Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nessusThis script is Copyright (C) 2024 and is owned by Tenable, Inc. or an Affiliate thereof.CENTOS8_RHSA-2024-0134.NASL
HistoryJan 10, 2024 - 12:00 a.m.

CentOS 8 : kernel-rt (CESA-2024:0134)

2024-01-1000:00:00
This script is Copyright (C) 2024 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
15
centos 8
kernel-rt
vulnerabilities
privilege escalation
denial of service
integer overflow
side channel
use-after-free
array indexing
local attacker
speculative execution
information disclosure
netfilter subsystem
af_unix component
cve-2022-36402
cve-2023-20569
cve-2023-2162
cve-2023-42753
cve-2023-4622
cve-2023-33951
cve-2023-33952
cve-2023-5633
nessus scanner

8 High

AI Score

Confidence

High

JSON

The remote CentOS Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the CESA-2024:0134 advisory.

  • An integer overflow vulnerability was found in vmwgfx driver in drivers/gpu/vmxgfx/vmxgfx_execbuf.c in GPU component of Linux kernel with device file ‘/dev/dri/renderD128 (or Dxxx)’. This flaw allows a local attacker with a user account on the system to gain privilege, causing a denial of service(DoS).
    (CVE-2022-36402)

  • A side channel vulnerability on some of the AMD CPUs may allow an attacker to influence the return address prediction. This may result in speculative execution at an attacker-controlled address, potentially leading to information disclosure. (CVE-2023-20569)

  • A use-after-free vulnerability was found in iscsi_sw_tcp_session_create in drivers/scsi/iscsi_tcp.c in SCSI sub-component in the Linux Kernel. In this flaw an attacker could leak kernel internal information.
    (CVE-2023-2162)

  • An array indexing vulnerability was found in the netfilter subsystem of the Linux kernel. A missing macro could lead to a miscalculation of the h->nets array offset, providing attackers with the primitive to arbitrarily increment/decrement a memory buffer out-of-bound. This issue may allow a local user to crash the system or potentially escalate their privileges on the system. (CVE-2023-42753)

  • A use-after-free vulnerability in the Linux kernel’s af_unix component can be exploited to achieve local privilege escalation. The unix_stream_sendpage() function tries to add data to the last skb in the peer’s recv queue without locking the queue. Thus there is a race where unix_stream_sendpage() could access an skb locklessly that is being released by garbage collection, resulting in use-after-free. We recommend upgrading past commit 790c2f9d15b594350ae9bca7b236f2b1859de02c. (CVE-2023-4622)

  • The reference count changes made as part of the CVE-2023-33951 and CVE-2023-33952 fixes exposed a use- after-free flaw in the way memory objects were handled when they were being used to store a surface. When running inside a VMware guest with 3D acceleration enabled, a local, unprivileged user could potentially use this flaw to escalate their privileges. (CVE-2023-5633)

Note that Nessus has not tested for these issues but has instead relied only on the application’s self-reported version number.

#%NASL_MIN_LEVEL 80900
##
# (C) Tenable, Inc.
#
# The package checks in this plugin were extracted from
# Red Hat Security Advisory RHSA-2024:0134. The text
# itself is copyright (C) Red Hat, Inc.
##

include('compat.inc');

if (description)
{
  script_id(187869);
  script_version("1.1");
  script_set_attribute(attribute:"plugin_modification_date", value:"2024/01/15");

  script_cve_id(
    "CVE-2022-36402",
    "CVE-2023-2162",
    "CVE-2023-4622",
    "CVE-2023-5633",
    "CVE-2023-20569",
    "CVE-2023-42753"
  );
  script_xref(name:"RHSA", value:"2024:0134");

  script_name(english:"CentOS 8 : kernel-rt (CESA-2024:0134)");

  script_set_attribute(attribute:"synopsis", value:
"The remote CentOS host is missing one or more security updates.");
  script_set_attribute(attribute:"description", value:
"The remote CentOS Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the
CESA-2024:0134 advisory.

