overflow (JIRA:RHEL-18850)
* kernel: NULL pointer dereference in can_rcv_filter (JIRA:RHEL-19461)
* ipoib mcast lockup fix (JIRA:RHEL-19698)
* kernel: denial of service in tipc_conn_close (JIRA:RHEL-18824)
* Rhel-8.6 crash at qed_get_current_link+0x11 during tx_timeout recovery (JIRA:RHEL-20923)
* kernel: use-after-free in sch_qfq network scheduler (JIRA:RHEL-14402)
* RHEL8.6 - s390/qeth: NET2016 - fix use-after-free in HSCI (JIRA:RHEL-15849)
* RHEL8.6 - s390/qeth: recovery and set offline lose routes and IPv6 addr (JIRA:RHEL-17883)
* kernel: null-ptr-deref vulnerabilities in sl_tx_timeout in drivers/net/slip (JIRA:RHEL-18582)
* kernel: out-of-bounds write in hw_atl_utils_fw_rpc_wait() in
drivers/net/ethernet/aquantia/atlantic/hw_atl/hw_atl_utils.c (JIRA:RHEL-18799)
* kernel: double free in usb_8dev_start_xmit in drivers/net/can/usb/usb_8dev.c (JIRA:RHEL-18814)
* kernel: use-after-free in l2cap_sock_release in net/bluetooth/l2cap_sock.c (JIRA:RHEL-18998)
* dm multipath device suspend deadlocks waiting on a flush request (JIRA:RHEL-19110)
* kernel: Slab-out-of-bound read in compare_netdev_and_ip (JIRA:RHEL-19327)
* kernel: A flaw leading to a use-after-free in area_cache_get() (JIRA:RHEL-19451)
* [RHEL8] I/O blocked during fio background with IO schedule switch, cpu offline/online, pci nvme
rescan/reset (JIRA:RHEL-20231)
* kernel: refcount leak in ctnetlink_create_conntrack() (JIRA:RHEL-20298)
* kernel: inactive elements in nft_pipapo_walk (JIRA:RHEL-20697)
* kernel: Out-Of-Bounds Read vulnerability in smbCalcSize (JIRA:RHEL-21661)
* kernel NULL pointer at RIP: 0010:kyber_has_work+0x1c/0x60 (JIRA:RHEL-21784)
* kernel: ktls overwrites readonly memory pages when using function splice with a ktls socket as
destination (JIRA:RHEL-22090)
* backport timerlat user-space support (JIRA:RHEL-20361)
Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.
Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version
number.");
# https://access.redhat.com/security/data/csaf/v2/advisories/2024/rhsa-2024_1404.json
script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?7b89ac3c");
script_set_attribute(attribute:"see_also", value:"https://access.redhat.com/security/updates/classification/#important");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=2024989");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=2073091");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=2133451");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=2133452");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=2133453");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=2133455");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=2144379");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=2148520");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=2149024");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=2151317");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=2156322");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=2161310");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=2177371");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=2181330");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=2187813");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=2187931");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=2188468");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=2213139");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=2218195");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=2218212");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=2231800");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=2244715");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=2245514");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=2245663");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=2252731");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=2253611");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=2253614");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=2253908");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=2255139");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=2255283");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=2256279");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=2258518");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=2259866");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=2260005");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=2262126");
