The remote CentOS Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the kernel-5.14.0-347.el9 build changelog.
A vulnerability was found in Linux kernel, where a use-after-frees in nouveau’s postclose() handler could happen if removing device (that is not common to remove video card physically without power-off, but same happens if unbind the driver). (CVE-2020-27820)
An issue was discovered in the Linux kernel through 5.16.11. The mixed IPID assignment method with the hash-based IPID assignment policy allows an off-path attacker to inject data into a victim’s TCP session or terminate that session. (CVE-2020-36516)
A flaw in the processing of received ICMP errors (ICMP fragment needed and ICMP redirect) in the Linux kernel functionality was found to allow the ability to quickly scan open UDP ports. This flaw allows an off-path remote user to effectively bypass the source port UDP randomization. The highest threat from this vulnerability is to confidentiality and possibly integrity, because software that relies on UDP source port randomization are indirectly affected as well. (CVE-2021-20322)
A double free bug in packet_set_ring() in net/packet/af_packet.c can be exploited by a local user through crafted syscalls to escalate privileges or deny service. We recommend upgrading kernel past the effected versions or rebuilding past ec6af094ea28f0f2dda1a6a33b14cd57e36a9755 (CVE-2021-22600)
Some AMD CPUs may transiently execute beyond unconditional direct branches, which may potentially result in data leakage. (CVE-2021-26341)
LFENCE/JMP (mitigation V2-2) may not sufficiently mitigate CVE-2017-5715 on some AMD CPUs.
(CVE-2021-26401)
When sending malicous data to kernel by ioctl cmd FBIOPUT_VSCREENINFO,kernel will write memory out of bounds. (CVE-2021-33655)
A flaw was found in the Linux kernel. Measuring usage of the shared memory does not scale with large shared memory segment counts which could lead to resource exhaustion and DoS. (CVE-2021-3669)
A memory leak flaw was found in the Linux kernel in the ccp_run_aes_gcm_cmd() function in drivers/crypto/ccp/ccp-ops.c, which allows attackers to cause a denial of service (memory consumption).
This vulnerability is similar with the older CVE-2019-18808. (CVE-2021-3744)
A memory overflow vulnerability was found in the Linux kernel’s ipc functionality of the memcg subsystem, in the way a user calls the semget function multiple times, creating semaphores. This flaw allows a local user to starve the resources, causing a denial of service. The highest threat from this vulnerability is to system availability. (CVE-2021-3759)
A memory leak flaw was found in the Linux kernel’s ccp_run_aes_gcm_cmd() function that allows an attacker to cause a denial of service. The vulnerability is similar to the older CVE-2019-18808. The highest threat from this vulnerability is to system availability. (CVE-2021-3764)
A flaw was found in the Linux SCTP stack. A blind attacker may be able to kill an existing SCTP association through invalid chunks if the attacker knows the IP-addresses and port numbers being used and the attacker can send packets with spoofed IP addresses. (CVE-2021-3772)
A flaw in netfilter could allow a network-connected attacker to infer openvpn connection endpoint information for further use in traditional network attacks. (CVE-2021-3773)
A race condition was found in the Linux kernel’s ebpf verifier between bpf_map_update_elem and bpf_map_freeze due to a missing lock in kernel/bpf/syscall.c. In this flaw, a local user with a special privilege (cap_sys_admin or cap_bpf) can modify the frozen mapped address space. This flaw affects kernel versions prior to 5.16 rc2. (CVE-2021-4001)
A memory leak flaw in the Linux kernel’s hugetlbfs memory usage was found in the way the user maps some regions of memory twice using shmget() which are aligned to PUD alignment with the fault of some of the memory pages. A local user could use this flaw to get unauthorized access to some data. (CVE-2021-4002)
A flaw in the Linux kernel’s implementation of RDMA communications manager listener code allowed an attacker with local access to setup a socket to listen on a high port allowing for a list element to be used after free. Given the ability to execute code, a local attacker could leverage this use-after-free to crash the system or possibly escalate privileges on the system. (CVE-2021-4028)
A read-after-free memory flaw was found in the Linux kernel’s garbage collection for Unix domain socket file handlers in the way users call close() and fget() simultaneously and can potentially trigger a race condition. This flaw allows a local user to crash the system or escalate their privileges on the system.
This flaw affects Linux kernel versions prior to 5.16-rc4. (CVE-2021-4083)
A data leak flaw was found in the way XFS_IOC_ALLOCSP IOCTL in the XFS filesystem allowed for size increase of files with unaligned size. A local attacker could use this flaw to leak data on the XFS filesystem otherwise not accessible to them. (CVE-2021-4155)
prealloc_elems_and_freelist in kernel/bpf/stackmap.c in the Linux kernel before 5.14.12 allows unprivileged users to trigger an eBPF multiplication integer overflow with a resultant out-of-bounds write. (CVE-2021-41864)
An unprivileged write to the file handler flaw in the Linux kernel’s control groups and namespaces subsystem was found in the way users have access to some less privileged process that are controlled by cgroups and have higher privileged parent process. It is actually both for cgroup2 and cgroup1 versions of control groups. A local user could use this flaw to crash the system or escalate their privileges on the system. (CVE-2021-4197)
A use-after-free read flaw was found in sock_getsockopt() in net/core/sock.c due to SO_PEERCRED and SO_PEERGROUPS race with listen() (and connect()) in the Linux kernel. In this flaw, an attacker with a user privileges may crash the system or leak internal kernel information. (CVE-2021-4203)
An issue was discovered in net/tipc/crypto.c in the Linux kernel before 5.14.16. The Transparent Inter- Process Communication (TIPC) functionality allows remote attackers to exploit insufficient validation of user-supplied sizes for the MSG_CRYPTO message type. (CVE-2021-43267)
An issue was discovered in the Linux kernel before 5.14.15. There is an array-index-out-of-bounds flaw in the detach_capi_ctr function in drivers/isdn/capi/kcapi.c. (CVE-2021-43389)
A use-after-free exists in drivers/tee/tee_shm.c in the TEE subsystem in the Linux kernel through 5.15.11.
This occurs because of a race condition in tee_shm_get_from_id during an attempt to free a shared memory object. (CVE-2021-44733)
Non-transparent sharing of branch predictor selectors between contexts in some Intel® Processors may allow an authorized user to potentially enable information disclosure via local access. (CVE-2022-0001)
Non-transparent sharing of branch predictor within a context in some Intel® Processors may allow an authorized user to potentially enable information disclosure via local access. (CVE-2022-0002)
A heap-based buffer overflow flaw was found in the way the legacy_parse_param function in the Filesystem Context functionality of the Linux kernel verified the supplied parameters length. An unprivileged (in case of unprivileged user namespaces enabled, otherwise needs namespaced CAP_SYS_ADMIN privilege) local user able to open a filesystem that does not support the Filesystem Context API (and thus fallbacks to legacy handling) could use this flaw to escalate their privileges on the system. (CVE-2022-0185)
A random memory access flaw was found in the Linux kernel’s GPU i915 kernel driver functionality in the way a user may run malicious code on the GPU. This flaw allows a local user to crash the system or escalate their privileges on the system. (CVE-2022-0330)
A stack overflow flaw was found in the Linux kernel’s TIPC protocol functionality in the way a user sends a packet with malicious content where the number of domain member nodes is higher than the 64 allowed.
This flaw allows a remote user to crash the system or possibly escalate their privileges if they have access to the TIPC network. (CVE-2022-0435)
A vulnerability was found in the Linux kernel’s cgroup_release_agent_write in the kernel/cgroup/cgroup-v1.c function. This flaw, under certain circumstances, allows the use of the cgroups v1 release_agent feature to escalate privileges and bypass the namespace isolation unexpectedly.
(CVE-2022-0492)
A flaw null pointer dereference in the Linux kernel UDF file system functionality was found in the way user triggers udf_file_write_iter function for the malicious UDF image. A local user could use this flaw to crash the system. Actual from Linux kernel 4.2-rc1 till 5.17-rc2. (CVE-2022-0617)
Memory leak in icmp6 implementation in Linux Kernel 5.13+ allows a remote attacker to DoS a host by making it go out-of-memory via icmp6 packets of type 130 or 131. We recommend upgrading past commit 2d3916f3189172d5c69d33065c3c21119fe539fc. (CVE-2022-0742)
A flaw was found in the way the flags member of the new pipe buffer structure was lacking proper initialization in copy_page_to_iter_pipe and push_pipe functions in the Linux kernel and could thus contain stale values. An unprivileged local user could use this flaw to write to pages in the page cache backed by read only files and as such escalate their privileges on the system. (CVE-2022-0847)
A memory leak flaw was found in the Linux kernel’s DMA subsystem, in the way a user calls DMA_FROM_DEVICE.
This flaw allows a local user to read random memory from the kernel space. (CVE-2022-0854)
An out-of-bounds (OOB) memory write flaw was found in the Linux kernel’s watch_queue event notification subsystem. This flaw can overwrite parts of the kernel state, potentially allowing a local user to gain privileged access or cause a denial of service on the system. (CVE-2022-0995)
A use-after-free flaw was found in the Linux kernel’s FUSE filesystem in the way a user triggers write().
This flaw allows a local user to gain unauthorized access to data from the FUSE filesystem, resulting in privilege escalation. (CVE-2022-1011)
A memory leak problem was found in the TCP source port generation algorithm in net/ipv4/tcp.c due to the small table perturb size. This flaw may allow an attacker to information leak and may cause a denial of service problem. (CVE-2022-1012)
A flaw was found in the Linux kernel in linux/net/netfilter/nf_tables_api.c of the netfilter subsystem.
This flaw allows a local user to cause an out-of-bounds write issue. (CVE-2022-1015)
A flaw was found in the Linux kernel in net/netfilter/nf_tables_core.c:nft_do_chain, which can cause a use-after-free. This issue needs to handle ‘return’ with proper preconditions, as it can lead to a kernel information leak problem caused by a local, unprivileged attacker. (CVE-2022-1016)
An out-of-bounds read flaw was found in the Linux kernel’s TeleTYpe subsystem. The issue occurs in how a user triggers a race condition using ioctls TIOCSPTLCK and TIOCGPTPEER and TIOCSTI and TCXONC with leakage of memory in the flush_to_ldisc function. This flaw allows a local user to crash the system or read unauthorized random data from memory. (CVE-2022-1462)
A use-after-free flaw was found in the Linux kernel’s Atheros wireless adapter driver in the way a user forces the ath9k_htc_wait_for_target function to fail with some input messages. This flaw allows a local user to crash or potentially escalate their privileges on the system. (CVE-2022-1679)
A race condition was found the Linux kernel in perf_event_open() which can be exploited by an unprivileged user to gain root privileges. The bug allows to build several exploit primitives such as kernel address information leak, arbitrary execution, etc. (CVE-2022-1729)
A use-after-free flaw was found in the Linux kernel’s pipes functionality in how a user performs manipulations with the pipe post_one_notification() after free_pipe_info() that is already called. This flaw allows a local user to crash or potentially escalate their privileges on the system. (CVE-2022-1882)
Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2022-32250. Reason: This candidate is a duplicate of CVE-2022-32250. Notes: All CVE users should reference CVE-2022-32250 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage. (CVE-2022-1966)
A use after free in the Linux kernel File System notify functionality was found in the way user triggers copy_info_records_to_user() call to fail in copy_event_to_user(). A local user could use this flaw to crash the system or potentially escalate their privileges on the system. (CVE-2022-1998)
In ip_check_mc_rcu of igmp.c, there is a possible use after free due to improper locking. This could lead to local escalation of privilege when opening and closing inet sockets with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-112551163References: Upstream kernel (CVE-2022-20141)
A vulnerability was found in the Linux kernel’s nft_set_desc_concat_parse() function .This flaw allows an attacker to trigger a buffer overflow via nft_set_desc_concat_parse() , causing a denial of service and possibly to run code. (CVE-2022-2078)
Incomplete cleanup of multi-core shared buffers for some Intel® Processors may allow an authenticated user to potentially enable information disclosure via local access. (CVE-2022-21123)
Incomplete cleanup of microarchitectural fill buffers on some Intel® Processors may allow an authenticated user to potentially enable information disclosure via local access. (CVE-2022-21125)
Incomplete cleanup in specific special register write operations for some Intel® Processors may allow an authenticated user to potentially enable information disclosure via local access. (CVE-2022-21166)
KGDB and KDB allow read and write access to kernel memory, and thus should be restricted during lockdown.
An attacker with access to a serial port could trigger the debugger so it is important that the debugger respect the lockdown mode when/if it is triggered. (CVE-2022-21499)
kernel: lockdown bypass using IMA (CVE-2022-21505)
A regression exists in the Linux Kernel within KVM: nVMX that allowed for speculative execution attacks.
L2 can carry out Spectre v2 attacks on L1 due to L1 thinking it doesn’t need retpolines or IBPB after running L2 due to KVM (L0) advertising eIBRS support to L1. An attacker at L2 with code execution can execute code on an indirect branch on the host machine. We recommend upgrading to Kernel 6.2 or past commit 2e7eab81425a (CVE-2022-2196)
The vmwgfx driver contains a local privilege escalation vulnerability that allows unprivileged users to gain access to files opened by other processes on the system through a dangling ‘file’ pointer.