  - An integer overflow vulnerability was found in vmwgfx driver in drivers/gpu/vmxgfx/vmxgfx_execbuf.c in GPU
    component of Linux kernel with device file '/dev/dri/renderD128 (or Dxxx)'. This flaw allows a local
    attacker with a user account on the system to gain privilege, causing a denial of service(DoS).
    (CVE-2022-36402)

  - A side channel vulnerability on some of the AMD CPUs may allow an attacker to influence the return address
    prediction. This may result in speculative execution at an attacker-controlled address, potentially
    leading to information disclosure. (CVE-2023-20569)

  - A use-after-free vulnerability was found in iscsi_sw_tcp_session_create in drivers/scsi/iscsi_tcp.c in
    SCSI sub-component in the Linux Kernel. In this flaw an attacker could leak kernel internal information.
    (CVE-2023-2162)

  - An array indexing vulnerability was found in the netfilter subsystem of the Linux kernel. A missing macro
    could lead to a miscalculation of the `h->nets` array offset, providing attackers with the primitive to
    arbitrarily increment/decrement a memory buffer out-of-bound. This issue may allow a local user to crash
    the system or potentially escalate their privileges on the system. (CVE-2023-42753)

  - A use-after-free vulnerability in the Linux kernel's af_unix component can be exploited to achieve local
    privilege escalation. The unix_stream_sendpage() function tries to add data to the last skb in the peer's
    recv queue without locking the queue. Thus there is a race where unix_stream_sendpage() could access an
    skb locklessly that is being released by garbage collection, resulting in use-after-free. We recommend
    upgrading past commit 790c2f9d15b594350ae9bca7b236f2b1859de02c. (CVE-2023-4622)

  - The reference count changes made as part of the CVE-2023-33951 and CVE-2023-33952 fixes exposed a use-
    after-free flaw in the way memory objects were handled when they were being used to store a surface. When
    running inside a VMware guest with 3D acceleration enabled, a local, unprivileged user could potentially
    use this flaw to escalate their privileges. (CVE-2023-5633)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version
number.");
  script_set_attribute(attribute:"see_also", value:"https://access.redhat.com/errata/RHSA-2024:0134");
  script_set_attribute(attribute:"solution", value:
"Update the affected packages.");
  script_set_cvss_base_vector("CVSS2#AV:L/AC:L/Au:S/C:C/I:C/A:C");
  script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C");
  script_set_cvss3_base_vector("CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H");
  script_set_cvss3_temporal_vector("CVSS:3.0/E:P/RL:O/RC:C");
  script_set_attribute(attribute:"cvss_score_source", value:"CVE-2023-5633");

  script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"true");

  script_set_attribute(attribute:"vuln_publication_date", value:"2023/03/17");
  script_set_attribute(attribute:"patch_publication_date", value:"2024/01/10");
  script_set_attribute(attribute:"plugin_publication_date", value:"2024/01/10");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:centos:centos:8");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:centos:centos:8-stream");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:kernel-rt");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:kernel-rt-core");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:kernel-rt-debug");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:kernel-rt-debug-core");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:kernel-rt-debug-devel");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:kernel-rt-debug-kvm");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:kernel-rt-debug-modules");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:kernel-rt-debug-modules-extra");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:kernel-rt-devel");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:kernel-rt-kvm");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:kernel-rt-modules");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:kernel-rt-modules-extra");
  script_set_attribute(attribute:"generated_plugin", value:"current");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"CentOS Local Security Checks");

  script_copyright(english:"This script is Copyright (C) 2024 and is owned by Tenable, Inc. or an Affiliate thereof.");

  script_dependencies("ssh_get_info.nasl", "linux_alt_patch_detect.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/CentOS/release", "Host/CentOS/rpm-list", "Host/cpu");

