Lucene search

HistoryMar 19, 2024 - 12:00 a.m.

RHEL 8 : kernel (RHSA-2024:1404)

2024-03-1900:00:00

www.tenable.com

redhat enterprise linux

kernel

vulnerabilities

cve-2024-1404

out-of-bounds write

denial of service

privilege escalation

use after free

double free

memory leak

data race

4.6 Medium

CVSS2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:L/AC:L/Au:N/C:P/I:P/A:P

7.8 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

8.7 High

AI Score

Confidence

High

0.005 Low

EPSS

Percentile

76.5%

JSON

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2024:1404 advisory.

The kernel packages contain the Linux kernel, the core of any Linux operating system.

Security Fix(es):

* kernel: out-of-bounds write in hw_atl_utils_fw_rpc_wait() in     drivers/net/ethernet/aquantia/atlantic/hw_atl/hw_atl_utils.c (CVE-2021-43975)

* kernel: double free in usb_8dev_start_xmit in drivers/net/can/usb/usb_8dev.c (CVE-2022-28388)

* kernel: null-ptr-deref vulnerabilities in sl_tx_timeout in drivers/net/slip (CVE-2022-41858)

* kernel: Rate limit overflow messages in r8152 in intr_callback (CVE-2022-3594)

* kernel: tun: avoid double free in tun_free_netdev (CVE-2022-4744)

* kernel: nfp: use-after-free in area_cache_get() (CVE-2022-3545)

* kernel: denial of service in tipc_conn_close (CVE-2023-1382)

* kernel: lib/seq_buf.c has a seq_buf_putmem_hex buffer overflow (CVE-2023-28772)

* kernel: NULL pointer dereference in can_rcv_filter (CVE-2023-2166)

* kernel: Slab-out-of-bound read in compare_netdev_and_ip (CVE-2023-2176)

* kernel: use-after-free in l2cap_sock_release in net/bluetooth/l2cap_sock.c (CVE-2023-40283)

* kernel: use-after-free in sch_qfq network scheduler (CVE-2023-4921)

* kernel: Out-Of-Bounds Read vulnerability in smbCalcSize (CVE-2023-6606)

* kernel: ktls overwrites readonly memory pages when using function splice with a ktls socket as     destination (CVE-2024-0646)

* kernel: inactive elements in nft_pipapo_walk (CVE-2023-6817)

* kernel: refcount leak in ctnetlink_create_conntrack() (CVE-2023-7192)

Bug Fix(es):

* The kernel is still getting hung up even after converting kernfs_mutex to kernfs_rwsem with massive     concurrent kernfs access (open & lookup) performed by kubelet/node_exporter threads. (JIRA:RHEL-17149)

* kernel: Rate limit overflow messages in r8152 in intr_callback (JIRA:RHEL-18810)

* kernel: tun: avoid double free in tun_free_netdev (JIRA:RHEL-18813)

* kernel: lib/seq_buf.c has a seq_buf_putmem_hex buffer overflow (JIRA:RHEL-18850)

* kernel: NULL pointer dereference in can_rcv_filter (JIRA:RHEL-19461)

* ipoib mcast lockup fix (JIRA:RHEL-19698)

* kernel: denial of service in tipc_conn_close (JIRA:RHEL-18824)

* Rhel-8.6 crash at  qed_get_current_link+0x11 during tx_timeout recovery  (JIRA:RHEL-20923)

* kernel: use-after-free in sch_qfq network scheduler (JIRA:RHEL-14402)

* RHEL8.6 - s390/qeth: NET2016 - fix use-after-free in HSCI (JIRA:RHEL-15849)

* RHEL8.6 - s390/qeth: recovery and set offline lose routes and IPv6 addr (JIRA:RHEL-17883)

* kernel: null-ptr-deref vulnerabilities in sl_tx_timeout in drivers/net/slip (JIRA:RHEL-18582)

* kernel: out-of-bounds write in hw_atl_utils_fw_rpc_wait() in     drivers/net/ethernet/aquantia/atlantic/hw_atl/hw_atl_utils.c (JIRA:RHEL-18799)

* kernel: double free in usb_8dev_start_xmit in drivers/net/can/usb/usb_8dev.c (JIRA:RHEL-18814)

* kernel: use-after-free in l2cap_sock_release in net/bluetooth/l2cap_sock.c (JIRA:RHEL-18998)

