Lucene search
This script is Copyright (C) 2024 and is owned by Tenable, Inc. or an Affiliate thereof.FEDORA_2024-0F89E13079.NASLHistoryFeb 02, 2024 - 12:00 a.m.
Fedora 38 : kernel (2024-0f89e13079)
2024-02-0200:00:00
This script is Copyright (C) 2024 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
10
fedora 38 kernel
nvme driver
multiple vulnerabilities
null pointer dereference
denial of service
linux
tcp packages
cve-2023-6535
cve-2023-6536
cve-2023-6356
xen's virtual network protocol
skb fragments
nessus scanner
7.7 High
AI Score
Confidence
High
The remote Fedora 38 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2024-0f89e13079 advisory.
-
A flaw was found in the Linux kernel’s NVMe driver. This issue may allow an unauthenticated malicious actor to send a set of crafted TCP packages when using NVMe over TCP, leading the NVMe driver to a NULL pointer dereference in the NVMe driver, causing kernel panic and a denial of service. (CVE-2023-6535, CVE-2023-6536)
-
A flaw was found in the Linux kernel’s NVMe driver. This issue may allow an unauthenticated malicious actor to send a set of crafted TCP packages when using NVMe over TCP, leading the NVMe driver to a NULL pointer dereference in the NVMe driver and causing kernel panic and a denial of service. (CVE-2023-6356)
-
Transmit requests in Xen’s virtual network protocol can consist of multiple parts. While not really useful, except for the initial part any of them may be of zero length, i.e. carry no data at all. Besides a certain initial portion of the to be transferred data, these parts are directly translated into what Linux calls SKB fragments. Such converted request parts can, when for a particular SKB they are all of length zero, lead to a de-reference of NULL in core networking code. (CVE-2023-46838)
Note that Nessus has not tested for these issues but has instead relied only on the application’s self-reported version number.
#%NASL_MIN_LEVEL 80900
##
# (C) Tenable, Inc.
##
# The descriptive text and package checks in this plugin were
# extracted from Fedora Security Advisory FEDORA-2024-0f89e13079
#
include('compat.inc');
if (description)
{
script_id(189925);
script_version("1.2");
script_set_attribute(attribute:"plugin_modification_date", value:"2024/03/01");
script_cve_id(
"CVE-2023-6356",
"CVE-2023-6535",
"CVE-2023-6536",
"CVE-2023-46838"
);
script_xref(name:"FEDORA", value:"2024-0f89e13079");
script_name(english:"Fedora 38 : kernel (2024-0f89e13079)");
script_set_attribute(attribute:"synopsis", value:
"The remote Fedora host is missing one or more security updates.");
script_set_attribute(attribute:"description", value:
"The remote Fedora 38 host has a package installed that is affected by multiple vulnerabilities as referenced in the
FEDORA-2024-0f89e13079 advisory.