(CVE-2022-22942)
Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate is unused by its CNA. Notes: none. (CVE-2022-23816)
Aliases in the branch predictor may cause some AMD processors to predict the wrong branch type potentially leading to information disclosure. (CVE-2022-23825)
Certain Arm Cortex and Neoverse processors through 2022-03-08 do not properly restrict cache speculation, aka Spectre-BHB. An attacker can leverage the shared branch history in the Branch History Buffer (BHB) to influence mispredicted branches. Then, cache allocation can allow the attacker to obtain sensitive information. (CVE-2022-23960)
kernel/ucount.c in the Linux kernel 5.14 through 5.16.4, when unprivileged user namespaces are enabled, allows a use-after-free and privilege escalation because a ucounts object can outlive its namespace.
(CVE-2022-24122)
net/netfilter/nf_dup_netdev.c in the Linux kernel 5.4 through 5.6.10 allows local users to gain privileges because of a heap out-of-bounds write. This is related to nf_tables_offload. (CVE-2022-25636)
It was discovered that when exec’ing from a non-leader thread, armed POSIX CPU timers would be left on a list but freed, leading to a use-after-free. (CVE-2022-2585)
It was discovered that a nft object or expression could reference a nft set on a different nft table, leading to a use-after-free once that table was deleted. (CVE-2022-2586)
A race condition was found in the way the Linux kernel’s memory subsystem handled the copy-on-write (COW) breakage of private read-only shared memory mappings. This flaw allows an unprivileged, local user to gain write access to read-only memory mappings, increasing their privileges on the system. (CVE-2022-2590)
Non-transparent sharing of return predictor targets between contexts in some Intel® Processors may allow an authorized user to potentially enable information disclosure via local access. (CVE-2022-26373)
A heap buffer overflow flaw was found in IPsec ESP transformation code in net/ipv4/esp4.c and net/ipv6/esp6.c. This flaw allows a local attacker with a normal user privilege to overwrite kernel heap objects and may cause a local privilege escalation threat. (CVE-2022-27666)
ems_usb_start_xmit in drivers/net/can/usb/ems_usb.c in the Linux kernel through 5.17.1 has a double free.
(CVE-2022-28390)
An out-of-bounds memory access flaw was found in the Linux kernel Intel’s iSMT SMBus host controller driver in the way a user triggers the I2C_SMBUS_BLOCK_DATA (with the ioctl I2C_SMBUS) with malicious input data. This flaw allows a local user to crash the system. (CVE-2022-2873)
A race condition was found in the Linux kernel’s watch queue due to a missing lock in pipe_resize_ring().
The specific flaw exists within the handling of pipe buffers. The issue results from the lack of proper locking when performing operations on an object. This flaw allows a local user to crash the system or escalate their privileges on the system. (CVE-2022-2959)
A flaw was found in the Linux kernel’s driver for the ASIX AX88179_178A-based USB 2.0/3.0 Gigabit Ethernet Devices. The vulnerability contains multiple out-of-bounds reads and possible out-of-bounds writes.
(CVE-2022-2964)
Mis-trained branch predictions for return instructions may allow arbitrary speculative code execution under certain microarchitecture-dependent conditions. (CVE-2022-29900)
Intel microprocessor generations 6 to 8 are affected by a new Spectre variant that is able to bypass their retpoline mitigation in the kernel to leak arbitrary data. An attacker with unprivileged user access can hijack return instructions to achieve arbitrary speculative code execution under certain microarchitecture-dependent conditions. (CVE-2022-29901)
A race condition was found in the Linux kernel’s IP framework for transforming packets (XFRM subsystem) when multiple calls to xfrm_probe_algs occurred simultaneously. This flaw could allow a local attacker to potentially trigger an out-of-bounds write or leak kernel heap memory by performing an out-of-bounds read and copying it into a socket. (CVE-2022-3028)
The Linux kernel before 5.17.2 mishandles seccomp permissions. The PTRACE_SEIZE code path allows attackers to bypass intended restrictions on setting the PT_SUSPEND_SECCOMP flag. (CVE-2022-30594)
A buffer overflow vulnerability was found in the Linux kernel Intel’s iSMT SMBus host controller driver in the way it handled the I2C_SMBUS_BLOCK_PROC_CALL case (via the ioctl I2C_SMBUS) with malicious input data.
This flaw could allow a local user to crash the system. (CVE-2022-3077)
network backend may cause Linux netfront to use freed SKBs While adding logic to support XDP (eXpress Data Path), a code label was moved in a way allowing for SKBs having references (pointers) retained for further processing to nevertheless be freed. (CVE-2022-33743)
An issue was discovered in the Linux kernel through 5.18.9. A type confusion bug in nft_set_elem_init (leading to a buffer overflow) could be used by a local attacker to escalate privileges, a different vulnerability than CVE-2022-32250. (The attacker can obtain root access, but must start with an unprivileged user namespace to obtain CAP_NET_ADMIN access.) This can be fixed in nft_setelem_parse_data in net/netfilter/nf_tables_api.c. (CVE-2022-34918)
Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none. (CVE-2022-3522)
A vulnerability classified as critical was found in Linux Kernel. Affected by this vulnerability is the function l2cap_reassemble_sdu of the file net/bluetooth/l2cap_core.c of the component Bluetooth. The manipulation leads to use after free. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-211087. (CVE-2022-3564)
A vulnerability was found in Linux Kernel. It has been declared as problematic. Affected by this vulnerability is the function intr_callback of the file drivers/net/usb/r8152.c of the component BPF. The manipulation leads to logging of excessive data. The attack can be launched remotely. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-211363.
(CVE-2022-3594)
A vulnerability has been found in Linux Kernel and classified as problematic. This vulnerability affects the function l2cap_recv_acldata of the file net/bluetooth/l2cap_core.c of the component Bluetooth. The manipulation leads to memory leak. It is recommended to apply a patch to fix this issue. VDB-211918 is the identifier assigned to this vulnerability. (CVE-2022-3619)
A buffer overflow flaw was found in the Linux kernel Broadcom Full MAC Wi-Fi driver. This issue occurs when a user connects to a malicious USB device. This can allow a local user to crash the system or escalate their privileges. (CVE-2022-3628)
nfqnl_mangle in net/netfilter/nfnetlink_queue.c in the Linux kernel through 5.18.14 allows remote attackers to cause a denial of service (panic) because, in the case of an nf_queue verdict with a one-byte nfta_payload attribute, an skb_pull can encounter a negative skb->len. (CVE-2022-36946)
An issue was discovered in include/asm-generic/tlb.h in the Linux kernel before 5.19. Because of a race condition (unmap_mapping_range versus munmap), a device driver can free a page while it still has stale TLB entries. This only occurs in situations with VM_PFNMAP VMAs. (CVE-2022-39188)
A flaw was found in the Linux kernel’s Layer 2 Tunneling Protocol (L2TP). A missing lock when clearing sk_user_data can lead to a race condition and NULL pointer dereference. A local user could use this flaw to potentially crash the system causing a denial of service. (CVE-2022-4129)
An incorrect TLB flush issue was found in the Linux kernel’s GPU i915 kernel driver, potentially leading to random memory corruption or data leaks. This flaw could allow a local user to crash the system or escalate their privileges on the system. (CVE-2022-4139)
An issue was discovered in the Linux kernel before 5.19.16. Attackers able to inject WLAN frames could cause a buffer overflow in the ieee80211_bss_info_update function in net/mac80211/scan.c. (CVE-2022-41674)
A flaw was found in the Linux kernel Traffic Control (TC) subsystem. Using a specific networking configuration (redirecting egress packets to ingress using TC action mirred) a local unprivileged user could trigger a CPU soft lockup (ABBA deadlock) when the transport protocol in use (TCP or SCTP) does a retransmission, resulting in a denial of service condition. (CVE-2022-4269)
mm/rmap.c in the Linux kernel before 5.19.7 has a use-after-free related to leaf anon_vma double reuse.
(CVE-2022-42703)
Various refcounting bugs in the multi-BSS handling in the mac80211 stack in the Linux kernel 5.1 through 5.19.x before 5.19.16 could be used by local attackers (able to inject WLAN frames) to trigger use-after- free conditions to potentially execute code. (CVE-2022-42720)
A list management bug in BSS handling in the mac80211 stack in the Linux kernel 5.1 through 5.19.x before 5.19.16 could be used by local attackers (able to inject WLAN frames) to corrupt a linked list and, in turn, potentially execute code. (CVE-2022-42721)
In the Linux kernel 5.8 through 5.19.x before 5.19.16, local attackers able to inject WLAN frames into the mac80211 stack could cause a NULL pointer dereference denial-of-service attack against the beacon protection of P2P devices. (CVE-2022-42722)
There is an infoleak vulnerability in the Linux kernel’s net/bluetooth/l2cap_core.c’s l2cap_parse_conf_req function which can be used to leak kernel pointers remotely. We recommend upgrading past commit https://github.com/torvalds/linux/commit/b1a2cd50c0357f243b7435a732b4e62ba3157a2e https://www.google.com/url (CVE-2022-42895)
There are use-after-free vulnerabilities in the Linux kernel’s net/bluetooth/l2cap_core.c’s l2cap_connect and l2cap_le_connect_req functions which may allow code execution and leaking kernel memory (respectively) remotely via Bluetooth. A remote attacker could execute code leaking kernel memory via Bluetooth if within proximity of the victim. We recommend upgrading past commit https://www.google.com/url https://github.com/torvalds/linux/commit/711f8c3fb3db61897080468586b970c87c61d9e4 https://www.google.com/url (CVE-2022-42896)
drivers/usb/mon/mon_bin.c in usbmon in the Linux kernel before 5.19.15 and 6.x before 6.0.1 allows a user- space client to corrupt the monitor’s internal memory. (CVE-2022-43750)
A stack overflow flaw was found in the Linux kernel’s SYSCTL subsystem in how a user changes certain kernel parameters and variables. This flaw allows a local user to crash or potentially escalate their privileges on the system. (CVE-2022-4378)
A use-after-free vulnerability was found in __nfs42_ssc_open() in fs/nfs/nfs4file.c in the Linux kernel.
This flaw allows an attacker to conduct a remote denial (CVE-2022-4379)
The Linux kernel NFSD implementation prior to versions 5.19.17 and 6.0.2 are vulnerable to buffer overflow. NFSD tracks the number of pages held by each NFSD thread by combining the receive and send buffers of a remote procedure call (RPC) into a single array of pages. A client can force the send buffer to shrink by sending an RPC message over TCP with garbage data added at the end of the message. The RPC message with garbage data is still correctly formed according to the specification and is passed forward to handlers. Vulnerable code in NFSD is not expecting the oversized request and writes beyond the allocated buffer space. CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H (CVE-2022-43945)
A double-free flaw was found in the Linux kernel’s TUN/TAP device driver functionality in how a user registers the device when the register_netdevice function fails (NETDEV_REGISTER notifier). This flaw allows a local user to crash or potentially escalate their privileges on the system. (CVE-2022-4744)
A buffer overflow vulnerability was found in the Netfilter subsystem in the Linux Kernel. This issue could allow the leakage of both stack and heap addresses, and potentially allow Local Privilege Escalation to the root user via arbitrary code execution. (CVE-2023-0179)
A use after free vulnerability exists in the ALSA PCM package in the Linux Kernel.
SNDRV_CTL_IOCTL_ELEM_{READ|WRITE}32 is missing locks that can be used in a use-after-free that can result in a priviledge escalation to gain ring0 access from the system user. We recommend upgrading past commit 56b88b50565cd8b946a2d00b0c83927b7ebb055e (CVE-2023-0266)
A flaw was found in the Linux kernel, where unauthorized access to the execution of the setuid file with capabilities was found in the Linux kernel’s OverlayFS subsystem in how a user copies a capable file from a nosuid mount into another mount. This uid mapping bug allows a local user to escalate their privileges on the system. (CVE-2023-0386)
A NULL pointer dereference flaw was found in rawv6_push_pending_frames in net/ipv6/raw.c in the network subcomponent in the Linux kernel. This flaw causes the system to crash. (CVE-2023-0394)
A speculative pointer dereference problem exists in the Linux Kernel on the do_prlimit() function. The resource argument value is controlled and is used in pointer arithmetic for the ‘rlim’ variable and can be used to leak the contents. We recommend upgrading past version 6.1.8 or commit 739790605705ddcf18f21782b9c99ad7d53a8c11 (CVE-2023-0458)
A use-after-free flaw was found in qdisc_graft in net/sched/sch_api.c in the Linux Kernel due to a race problem. This flaw leads to a denial of service issue. If patch ebda44da44f6 (net: sched: fix race condition in qdisc_graft()) not applied yet, then kernel could be affected. (CVE-2023-0590)
A flaw was found in the Linux kernel. A use-after-free may be triggered in asus_kbd_backlight_set when plugging/disconnecting in a malicious USB device, which advertises itself as an Asus device. Similarly to the previous known CVE-2023-25012, but in asus devices, the work_struct may be scheduled by the LED controller while the device is disconnecting, triggering a use-after-free on the struct asus_kbd_leds *led structure. A malicious USB device may exploit the issue to cause memory corruption with controlled data.