* dm multipath device suspend deadlocks waiting on a flush request (JIRA:RHEL-19110)

* kernel: Slab-out-of-bound read in compare_netdev_and_ip (JIRA:RHEL-19327)

* kernel: A flaw leading to a use-after-free in area_cache_get() (JIRA:RHEL-19451)

* [RHEL8] I/O blocked during fio background with IO schedule switch, cpu offline/online, pci nvme     rescan/reset (JIRA:RHEL-20231)

* kernel: refcount leak in ctnetlink_create_conntrack() (JIRA:RHEL-20298)

* kernel: inactive elements in nft_pipapo_walk (JIRA:RHEL-20697)

* kernel: Out-Of-Bounds Read vulnerability in smbCalcSize (JIRA:RHEL-21661)

* kernel NULL pointer at RIP: 0010:kyber_has_work+0x1c/0x60 (JIRA:RHEL-21784)

* kernel: ktls overwrites readonly memory pages when using function splice with a ktls socket as     destination (JIRA:RHEL-22090)

* backport timerlat user-space support (JIRA:RHEL-20361)

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application’s self-reported version number.

#%NASL_MIN_LEVEL 80900
##
# (C) Tenable, Inc.
#
# The descriptive text and package checks in this plugin were
# extracted from Red Hat Security Advisory RHSA-2024:1404. The text
# itself is copyright (C) Red Hat, Inc.
##

include('compat.inc');

if (description)
{
  script_id(192277);
  script_version("1.4");
  script_set_attribute(attribute:"plugin_modification_date", value:"2024/06/03");

  script_cve_id(
    "CVE-2021-43975",
    "CVE-2022-3545",
    "CVE-2022-3594",
    "CVE-2022-4744",
    "CVE-2022-28388",
    "CVE-2022-36402",
    "CVE-2022-38096",
    "CVE-2022-38457",
    "CVE-2022-40133",
    "CVE-2022-41858",
    "CVE-2022-45869",
    "CVE-2022-45887",
    "CVE-2023-1382",
    "CVE-2023-2166",
    "CVE-2023-2176",
    "CVE-2023-4921",
    "CVE-2023-5633",
    "CVE-2023-6606",
    "CVE-2023-6610",
    "CVE-2023-6817",
    "CVE-2023-6931",
    "CVE-2023-6932",
    "CVE-2023-7192",
    "CVE-2023-28772",
    "CVE-2023-30456",
    "CVE-2023-31084",
    "CVE-2023-33951",
    "CVE-2023-33952",
    "CVE-2023-40283",
    "CVE-2023-45862",
    "CVE-2023-51042",
    "CVE-2023-51043",
    "CVE-2024-0565",
    "CVE-2024-0646",
    "CVE-2024-1086"
  );
  script_xref(name:"RHSA", value:"2024:1404");
  script_xref(name:"CISA-KNOWN-EXPLOITED", value:"2024/06/20");

  script_name(english:"RHEL 8 : kernel (RHSA-2024:1404)");

  script_set_attribute(attribute:"synopsis", value:
"The remote Red Hat host is missing one or more security updates for kernel.");
  script_set_attribute(attribute:"description", value:
"The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as
referenced in the RHSA-2024:1404 advisory.

    The kernel packages contain the Linux kernel, the core of any Linux operating system.

    Security Fix(es):

    * kernel: out-of-bounds write in hw_atl_utils_fw_rpc_wait() in
    drivers/net/ethernet/aquantia/atlantic/hw_atl/hw_atl_utils.c (CVE-2021-43975)

    * kernel: double free in usb_8dev_start_xmit in drivers/net/can/usb/usb_8dev.c (CVE-2022-28388)

    * kernel: null-ptr-deref vulnerabilities in sl_tx_timeout in drivers/net/slip (CVE-2022-41858)

    * kernel: Rate limit overflow messages in r8152 in intr_callback (CVE-2022-3594)

    * kernel: tun: avoid double free in tun_free_netdev (CVE-2022-4744)

    * kernel: nfp: use-after-free in area_cache_get() (CVE-2022-3545)

    * kernel: denial of service in tipc_conn_close (CVE-2023-1382)

    * kernel: lib/seq_buf.c has a seq_buf_putmem_hex buffer overflow (CVE-2023-28772)

    * kernel: NULL pointer dereference in can_rcv_filter (CVE-2023-2166)