  exit(0);
}


include('rpm.inc');
include('rhel.inc');
include('ksplice.inc');

if (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
var os_release = get_kb_item('Host/CentOS/release');
if (isnull(os_release) || 'CentOS' >!< os_release) audit(AUDIT_OS_NOT, 'CentOS');
var os_ver = pregmatch(pattern: "CentOS(?: Stream)?(?: Linux)? release ([0-9]+)", string:os_release);
if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'CentOS');
os_ver = os_ver[1];
if (!rhel_check_release(operator: 'ge', os_version: os_ver, rhel_version: '8')) audit(AUDIT_OS_NOT, 'CentOS 8.x', 'CentOS ' + os_ver);

if (!get_kb_item('Host/CentOS/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);

var cpu = get_kb_item('Host/cpu');
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if ('x86_64' >!< cpu && cpu !~ "^i[3-6]86$" && 's390' >!< cpu && 'aarch64' >!< cpu && 'ppc' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'CentOS', cpu);

if (get_one_kb_item('Host/ksplice/kernel-cves'))
{
  rm_kb_item(name:'Host/uptrack-uname-r');
  var cve_list = make_list('CVE-2022-36402', 'CVE-2023-2162', 'CVE-2023-4622', 'CVE-2023-5633', 'CVE-2023-20569', 'CVE-2023-42753');
  if (ksplice_cves_check(cve_list))
  {
    audit(AUDIT_PATCH_INSTALLED, 'KSplice hotfix for CESA-2024:0134');
  }
  else
  {
    __rpm_report = ksplice_reporting_text();
  }
}

var pkgs = [
    {'reference':'kernel-rt-4.18.0-513.11.1.rt7.313.el8_9', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},
    {'reference':'kernel-rt-core-4.18.0-513.11.1.rt7.313.el8_9', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},
    {'reference':'kernel-rt-debug-4.18.0-513.11.1.rt7.313.el8_9', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},
    {'reference':'kernel-rt-debug-core-4.18.0-513.11.1.rt7.313.el8_9', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},
    {'reference':'kernel-rt-debug-devel-4.18.0-513.11.1.rt7.313.el8_9', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},
    {'reference':'kernel-rt-debug-kvm-4.18.0-513.11.1.rt7.313.el8_9', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},
    {'reference':'kernel-rt-debug-modules-4.18.0-513.11.1.rt7.313.el8_9', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},
    {'reference':'kernel-rt-debug-modules-extra-4.18.0-513.11.1.rt7.313.el8_9', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},
    {'reference':'kernel-rt-devel-4.18.0-513.11.1.rt7.313.el8_9', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},
    {'reference':'kernel-rt-kvm-4.18.0-513.11.1.rt7.313.el8_9', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},
    {'reference':'kernel-rt-modules-4.18.0-513.11.1.rt7.313.el8_9', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},
    {'reference':'kernel-rt-modules-extra-4.18.0-513.11.1.rt7.313.el8_9', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE}
];

var flag = 0;
foreach var package_array ( pkgs ) {
  var reference = NULL;
  var _release = NULL;
  var sp = NULL;
  var _cpu = NULL;
  var el_string = NULL;
  var rpm_spec_vers_cmp = NULL;
  var epoch = NULL;
  var allowmaj = NULL;
  if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];
  if (!empty_or_null(package_array['release'])) _release = 'CentOS-' + package_array['release'];
  if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];
  if (!empty_or_null(package_array['cpu'])) _cpu = package_array['cpu'];
  if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string'];
  if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];
  if (!empty_or_null(package_array['epoch'])) epoch = package_array['epoch'];
  if (!empty_or_null(package_array['allowmaj'])) allowmaj = package_array['allowmaj'];
  if (reference && _release) {
    if (rpm_check(release:_release, sp:sp, cpu:_cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;
  }
}

