CentOS 8 : kernel (CESA-2021:4356)


The remote CentOS Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the CESA-2021:4356 advisory. - kernel: Intel graphics card information leak. (CVE-2019-14615) - kernel: out-of-bounds reads in pinctrl subsystem. (CVE-2020-0427) - kernel: Improper input validation in some Intel(R) Ethernet E810 Adapter drivers (CVE-2020-24502) - kernel: Insufficient access control in some Intel(R) Ethernet E810 Adapter drivers (CVE-2020-24503) - kernel: Uncontrolled resource consumption in some Intel(R) Ethernet E810 Adapter drivers (CVE-2020-24504) - kernel: Fragmentation cache not cleared on reconnection (CVE-2020-24586) - kernel: Reassembling fragments encrypted under different keys (CVE-2020-24587) - kernel: wifi frame payload being parsed incorrectly as an L2 frame (CVE-2020-24588) - kernel: Forwarding EAPOL from unauthenticated wifi client (CVE-2020-26139) - kernel: accepting plaintext data frames in protected networks (CVE-2020-26140) - kernel: not verifying TKIP MIC of fragmented frames (CVE-2020-26141) - kernel: accepting fragmented plaintext frames in protected networks (CVE-2020-26143) - kernel: accepting unencrypted A-MSDU frames that start with RFC1042 header (CVE-2020-26144) - kernel: accepting plaintext broadcast fragments as full frames (CVE-2020-26145) - kernel: reassembling encrypted fragments with non-consecutive packet numbers (CVE-2020-26146) - kernel: reassembling mixed encrypted/plaintext fragments (CVE-2020-26147) - kernel: powerpc: RTAS calls can be used to compromise kernel integrity (CVE-2020-27777) - kernel: the copy-on-write implementation can grant unintended write access because of a race condition in a THP mapcount check (CVE-2020-29368) - kernel: locking inconsistency in drivers/tty/tty_io.c and drivers/tty/tty_jobctrl.c can lead to a read- after-free (CVE-2020-29660) - kernel: buffer overflow in mwifiex_cmd_802_11_ad_hoc_start function in drivers/net/wireless/marvell/mwifiex/join.c via a long SSID value (CVE-2020-36158) - kernel: memory leak upon a kmalloc failure in kvm_io_bus_unregister_dev function in virt/kvm/kvm_main.c (CVE-2020-36312) - kernel: slab out-of-bounds read in hci_extended_inquiry_result_evt() in net/bluetooth/hci_event.c (CVE-2020-36386) - kernel: Improper access control in BlueZ may allow information disclosure vulnerability. (CVE-2021-0129) - kernel: heap overflow in __cgroup_bpf_run_filter_getsockopt() (CVE-2021-20194) - kernel: setsockopt System Call Untrusted Pointer Dereference Information Disclosure (CVE-2021-20239) - kernel: Race condition in sctp_destroy_sock list_del (CVE-2021-23133) - kernel: fuse: stall on CPU can occur because a retry loop continually finds the same bad inode (CVE-2021-28950) - kernel: System crash in intel_pmu_drain_pebs_nhm in arch/x86/events/intel/ds.c (CVE-2021-28971) - kernel: protection for sequences of pointer arithmetic operations against speculatively out-of-bounds loads can be bypassed to leak content of kernel memory (CVE-2021-29155) - kernel: improper input validation in tipc_nl_retrieve_key function in net/tipc/node.c (CVE-2021-29646) - kernel: lack a full memory barrier upon the assignment of a new table value in net/netfilter/x_tables.c and include/linux/netfilter/x_tables.h may lead to DoS (CVE-2021-29650) - kernel: local escalation of privileges in handling of eBPF programs (CVE-2021-31440) - kernel: protection of stack pointer against speculative pointer arithmetic can be bypassed to leak content of kernel memory (CVE-2021-31829) - kernel: out of bounds array access in drivers/md/dm-ioctl.c (CVE-2021-31916) - kernel: use-after-free in cipso_v4_genopt in net/ipv4/cipso_ipv4.c (CVE-2021-33033) - kernel: out-of-bounds reads and writes due to enforcing incorrect limits for pointer arithmetic operations by BPF verifier (CVE-2021-33200) - kernel: Use-after-free in ndb_queue_rq() in drivers/block/nbd.c (CVE-2021-3348) - kernel: Linux kernel eBPF RINGBUF map oversized allocation (CVE-2021-3489) - kernel: double free in bluetooth subsystem when the HCI device initialization fails (CVE-2021-3564) - kernel: use-after-free in function hci_sock_bound_ioctl() (CVE-2021-3573) - kernel: eBPF 32-bit source register truncation on div/mod (CVE-2021-3600) - kernel: flowtable list del corruption with kernel BUG at lib/list_debug.c:50 (CVE-2021-3635) - kernel: NULL pointer dereference in llsec_key_alloc() in net/mac802154/llsec.c (CVE-2021-3659) - kernel: DoS in rb_per_cpu_empty() (CVE-2021-3679) - kernel: overlayfs: Mounting overlayfs inside an unprivileged user namespace can reveal files (CVE-2021-3732) Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.