    * kernel: Slab-out-of-bound read in compare_netdev_and_ip (CVE-2023-2176)

    * kernel: use-after-free in l2cap_sock_release in net/bluetooth/l2cap_sock.c (CVE-2023-40283)

    * kernel: use-after-free in sch_qfq network scheduler (CVE-2023-4921)

    * kernel: Out-Of-Bounds Read vulnerability in smbCalcSize (CVE-2023-6606)

    * kernel: ktls overwrites readonly memory pages when using function splice with a ktls socket as
    destination (CVE-2024-0646)

    * kernel: inactive elements in nft_pipapo_walk (CVE-2023-6817)

    * kernel: refcount leak in ctnetlink_create_conntrack() (CVE-2023-7192)

    Bug Fix(es):

    * The kernel is still getting hung up even after converting kernfs_mutex to kernfs_rwsem with massive
    concurrent kernfs access (open & lookup) performed by kubelet/node_exporter threads. (JIRA:RHEL-17149)

    * kernel: Rate limit overflow messages in r8152 in intr_callback (JIRA:RHEL-18810)

    * kernel: tun: avoid double free in tun_free_netdev (JIRA:RHEL-18813)

    * kernel: lib/seq_buf.c has a seq_buf_putmem_hex buffer overflow (JIRA:RHEL-18850)

    * kernel: NULL pointer dereference in can_rcv_filter (JIRA:RHEL-19461)

    * ipoib mcast lockup fix (JIRA:RHEL-19698)

    * kernel: denial of service in tipc_conn_close (JIRA:RHEL-18824)

    * Rhel-8.6 crash at  qed_get_current_link+0x11 during tx_timeout recovery  (JIRA:RHEL-20923)

    * kernel: use-after-free in sch_qfq network scheduler (JIRA:RHEL-14402)

    * RHEL8.6 - s390/qeth: NET2016 - fix use-after-free in HSCI (JIRA:RHEL-15849)

    * RHEL8.6 - s390/qeth: recovery and set offline lose routes and IPv6 addr (JIRA:RHEL-17883)

    * kernel: null-ptr-deref vulnerabilities in sl_tx_timeout in drivers/net/slip (JIRA:RHEL-18582)

    * kernel: out-of-bounds write in hw_atl_utils_fw_rpc_wait() in
    drivers/net/ethernet/aquantia/atlantic/hw_atl/hw_atl_utils.c (JIRA:RHEL-18799)

    * kernel: double free in usb_8dev_start_xmit in drivers/net/can/usb/usb_8dev.c (JIRA:RHEL-18814)

    * kernel: use-after-free in l2cap_sock_release in net/bluetooth/l2cap_sock.c (JIRA:RHEL-18998)

    * dm multipath device suspend deadlocks waiting on a flush request (JIRA:RHEL-19110)

    * kernel: Slab-out-of-bound read in compare_netdev_and_ip (JIRA:RHEL-19327)

    * kernel: A flaw leading to a use-after-free in area_cache_get() (JIRA:RHEL-19451)

    * [RHEL8] I/O blocked during fio background with IO schedule switch, cpu offline/online, pci nvme
    rescan/reset (JIRA:RHEL-20231)

    * kernel: refcount leak in ctnetlink_create_conntrack() (JIRA:RHEL-20298)

    * kernel: inactive elements in nft_pipapo_walk (JIRA:RHEL-20697)

    * kernel: Out-Of-Bounds Read vulnerability in smbCalcSize (JIRA:RHEL-21661)

    * kernel NULL pointer at RIP: 0010:kyber_has_work+0x1c/0x60 (JIRA:RHEL-21784)

    * kernel: ktls overwrites readonly memory pages when using function splice with a ktls socket as
    destination (JIRA:RHEL-22090)

    * backport timerlat user-space support (JIRA:RHEL-20361)