script_set_attribute(attribute:"see_also", value:"https://access.redhat.com/errata/RHSA-2024:1404");
script_set_attribute(attribute:"solution", value:
"Update the RHEL kernel package based on the guidance in RHSA-2024:1404.");
script_set_cvss_base_vector("CVSS2#AV:L/AC:L/Au:N/C:P/I:P/A:P");
script_set_cvss_temporal_vector("CVSS2#E:H/RL:OF/RC:C");
script_set_cvss3_base_vector("CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H");
script_set_cvss3_temporal_vector("CVSS:3.0/E:H/RL:O/RC:C");
script_set_attribute(attribute:"cvss_score_source", value:"CVE-2021-43975");
script_set_attribute(attribute:"cvss3_score_source", value:"CVE-2024-1086");
script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
script_set_attribute(attribute:"exploit_available", value:"true");
script_set_attribute(attribute:"exploited_by_malware", value:"true");
script_cwe_id(119, 125, 190, 191, 200, 358, 362, 401, 415, 416, 476, 779, 787, 824);
script_set_attribute(attribute:"vendor_severity", value:"Important");
script_set_attribute(attribute:"vuln_publication_date", value:"2021/11/09");
script_set_attribute(attribute:"patch_publication_date", value:"2024/03/19");
script_set_attribute(attribute:"plugin_publication_date", value:"2024/03/19");
script_set_attribute(attribute:"plugin_type", value:"local");
script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:rhel_eus:8.8");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:bpftool");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:kernel");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:kernel-core");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:kernel-cross-headers");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:kernel-debug");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:kernel-debug-core");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:kernel-debug-devel");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:kernel-debug-modules");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:kernel-debug-modules-extra");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:kernel-devel");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:kernel-modules");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:kernel-modules-extra");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:kernel-tools");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:kernel-tools-libs");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:kernel-tools-libs-devel");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:kernel-zfcpdump");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:kernel-zfcpdump-core");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:kernel-zfcpdump-devel");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:kernel-zfcpdump-modules");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:kernel-zfcpdump-modules-extra");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:perf");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:python3-perf");
script_set_attribute(attribute:"generated_plugin", value:"current");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_family(english:"Red Hat Local Security Checks");
script_copyright(english:"This script is Copyright (C) 2024 and is owned by Tenable, Inc. or an Affiliate thereof.");
script_dependencies("ssh_get_info.nasl", "redhat_repos.nasl", "linux_alt_patch_detect.nasl");
script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list", "Host/cpu");
exit(0);
}
include('rpm.inc');
include('rhel.inc');
include('ksplice.inc');
if (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
var os_release = get_kb_item('Host/RedHat/release');
if (isnull(os_release) || 'Red Hat' >!< os_release) audit(AUDIT_OS_NOT, 'Red Hat');
var os_ver = pregmatch(pattern: "Red Hat Enterprise Linux.*release ([0-9]+(\.[0-9]+)?)", string:os_release);
if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'Red Hat');
os_ver = os_ver[1];
if (!rhel_check_release(operator: 'eq', os_version: os_ver, rhel_version: '8.8')) audit(AUDIT_OS_NOT, 'Red Hat 8.8', 'Red Hat ' + os_ver);
if (!get_kb_item('Host/RedHat/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);
var cpu = get_kb_item('Host/cpu');
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if ('x86_64' >!< cpu && cpu !~ "^i[3-6]86$" && 's390' >!< cpu && 'aarch64' >!< cpu && 'ppc' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Red Hat', cpu);