(CVE-2023-1079)
A use-after-free flaw was found in the Linux kernel’s core dump subsystem. This flaw allows a local user to crash the system. Only if patch 390031c94211 (coredump: Use the vma snapshot in fill_files_note) not applied yet, then kernel could be affected. (CVE-2023-1249)
A use-after-free flaw was found in the Linux kernel’s Ext4 File System in how a user triggers several file operations simultaneously with the overlay FS usage. This flaw allows a local user to crash or potentially escalate their privileges on the system. Only if patch 9a2544037600 (ovl: fix use after free in struct ovl_aio_req) not applied yet, the kernel could be affected. (CVE-2023-1252)
A flaw that boot CPU could be vulnerable for the speculative execution behavior kind of attacks in the Linux kernel X86 CPU Power management options functionality was found in the way user resuming CPU from suspend-to-RAM. A local user could use this flaw to potentially get unauthorized access to some memory of the CPU similar to the speculative execution behavior kind of attacks. (CVE-2023-1637)
A use-after-free flaw was found in nfsd4_ssc_setup_dul in fs/nfsd/nfs4proc.c in the NFS filesystem in the Linux Kernel. This issue could allow a local attacker to crash the system or it may lead to a kernel information leak problem. (CVE-2023-1652)
A use-after-free flaw was found in btsdio_remove in drivers\bluetooth\btsdio.c in the Linux Kernel. In this flaw, a call to btsdio_remove with an unfinished job, may cause a race problem leading to a UAF on hdev devices. (CVE-2023-1989)
A vulnerability was found in the HCI sockets implementation due to a missing capability check in net/bluetooth/hci_sock.c in the Linux Kernel. This flaw allows an attacker to unauthorized execution of management commands, compromising the confidentiality, integrity, and availability of Bluetooth communication. (CVE-2023-2002)
An out-of-bounds memory access flaw was found in the Linux kernel’s XFS file system in how a user restores an XFS image after failure (with a dirty log journal). This flaw allows a local user to crash or potentially escalate their privileges on the system. (CVE-2023-2124)
An out-of-bounds write vulnerability was found in the Linux kernel’s SLIMpro I2C device driver. The userspace data->block[0] variable was not capped to a number between 0-255 and was used as the size of a memcpy, possibly writing beyond the end of dma_buffer. This flaw could allow a local privileged user to crash the system or potentially achieve code execution. (CVE-2023-2194)
A use-after-free vulnerability in the Linux Kernel Performance Events system can be exploited to achieve local privilege escalation. The perf_group_detach function did not check the event’s siblings’ attach_state before calling add_event_to_groups(), but remove_on_exec made it possible to call list_del_event() on before detaching from their group, making it possible to use a dangling pointer causing a use-after-free vulnerability. We recommend upgrading past commit fd0815f632c24878e325821943edccc7fde947a2. (CVE-2023-2235)
Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority because it was the duplicate of CVE-2023-31436. (CVE-2023-2248)
Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2023-33203. Reason: This candidate is a reservation duplicate of CVE-2023-33203. Notes: All CVE users should reference CVE-2023-33203 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage. (CVE-2023-2483)
In the Linux kernel before 6.1.13, there is a double free in net/mpls/af_mpls.c upon an allocation failure (for registering the sysctl table under a new location) during the renaming of a device. (CVE-2023-26545)
do_tls_getsockopt in net/tls/tls_main.c in the Linux kernel through 6.2.6 lacks a lock_sock call, leading to a race condition (with a resultant use-after-free or NULL pointer dereference). (CVE-2023-28466)
A heap out-of-bounds write vulnerability in the Linux Kernel ipvlan network driver can be exploited to achieve local privilege escalation. The out-of-bounds write is caused by missing skb->cb initialization in the ipvlan network driver. The vulnerability is reachable if CONFIG_IPVLAN is enabled. We recommend upgrading past commit 90cbed5247439a966b645b34eb0a2e037836ea8e. (CVE-2023-3090)
Linux Kernel nftables Use-After-Free Local Privilege Escalation Vulnerability; nft_chain_lookup_byid()
failed to check whether a chain was active and CAP_NET_ADMIN is in any user or network namespace (CVE-2023-31248)
qfq_change_class in net/sched/sch_qfq.c in the Linux kernel before 6.2.13 allows an out-of-bounds write because lmax can exceed QFQ_MIN_LMAX. (CVE-2023-31436)
A flaw was found in the Framebuffer Console (fbcon) in the Linux Kernel. When providing font->width and font->height greater than 32 to fbcon_set_font, since there are no checks in place, a shift-out-of-bounds occurs leading to undefined behavior and possible denial of service. (CVE-2023-3161)
A NULL pointer dereference issue was found in the gfs2 file system in the Linux kernel. It occurs on corrupt gfs2 file systems when the evict code tries to reference the journal descriptor structure after it has been freed and set to NULL. A privileged local user could use this flaw to cause a kernel panic.
(CVE-2023-3212)
In the Linux kernel through 6.3.1, a use-after-free in Netfilter nf_tables when processing batch requests can be abused to perform arbitrary read and write operations on kernel memory. Unprivileged local users can obtain root privileges. This occurs because anonymous sets are mishandled. (CVE-2023-32233)
Linux Kernel nftables Out-Of-Bounds Read/Write Vulnerability; nft_byteorder poorly handled vm register contents when CAP_NET_ADMIN is in any user or network namespace (CVE-2023-35001)
An issue was discovered in fl_set_geneve_opt in net/sched/cls_flower.c in the Linux kernel before 6.3.7.
It allows an out-of-bounds write in the flower classifier code via TCA_FLOWER_KEY_ENC_OPTS_GENEVE packets.
This may result in denial of service or privilege escalation. (CVE-2023-35788)
Note that Nessus has not tested for these issues but has instead relied only on the application’s self-reported version number.
#%NASL_MIN_LEVEL 80900
##
# (C) Tenable, Inc.
#
# The package checks in this plugin were extracted from
# the CentOS Stream Build Service.
##
include('compat.inc');
if (description)
{
script_id(191192);
script_version("1.3");
script_set_attribute(attribute:"plugin_modification_date", value:"2024/04/26");
script_cve_id(
"CVE-2020-27820",
"CVE-2020-36516",
"CVE-2021-3669",
"CVE-2021-3744",
"CVE-2021-3759",
"CVE-2021-3764",
"CVE-2021-3772",
"CVE-2021-3773",
"CVE-2021-4001",
"CVE-2021-4002",
"CVE-2021-4028",
"CVE-2021-4083",
"CVE-2021-4155",
"CVE-2021-4197",
"CVE-2021-4203",
"CVE-2021-20322",
"CVE-2021-22600",
"CVE-2021-26341",
"CVE-2021-26401",
"CVE-2021-33655",
"CVE-2021-41864",
"CVE-2021-43267",
"CVE-2021-43389",
"CVE-2021-44733",
"CVE-2022-0001",
"CVE-2022-0002",
"CVE-2022-0185",
"CVE-2022-0330",
"CVE-2022-0435",
"CVE-2022-0492",
"CVE-2022-0617",
"CVE-2022-0742",
"CVE-2022-0847",
"CVE-2022-0854",
"CVE-2022-0995",
"CVE-2022-1011",
"CVE-2022-1012",
"CVE-2022-1015",
"CVE-2022-1016",
"CVE-2022-1462",
"CVE-2022-1679",
"CVE-2022-1729",
"CVE-2022-1882",
"CVE-2022-1966",
"CVE-2022-1998",
"CVE-2022-2078",
"CVE-2022-2196",
"CVE-2022-2585",
"CVE-2022-2586",
"CVE-2022-2590",
"CVE-2022-2873",
"CVE-2022-2959",
"CVE-2022-2964",
"CVE-2022-3028",
"CVE-2022-3077",
"CVE-2022-3522",
"CVE-2022-3564",
"CVE-2022-3594",
"CVE-2022-3619",
"CVE-2022-3628",
"CVE-2022-4129",
"CVE-2022-4139",
"CVE-2022-4269",
"CVE-2022-4378",
"CVE-2022-4379",
"CVE-2022-4744",
"CVE-2022-20141",
"CVE-2022-21123",
"CVE-2022-21125",
"CVE-2022-21166",
"CVE-2022-21499",
"CVE-2022-21505",
"CVE-2022-22942",
"CVE-2022-23816",
"CVE-2022-23825",
"CVE-2022-23960",
"CVE-2022-24122",
"CVE-2022-25636",
"CVE-2022-26373",
"CVE-2022-27666",
"CVE-2022-28390",
"CVE-2022-29900",
"CVE-2022-29901",
"CVE-2022-30594",
"CVE-2022-33743",
"CVE-2022-34918",
"CVE-2022-36946",
"CVE-2022-39188",
"CVE-2022-41674",
"CVE-2022-42703",
"CVE-2022-42720",
"CVE-2022-42721",
"CVE-2022-42722",
"CVE-2022-42895",
"CVE-2022-42896",
"CVE-2022-43750",
"CVE-2022-43945",
"CVE-2023-0179",
"CVE-2023-0266",
"CVE-2023-0386",
"CVE-2023-0394",
"CVE-2023-0458",
"CVE-2023-0590",
"CVE-2023-1079",
"CVE-2023-1249",
"CVE-2023-1252",
"CVE-2023-1637",
"CVE-2023-1652",
"CVE-2023-1989",
"CVE-2023-2002",
"CVE-2023-2124",
"CVE-2023-2194",
"CVE-2023-2235",
"CVE-2023-2248",
"CVE-2023-2483",
"CVE-2023-3090",
"CVE-2023-3161",
"CVE-2023-3212",
"CVE-2023-26545",
"CVE-2023-28466",
"CVE-2023-31248",
"CVE-2023-31436",
"CVE-2023-32233",
"CVE-2023-35001",
"CVE-2023-35788"
);
script_xref(name:"CISA-KNOWN-EXPLOITED", value:"2022/05/16");
script_xref(name:"CISA-KNOWN-EXPLOITED", value:"2022/05/02");
script_xref(name:"CISA-KNOWN-EXPLOITED", value:"2023/04/20");
script_xref(name:"CEA-ID", value:"CEA-2022-0026");
script_name(english:"CentOS 9 : kernel-5.14.0-347.el9");
script_set_attribute(attribute:"synopsis", value:
"The remote CentOS host is missing one or more security updates for bpftool.");
script_set_attribute(attribute:"description", value:
"The remote CentOS Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the
kernel-5.14.0-347.el9 build changelog.
- A vulnerability was found in Linux kernel, where a use-after-frees in nouveau's postclose() handler could
happen if removing device (that is not common to remove video card physically without power-off, but same
happens if unbind the driver). (CVE-2020-27820)
- An issue was discovered in the Linux kernel through 5.16.11. The mixed IPID assignment method with the
hash-based IPID assignment policy allows an off-path attacker to inject data into a victim's TCP session
or terminate that session. (CVE-2020-36516)
- A flaw in the processing of received ICMP errors (ICMP fragment needed and ICMP redirect) in the Linux
kernel functionality was found to allow the ability to quickly scan open UDP ports. This flaw allows an
off-path remote user to effectively bypass the source port UDP randomization. The highest threat from this
vulnerability is to confidentiality and possibly integrity, because software that relies on UDP source
port randomization are indirectly affected as well. (CVE-2021-20322)
- A double free bug in packet_set_ring() in net/packet/af_packet.c can be exploited by a local user through
crafted syscalls to escalate privileges or deny service. We recommend upgrading kernel past the effected
versions or rebuilding past ec6af094ea28f0f2dda1a6a33b14cd57e36a9755 (CVE-2021-22600)
- Some AMD CPUs may transiently execute beyond unconditional direct branches, which may potentially result
in data leakage. (CVE-2021-26341)
- LFENCE/JMP (mitigation V2-2) may not sufficiently mitigate CVE-2017-5715 on some AMD CPUs.
(CVE-2021-26401)
- When sending malicous data to kernel by ioctl cmd FBIOPUT_VSCREENINFO,kernel will write memory out of
bounds. (CVE-2021-33655)
- A flaw was found in the Linux kernel. Measuring usage of the shared memory does not scale with large
shared memory segment counts which could lead to resource exhaustion and DoS. (CVE-2021-3669)
- A memory leak flaw was found in the Linux kernel in the ccp_run_aes_gcm_cmd() function in
drivers/crypto/ccp/ccp-ops.c, which allows attackers to cause a denial of service (memory consumption).