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version
number.");
  # https://access.redhat.com/security/data/csaf/v2/advisories/2024/rhsa-2024_1404.json
  script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?7b89ac3c");
  script_set_attribute(attribute:"see_also", value:"https://access.redhat.com/security/updates/classification/#important");
  script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=2024989");
  script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=2073091");
  script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=2133451");
  script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=2133452");
  script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=2133453");
  script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=2133455");
  script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=2144379");
  script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=2148520");
  script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=2149024");
  script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=2151317");
  script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=2156322");
  script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=2161310");
  script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=2177371");
  script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=2181330");
  script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=2187813");
  script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=2187931");
  script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=2188468");
  script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=2213139");
  script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=2218195");
  script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=2218212");
  script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=2231800");
  script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=2244715");
  script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=2245514");
  script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=2245663");
  script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=2252731");
  script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=2253611");
  script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=2253614");
  script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=2253908");
  script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=2255139");
  script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=2255283");
  script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=2256279");
  script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=2258518");
  script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=2259866");
  script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=2260005");
  script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=2262126");
  script_set_attribute(attribute:"see_also", value:"https://access.redhat.com/errata/RHSA-2024:1404");
  script_set_attribute(attribute:"solution", value:
"Update the RHEL kernel package based on the guidance in RHSA-2024:1404.");
  script_set_cvss_base_vector("CVSS2#AV:L/AC:L/Au:N/C:P/I:P/A:P");
  script_set_cvss_temporal_vector("CVSS2#E:H/RL:OF/RC:C");
  script_set_cvss3_base_vector("CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H");
  script_set_cvss3_temporal_vector("CVSS:3.0/E:H/RL:O/RC:C");
  script_set_attribute(attribute:"cvss_score_source", value:"CVE-2021-43975");
  script_set_attribute(attribute:"cvss3_score_source", value:"CVE-2024-1086");

  script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"true");
  script_set_attribute(attribute:"exploited_by_malware", value:"true");
  script_cwe_id(119, 125, 190, 191, 200, 358, 362, 401, 415, 416, 476, 779, 787, 824);
  script_set_attribute(attribute:"vendor_severity", value:"Important");

  script_set_attribute(attribute:"vuln_publication_date", value:"2021/11/09");
  script_set_attribute(attribute:"patch_publication_date", value:"2024/03/19");
  script_set_attribute(attribute:"plugin_publication_date", value:"2024/03/19");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:rhel_eus:8.8");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:bpftool");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:kernel");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:kernel-core");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:kernel-cross-headers");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:kernel-debug");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:kernel-debug-core");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:kernel-debug-devel");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:kernel-debug-modules");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:kernel-debug-modules-extra");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:kernel-devel");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:kernel-modules");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:kernel-modules-extra");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:kernel-tools");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:kernel-tools-libs");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:kernel-tools-libs-devel");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:kernel-zfcpdump");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:kernel-zfcpdump-core");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:kernel-zfcpdump-devel");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:kernel-zfcpdump-modules");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:kernel-zfcpdump-modules-extra");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:perf");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:python3-perf");
  script_set_attribute(attribute:"generated_plugin", value:"current");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"Red Hat Local Security Checks");

  script_copyright(english:"This script is Copyright (C) 2024 and is owned by Tenable, Inc. or an Affiliate thereof.");

  script_dependencies("ssh_get_info.nasl", "redhat_repos.nasl", "linux_alt_patch_detect.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list", "Host/cpu");

  exit(0);
}


include('rpm.inc');
include('rhel.inc');
include('ksplice.inc');

if (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
var os_release = get_kb_item('Host/RedHat/release');
if (isnull(os_release) || 'Red Hat' >!< os_release) audit(AUDIT_OS_NOT, 'Red Hat');
var os_ver = pregmatch(pattern: "Red Hat Enterprise Linux.*release ([0-9]+(\.[0-9]+)?)", string:os_release);
if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'Red Hat');
os_ver = os_ver[1];
if (!rhel_check_release(operator: 'eq', os_version: os_ver, rhel_version: '8.8')) audit(AUDIT_OS_NOT, 'Red Hat 8.8', 'Red Hat ' + os_ver);

if (!get_kb_item('Host/RedHat/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);

var cpu = get_kb_item('Host/cpu');
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if ('x86_64' >!< cpu && cpu !~ "^i[3-6]86$" && 's390' >!< cpu && 'aarch64' >!< cpu && 'ppc' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Red Hat', cpu);