if (get_one_kb_item('Host/ksplice/kernel-cves'))
{
rm_kb_item(name:'Host/uptrack-uname-r');
var cve_list = make_list('CVE-2021-43975', 'CVE-2022-3545', 'CVE-2022-3594', 'CVE-2022-4744', 'CVE-2022-28388', 'CVE-2022-36402', 'CVE-2022-38096', 'CVE-2022-38457', 'CVE-2022-40133', 'CVE-2022-41858', 'CVE-2022-45869', 'CVE-2022-45887', 'CVE-2023-1382', 'CVE-2023-2166', 'CVE-2023-2176', 'CVE-2023-4921', 'CVE-2023-5633', 'CVE-2023-6606', 'CVE-2023-6610', 'CVE-2023-6817', 'CVE-2023-6931', 'CVE-2023-6932', 'CVE-2023-7192', 'CVE-2023-28772', 'CVE-2023-30456', 'CVE-2023-31084', 'CVE-2023-33951', 'CVE-2023-33952', 'CVE-2023-40283', 'CVE-2023-45862', 'CVE-2023-51042', 'CVE-2023-51043', 'CVE-2024-0565', 'CVE-2024-0646', 'CVE-2024-1086');
if (ksplice_cves_check(cve_list))
{
audit(AUDIT_PATCH_INSTALLED, 'KSplice hotfix for RHSA-2024:1404');
}
else
{
__rpm_report = ksplice_reporting_text();
}
}
var constraints = [
{
'repo_relative_urls': [
'content/e4s/rhel8/8.8/ppc64le/baseos/debug',
'content/e4s/rhel8/8.8/ppc64le/baseos/os',
'content/e4s/rhel8/8.8/ppc64le/baseos/source/SRPMS',
'content/e4s/rhel8/8.8/x86_64/baseos/debug',
'content/e4s/rhel8/8.8/x86_64/baseos/os',
'content/e4s/rhel8/8.8/x86_64/baseos/source/SRPMS',
'content/eus/rhel8/8.8/aarch64/baseos/debug',
'content/eus/rhel8/8.8/aarch64/baseos/os',
'content/eus/rhel8/8.8/aarch64/baseos/source/SRPMS',
'content/eus/rhel8/8.8/aarch64/codeready-builder/debug',
'content/eus/rhel8/8.8/aarch64/codeready-builder/os',
'content/eus/rhel8/8.8/aarch64/codeready-builder/source/SRPMS',
'content/eus/rhel8/8.8/ppc64le/baseos/debug',
'content/eus/rhel8/8.8/ppc64le/baseos/os',
'content/eus/rhel8/8.8/ppc64le/baseos/source/SRPMS',
'content/eus/rhel8/8.8/ppc64le/codeready-builder/debug',
'content/eus/rhel8/8.8/ppc64le/codeready-builder/os',
'content/eus/rhel8/8.8/ppc64le/codeready-builder/source/SRPMS',
'content/eus/rhel8/8.8/s390x/baseos/debug',
'content/eus/rhel8/8.8/s390x/baseos/os',
'content/eus/rhel8/8.8/s390x/baseos/source/SRPMS',
'content/eus/rhel8/8.8/s390x/codeready-builder/debug',
'content/eus/rhel8/8.8/s390x/codeready-builder/os',
'content/eus/rhel8/8.8/s390x/codeready-builder/source/SRPMS',
'content/eus/rhel8/8.8/x86_64/baseos/debug',
'content/eus/rhel8/8.8/x86_64/baseos/os',
'content/eus/rhel8/8.8/x86_64/baseos/source/SRPMS',
'content/eus/rhel8/8.8/x86_64/codeready-builder/debug',
'content/eus/rhel8/8.8/x86_64/codeready-builder/os',
'content/eus/rhel8/8.8/x86_64/codeready-builder/source/SRPMS',
'content/tus/rhel8/8.8/x86_64/baseos/debug',
'content/tus/rhel8/8.8/x86_64/baseos/os',
'content/tus/rhel8/8.8/x86_64/baseos/source/SRPMS'
],
'pkgs': [
{'reference':'bpftool-4.18.0-477.51.1.el8_8', 'sp':'8', 'release':'8', 'rpm_spec_vers_cmp':TRUE},
{'reference':'kernel-4.18.0-477.51.1.el8_8', 'sp':'8', 'release':'8', 'rpm_spec_vers_cmp':TRUE},
{'reference':'kernel-core-4.18.0-477.51.1.el8_8', 'sp':'8', 'release':'8', 'rpm_spec_vers_cmp':TRUE},
{'reference':'kernel-cross-headers-4.18.0-477.51.1.el8_8', 'sp':'8', 'release':'8', 'rpm_spec_vers_cmp':TRUE},
{'reference':'kernel-debug-4.18.0-477.51.1.el8_8', 'sp':'8', 'release':'8', 'rpm_spec_vers_cmp':TRUE},
{'reference':'kernel-debug-core-4.18.0-477.51.1.el8_8', 'sp':'8', 'release':'8', 'rpm_spec_vers_cmp':TRUE},
{'reference':'kernel-debug-devel-4.18.0-477.51.1.el8_8', 'sp':'8', 'release':'8', 'rpm_spec_vers_cmp':TRUE},
{'reference':'kernel-debug-modules-4.18.0-477.51.1.el8_8', 'sp':'8', 'release':'8', 'rpm_spec_vers_cmp':TRUE},
{'reference':'kernel-debug-modules-extra-4.18.0-477.51.1.el8_8', 'sp':'8', 'release':'8', 'rpm_spec_vers_cmp':TRUE},
{'reference':'kernel-devel-4.18.0-477.51.1.el8_8', 'sp':'8', 'release':'8', 'rpm_spec_vers_cmp':TRUE},
{'reference':'kernel-modules-4.18.0-477.51.1.el8_8', 'sp':'8', 'release':'8', 'rpm_spec_vers_cmp':TRUE},
{'reference':'kernel-modules-extra-4.18.0-477.51.1.el8_8', 'sp':'8', 'release':'8', 'rpm_spec_vers_cmp':TRUE},
{'reference':'kernel-tools-4.18.0-477.51.1.el8_8', 'sp':'8', 'release':'8', 'rpm_spec_vers_cmp':TRUE},
{'reference':'kernel-tools-libs-4.18.0-477.51.1.el8_8', 'sp':'8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},
{'reference':'kernel-tools-libs-4.18.0-477.51.1.el8_8', 'sp':'8', 'cpu':'ppc64le', 'release':'8', 'rpm_spec_vers_cmp':TRUE},