if (flag)
{
  security_report_v4(
      port       : 0,
      severity   : SECURITY_WARNING,
      extra      : rpm_report_get()
  );
  exit(0);
}
else
{
  var tested = pkg_tests_get();
  if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
  else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'kernel-rt / kernel-rt-core / kernel-rt-debug / kernel-rt-debug-core / etc');
}
VendorProductVersionCPE
centoscentos8cpe:/o:centos:centos:8
centoscentos8-streamcpe:/o:centos:centos:8-stream
centoscentoskernel-rtp-cpe:/a:centos:centos:kernel-rt
centoscentoskernel-rt-corep-cpe:/a:centos:centos:kernel-rt-core
centoscentoskernel-rt-debugp-cpe:/a:centos:centos:kernel-rt-debug
centoscentoskernel-rt-debug-corep-cpe:/a:centos:centos:kernel-rt-debug-core
centoscentoskernel-rt-debug-develp-cpe:/a:centos:centos:kernel-rt-debug-devel
centoscentoskernel-rt-debug-kvmp-cpe:/a:centos:centos:kernel-rt-debug-kvm
centoscentoskernel-rt-debug-modulesp-cpe:/a:centos:centos:kernel-rt-debug-modules
centoscentoskernel-rt-debug-modules-extrap-cpe:/a:centos:centos:kernel-rt-debug-modules-extra
Rows per page:
1-10 of 141