if (get_one_kb_item('Host/ksplice/kernel-cves'))
{
  rm_kb_item(name:'Host/uptrack-uname-r');
  var cve_list = make_list('CVE-2021-43975', 'CVE-2022-3545', 'CVE-2022-3594', 'CVE-2022-4744', 'CVE-2022-28388', 'CVE-2022-36402', 'CVE-2022-38096', 'CVE-2022-38457', 'CVE-2022-40133', 'CVE-2022-41858', 'CVE-2022-45869', 'CVE-2022-45887', 'CVE-2023-1382', 'CVE-2023-2166', 'CVE-2023-2176', 'CVE-2023-4921', 'CVE-2023-5633', 'CVE-2023-6606', 'CVE-2023-6610', 'CVE-2023-6817', 'CVE-2023-6931', 'CVE-2023-6932', 'CVE-2023-7192', 'CVE-2023-28772', 'CVE-2023-30456', 'CVE-2023-31084', 'CVE-2023-33951', 'CVE-2023-33952', 'CVE-2023-40283', 'CVE-2023-45862', 'CVE-2023-51042', 'CVE-2023-51043', 'CVE-2024-0565', 'CVE-2024-0646', 'CVE-2024-1086');
  if (ksplice_cves_check(cve_list))
  {
    audit(AUDIT_PATCH_INSTALLED, 'KSplice hotfix for RHSA-2024:1404');
  }
  else
  {
    __rpm_report = ksplice_reporting_text();
  }
}