{'reference':'kernel-tools-libs-4.18.0-477.51.1.el8_8', 'sp':'8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},
{'reference':'kernel-tools-libs-devel-4.18.0-477.51.1.el8_8', 'sp':'8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},
{'reference':'kernel-tools-libs-devel-4.18.0-477.51.1.el8_8', 'sp':'8', 'cpu':'ppc64le', 'release':'8', 'rpm_spec_vers_cmp':TRUE},
{'reference':'kernel-tools-libs-devel-4.18.0-477.51.1.el8_8', 'sp':'8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},
{'reference':'kernel-zfcpdump-4.18.0-477.51.1.el8_8', 'sp':'8', 'cpu':'s390x', 'release':'8', 'rpm_spec_vers_cmp':TRUE},
{'reference':'kernel-zfcpdump-core-4.18.0-477.51.1.el8_8', 'sp':'8', 'cpu':'s390x', 'release':'8', 'rpm_spec_vers_cmp':TRUE},
{'reference':'kernel-zfcpdump-devel-4.18.0-477.51.1.el8_8', 'sp':'8', 'cpu':'s390x', 'release':'8', 'rpm_spec_vers_cmp':TRUE},
{'reference':'kernel-zfcpdump-modules-4.18.0-477.51.1.el8_8', 'sp':'8', 'cpu':'s390x', 'release':'8', 'rpm_spec_vers_cmp':TRUE},
{'reference':'kernel-zfcpdump-modules-extra-4.18.0-477.51.1.el8_8', 'sp':'8', 'cpu':'s390x', 'release':'8', 'rpm_spec_vers_cmp':TRUE},
{'reference':'perf-4.18.0-477.51.1.el8_8', 'sp':'8', 'release':'8', 'rpm_spec_vers_cmp':TRUE},
{'reference':'python3-perf-4.18.0-477.51.1.el8_8', 'sp':'8', 'release':'8', 'rpm_spec_vers_cmp':TRUE}
]
}
];
var applicable_repo_urls = rhel_determine_applicable_repository_urls(constraints:constraints);
if(applicable_repo_urls == RHEL_REPOS_NO_OVERLAP_MESSAGE) exit(0, RHEL_REPO_NOT_ENABLED);
var flag = 0;
foreach var constraint_array ( constraints ) {
var repo_relative_urls = NULL;
if (!empty_or_null(constraint_array['repo_relative_urls'])) repo_relative_urls = constraint_array['repo_relative_urls'];
foreach var pkg ( constraint_array['pkgs'] ) {
var reference = NULL;
var _release = NULL;
var sp = NULL;
var _cpu = NULL;
var el_string = NULL;
var rpm_spec_vers_cmp = NULL;
var epoch = NULL;
var allowmaj = NULL;
var exists_check = NULL;
var cves = NULL;
if (!empty_or_null(pkg['reference'])) reference = pkg['reference'];
if (!empty_or_null(pkg['release'])) _release = 'RHEL' + pkg['release'];
if (!empty_or_null(pkg['sp'])) sp = pkg['sp'];
if (!empty_or_null(pkg['cpu'])) _cpu = pkg['cpu'];
if (!empty_or_null(pkg['el_string'])) el_string = pkg['el_string'];
if (!empty_or_null(pkg['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = pkg['rpm_spec_vers_cmp'];
if (!empty_or_null(pkg['epoch'])) epoch = pkg['epoch'];
if (!empty_or_null(pkg['allowmaj'])) allowmaj = pkg['allowmaj'];
if (!empty_or_null(pkg['exists_check'])) exists_check = pkg['exists_check'];
if (!empty_or_null(pkg['cves'])) cves = pkg['cves'];
if (reference &&
_release &&
rhel_decide_repo_relative_url_check(required_repo_url_list:repo_relative_urls) &&
(applicable_repo_urls || (!exists_check || rpm_exists(release:_release, rpm:exists_check))) &&
rpm_check(release:_release, sp:sp, cpu:_cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj, cves:cves)) flag++;
}
}
if (flag)
{
var subscription_caveat = '\n' +
'NOTE: This vulnerability check contains fixes that apply to\n' +
'packages only available in the Red Hat Enterprise Linux\n' +
'Extended Update Support repository.\n' +
'Access to this repository requires a paid RHEL subscription.\n';
var extra = NULL;
if (isnull(applicable_repo_urls) || !applicable_repo_urls) extra = subscription_caveat + rpm_report_get() + redhat_report_repo_caveat();
else extra = subscription_caveat + rpm_report_get();
security_report_v4(
port : 0,
severity : SECURITY_WARNING,
extra : extra
);
exit(0);
}
else
{
var tested = pkg_tests_get();
if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'bpftool / kernel / kernel-core / kernel-cross-headers / etc');
}
Vendor | Product | Version | CPE |
---|---|---|---|
redhat | enterprise_linux | kernel-zfcpdump-modules-extra | p-cpe:/a:redhat:enterprise_linux:kernel-zfcpdump-modules-extra |
redhat | enterprise_linux | kernel-modules-extra | p-cpe:/a:redhat:enterprise_linux:kernel-modules-extra |
redhat | enterprise_linux | kernel-modules | p-cpe:/a:redhat:enterprise_linux:kernel-modules |
redhat | enterprise_linux | kernel-zfcpdump-modules | p-cpe:/a:redhat:enterprise_linux:kernel-zfcpdump-modules |
redhat | enterprise_linux | kernel-zfcpdump-devel | p-cpe:/a:redhat:enterprise_linux:kernel-zfcpdump-devel |
redhat | enterprise_linux | kernel-debug-modules | p-cpe:/a:redhat:enterprise_linux:kernel-debug-modules |