This vulnerability is similar with the older CVE-2019-18808. (CVE-2021-3744)
- A memory overflow vulnerability was found in the Linux kernel's ipc functionality of the memcg subsystem,
in the way a user calls the semget function multiple times, creating semaphores. This flaw allows a local
user to starve the resources, causing a denial of service. The highest threat from this vulnerability is
to system availability. (CVE-2021-3759)
- A memory leak flaw was found in the Linux kernel's ccp_run_aes_gcm_cmd() function that allows an attacker
to cause a denial of service. The vulnerability is similar to the older CVE-2019-18808. The highest threat
from this vulnerability is to system availability. (CVE-2021-3764)
- A flaw was found in the Linux SCTP stack. A blind attacker may be able to kill an existing SCTP
association through invalid chunks if the attacker knows the IP-addresses and port numbers being used and
the attacker can send packets with spoofed IP addresses. (CVE-2021-3772)
- A flaw in netfilter could allow a network-connected attacker to infer openvpn connection endpoint
information for further use in traditional network attacks. (CVE-2021-3773)
- A race condition was found in the Linux kernel's ebpf verifier between bpf_map_update_elem and
bpf_map_freeze due to a missing lock in kernel/bpf/syscall.c. In this flaw, a local user with a special
privilege (cap_sys_admin or cap_bpf) can modify the frozen mapped address space. This flaw affects kernel
versions prior to 5.16 rc2. (CVE-2021-4001)
- A memory leak flaw in the Linux kernel's hugetlbfs memory usage was found in the way the user maps some
regions of memory twice using shmget() which are aligned to PUD alignment with the fault of some of the
memory pages. A local user could use this flaw to get unauthorized access to some data. (CVE-2021-4002)
- A flaw in the Linux kernel's implementation of RDMA communications manager listener code allowed an
attacker with local access to setup a socket to listen on a high port allowing for a list element to be
used after free. Given the ability to execute code, a local attacker could leverage this use-after-free to
crash the system or possibly escalate privileges on the system. (CVE-2021-4028)
- A read-after-free memory flaw was found in the Linux kernel's garbage collection for Unix domain socket
file handlers in the way users call close() and fget() simultaneously and can potentially trigger a race
condition. This flaw allows a local user to crash the system or escalate their privileges on the system.
This flaw affects Linux kernel versions prior to 5.16-rc4. (CVE-2021-4083)
- A data leak flaw was found in the way XFS_IOC_ALLOCSP IOCTL in the XFS filesystem allowed for size
increase of files with unaligned size. A local attacker could use this flaw to leak data on the XFS
filesystem otherwise not accessible to them. (CVE-2021-4155)
- prealloc_elems_and_freelist in kernel/bpf/stackmap.c in the Linux kernel before 5.14.12 allows
unprivileged users to trigger an eBPF multiplication integer overflow with a resultant out-of-bounds
write. (CVE-2021-41864)
- An unprivileged write to the file handler flaw in the Linux kernel's control groups and namespaces
subsystem was found in the way users have access to some less privileged process that are controlled by
cgroups and have higher privileged parent process. It is actually both for cgroup2 and cgroup1 versions of
control groups. A local user could use this flaw to crash the system or escalate their privileges on the
system. (CVE-2021-4197)
- A use-after-free read flaw was found in sock_getsockopt() in net/core/sock.c due to SO_PEERCRED and
SO_PEERGROUPS race with listen() (and connect()) in the Linux kernel. In this flaw, an attacker with a
user privileges may crash the system or leak internal kernel information. (CVE-2021-4203)
- An issue was discovered in net/tipc/crypto.c in the Linux kernel before 5.14.16. The Transparent Inter-
Process Communication (TIPC) functionality allows remote attackers to exploit insufficient validation of
user-supplied sizes for the MSG_CRYPTO message type. (CVE-2021-43267)
- An issue was discovered in the Linux kernel before 5.14.15. There is an array-index-out-of-bounds flaw in
the detach_capi_ctr function in drivers/isdn/capi/kcapi.c. (CVE-2021-43389)
- A use-after-free exists in drivers/tee/tee_shm.c in the TEE subsystem in the Linux kernel through 5.15.11.
This occurs because of a race condition in tee_shm_get_from_id during an attempt to free a shared memory
object. (CVE-2021-44733)
- Non-transparent sharing of branch predictor selectors between contexts in some Intel(R) Processors may
allow an authorized user to potentially enable information disclosure via local access. (CVE-2022-0001)
- Non-transparent sharing of branch predictor within a context in some Intel(R) Processors may allow an
authorized user to potentially enable information disclosure via local access. (CVE-2022-0002)
- A heap-based buffer overflow flaw was found in the way the legacy_parse_param function in the Filesystem
Context functionality of the Linux kernel verified the supplied parameters length. An unprivileged (in
case of unprivileged user namespaces enabled, otherwise needs namespaced CAP_SYS_ADMIN privilege) local
user able to open a filesystem that does not support the Filesystem Context API (and thus fallbacks to
legacy handling) could use this flaw to escalate their privileges on the system. (CVE-2022-0185)
- A random memory access flaw was found in the Linux kernel's GPU i915 kernel driver functionality in the
way a user may run malicious code on the GPU. This flaw allows a local user to crash the system or
escalate their privileges on the system. (CVE-2022-0330)
- A stack overflow flaw was found in the Linux kernel's TIPC protocol functionality in the way a user sends
a packet with malicious content where the number of domain member nodes is higher than the 64 allowed.
This flaw allows a remote user to crash the system or possibly escalate their privileges if they have
access to the TIPC network. (CVE-2022-0435)
- A vulnerability was found in the Linux kernel's cgroup_release_agent_write in the
kernel/cgroup/cgroup-v1.c function. This flaw, under certain circumstances, allows the use of the cgroups
v1 release_agent feature to escalate privileges and bypass the namespace isolation unexpectedly.
(CVE-2022-0492)
- A flaw null pointer dereference in the Linux kernel UDF file system functionality was found in the way
user triggers udf_file_write_iter function for the malicious UDF image. A local user could use this flaw
to crash the system. Actual from Linux kernel 4.2-rc1 till 5.17-rc2. (CVE-2022-0617)
- Memory leak in icmp6 implementation in Linux Kernel 5.13+ allows a remote attacker to DoS a host by making
it go out-of-memory via icmp6 packets of type 130 or 131. We recommend upgrading past commit
2d3916f3189172d5c69d33065c3c21119fe539fc. (CVE-2022-0742)
- A flaw was found in the way the flags member of the new pipe buffer structure was lacking proper
initialization in copy_page_to_iter_pipe and push_pipe functions in the Linux kernel and could thus
contain stale values. An unprivileged local user could use this flaw to write to pages in the page cache
backed by read only files and as such escalate their privileges on the system. (CVE-2022-0847)
- A memory leak flaw was found in the Linux kernel's DMA subsystem, in the way a user calls DMA_FROM_DEVICE.
This flaw allows a local user to read random memory from the kernel space. (CVE-2022-0854)
- An out-of-bounds (OOB) memory write flaw was found in the Linux kernel's watch_queue event notification
subsystem. This flaw can overwrite parts of the kernel state, potentially allowing a local user to gain
privileged access or cause a denial of service on the system. (CVE-2022-0995)
- A use-after-free flaw was found in the Linux kernel's FUSE filesystem in the way a user triggers write().
This flaw allows a local user to gain unauthorized access to data from the FUSE filesystem, resulting in
privilege escalation. (CVE-2022-1011)
- A memory leak problem was found in the TCP source port generation algorithm in net/ipv4/tcp.c due to the
small table perturb size. This flaw may allow an attacker to information leak and may cause a denial of
service problem. (CVE-2022-1012)
- A flaw was found in the Linux kernel in linux/net/netfilter/nf_tables_api.c of the netfilter subsystem.
This flaw allows a local user to cause an out-of-bounds write issue. (CVE-2022-1015)
- A flaw was found in the Linux kernel in net/netfilter/nf_tables_core.c:nft_do_chain, which can cause a
use-after-free. This issue needs to handle 'return' with proper preconditions, as it can lead to a kernel
information leak problem caused by a local, unprivileged attacker. (CVE-2022-1016)
- An out-of-bounds read flaw was found in the Linux kernel's TeleTYpe subsystem. The issue occurs in how a
user triggers a race condition using ioctls TIOCSPTLCK and TIOCGPTPEER and TIOCSTI and TCXONC with leakage
of memory in the flush_to_ldisc function. This flaw allows a local user to crash the system or read
unauthorized random data from memory. (CVE-2022-1462)
- A use-after-free flaw was found in the Linux kernel's Atheros wireless adapter driver in the way a user
forces the ath9k_htc_wait_for_target function to fail with some input messages. This flaw allows a local
user to crash or potentially escalate their privileges on the system. (CVE-2022-1679)
- A race condition was found the Linux kernel in perf_event_open() which can be exploited by an unprivileged
user to gain root privileges. The bug allows to build several exploit primitives such as kernel address
information leak, arbitrary execution, etc. (CVE-2022-1729)
- A use-after-free flaw was found in the Linux kernel's pipes functionality in how a user performs
manipulations with the pipe post_one_notification() after free_pipe_info() that is already called. This
flaw allows a local user to crash or potentially escalate their privileges on the system. (CVE-2022-1882)
- Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2022-32250. Reason: This candidate is a
duplicate of CVE-2022-32250. Notes: All CVE users should reference CVE-2022-32250 instead of this
candidate. All references and descriptions in this candidate have been removed to prevent accidental
usage. (CVE-2022-1966)
- A use after free in the Linux kernel File System notify functionality was found in the way user triggers
copy_info_records_to_user() call to fail in copy_event_to_user(). A local user could use this flaw to
crash the system or potentially escalate their privileges on the system. (CVE-2022-1998)
- In ip_check_mc_rcu of igmp.c, there is a possible use after free due to improper locking. This could lead
to local escalation of privilege when opening and closing inet sockets with no additional execution
privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android
kernelAndroid ID: A-112551163References: Upstream kernel (CVE-2022-20141)
- A vulnerability was found in the Linux kernel's nft_set_desc_concat_parse() function .This flaw allows an
attacker to trigger a buffer overflow via nft_set_desc_concat_parse() , causing a denial of service and
possibly to run code. (CVE-2022-2078)
- Incomplete cleanup of multi-core shared buffers for some Intel(R) Processors may allow an authenticated
user to potentially enable information disclosure via local access. (CVE-2022-21123)
- Incomplete cleanup of microarchitectural fill buffers on some Intel(R) Processors may allow an
authenticated user to potentially enable information disclosure via local access. (CVE-2022-21125)
- Incomplete cleanup in specific special register write operations for some Intel(R) Processors may allow an
authenticated user to potentially enable information disclosure via local access. (CVE-2022-21166)
- KGDB and KDB allow read and write access to kernel memory, and thus should be restricted during lockdown.
An attacker with access to a serial port could trigger the debugger so it is important that the debugger
respect the lockdown mode when/if it is triggered. (CVE-2022-21499)
- kernel: lockdown bypass using IMA (CVE-2022-21505)
- A regression exists in the Linux Kernel within KVM: nVMX that allowed for speculative execution attacks.
L2 can carry out Spectre v2 attacks on L1 due to L1 thinking it doesn't need retpolines or IBPB after
running L2 due to KVM (L0) advertising eIBRS support to L1. An attacker at L2 with code execution can
execute code on an indirect branch on the host machine. We recommend upgrading to Kernel 6.2 or past
commit 2e7eab81425a (CVE-2022-2196)
- The vmwgfx driver contains a local privilege escalation vulnerability that allows unprivileged users to
gain access to files opened by other processes on the system through a dangling 'file' pointer.
(CVE-2022-22942)
- Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate is unused by
its CNA. Notes: none. (CVE-2022-23816)
- Aliases in the branch predictor may cause some AMD processors to predict the wrong branch type potentially
leading to information disclosure. (CVE-2022-23825)
- Certain Arm Cortex and Neoverse processors through 2022-03-08 do not properly restrict cache speculation,
aka Spectre-BHB. An attacker can leverage the shared branch history in the Branch History Buffer (BHB) to
influence mispredicted branches. Then, cache allocation can allow the attacker to obtain sensitive
information. (CVE-2022-23960)
- kernel/ucount.c in the Linux kernel 5.14 through 5.16.4, when unprivileged user namespaces are enabled,
allows a use-after-free and privilege escalation because a ucounts object can outlive its namespace.
(CVE-2022-24122)
- net/netfilter/nf_dup_netdev.c in the Linux kernel 5.4 through 5.6.10 allows local users to gain privileges
because of a heap out-of-bounds write. This is related to nf_tables_offload. (CVE-2022-25636)
- It was discovered that when exec'ing from a non-leader thread, armed POSIX CPU timers would be left on a
list but freed, leading to a use-after-free. (CVE-2022-2585)
- It was discovered that a nft object or expression could reference a nft set on a different nft table,
leading to a use-after-free once that table was deleted. (CVE-2022-2586)
- A race condition was found in the way the Linux kernel's memory subsystem handled the copy-on-write (COW)
breakage of private read-only shared memory mappings. This flaw allows an unprivileged, local user to gain
write access to read-only memory mappings, increasing their privileges on the system. (CVE-2022-2590)
- Non-transparent sharing of return predictor targets between contexts in some Intel(R) Processors may allow
an authorized user to potentially enable information disclosure via local access. (CVE-2022-26373)
- A heap buffer overflow flaw was found in IPsec ESP transformation code in net/ipv4/esp4.c and
net/ipv6/esp6.c. This flaw allows a local attacker with a normal user privilege to overwrite kernel heap
objects and may cause a local privilege escalation threat. (CVE-2022-27666)
- ems_usb_start_xmit in drivers/net/can/usb/ems_usb.c in the Linux kernel through 5.17.1 has a double free.