var constraints = [
  {
    'repo_relative_urls': [
      'content/e4s/rhel8/8.8/ppc64le/baseos/debug',
      'content/e4s/rhel8/8.8/ppc64le/baseos/os',
      'content/e4s/rhel8/8.8/ppc64le/baseos/source/SRPMS',
      'content/e4s/rhel8/8.8/x86_64/baseos/debug',
      'content/e4s/rhel8/8.8/x86_64/baseos/os',
      'content/e4s/rhel8/8.8/x86_64/baseos/source/SRPMS',
      'content/eus/rhel8/8.8/aarch64/baseos/debug',
      'content/eus/rhel8/8.8/aarch64/baseos/os',
      'content/eus/rhel8/8.8/aarch64/baseos/source/SRPMS',
      'content/eus/rhel8/8.8/aarch64/codeready-builder/debug',
      'content/eus/rhel8/8.8/aarch64/codeready-builder/os',
      'content/eus/rhel8/8.8/aarch64/codeready-builder/source/SRPMS',
      'content/eus/rhel8/8.8/ppc64le/baseos/debug',
      'content/eus/rhel8/8.8/ppc64le/baseos/os',
      'content/eus/rhel8/8.8/ppc64le/baseos/source/SRPMS',
      'content/eus/rhel8/8.8/ppc64le/codeready-builder/debug',
      'content/eus/rhel8/8.8/ppc64le/codeready-builder/os',
      'content/eus/rhel8/8.8/ppc64le/codeready-builder/source/SRPMS',
      'content/eus/rhel8/8.8/s390x/baseos/debug',
      'content/eus/rhel8/8.8/s390x/baseos/os',
      'content/eus/rhel8/8.8/s390x/baseos/source/SRPMS',
      'content/eus/rhel8/8.8/s390x/codeready-builder/debug',
      'content/eus/rhel8/8.8/s390x/codeready-builder/os',
      'content/eus/rhel8/8.8/s390x/codeready-builder/source/SRPMS',
      'content/eus/rhel8/8.8/x86_64/baseos/debug',
      'content/eus/rhel8/8.8/x86_64/baseos/os',
      'content/eus/rhel8/8.8/x86_64/baseos/source/SRPMS',
      'content/eus/rhel8/8.8/x86_64/codeready-builder/debug',
      'content/eus/rhel8/8.8/x86_64/codeready-builder/os',
      'content/eus/rhel8/8.8/x86_64/codeready-builder/source/SRPMS',
      'content/tus/rhel8/8.8/x86_64/baseos/debug',
      'content/tus/rhel8/8.8/x86_64/baseos/os',
      'content/tus/rhel8/8.8/x86_64/baseos/source/SRPMS'
    ],
    'pkgs': [
      {'reference':'bpftool-4.18.0-477.51.1.el8_8', 'sp':'8', 'release':'8', 'rpm_spec_vers_cmp':TRUE},
      {'reference':'kernel-4.18.0-477.51.1.el8_8', 'sp':'8', 'release':'8', 'rpm_spec_vers_cmp':TRUE},
      {'reference':'kernel-core-4.18.0-477.51.1.el8_8', 'sp':'8', 'release':'8', 'rpm_spec_vers_cmp':TRUE},
      {'reference':'kernel-cross-headers-4.18.0-477.51.1.el8_8', 'sp':'8', 'release':'8', 'rpm_spec_vers_cmp':TRUE},
      {'reference':'kernel-debug-4.18.0-477.51.1.el8_8', 'sp':'8', 'release':'8', 'rpm_spec_vers_cmp':TRUE},
      {'reference':'kernel-debug-core-4.18.0-477.51.1.el8_8', 'sp':'8', 'release':'8', 'rpm_spec_vers_cmp':TRUE},
      {'reference':'kernel-debug-devel-4.18.0-477.51.1.el8_8', 'sp':'8', 'release':'8', 'rpm_spec_vers_cmp':TRUE},
      {'reference':'kernel-debug-modules-4.18.0-477.51.1.el8_8', 'sp':'8', 'release':'8', 'rpm_spec_vers_cmp':TRUE},
      {'reference':'kernel-debug-modules-extra-4.18.0-477.51.1.el8_8', 'sp':'8', 'release':'8', 'rpm_spec_vers_cmp':TRUE},
      {'reference':'kernel-devel-4.18.0-477.51.1.el8_8', 'sp':'8', 'release':'8', 'rpm_spec_vers_cmp':TRUE},
      {'reference':'kernel-modules-4.18.0-477.51.1.el8_8', 'sp':'8', 'release':'8', 'rpm_spec_vers_cmp':TRUE},
      {'reference':'kernel-modules-extra-4.18.0-477.51.1.el8_8', 'sp':'8', 'release':'8', 'rpm_spec_vers_cmp':TRUE},
      {'reference':'kernel-tools-4.18.0-477.51.1.el8_8', 'sp':'8', 'release':'8', 'rpm_spec_vers_cmp':TRUE},
      {'reference':'kernel-tools-libs-4.18.0-477.51.1.el8_8', 'sp':'8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},
      {'reference':'kernel-tools-libs-4.18.0-477.51.1.el8_8', 'sp':'8', 'cpu':'ppc64le', 'release':'8', 'rpm_spec_vers_cmp':TRUE},
      {'reference':'kernel-tools-libs-4.18.0-477.51.1.el8_8', 'sp':'8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},
      {'reference':'kernel-tools-libs-devel-4.18.0-477.51.1.el8_8', 'sp':'8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},
      {'reference':'kernel-tools-libs-devel-4.18.0-477.51.1.el8_8', 'sp':'8', 'cpu':'ppc64le', 'release':'8', 'rpm_spec_vers_cmp':TRUE},
      {'reference':'kernel-tools-libs-devel-4.18.0-477.51.1.el8_8', 'sp':'8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},
      {'reference':'kernel-zfcpdump-4.18.0-477.51.1.el8_8', 'sp':'8', 'cpu':'s390x', 'release':'8', 'rpm_spec_vers_cmp':TRUE},
      {'reference':'kernel-zfcpdump-core-4.18.0-477.51.1.el8_8', 'sp':'8', 'cpu':'s390x', 'release':'8', 'rpm_spec_vers_cmp':TRUE},
      {'reference':'kernel-zfcpdump-devel-4.18.0-477.51.1.el8_8', 'sp':'8', 'cpu':'s390x', 'release':'8', 'rpm_spec_vers_cmp':TRUE},
      {'reference':'kernel-zfcpdump-modules-4.18.0-477.51.1.el8_8', 'sp':'8', 'cpu':'s390x', 'release':'8', 'rpm_spec_vers_cmp':TRUE},
      {'reference':'kernel-zfcpdump-modules-extra-4.18.0-477.51.1.el8_8', 'sp':'8', 'cpu':'s390x', 'release':'8', 'rpm_spec_vers_cmp':TRUE},
      {'reference':'perf-4.18.0-477.51.1.el8_8', 'sp':'8', 'release':'8', 'rpm_spec_vers_cmp':TRUE},
      {'reference':'python3-perf-4.18.0-477.51.1.el8_8', 'sp':'8', 'release':'8', 'rpm_spec_vers_cmp':TRUE}
    ]
  }
];

var applicable_repo_urls = rhel_determine_applicable_repository_urls(constraints:constraints);
if(applicable_repo_urls == RHEL_REPOS_NO_OVERLAP_MESSAGE) exit(0, RHEL_REPO_NOT_ENABLED);