redhat | enterprise_linux | kernel-debug | p-cpe:/a:redhat:enterprise_linux:kernel-debug |
redhat | enterprise_linux | python3-perf | p-cpe:/a:redhat:enterprise_linux:python3-perf |
redhat | enterprise_linux | kernel-debug-core | p-cpe:/a:redhat:enterprise_linux:kernel-debug-core |
redhat | enterprise_linux | kernel-tools-libs-devel | p-cpe:/a:redhat:enterprise_linux:kernel-tools-libs-devel |
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43975
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-28388
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3545
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3594
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-36402
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-38096
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-38457
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-40133
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41858
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-45869
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-45887
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-4744
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1382
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-2166
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-2176
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-28772
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-30456
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-31084
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-33951
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-33952
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-40283
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-45862
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-4921
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-51042
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-51043
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-5633
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-6606
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-6610
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-6817
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-6931
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-6932
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-7192
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-0565
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-0646
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-1086
www.nessus.org/u?7b89ac3c
access.redhat.com/errata/RHSA-2024:1404
access.redhat.com/security/updates/classification/#important
bugzilla.redhat.com/show_bug.cgi?id=2024989
bugzilla.redhat.com/show_bug.cgi?id=2073091
bugzilla.redhat.com/show_bug.cgi?id=2133451
bugzilla.redhat.com/show_bug.cgi?id=2133452
bugzilla.redhat.com/show_bug.cgi?id=2133453
bugzilla.redhat.com/show_bug.cgi?id=2133455
bugzilla.redhat.com/show_bug.cgi?id=2144379
bugzilla.redhat.com/show_bug.cgi?id=2148520
bugzilla.redhat.com/show_bug.cgi?id=2149024
bugzilla.redhat.com/show_bug.cgi?id=2151317
bugzilla.redhat.com/show_bug.cgi?id=2156322
bugzilla.redhat.com/show_bug.cgi?id=2161310
bugzilla.redhat.com/show_bug.cgi?id=2177371
bugzilla.redhat.com/show_bug.cgi?id=2181330
bugzilla.redhat.com/show_bug.cgi?id=2187813
bugzilla.redhat.com/show_bug.cgi?id=2187931
bugzilla.redhat.com/show_bug.cgi?id=2188468
bugzilla.redhat.com/show_bug.cgi?id=2213139
bugzilla.redhat.com/show_bug.cgi?id=2218195
bugzilla.redhat.com/show_bug.cgi?id=2218212
bugzilla.redhat.com/show_bug.cgi?id=2231800
bugzilla.redhat.com/show_bug.cgi?id=2244715
bugzilla.redhat.com/show_bug.cgi?id=2245514
bugzilla.redhat.com/show_bug.cgi?id=2245663
bugzilla.redhat.com/show_bug.cgi?id=2252731
bugzilla.redhat.com/show_bug.cgi?id=2253611
bugzilla.redhat.com/show_bug.cgi?id=2253614
bugzilla.redhat.com/show_bug.cgi?id=2253908
bugzilla.redhat.com/show_bug.cgi?id=2255139
bugzilla.redhat.com/show_bug.cgi?id=2255283
bugzilla.redhat.com/show_bug.cgi?id=2256279
bugzilla.redhat.com/show_bug.cgi?id=2258518
bugzilla.redhat.com/show_bug.cgi?id=2259866
bugzilla.redhat.com/show_bug.cgi?id=2260005
bugzilla.redhat.com/show_bug.cgi?id=2262126
4.6 Medium
CVSS2
Attack Vector
LOCAL
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:L/AC:L/Au:N/C:P/I:P/A:P
7.8 High
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
8.7 High
AI Score
Confidence
High
0.005 Low
EPSS
Percentile
76.5%