(CVE-2022-28390)
- An out-of-bounds memory access flaw was found in the Linux kernel Intel's iSMT SMBus host controller
driver in the way a user triggers the I2C_SMBUS_BLOCK_DATA (with the ioctl I2C_SMBUS) with malicious input
data. This flaw allows a local user to crash the system. (CVE-2022-2873)
- A race condition was found in the Linux kernel's watch queue due to a missing lock in pipe_resize_ring().
The specific flaw exists within the handling of pipe buffers. The issue results from the lack of proper
locking when performing operations on an object. This flaw allows a local user to crash the system or
escalate their privileges on the system. (CVE-2022-2959)
- A flaw was found in the Linux kernel's driver for the ASIX AX88179_178A-based USB 2.0/3.0 Gigabit Ethernet
Devices. The vulnerability contains multiple out-of-bounds reads and possible out-of-bounds writes.
(CVE-2022-2964)
- Mis-trained branch predictions for return instructions may allow arbitrary speculative code execution
under certain microarchitecture-dependent conditions. (CVE-2022-29900)
- Intel microprocessor generations 6 to 8 are affected by a new Spectre variant that is able to bypass their
retpoline mitigation in the kernel to leak arbitrary data. An attacker with unprivileged user access can
hijack return instructions to achieve arbitrary speculative code execution under certain
microarchitecture-dependent conditions. (CVE-2022-29901)
- A race condition was found in the Linux kernel's IP framework for transforming packets (XFRM subsystem)
when multiple calls to xfrm_probe_algs occurred simultaneously. This flaw could allow a local attacker to
potentially trigger an out-of-bounds write or leak kernel heap memory by performing an out-of-bounds read
and copying it into a socket. (CVE-2022-3028)
- The Linux kernel before 5.17.2 mishandles seccomp permissions. The PTRACE_SEIZE code path allows attackers
to bypass intended restrictions on setting the PT_SUSPEND_SECCOMP flag. (CVE-2022-30594)
- A buffer overflow vulnerability was found in the Linux kernel Intel's iSMT SMBus host controller driver in
the way it handled the I2C_SMBUS_BLOCK_PROC_CALL case (via the ioctl I2C_SMBUS) with malicious input data.
This flaw could allow a local user to crash the system. (CVE-2022-3077)
- network backend may cause Linux netfront to use freed SKBs While adding logic to support XDP (eXpress Data
Path), a code label was moved in a way allowing for SKBs having references (pointers) retained for further
processing to nevertheless be freed. (CVE-2022-33743)
- An issue was discovered in the Linux kernel through 5.18.9. A type confusion bug in nft_set_elem_init
(leading to a buffer overflow) could be used by a local attacker to escalate privileges, a different
vulnerability than CVE-2022-32250. (The attacker can obtain root access, but must start with an
unprivileged user namespace to obtain CAP_NET_ADMIN access.) This can be fixed in nft_setelem_parse_data
in net/netfilter/nf_tables_api.c. (CVE-2022-34918)
- Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn
by its CNA. Further investigation showed that it was not a security issue. Notes: none. (CVE-2022-3522)
- A vulnerability classified as critical was found in Linux Kernel. Affected by this vulnerability is the
function l2cap_reassemble_sdu of the file net/bluetooth/l2cap_core.c of the component Bluetooth. The
manipulation leads to use after free. It is recommended to apply a patch to fix this issue. The associated
identifier of this vulnerability is VDB-211087. (CVE-2022-3564)
- A vulnerability was found in Linux Kernel. It has been declared as problematic. Affected by this
vulnerability is the function intr_callback of the file drivers/net/usb/r8152.c of the component BPF. The
manipulation leads to logging of excessive data. The attack can be launched remotely. It is recommended to
apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-211363.
(CVE-2022-3594)
- A vulnerability has been found in Linux Kernel and classified as problematic. This vulnerability affects
the function l2cap_recv_acldata of the file net/bluetooth/l2cap_core.c of the component Bluetooth. The
manipulation leads to memory leak. It is recommended to apply a patch to fix this issue. VDB-211918 is the
identifier assigned to this vulnerability. (CVE-2022-3619)
- A buffer overflow flaw was found in the Linux kernel Broadcom Full MAC Wi-Fi driver. This issue occurs
when a user connects to a malicious USB device. This can allow a local user to crash the system or
escalate their privileges. (CVE-2022-3628)
- nfqnl_mangle in net/netfilter/nfnetlink_queue.c in the Linux kernel through 5.18.14 allows remote
attackers to cause a denial of service (panic) because, in the case of an nf_queue verdict with a one-byte
nfta_payload attribute, an skb_pull can encounter a negative skb->len. (CVE-2022-36946)
- An issue was discovered in include/asm-generic/tlb.h in the Linux kernel before 5.19. Because of a race
condition (unmap_mapping_range versus munmap), a device driver can free a page while it still has stale
TLB entries. This only occurs in situations with VM_PFNMAP VMAs. (CVE-2022-39188)
- A flaw was found in the Linux kernel's Layer 2 Tunneling Protocol (L2TP). A missing lock when clearing
sk_user_data can lead to a race condition and NULL pointer dereference. A local user could use this flaw
to potentially crash the system causing a denial of service. (CVE-2022-4129)
- An incorrect TLB flush issue was found in the Linux kernel's GPU i915 kernel driver, potentially leading
to random memory corruption or data leaks. This flaw could allow a local user to crash the system or
escalate their privileges on the system. (CVE-2022-4139)
- An issue was discovered in the Linux kernel before 5.19.16. Attackers able to inject WLAN frames could
cause a buffer overflow in the ieee80211_bss_info_update function in net/mac80211/scan.c. (CVE-2022-41674)
- A flaw was found in the Linux kernel Traffic Control (TC) subsystem. Using a specific networking
configuration (redirecting egress packets to ingress using TC action mirred) a local unprivileged user
could trigger a CPU soft lockup (ABBA deadlock) when the transport protocol in use (TCP or SCTP) does a
retransmission, resulting in a denial of service condition. (CVE-2022-4269)
- mm/rmap.c in the Linux kernel before 5.19.7 has a use-after-free related to leaf anon_vma double reuse.
(CVE-2022-42703)
- Various refcounting bugs in the multi-BSS handling in the mac80211 stack in the Linux kernel 5.1 through
5.19.x before 5.19.16 could be used by local attackers (able to inject WLAN frames) to trigger use-after-
free conditions to potentially execute code. (CVE-2022-42720)
- A list management bug in BSS handling in the mac80211 stack in the Linux kernel 5.1 through 5.19.x before
5.19.16 could be used by local attackers (able to inject WLAN frames) to corrupt a linked list and, in
turn, potentially execute code. (CVE-2022-42721)
- In the Linux kernel 5.8 through 5.19.x before 5.19.16, local attackers able to inject WLAN frames into the
mac80211 stack could cause a NULL pointer dereference denial-of-service attack against the beacon
protection of P2P devices. (CVE-2022-42722)
- There is an infoleak vulnerability in the Linux kernel's net/bluetooth/l2cap_core.c's l2cap_parse_conf_req
function which can be used to leak kernel pointers remotely. We recommend upgrading past commit
https://github.com/torvalds/linux/commit/b1a2cd50c0357f243b7435a732b4e62ba3157a2e
https://www.google.com/url (CVE-2022-42895)
- There are use-after-free vulnerabilities in the Linux kernel's net/bluetooth/l2cap_core.c's l2cap_connect
and l2cap_le_connect_req functions which may allow code execution and leaking kernel memory (respectively)
remotely via Bluetooth. A remote attacker could execute code leaking kernel memory via Bluetooth if within
proximity of the victim. We recommend upgrading past commit https://www.google.com/url
https://github.com/torvalds/linux/commit/711f8c3fb3db61897080468586b970c87c61d9e4
https://www.google.com/url (CVE-2022-42896)
- drivers/usb/mon/mon_bin.c in usbmon in the Linux kernel before 5.19.15 and 6.x before 6.0.1 allows a user-
space client to corrupt the monitor's internal memory. (CVE-2022-43750)
- A stack overflow flaw was found in the Linux kernel's SYSCTL subsystem in how a user changes certain
kernel parameters and variables. This flaw allows a local user to crash or potentially escalate their
privileges on the system. (CVE-2022-4378)
- A use-after-free vulnerability was found in __nfs42_ssc_open() in fs/nfs/nfs4file.c in the Linux kernel.
This flaw allows an attacker to conduct a remote denial (CVE-2022-4379)
- The Linux kernel NFSD implementation prior to versions 5.19.17 and 6.0.2 are vulnerable to buffer
overflow. NFSD tracks the number of pages held by each NFSD thread by combining the receive and send
buffers of a remote procedure call (RPC) into a single array of pages. A client can force the send buffer
to shrink by sending an RPC message over TCP with garbage data added at the end of the message. The RPC
message with garbage data is still correctly formed according to the specification and is passed forward
to handlers. Vulnerable code in NFSD is not expecting the oversized request and writes beyond the
allocated buffer space. CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H (CVE-2022-43945)
- A double-free flaw was found in the Linux kernel's TUN/TAP device driver functionality in how a user
registers the device when the register_netdevice function fails (NETDEV_REGISTER notifier). This flaw
allows a local user to crash or potentially escalate their privileges on the system. (CVE-2022-4744)
- A buffer overflow vulnerability was found in the Netfilter subsystem in the Linux Kernel. This issue could
allow the leakage of both stack and heap addresses, and potentially allow Local Privilege Escalation to
the root user via arbitrary code execution. (CVE-2023-0179)
- A use after free vulnerability exists in the ALSA PCM package in the Linux Kernel.
SNDRV_CTL_IOCTL_ELEM_{READ|WRITE}32 is missing locks that can be used in a use-after-free that can result
in a priviledge escalation to gain ring0 access from the system user. We recommend upgrading past commit
56b88b50565cd8b946a2d00b0c83927b7ebb055e (CVE-2023-0266)
- A flaw was found in the Linux kernel, where unauthorized access to the execution of the setuid file with
capabilities was found in the Linux kernel's OverlayFS subsystem in how a user copies a capable file from
a nosuid mount into another mount. This uid mapping bug allows a local user to escalate their privileges
on the system. (CVE-2023-0386)
- A NULL pointer dereference flaw was found in rawv6_push_pending_frames in net/ipv6/raw.c in the network
subcomponent in the Linux kernel. This flaw causes the system to crash. (CVE-2023-0394)
- A speculative pointer dereference problem exists in the Linux Kernel on the do_prlimit() function. The
resource argument value is controlled and is used in pointer arithmetic for the 'rlim' variable and can be
used to leak the contents. We recommend upgrading past version 6.1.8 or commit
739790605705ddcf18f21782b9c99ad7d53a8c11 (CVE-2023-0458)
- A use-after-free flaw was found in qdisc_graft in net/sched/sch_api.c in the Linux Kernel due to a race
problem. This flaw leads to a denial of service issue. If patch ebda44da44f6 (net: sched: fix race
condition in qdisc_graft()) not applied yet, then kernel could be affected. (CVE-2023-0590)
- A flaw was found in the Linux kernel. A use-after-free may be triggered in asus_kbd_backlight_set when
plugging/disconnecting in a malicious USB device, which advertises itself as an Asus device. Similarly to
the previous known CVE-2023-25012, but in asus devices, the work_struct may be scheduled by the LED
controller while the device is disconnecting, triggering a use-after-free on the struct asus_kbd_leds *led
structure. A malicious USB device may exploit the issue to cause memory corruption with controlled data.