var flag = 0;
foreach var constraint_array ( constraints ) {
  var repo_relative_urls = NULL;
  if (!empty_or_null(constraint_array['repo_relative_urls'])) repo_relative_urls = constraint_array['repo_relative_urls'];
  foreach var pkg ( constraint_array['pkgs'] ) {
    var reference = NULL;
    var _release = NULL;
    var sp = NULL;
    var _cpu = NULL;
    var el_string = NULL;
    var rpm_spec_vers_cmp = NULL;
    var epoch = NULL;
    var allowmaj = NULL;
    var exists_check = NULL;
    var cves = NULL;
    if (!empty_or_null(pkg['reference'])) reference = pkg['reference'];
    if (!empty_or_null(pkg['release'])) _release = 'RHEL' + pkg['release'];
    if (!empty_or_null(pkg['sp'])) sp = pkg['sp'];
    if (!empty_or_null(pkg['cpu'])) _cpu = pkg['cpu'];
    if (!empty_or_null(pkg['el_string'])) el_string = pkg['el_string'];
    if (!empty_or_null(pkg['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = pkg['rpm_spec_vers_cmp'];
    if (!empty_or_null(pkg['epoch'])) epoch = pkg['epoch'];
    if (!empty_or_null(pkg['allowmaj'])) allowmaj = pkg['allowmaj'];
    if (!empty_or_null(pkg['exists_check'])) exists_check = pkg['exists_check'];
    if (!empty_or_null(pkg['cves'])) cves = pkg['cves'];
    if (reference &&
        _release &&
        rhel_decide_repo_relative_url_check(required_repo_url_list:repo_relative_urls) &&
        (applicable_repo_urls || (!exists_check || rpm_exists(release:_release, rpm:exists_check))) &&
        rpm_check(release:_release, sp:sp, cpu:_cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj, cves:cves)) flag++;
  }
}

if (flag)
{
  var subscription_caveat = '\n' +
    'NOTE: This vulnerability check contains fixes that apply to\n' +
    'packages only available in the Red Hat Enterprise Linux\n' +
    'Extended Update Support repository.\n' +
    'Access to this repository requires a paid RHEL subscription.\n';
  var extra = NULL;
  if (isnull(applicable_repo_urls) || !applicable_repo_urls) extra = subscription_caveat + rpm_report_get() + redhat_report_repo_caveat();
  else extra = subscription_caveat + rpm_report_get();
  security_report_v4(
      port       : 0,
      severity   : SECURITY_WARNING,
      extra      : extra
  );
  exit(0);
}
else
{
  var tested = pkg_tests_get();
  if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
  else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'bpftool / kernel / kernel-core / kernel-cross-headers / etc');
}

VendorProductVersionCPE
redhatenterprise_linuxkernel-zfcpdump-modules-extrap-cpe:/a:redhat:enterprise_linux:kernel-zfcpdump-modules-extra
redhatenterprise_linuxkernel-modules-extrap-cpe:/a:redhat:enterprise_linux:kernel-modules-extra
redhatenterprise_linuxkernel-modulesp-cpe:/a:redhat:enterprise_linux:kernel-modules
redhatenterprise_linuxkernel-zfcpdump-modulesp-cpe:/a:redhat:enterprise_linux:kernel-zfcpdump-modules
redhatenterprise_linuxkernel-zfcpdump-develp-cpe:/a:redhat:enterprise_linux:kernel-zfcpdump-devel
redhatenterprise_linuxkernel-debug-modulesp-cpe:/a:redhat:enterprise_linux:kernel-debug-modules
redhatenterprise_linuxkernel-debugp-cpe:/a:redhat:enterprise_linux:kernel-debug
redhatenterprise_linuxpython3-perfp-cpe:/a:redhat:enterprise_linux:python3-perf
redhatenterprise_linuxkernel-debug-corep-cpe:/a:redhat:enterprise_linux:kernel-debug-core
redhatenterprise_linuxkernel-tools-libs-develp-cpe:/a:redhat:enterprise_linux:kernel-tools-libs-devel