Related

nessus 66
redhat 18
osv 7
rocky 1
almalinux 2
prion 8
redhatcve 8
debiancve 8
ubuntucve 9
cve 8
cvelist 8
oraclelinux 17
ibm 1
cbl_mariner 9
cnvd 2
zdi 2
openvas 11
ubuntu 2
xen 1
mscve 1
cloudfoundry 1
amd 1
hp 1
veracode 1
centos 1
photon 1
debian 1
fedora 3
nessus
nessus
CentOS 8 : kernel (CESA-2024:0113)
2024-01-10 00:00:00
Rocky Linux 8 : kernel-rt (RLSA-2024:0134)
2024-01-12 00:00:00
RHEL 8 : kernel-rt (RHSA-2024:0134)
2024-01-10 00:00:00
redhat
redhat
(RHSA-2024:0134) Important: kernel-rt security update
2024-01-10 09:31:44
(RHSA-2024:0113) Important: kernel security update
2024-01-10 09:25:45
(RHSA-2024:0089) Important: kpatch-patch security update
2024-01-09 09:00:48
osv
osv
Important: kernel security update
2024-01-10 00:00:00
Important: kernel-rt security update
2024-01-12 19:57:11
linux-oem-6.1 vulnerabilities
2023-10-04 20:59:37
rocky
rocky
kernel-rt security update
2024-01-12 19:57:11
almalinux
almalinux
Important: kernel security update
2024-01-10 00:00:00
Moderate: linux-firmware security, bug fix, and enhancement update
2023-11-14 00:00:00
prion
prion
Double free
2023-10-23 22:15:00
Integer overflow
2022-09-16 17:15:00
Double free
2023-07-24 16:15:00
redhatcve
redhatcve
CVE-2023-5633
2023-10-23 14:01:09
CVE-2023-33951
2023-06-28 12:47:08
CVE-2023-33952
2023-06-28 13:17:14
debiancve
debiancve
CVE-2023-5633
2023-10-23 21:58:59
CVE-2023-33952
2023-07-24 15:19:18
CVE-2022-36402
2022-09-16 17:15:00
ubuntucve
ubuntucve
CVE-2023-5633
2023-10-23 00:00:00
CVE-2023-33952
2023-07-24 00:00:00
CVE-2023-33951
2023-07-24 00:00:00
cve
cve
CVE-2023-5633
2023-10-23 21:58:59
CVE-2023-33951
2023-07-24 15:19:24
CVE-2023-33952
2023-07-24 15:19:18
cvelist
cvelist
CVE-2023-5633 Kernel: vmwgfx: reference count issue leads to use-after-free in surface handling
2023-10-23 21:58:59
CVE-2023-33951 Kernel: vmwgfx: race condition leading to information disclosure vulnerability
2023-07-24 15:19:24
CVE-2023-33952 Kernel: vmwgfx: double free within the handling of vmw_buffer_object objects
2023-07-24 15:19:18
oraclelinux
oraclelinux
kernel security update
2024-01-11 00:00:00
Unbreakable Enterprise kernel security update
2023-10-17 00:00:00
Unbreakable Enterprise kernel security update
2023-09-23 00:00:00
ibm
ibm
Security Bulletin: Vulnerabilities in OpenSSL, Linux Kernel might affect IBM Storage Copy Data Management
2024-03-22 16:04:46
cbl_mariner
cbl_mariner
CVE-2023-33952 affecting package kernel for versions less than 5.15.135.1-2
2023-11-08 02:07:28
CVE-2023-33951 affecting package kernel for versions less than 5.15.135.1-2
2023-11-08 02:07:28
CVE-2023-5633 affecting package kernel for versions less than 5.15.153.1-1
2024-04-09 20:48:36
cnvd
cnvd
Linux kernel input validation error vulnerability (CNVD-2022-69193)
2022-09-20 00:00:00
Linux kernel elevation of privilege vulnerability (CNVD-2023-70080)
2023-09-11 00:00:00
zdi
zdi
Linux Kernel vmwgfx Driver Race Condition Information Disclosure Vulnerability
2023-05-17 00:00:00
Linux Kernel vmwgfx Driver Double Free Local Privilege Escalation Vulnerability
2023-05-17 00:00:00
openvas
openvas
Ubuntu: Security Advisory (USN-6415-1)
2023-10-05 00:00:00
CentOS: Security Advisory for bpftool (CESA-2024:0346)
2024-03-05 00:00:00
openSUSE: Security Advisory for kernel (SUSE-SU-2023:3298-1)
2024-03-04 00:00:00
ubuntu
ubuntu
Linux kernel (OEM) vulnerabilities
2023-10-04 00:00:00
AMD Microcode vulnerability
2023-08-30 00:00:00
xen
xen
x86/AMD: Speculative Return Stack Overflow
2023-08-08 15:53:00
mscve
mscve
AMD: CVE-2023-20569 Return Address Predictor
2023-08-08 07:00:00
cloudfoundry
cloudfoundry
USN-6319-1: AMD Microcode vulnerability | Cloud Foundry
2023-10-05 00:00:00
amd
amd
Return Address Security Bulletin
2023-08-08 00:00:00
hp
hp
AMD Client UEFI Firmware Return Address Security Update
2023-12-07 00:00:00
veracode
veracode
Information Disclosure
2023-08-13 09:11:17
centos
centos
bpftool, kernel, perf, python security update
2024-01-26 18:06:10
photon
photon
Important Photon OS Security Update - PHSA-2023-5.0-0158
2023-11-28 00:00:00
debian
debian
[SECURITY] [DSA 5475-1] linux security update
2023-08-11 07:57:37
fedora
fedora
[SECURITY] Fedora 38 Update: kernel-6.4.9-200.fc38
2023-08-10 00:43:18
[SECURITY] Fedora 38 Update: xen-4.17.2-1.fc38
2023-08-16 01:22:32
[SECURITY] Fedora 37 Update: kernel-6.4.9-100.fc37
2023-08-10 00:43:46

8 High

AI Score

Confidence

High

JSON
Related for CENTOS8_RHSA-2024-0134.NASL
nessus66redhat18osv7rocky1almalinux2prion8redhatcve8debiancve8ubuntucve9cve8cvelist8oraclelinux17ibm1cbl_mariner9cnvd2zdi2openvas11ubuntu2xen1mscve1cloudfoundry1amd1hp1veracode1centos1photon1debian1fedora3