(CVE-2023-1079)
- A use-after-free flaw was found in the Linux kernel's core dump subsystem. This flaw allows a local user
to crash the system. Only if patch 390031c94211 (coredump: Use the vma snapshot in fill_files_note) not
applied yet, then kernel could be affected. (CVE-2023-1249)
- A use-after-free flaw was found in the Linux kernel's Ext4 File System in how a user triggers several file
operations simultaneously with the overlay FS usage. This flaw allows a local user to crash or potentially
escalate their privileges on the system. Only if patch 9a2544037600 (ovl: fix use after free in struct
ovl_aio_req) not applied yet, the kernel could be affected. (CVE-2023-1252)
- A flaw that boot CPU could be vulnerable for the speculative execution behavior kind of attacks in the
Linux kernel X86 CPU Power management options functionality was found in the way user resuming CPU from
suspend-to-RAM. A local user could use this flaw to potentially get unauthorized access to some memory of
the CPU similar to the speculative execution behavior kind of attacks. (CVE-2023-1637)
- A use-after-free flaw was found in nfsd4_ssc_setup_dul in fs/nfsd/nfs4proc.c in the NFS filesystem in the
Linux Kernel. This issue could allow a local attacker to crash the system or it may lead to a kernel
information leak problem. (CVE-2023-1652)
- A use-after-free flaw was found in btsdio_remove in drivers\bluetooth\btsdio.c in the Linux Kernel. In
this flaw, a call to btsdio_remove with an unfinished job, may cause a race problem leading to a UAF on
hdev devices. (CVE-2023-1989)
- A vulnerability was found in the HCI sockets implementation due to a missing capability check in
net/bluetooth/hci_sock.c in the Linux Kernel. This flaw allows an attacker to unauthorized execution of
management commands, compromising the confidentiality, integrity, and availability of Bluetooth
communication. (CVE-2023-2002)
- An out-of-bounds memory access flaw was found in the Linux kernel's XFS file system in how a user restores
an XFS image after failure (with a dirty log journal). This flaw allows a local user to crash or
potentially escalate their privileges on the system. (CVE-2023-2124)
- An out-of-bounds write vulnerability was found in the Linux kernel's SLIMpro I2C device driver. The
userspace data->block[0] variable was not capped to a number between 0-255 and was used as the size of a
memcpy, possibly writing beyond the end of dma_buffer. This flaw could allow a local privileged user to
crash the system or potentially achieve code execution. (CVE-2023-2194)
- A use-after-free vulnerability in the Linux Kernel Performance Events system can be exploited to achieve
local privilege escalation. The perf_group_detach function did not check the event's siblings'
attach_state before calling add_event_to_groups(), but remove_on_exec made it possible to call
list_del_event() on before detaching from their group, making it possible to use a dangling pointer
causing a use-after-free vulnerability. We recommend upgrading past commit
fd0815f632c24878e325821943edccc7fde947a2. (CVE-2023-2235)
- Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority because it was
the duplicate of CVE-2023-31436. (CVE-2023-2248)
- Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2023-33203. Reason: This candidate is a
reservation duplicate of CVE-2023-33203. Notes: All CVE users should reference CVE-2023-33203 instead of
this candidate. All references and descriptions in this candidate have been removed to prevent accidental
usage. (CVE-2023-2483)
- In the Linux kernel before 6.1.13, there is a double free in net/mpls/af_mpls.c upon an allocation failure
(for registering the sysctl table under a new location) during the renaming of a device. (CVE-2023-26545)
- do_tls_getsockopt in net/tls/tls_main.c in the Linux kernel through 6.2.6 lacks a lock_sock call, leading
to a race condition (with a resultant use-after-free or NULL pointer dereference). (CVE-2023-28466)
- A heap out-of-bounds write vulnerability in the Linux Kernel ipvlan network driver can be exploited to
achieve local privilege escalation. The out-of-bounds write is caused by missing skb->cb initialization in
the ipvlan network driver. The vulnerability is reachable if CONFIG_IPVLAN is enabled. We recommend
upgrading past commit 90cbed5247439a966b645b34eb0a2e037836ea8e. (CVE-2023-3090)
- Linux Kernel nftables Use-After-Free Local Privilege Escalation Vulnerability; `nft_chain_lookup_byid()`
failed to check whether a chain was active and CAP_NET_ADMIN is in any user or network namespace
(CVE-2023-31248)
- qfq_change_class in net/sched/sch_qfq.c in the Linux kernel before 6.2.13 allows an out-of-bounds write
because lmax can exceed QFQ_MIN_LMAX. (CVE-2023-31436)
- A flaw was found in the Framebuffer Console (fbcon) in the Linux Kernel. When providing font->width and
font->height greater than 32 to fbcon_set_font, since there are no checks in place, a shift-out-of-bounds
occurs leading to undefined behavior and possible denial of service. (CVE-2023-3161)
- A NULL pointer dereference issue was found in the gfs2 file system in the Linux kernel. It occurs on
corrupt gfs2 file systems when the evict code tries to reference the journal descriptor structure after it
has been freed and set to NULL. A privileged local user could use this flaw to cause a kernel panic.
(CVE-2023-3212)
- In the Linux kernel through 6.3.1, a use-after-free in Netfilter nf_tables when processing batch requests
can be abused to perform arbitrary read and write operations on kernel memory. Unprivileged local users
can obtain root privileges. This occurs because anonymous sets are mishandled. (CVE-2023-32233)
- Linux Kernel nftables Out-Of-Bounds Read/Write Vulnerability; nft_byteorder poorly handled vm register
contents when CAP_NET_ADMIN is in any user or network namespace (CVE-2023-35001)
- An issue was discovered in fl_set_geneve_opt in net/sched/cls_flower.c in the Linux kernel before 6.3.7.
It allows an out-of-bounds write in the flower classifier code via TCA_FLOWER_KEY_ENC_OPTS_GENEVE packets.
This may result in denial of service or privilege escalation. (CVE-2023-35788)
Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version
number.");
script_set_attribute(attribute:"see_also", value:"https://kojihub.stream.centos.org/koji/buildinfo?buildID=35523");
script_set_attribute(attribute:"solution", value:
"Update the CentOS 9 Stream bpftool package.");
script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:S/C:C/I:C/A:C");
script_set_cvss_temporal_vector("CVSS2#E:H/RL:OF/RC:C");
script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H");
script_set_cvss3_temporal_vector("CVSS:3.0/E:H/RL:O/RC:C");
script_set_attribute(attribute:"cvss_score_source", value:"CVE-2022-0435");
script_set_attribute(attribute:"cvss3_score_source", value:"CVE-2021-43267");
script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
script_set_attribute(attribute:"exploit_available", value:"true");
script_set_attribute(attribute:"exploit_framework_core", value:"true");
script_set_attribute(attribute:"exploited_by_malware", value:"true");
script_set_attribute(attribute:"metasploit_name", value:'vmwgfx Driver File Descriptor Handling Priv Esc');
script_set_attribute(attribute:"exploit_framework_metasploit", value:"true");
script_set_attribute(attribute:"exploit_framework_canvas", value:"true");
script_set_attribute(attribute:"canvas_package", value:"CANVAS");
script_set_attribute(attribute:"vuln_publication_date", value:"2021/01/11");
script_set_attribute(attribute:"patch_publication_date", value:"2023/07/28");
script_set_attribute(attribute:"plugin_publication_date", value:"2024/02/29");
script_set_attribute(attribute:"plugin_type", value:"local");
script_set_attribute(attribute:"cpe", value:"cpe:/a:centos:centos:9");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:bpftool");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:kernel");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:kernel-64k");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:kernel-64k-core");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:kernel-64k-debug");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:kernel-64k-debug-core");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:kernel-64k-debug-devel");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:kernel-64k-debug-devel-matched");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:kernel-64k-debug-modules");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:kernel-64k-debug-modules-core");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:kernel-64k-debug-modules-extra");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:kernel-64k-debug-modules-internal");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:kernel-64k-debug-modules-partner");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:kernel-64k-devel");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:kernel-64k-devel-matched");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:kernel-64k-modules");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:kernel-64k-modules-core");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:kernel-64k-modules-extra");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:kernel-64k-modules-internal");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:kernel-64k-modules-partner");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:kernel-abi-stablelists");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:kernel-core");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:kernel-cross-headers");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:kernel-debug");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:kernel-debug-core");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:kernel-debug-devel");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:kernel-debug-devel-matched");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:kernel-debug-modules");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:kernel-debug-modules-core");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:kernel-debug-modules-extra");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:kernel-debug-modules-internal");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:kernel-debug-modules-partner");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:kernel-debug-uki-virt");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:kernel-devel");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:kernel-devel-matched");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:kernel-headers");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:kernel-ipaclones-internal");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:kernel-modules");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:kernel-modules-core");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:kernel-modules-extra");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:kernel-modules-internal");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:kernel-modules-partner");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:kernel-rt");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:kernel-rt-core");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:kernel-rt-debug");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:kernel-rt-debug-core");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:kernel-rt-debug-devel");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:kernel-rt-debug-devel-matched");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:kernel-rt-debug-kvm");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:kernel-rt-debug-modules");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:kernel-rt-debug-modules-core");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:kernel-rt-debug-modules-extra");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:kernel-rt-debug-modules-internal");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:kernel-rt-debug-modules-partner");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:kernel-rt-devel");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:kernel-rt-devel-matched");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:kernel-rt-kvm");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:kernel-rt-modules");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:kernel-rt-modules-core");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:kernel-rt-modules-extra");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:kernel-rt-modules-internal");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:kernel-rt-modules-partner");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:kernel-selftests-internal");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:kernel-tools");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:kernel-tools-libs");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:kernel-tools-libs-devel");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:kernel-uki-virt");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:kernel-zfcpdump");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:kernel-zfcpdump-core");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:kernel-zfcpdump-devel");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:kernel-zfcpdump-devel-matched");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:kernel-zfcpdump-modules");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:kernel-zfcpdump-modules-core");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:kernel-zfcpdump-modules-extra");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:kernel-zfcpdump-modules-internal");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:kernel-zfcpdump-modules-partner");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:libperf");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:libperf-devel");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:perf");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:python3-perf");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:rtla");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:rv");