Vendor	Product	Version	CPE
redhat	enterprise_linux	kernel-zfcpdump-modules-extra	p-cpe:/a:redhat:enterprise_linux:kernel-zfcpdump-modules-extra
redhat	enterprise_linux	kernel-modules-extra	p-cpe:/a:redhat:enterprise_linux:kernel-modules-extra
redhat	enterprise_linux	kernel-modules	p-cpe:/a:redhat:enterprise_linux:kernel-modules
redhat	enterprise_linux	kernel-zfcpdump-modules	p-cpe:/a:redhat:enterprise_linux:kernel-zfcpdump-modules
redhat	enterprise_linux	kernel-zfcpdump-devel	p-cpe:/a:redhat:enterprise_linux:kernel-zfcpdump-devel
redhat	enterprise_linux	kernel-debug-modules	p-cpe:/a:redhat:enterprise_linux:kernel-debug-modules
redhat	enterprise_linux	kernel-debug	p-cpe:/a:redhat:enterprise_linux:kernel-debug
redhat	enterprise_linux	python3-perf	p-cpe:/a:redhat:enterprise_linux:python3-perf
redhat	enterprise_linux	kernel-debug-core	p-cpe:/a:redhat:enterprise_linux:kernel-debug-core
redhat	enterprise_linux	kernel-tools-libs-devel	p-cpe:/a:redhat:enterprise_linux:kernel-tools-libs-devel

Rows per page:

1-10 of 231

References

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43975

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-28388

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3545

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3594

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-36402

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-38096

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-38457

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-40133

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41858

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-45869

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-45887

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-4744

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1382

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-2166

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-2176

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-28772

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-30456

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-31084

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-33951

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-33952

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-40283

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-45862

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-4921

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-51042

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-51043

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-5633

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-6606

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-6610

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-6817

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-6931

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-6932

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-7192

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-0565

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-0646

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-1086

www.nessus.org/u?7b89ac3c

access.redhat.com/errata/RHSA-2024:1404

access.redhat.com/security/updates/classification/#important

bugzilla.redhat.com/show_bug.cgi?id=2024989

bugzilla.redhat.com/show_bug.cgi?id=2073091

bugzilla.redhat.com/show_bug.cgi?id=2133451

bugzilla.redhat.com/show_bug.cgi?id=2133452

bugzilla.redhat.com/show_bug.cgi?id=2133453

bugzilla.redhat.com/show_bug.cgi?id=2133455

bugzilla.redhat.com/show_bug.cgi?id=2144379

bugzilla.redhat.com/show_bug.cgi?id=2148520

bugzilla.redhat.com/show_bug.cgi?id=2149024

bugzilla.redhat.com/show_bug.cgi?id=2151317

bugzilla.redhat.com/show_bug.cgi?id=2156322

bugzilla.redhat.com/show_bug.cgi?id=2161310

bugzilla.redhat.com/show_bug.cgi?id=2177371

bugzilla.redhat.com/show_bug.cgi?id=2181330

bugzilla.redhat.com/show_bug.cgi?id=2187813

bugzilla.redhat.com/show_bug.cgi?id=2187931

bugzilla.redhat.com/show_bug.cgi?id=2188468

bugzilla.redhat.com/show_bug.cgi?id=2213139

bugzilla.redhat.com/show_bug.cgi?id=2218195

bugzilla.redhat.com/show_bug.cgi?id=2218212

bugzilla.redhat.com/show_bug.cgi?id=2231800

bugzilla.redhat.com/show_bug.cgi?id=2244715

bugzilla.redhat.com/show_bug.cgi?id=2245514

bugzilla.redhat.com/show_bug.cgi?id=2245663

bugzilla.redhat.com/show_bug.cgi?id=2252731

bugzilla.redhat.com/show_bug.cgi?id=2253611

bugzilla.redhat.com/show_bug.cgi?id=2253614

bugzilla.redhat.com/show_bug.cgi?id=2253908

bugzilla.redhat.com/show_bug.cgi?id=2255139

bugzilla.redhat.com/show_bug.cgi?id=2255283

bugzilla.redhat.com/show_bug.cgi?id=2256279

bugzilla.redhat.com/show_bug.cgi?id=2258518

bugzilla.redhat.com/show_bug.cgi?id=2259866

bugzilla.redhat.com/show_bug.cgi?id=2260005

bugzilla.redhat.com/show_bug.cgi?id=2262126

4.6 Medium

CVSS2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:L/AC:L/Au:N/C:P/I:P/A:P

7.8 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

8.7 High

AI Score

Confidence

High

0.005 Low

EPSS

Percentile

76.5%

JSON

Related for REDHAT-RHSA-2024-1404.NASL