script_set_attribute(attribute:"generated_plugin", value:"current");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_family(english:"CentOS Local Security Checks");
script_copyright(english:"This script is Copyright (C) 2024 and is owned by Tenable, Inc. or an Affiliate thereof.");
script_dependencies("ssh_get_info.nasl");
script_require_keys("Host/local_checks_enabled", "Host/CentOS/release", "Host/CentOS/rpm-list", "Host/cpu");
exit(0);
}
include('rpm.inc');
include('rhel.inc');
if (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
var os_release = get_kb_item('Host/CentOS/release');
if (isnull(os_release) || 'CentOS' >!< os_release) audit(AUDIT_OS_NOT, 'CentOS');
var os_ver = pregmatch(pattern: "CentOS(?: Stream)?(?: Linux)? release ([0-9]+)", string:os_release);
if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'CentOS');
os_ver = os_ver[1];
if (!rhel_check_release(operator: 'ge', os_version: os_ver, rhel_version: '9')) audit(AUDIT_OS_NOT, 'CentOS 9.x', 'CentOS ' + os_ver);
if (!get_kb_item('Host/CentOS/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);
var cpu = get_kb_item('Host/cpu');
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if ('x86_64' >!< cpu && cpu !~ "^i[3-6]86$" && 's390' >!< cpu && 'aarch64' >!< cpu && 'ppc' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'CentOS', cpu);
var pkgs = [
{'reference':'bpftool-7.2.0-347.el9', 'cpu':'aarch64', 'release':'9', 'rpm_spec_vers_cmp':TRUE},
{'reference':'bpftool-7.2.0-347.el9', 'cpu':'s390x', 'release':'9', 'rpm_spec_vers_cmp':TRUE},
{'reference':'bpftool-7.2.0-347.el9', 'cpu':'x86_64', 'release':'9', 'rpm_spec_vers_cmp':TRUE},
{'reference':'kernel-5.14.0-347.el9', 'cpu':'aarch64', 'release':'9', 'rpm_spec_vers_cmp':TRUE},
{'reference':'kernel-5.14.0-347.el9', 'cpu':'s390x', 'release':'9', 'rpm_spec_vers_cmp':TRUE},
{'reference':'kernel-5.14.0-347.el9', 'cpu':'x86_64', 'release':'9', 'rpm_spec_vers_cmp':TRUE},
{'reference':'kernel-64k-5.14.0-347.el9', 'cpu':'aarch64', 'release':'9', 'rpm_spec_vers_cmp':TRUE},
{'reference':'kernel-64k-core-5.14.0-347.el9', 'cpu':'aarch64', 'release':'9', 'rpm_spec_vers_cmp':TRUE},
{'reference':'kernel-64k-debug-5.14.0-347.el9', 'cpu':'aarch64', 'release':'9', 'rpm_spec_vers_cmp':TRUE},
{'reference':'kernel-64k-debug-core-5.14.0-347.el9', 'cpu':'aarch64', 'release':'9', 'rpm_spec_vers_cmp':TRUE},
{'reference':'kernel-64k-debug-devel-5.14.0-347.el9', 'cpu':'aarch64', 'release':'9', 'rpm_spec_vers_cmp':TRUE},
{'reference':'kernel-64k-debug-devel-matched-5.14.0-347.el9', 'cpu':'aarch64', 'release':'9', 'rpm_spec_vers_cmp':TRUE},
{'reference':'kernel-64k-debug-modules-5.14.0-347.el9', 'cpu':'aarch64', 'release':'9', 'rpm_spec_vers_cmp':TRUE},
{'reference':'kernel-64k-debug-modules-core-5.14.0-347.el9', 'cpu':'aarch64', 'release':'9', 'rpm_spec_vers_cmp':TRUE},
{'reference':'kernel-64k-debug-modules-extra-5.14.0-347.el9', 'cpu':'aarch64', 'release':'9', 'rpm_spec_vers_cmp':TRUE},
{'reference':'kernel-64k-debug-modules-internal-5.14.0-347.el9', 'cpu':'aarch64', 'release':'9', 'rpm_spec_vers_cmp':TRUE},
{'reference':'kernel-64k-debug-modules-partner-5.14.0-347.el9', 'cpu':'aarch64', 'release':'9', 'rpm_spec_vers_cmp':TRUE},
{'reference':'kernel-64k-devel-5.14.0-347.el9', 'cpu':'aarch64', 'release':'9', 'rpm_spec_vers_cmp':TRUE},
{'reference':'kernel-64k-devel-matched-5.14.0-347.el9', 'cpu':'aarch64', 'release':'9', 'rpm_spec_vers_cmp':TRUE},
{'reference':'kernel-64k-modules-5.14.0-347.el9', 'cpu':'aarch64', 'release':'9', 'rpm_spec_vers_cmp':TRUE},
{'reference':'kernel-64k-modules-core-5.14.0-347.el9', 'cpu':'aarch64', 'release':'9', 'rpm_spec_vers_cmp':TRUE},
{'reference':'kernel-64k-modules-extra-5.14.0-347.el9', 'cpu':'aarch64', 'release':'9', 'rpm_spec_vers_cmp':TRUE},
{'reference':'kernel-64k-modules-internal-5.14.0-347.el9', 'cpu':'aarch64', 'release':'9', 'rpm_spec_vers_cmp':TRUE},
{'reference':'kernel-64k-modules-partner-5.14.0-347.el9', 'cpu':'aarch64', 'release':'9', 'rpm_spec_vers_cmp':TRUE},
{'reference':'kernel-abi-stablelists-5.14.0-347.el9', 'release':'9', 'rpm_spec_vers_cmp':TRUE},
{'reference':'kernel-core-5.14.0-347.el9', 'cpu':'aarch64', 'release':'9', 'rpm_spec_vers_cmp':TRUE},
{'reference':'kernel-core-5.14.0-347.el9', 'cpu':'s390x', 'release':'9', 'rpm_spec_vers_cmp':TRUE},
{'reference':'kernel-core-5.14.0-347.el9', 'cpu':'x86_64', 'release':'9', 'rpm_spec_vers_cmp':TRUE},
{'reference':'kernel-cross-headers-5.14.0-347.el9', 'release':'9', 'rpm_spec_vers_cmp':TRUE},
{'reference':'kernel-debug-5.14.0-347.el9', 'cpu':'aarch64', 'release':'9', 'rpm_spec_vers_cmp':TRUE},
{'reference':'kernel-debug-5.14.0-347.el9', 'cpu':'s390x', 'release':'9', 'rpm_spec_vers_cmp':TRUE},
{'reference':'kernel-debug-5.14.0-347.el9', 'cpu':'x86_64', 'release':'9', 'rpm_spec_vers_cmp':TRUE},
{'reference':'kernel-debug-core-5.14.0-347.el9', 'cpu':'aarch64', 'release':'9', 'rpm_spec_vers_cmp':TRUE},
{'reference':'kernel-debug-core-5.14.0-347.el9', 'cpu':'s390x', 'release':'9', 'rpm_spec_vers_cmp':TRUE},
{'reference':'kernel-debug-core-5.14.0-347.el9', 'cpu':'x86_64', 'release':'9', 'rpm_spec_vers_cmp':TRUE},
{'reference':'kernel-debug-devel-5.14.0-347.el9', 'cpu':'aarch64', 'release':'9', 'rpm_spec_vers_cmp':TRUE},
{'reference':'kernel-debug-devel-5.14.0-347.el9', 'cpu':'s390x', 'release':'9', 'rpm_spec_vers_cmp':TRUE},
{'reference':'kernel-debug-devel-5.14.0-347.el9', 'cpu':'x86_64', 'release':'9', 'rpm_spec_vers_cmp':TRUE},
{'reference':'kernel-debug-devel-matched-5.14.0-347.el9', 'cpu':'aarch64', 'release':'9', 'rpm_spec_vers_cmp':TRUE},
{'reference':'kernel-debug-devel-matched-5.14.0-347.el9', 'cpu':'s390x', 'release':'9', 'rpm_spec_vers_cmp':TRUE},
{'reference':'kernel-debug-devel-matched-5.14.0-347.el9', 'cpu':'x86_64', 'release':'9', 'rpm_spec_vers_cmp':TRUE},
{'reference':'kernel-debug-modules-5.14.0-347.el9', 'cpu':'aarch64', 'release':'9', 'rpm_spec_vers_cmp':TRUE},
{'reference':'kernel-debug-modules-5.14.0-347.el9', 'cpu':'s390x', 'release':'9', 'rpm_spec_vers_cmp':TRUE},
{'reference':'kernel-debug-modules-5.14.0-347.el9', 'cpu':'x86_64', 'release':'9', 'rpm_spec_vers_cmp':TRUE},
{'reference':'kernel-debug-modules-core-5.14.0-347.el9', 'cpu':'aarch64', 'release':'9', 'rpm_spec_vers_cmp':TRUE},
{'reference':'kernel-debug-modules-core-5.14.0-347.el9', 'cpu':'s390x', 'release':'9', 'rpm_spec_vers_cmp':TRUE},
{'reference':'kernel-debug-modules-core-5.14.0-347.el9', 'cpu':'x86_64', 'release':'9', 'rpm_spec_vers_cmp':TRUE},
{'reference':'kernel-debug-modules-extra-5.14.0-347.el9', 'cpu':'aarch64', 'release':'9', 'rpm_spec_vers_cmp':TRUE},
{'reference':'kernel-debug-modules-extra-5.14.0-347.el9', 'cpu':'s390x', 'release':'9', 'rpm_spec_vers_cmp':TRUE},
{'reference':'kernel-debug-modules-extra-5.14.0-347.el9', 'cpu':'x86_64', 'release':'9', 'rpm_spec_vers_cmp':TRUE},
{'reference':'kernel-debug-modules-internal-5.14.0-347.el9', 'cpu':'aarch64', 'release':'9', 'rpm_spec_vers_cmp':TRUE},
{'reference':'kernel-debug-modules-internal-5.14.0-347.el9', 'cpu':'s390x', 'release':'9', 'rpm_spec_vers_cmp':TRUE},
{'reference':'kernel-debug-modules-internal-5.14.0-347.el9', 'cpu':'x86_64', 'release':'9', 'rpm_spec_vers_cmp':TRUE},
{'reference':'kernel-debug-modules-partner-5.14.0-347.el9', 'cpu':'aarch64', 'release':'9', 'rpm_spec_vers_cmp':TRUE},
{'reference':'kernel-debug-modules-partner-5.14.0-347.el9', 'cpu':'s390x', 'release':'9', 'rpm_spec_vers_cmp':TRUE},
{'reference':'kernel-debug-modules-partner-5.14.0-347.el9', 'cpu':'x86_64', 'release':'9', 'rpm_spec_vers_cmp':TRUE},
{'reference':'kernel-debug-uki-virt-5.14.0-347.el9', 'cpu':'x86_64', 'release':'9', 'rpm_spec_vers_cmp':TRUE},
{'reference':'kernel-devel-5.14.0-347.el9', 'cpu':'aarch64', 'release':'9', 'rpm_spec_vers_cmp':TRUE},
{'reference':'kernel-devel-5.14.0-347.el9', 'cpu':'s390x', 'release':'9', 'rpm_spec_vers_cmp':TRUE},
{'reference':'kernel-devel-5.14.0-347.el9', 'cpu':'x86_64', 'release':'9', 'rpm_spec_vers_cmp':TRUE},
{'reference':'kernel-devel-matched-5.14.0-347.el9', 'cpu':'aarch64', 'release':'9', 'rpm_spec_vers_cmp':TRUE},
{'reference':'kernel-devel-matched-5.14.0-347.el9', 'cpu':'s390x', 'release':'9', 'rpm_spec_vers_cmp':TRUE},
{'reference':'kernel-devel-matched-5.14.0-347.el9', 'cpu':'x86_64', 'release':'9', 'rpm_spec_vers_cmp':TRUE},
{'reference':'kernel-headers-5.14.0-347.el9', 'release':'9', 'rpm_spec_vers_cmp':TRUE},
{'reference':'kernel-ipaclones-internal-5.14.0-347.el9', 'cpu':'x86_64', 'release':'9', 'rpm_spec_vers_cmp':TRUE},
{'reference':'kernel-modules-5.14.0-347.el9', 'cpu':'aarch64', 'release':'9', 'rpm_spec_vers_cmp':TRUE},
{'reference':'kernel-modules-5.14.0-347.el9', 'cpu':'s390x', 'release':'9', 'rpm_spec_vers_cmp':TRUE},
{'reference':'kernel-modules-5.14.0-347.el9', 'cpu':'x86_64', 'release':'9', 'rpm_spec_vers_cmp':TRUE},
{'reference':'kernel-modules-core-5.14.0-347.el9', 'cpu':'aarch64', 'release':'9', 'rpm_spec_vers_cmp':TRUE},
{'reference':'kernel-modules-core-5.14.0-347.el9', 'cpu':'s390x', 'release':'9', 'rpm_spec_vers_cmp':TRUE},
{'reference':'kernel-modules-core-5.14.0-347.el9', 'cpu':'x86_64', 'release':'9', 'rpm_spec_vers_cmp':TRUE},
{'reference':'kernel-modules-extra-5.14.0-347.el9', 'cpu':'aarch64', 'release':'9', 'rpm_spec_vers_cmp':TRUE},
{'reference':'kernel-modules-extra-5.14.0-347.el9', 'cpu':'s390x', 'release':'9', 'rpm_spec_vers_cmp':TRUE},
{'reference':'kernel-modules-extra-5.14.0-347.el9', 'cpu':'x86_64', 'release':'9', 'rpm_spec_vers_cmp':TRUE},
{'reference':'kernel-modules-internal-5.14.0-347.el9', 'cpu':'aarch64', 'release':'9', 'rpm_spec_vers_cmp':TRUE},
{'reference':'kernel-modules-internal-5.14.0-347.el9', 'cpu':'s390x', 'release':'9', 'rpm_spec_vers_cmp':TRUE},
{'reference':'kernel-modules-internal-5.14.0-347.el9', 'cpu':'x86_64', 'release':'9', 'rpm_spec_vers_cmp':TRUE},
{'reference':'kernel-modules-partner-5.14.0-347.el9', 'cpu':'aarch64', 'release':'9', 'rpm_spec_vers_cmp':TRUE},
{'reference':'kernel-modules-partner-5.14.0-347.el9', 'cpu':'s390x', 'release':'9', 'rpm_spec_vers_cmp':TRUE},
{'reference':'kernel-modules-partner-5.14.0-347.el9', 'cpu':'x86_64', 'release':'9', 'rpm_spec_vers_cmp':TRUE},
{'reference':'kernel-rt-5.14.0-347.el9', 'cpu':'aarch64', 'release':'9', 'rpm_spec_vers_cmp':TRUE},
{'reference':'kernel-rt-5.14.0-347.el9', 'cpu':'x86_64', 'release':'9', 'rpm_spec_vers_cmp':TRUE},
{'reference':'kernel-rt-core-5.14.0-347.el9', 'cpu':'aarch64', 'release':'9', 'rpm_spec_vers_cmp':TRUE},
{'reference':'kernel-rt-core-5.14.0-347.el9', 'cpu':'x86_64', 'release':'9', 'rpm_spec_vers_cmp':TRUE},
{'reference':'kernel-rt-debug-5.14.0-347.el9', 'cpu':'aarch64', 'release':'9', 'rpm_spec_vers_cmp':TRUE},
{'reference':'kernel-rt-debug-5.14.0-347.el9', 'cpu':'x86_64', 'release':'9', 'rpm_spec_vers_cmp':TRUE},
{'reference':'kernel-rt-debug-core-5.14.0-347.el9', 'cpu':'aarch64', 'release':'9', 'rpm_spec_vers_cmp':TRUE},
{'reference':'kernel-rt-debug-core-5.14.0-347.el9', 'cpu':'x86_64', 'release':'9', 'rpm_spec_vers_cmp':TRUE},
{'reference':'kernel-rt-debug-devel-5.14.0-347.el9', 'cpu':'aarch64', 'release':'9', 'rpm_spec_vers_cmp':TRUE},
{'reference':'kernel-rt-debug-devel-5.14.0-347.el9', 'cpu':'x86_64', 'release':'9', 'rpm_spec_vers_cmp':TRUE},
{'reference':'kernel-rt-debug-devel-matched-5.14.0-347.el9', 'cpu':'aarch64', 'release':'9', 'rpm_spec_vers_cmp':TRUE},
{'reference':'kernel-rt-debug-devel-matched-5.14.0-347.el9', 'cpu':'x86_64', 'release':'9', 'rpm_spec_vers_cmp':TRUE},
{'reference':'kernel-rt-debug-kvm-5.14.0-347.el9', 'cpu':'aarch64', 'release':'9', 'rpm_spec_vers_cmp':TRUE},
{'reference':'kernel-rt-debug-kvm-5.14.0-347.el9', 'cpu':'x86_64', 'release':'9', 'rpm_spec_vers_cmp':TRUE},
{'reference':'kernel-rt-debug-modules-5.14.0-347.el9', 'cpu':'aarch64', 'release':'9', 'rpm_spec_vers_cmp':TRUE},
{'reference':'kernel-rt-debug-modules-5.14.0-347.el9', 'cpu':'x86_64', 'release':'9', 'rpm_spec_vers_cmp':TRUE},
{'reference':'kernel-rt-debug-modules-core-5.14.0-347.el9', 'cpu':'aarch64', 'release':'9', 'rpm_spec_vers_cmp':TRUE},
{'reference':'kernel-rt-debug-modules-core-5.14.0-347.el9', 'cpu':'x86_64', 'release':'9', 'rpm_spec_vers_cmp':TRUE},
{'reference':'kernel-rt-debug-modules-extra-5.14.0-347.el9', 'cpu':'aarch64', 'release':'9', 'rpm_spec_vers_cmp':TRUE},
{'reference':'kernel-rt-debug-modules-extra-5.14.0-347.el9', 'cpu':'x86_64', 'release':'9', 'rpm_spec_vers_cmp':TRUE},
{'reference':'kernel-rt-debug-modules-internal-5.14.0-347.el9', 'cpu':'aarch64', 'release':'9', 'rpm_spec_vers_cmp':TRUE},
{'reference':'kernel-rt-debug-modules-internal-5.14.0-347.el9', 'cpu':'x86_64', 'release':'9', 'rpm_spec_vers_cmp':TRUE},
{'reference':'kernel-rt-debug-modules-partner-5.14.0-347.el9', 'cpu':'aarch64', 'release':'9', 'rpm_spec_vers_cmp':TRUE},
{'reference':'kernel-rt-debug-modules-partner-5.14.0-347.el9', 'cpu':'x86_64', 'release':'9', 'rpm_spec_vers_cmp':TRUE},
{'reference':'kernel-rt-devel-5.14.0-347.el9', 'cpu':'aarch64', 'release':'9', 'rpm_spec_vers_cmp':TRUE},
{'reference':'kernel-rt-devel-5.14.0-347.el9', 'cpu':'x86_64', 'release':'9', 'rpm_spec_vers_cmp':TRUE},
{'reference':'kernel-rt-devel-matched-5.14.0-347.el9', 'cpu':'aarch64', 'release':'9', 'rpm_spec_vers_cmp':TRUE},
{'reference':'kernel-rt-devel-matched-5.14.0-347.el9', 'cpu':'x86_64', 'release':'9', 'rpm_spec_vers_cmp':TRUE},
{'reference':'kernel-rt-kvm-5.14.0-347.el9', 'cpu':'aarch64', 'release':'9', 'rpm_spec_vers_cmp':TRUE},
{'reference':'kernel-rt-kvm-5.14.0-347.el9', 'cpu':'x86_64', 'release':'9', 'rpm_spec_vers_cmp':TRUE},
{'reference':'kernel-rt-modules-5.14.0-347.el9', 'cpu':'aarch64', 'release':'9', 'rpm_spec_vers_cmp':TRUE},
{'reference':'kernel-rt-modules-5.14.0-347.el9', 'cpu':'x86_64', 'release':'9', 'rpm_spec_vers_cmp':TRUE},
{'reference':'kernel-rt-modules-core-5.14.0-347.el9', 'cpu':'aarch64', 'release':'9', 'rpm_spec_vers_cmp':TRUE},
{'reference':'kernel-rt-modules-core-5.14.0-347.el9', 'cpu':'x86_64', 'release':'9', 'rpm_spec_vers_cmp':TRUE},
{'reference':'kernel-rt-modules-extra-5.14.0-347.el9', 'cpu':'aarch64', 'release':'9', 'rpm_spec_vers_cmp':TRUE},
{'reference':'kernel-rt-modules-extra-5.14.0-347.el9', 'cpu':'x86_64', 'release':'9', 'rpm_spec_vers_cmp':TRUE},
{'reference':'kernel-rt-modules-internal-5.14.0-347.el9', 'cpu':'aarch64', 'release':'9', 'rpm_spec_vers_cmp':TRUE},
{'reference':'kernel-rt-modules-internal-5.14.0-347.el9', 'cpu':'x86_64', 'release':'9', 'rpm_spec_vers_cmp':TRUE},
{'reference':'kernel-rt-modules-partner-5.14.0-347.el9', 'cpu':'aarch64', 'release':'9', 'rpm_spec_vers_cmp':TRUE},
{'reference':'kernel-rt-modules-partner-5.14.0-347.el9', 'cpu':'x86_64', 'release':'9', 'rpm_spec_vers_cmp':TRUE},
{'reference':'kernel-selftests-internal-5.14.0-347.el9', 'cpu':'aarch64', 'release':'9', 'rpm_spec_vers_cmp':TRUE},
{'reference':'kernel-selftests-internal-5.14.0-347.el9', 'cpu':'s390x', 'release':'9', 'rpm_spec_vers_cmp':TRUE},
{'reference':'kernel-selftests-internal-5.14.0-347.el9', 'cpu':'x86_64', 'release':'9', 'rpm_spec_vers_cmp':TRUE},
{'reference':'kernel-tools-5.14.0-347.el9', 'cpu':'aarch64', 'release':'9', 'rpm_spec_vers_cmp':TRUE},
{'reference':'kernel-tools-5.14.0-347.el9', 'cpu':'s390x', 'release':'9', 'rpm_spec_vers_cmp':TRUE},
{'reference':'kernel-tools-5.14.0-347.el9', 'cpu':'x86_64', 'release':'9', 'rpm_spec_vers_cmp':TRUE},
{'reference':'kernel-tools-libs-5.14.0-347.el9', 'cpu':'aarch64', 'release':'9', 'rpm_spec_vers_cmp':TRUE},
{'reference':'kernel-tools-libs-5.14.0-347.el9', 'cpu':'x86_64', 'release':'9', 'rpm_spec_vers_cmp':TRUE},
{'reference':'kernel-tools-libs-devel-5.14.0-347.el9', 'cpu':'aarch64', 'release':'9', 'rpm_spec_vers_cmp':TRUE},
{'reference':'kernel-tools-libs-devel-5.14.0-347.el9', 'cpu':'x86_64', 'release':'9', 'rpm_spec_vers_cmp':TRUE},
{'reference':'kernel-uki-virt-5.14.0-347.el9', 'cpu':'x86_64', 'release':'9', 'rpm_spec_vers_cmp':TRUE},
{'reference':'kernel-zfcpdump-5.14.0-347.el9', 'cpu':'s390x', 'release':'9', 'rpm_spec_vers_cmp':TRUE},
{'reference':'kernel-zfcpdump-core-5.14.0-347.el9', 'cpu':'s390x', 'release':'9', 'rpm_spec_vers_cmp':TRUE},
{'reference':'kernel-zfcpdump-devel-5.14.0-347.el9', 'cpu':'s390x', 'release':'9', 'rpm_spec_vers_cmp':TRUE},
{'reference':'kernel-zfcpdump-devel-matched-5.14.0-347.el9', 'cpu':'s390x', 'release':'9', 'rpm_spec_vers_cmp':TRUE},
{'reference':'kernel-zfcpdump-modules-5.14.0-347.el9', 'cpu':'s390x', 'release':'9', 'rpm_spec_vers_cmp':TRUE},
{'reference':'kernel-zfcpdump-modules-core-5.14.0-347.el9', 'cpu':'s390x', 'release':'9', 'rpm_spec_vers_cmp':TRUE},
{'reference':'kernel-zfcpdump-modules-extra-5.14.0-347.el9', 'cpu':'s390x', 'release':'9', 'rpm_spec_vers_cmp':TRUE},
{'reference':'kernel-zfcpdump-modules-internal-5.14.0-347.el9', 'cpu':'s390x', 'release':'9', 'rpm_spec_vers_cmp':TRUE},
{'reference':'kernel-zfcpdump-modules-partner-5.14.0-347.el9', 'cpu':'s390x', 'release':'9', 'rpm_spec_vers_cmp':TRUE},
{'reference':'libperf-5.14.0-347.el9', 'cpu':'aarch64', 'release':'9', 'rpm_spec_vers_cmp':TRUE},
{'reference':'libperf-5.14.0-347.el9', 'cpu':'s390x', 'release':'9', 'rpm_spec_vers_cmp':TRUE},
{'reference':'libperf-5.14.0-347.el9', 'cpu':'x86_64', 'release':'9', 'rpm_spec_vers_cmp':TRUE},
{'reference':'libperf-devel-5.14.0-347.el9', 'cpu':'aarch64', 'release':'9', 'rpm_spec_vers_cmp':TRUE},
{'reference':'libperf-devel-5.14.0-347.el9', 'cpu':'s390x', 'release':'9', 'rpm_spec_vers_cmp':TRUE},
{'reference':'libperf-devel-5.14.0-347.el9', 'cpu':'x86_64', 'release':'9', 'rpm_spec_vers_cmp':TRUE},
{'reference':'perf-5.14.0-347.el9', 'cpu':'aarch64', 'release':'9', 'rpm_spec_vers_cmp':TRUE},
{'reference':'perf-5.14.0-347.el9', 'cpu':'s390x', 'release':'9', 'rpm_spec_vers_cmp':TRUE},
{'reference':'perf-5.14.0-347.el9', 'cpu':'x86_64', 'release':'9', 'rpm_spec_vers_cmp':TRUE},
{'reference':'python3-perf-5.14.0-347.el9', 'cpu':'aarch64', 'release':'9', 'rpm_spec_vers_cmp':TRUE},
{'reference':'python3-perf-5.14.0-347.el9', 'cpu':'s390x', 'release':'9', 'rpm_spec_vers_cmp':TRUE},
{'reference':'python3-perf-5.14.0-347.el9', 'cpu':'x86_64', 'release':'9', 'rpm_spec_vers_cmp':TRUE},
{'reference':'rtla-5.14.0-347.el9', 'cpu':'aarch64', 'release':'9', 'rpm_spec_vers_cmp':TRUE},
{'reference':'rtla-5.14.0-347.el9', 'cpu':'s390x', 'release':'9', 'rpm_spec_vers_cmp':TRUE},
{'reference':'rtla-5.14.0-347.el9', 'cpu':'x86_64', 'release':'9', 'rpm_spec_vers_cmp':TRUE},
{'reference':'rv-5.14.0-347.el9', 'cpu':'aarch64', 'release':'9', 'rpm_spec_vers_cmp':TRUE},
{'reference':'rv-5.14.0-347.el9', 'cpu':'s390x', 'release':'9', 'rpm_spec_vers_cmp':TRUE},
{'reference':'rv-5.14.0-347.el9', 'cpu':'x86_64', 'release':'9', 'rpm_spec_vers_cmp':TRUE}
];
var flag = 0;
foreach var package_array ( pkgs ) {
var reference = NULL;
var _release = NULL;
var sp = NULL;
var _cpu = NULL;
var el_string = NULL;
var rpm_spec_vers_cmp = NULL;
var epoch = NULL;
var allowmaj = NULL;
if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];
if (!empty_or_null(package_array['release'])) _release = 'CentOS-' + package_array['release'];
if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];
if (!empty_or_null(package_array['cpu'])) _cpu = package_array['cpu'];
if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string'];
if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];
if (!empty_or_null(package_array['epoch'])) epoch = package_array['epoch'];
if (!empty_or_null(package_array['allowmaj'])) allowmaj = package_array['allowmaj'];
if (reference && _release) {
if (rpm_check(release:_release, sp:sp, cpu:_cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;
}
}
if (flag)
{
security_report_v4(
port : 0,
severity : SECURITY_HOLE,
extra : rpm_report_get()
);
exit(0);
}
else
{
var tested = pkg_tests_get();
if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'bpftool / kernel / kernel-64k / kernel-64k-core / kernel-64k-debug / etc');
}
Vendor | Product | Version | CPE |
---|---|---|---|
centos | centos | 9 | cpe:/a:centos:centos:9 |
centos | centos | bpftool | p-cpe:/a:centos:centos:bpftool |
centos | centos | kernel | p-cpe:/a:centos:centos:kernel |
centos | centos | kernel-64k | p-cpe:/a:centos:centos:kernel-64k |
centos | centos | kernel-64k-core | p-cpe:/a:centos:centos:kernel-64k-core |
centos | centos | kernel-64k-debug | p-cpe:/a:centos:centos:kernel-64k-debug |
centos | centos | kernel-64k-debug-core | p-cpe:/a:centos:centos:kernel-64k-debug-core |
centos | centos | kernel-64k-debug-devel | p-cpe:/a:centos:centos:kernel-64k-debug-devel |
centos | centos | kernel-64k-debug-devel-matched | p-cpe:/a:centos:centos:kernel-64k-debug-devel-matched |
centos | centos | kernel-64k-debug-modules | p-cpe:/a:centos:centos:kernel-64k-debug-modules |
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-27820
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-36516
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-20322
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-22600
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-26341
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-26401
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-33655
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3669
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3744
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3759
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3764
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3772
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3773
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-4001
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-4002
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-4028
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-4083
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-4155
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-41864
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-4197
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-4203
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43267
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43389
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44733
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0001
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0002
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0185
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0330
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0435
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0492
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0617
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0742
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0847
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0854
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0995
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1011
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1012
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1015
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1016
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1462
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1679
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1729
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1882
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1966
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1998
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-20141
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2078
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-21123
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-21125
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-21166
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-21499
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-21505
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2196
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22942
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23816
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23825
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23960
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24122
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-25636
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2585
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2586
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2590
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-26373
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-27666
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-28390
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2873
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2959
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2964
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-29900
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-29901
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3028
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-30594
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3077
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-33743
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-34918
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3522
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3564
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3594
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3619
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3628
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-36946
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-39188
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-4129
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-4139
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41674
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-4269
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-42703
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-42720
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-42721
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-42722
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-42895
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-42896
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-43750
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-4378
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-4379
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-43945
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-4744
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0179
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0266
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0386
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0394
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0458
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0590
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1079
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1249
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1252
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1637
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1652
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1989
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-2002
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-2124
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-2194
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-2235
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-2248
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-2483
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-26545
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-28466
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-3090
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-31248
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-31436
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-3161
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-3212
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-32233
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-35001
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-35788
kojihub.stream.centos.org/koji/buildinfo?buildID=35523