- A flaw was found in the Linux kernel's NVMe driver. This issue may allow an unauthenticated malicious
actor to send a set of crafted TCP packages when using NVMe over TCP, leading the NVMe driver to a NULL
pointer dereference in the NVMe driver, causing kernel panic and a denial of service. (CVE-2023-6535,
CVE-2023-6536)
- A flaw was found in the Linux kernel's NVMe driver. This issue may allow an unauthenticated malicious
actor to send a set of crafted TCP packages when using NVMe over TCP, leading the NVMe driver to a NULL
pointer dereference in the NVMe driver and causing kernel panic and a denial of service. (CVE-2023-6356)
- Transmit requests in Xen's virtual network protocol can consist of multiple parts. While not really
useful, except for the initial part any of them may be of zero length, i.e. carry no data at all. Besides
a certain initial portion of the to be transferred data, these parts are directly translated into what
Linux calls SKB fragments. Such converted request parts can, when for a particular SKB they are all of
length zero, lead to a de-reference of NULL in core networking code. (CVE-2023-46838)
Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version
number.");
script_set_attribute(attribute:"see_also", value:"https://bodhi.fedoraproject.org/updates/FEDORA-2024-0f89e13079");
script_set_attribute(attribute:"solution", value:
"Update the affected kernel package.");
script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C");
script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H");
script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
script_set_attribute(attribute:"cvss_score_source", value:"CVE-2023-6536");
script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
script_set_attribute(attribute:"exploit_available", value:"false");
script_set_attribute(attribute:"vuln_publication_date", value:"2024/01/29");
script_set_attribute(attribute:"patch_publication_date", value:"2024/01/27");
script_set_attribute(attribute:"plugin_publication_date", value:"2024/02/02");
script_set_attribute(attribute:"plugin_type", value:"local");
script_set_attribute(attribute:"cpe", value:"cpe:/o:fedoraproject:fedora:38");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:kernel");
script_set_attribute(attribute:"generated_plugin", value:"current");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_family(english:"Fedora Local Security Checks");
script_copyright(english:"This script is Copyright (C) 2024 and is owned by Tenable, Inc. or an Affiliate thereof.");
script_dependencies("ssh_get_info.nasl", "linux_alt_patch_detect.nasl");
script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list");
exit(0);
}
include('rpm.inc');
include('ksplice.inc');
if (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
var os_release = get_kb_item('Host/RedHat/release');
if (isnull(os_release) || 'Fedora' >!< os_release) audit(AUDIT_OS_NOT, 'Fedora');
var os_ver = pregmatch(pattern: "Fedora.*release ([0-9]+)", string:os_release);
if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'Fedora');
os_ver = os_ver[1];
if (! preg(pattern:"^38([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, 'Fedora 38', 'Fedora ' + os_ver);
if (!get_kb_item('Host/RedHat/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);
var cpu = get_kb_item('Host/cpu');
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if ('x86_64' >!< cpu && cpu !~ "^i[3-6]86$" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Fedora', cpu);
if (get_one_kb_item('Host/ksplice/kernel-cves'))
{
rm_kb_item(name:'Host/uptrack-uname-r');
var cve_list = make_list('CVE-2023-6356', 'CVE-2023-6535', 'CVE-2023-6536', 'CVE-2023-46838');
if (ksplice_cves_check(cve_list))
{
audit(AUDIT_PATCH_INSTALLED, 'KSplice hotfix for FEDORA-2024-0f89e13079');
}
else
{
__rpm_report = ksplice_reporting_text();
}
}
var pkgs = [
{'reference':'kernel-6.6.14-100.fc38', 'release':'FC38', 'rpm_spec_vers_cmp':TRUE}
];
var flag = 0;
foreach package_array ( pkgs ) {
var reference = NULL;
var _release = NULL;
var sp = NULL;
var _cpu = NULL;
var el_string = NULL;
var rpm_spec_vers_cmp = NULL;
var epoch = NULL;
var allowmaj = NULL;
if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];
if (!empty_or_null(package_array['release'])) _release = package_array['release'];
if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];
if (!empty_or_null(package_array['cpu'])) _cpu = package_array['cpu'];
if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string'];
if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];
if (!empty_or_null(package_array['epoch'])) epoch = package_array['epoch'];
if (!empty_or_null(package_array['allowmaj'])) allowmaj = package_array['allowmaj'];
if (reference && _release) {
if (rpm_check(release:_release, sp:sp, cpu:_cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;
}
}
if (flag)
{
security_report_v4(
port : 0,
severity : SECURITY_HOLE,
extra : rpm_report_get()
);
exit(0);
}
else
{
var tested = pkg_tests_get();
if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'kernel');
}
| Vendor | Product | Version | CPE |
|---|---|---|---|
| fedoraproject | fedora | kernel | p-cpe:/a:fedoraproject:fedora:kernel |
| fedoraproject | fedora | 38 | cpe:/o:fedoraproject:fedora:38 |
Related
openvas
openvas
Fedora: Security Advisory for kernel (FEDORA-2024-50ab089b1d)
2024-02-02 00:00:00
Fedora: Security Advisory for kernel (FEDORA-2024-0f89e13079)
2024-02-04 00:00:00
Mageia: Security Advisory (MGASA-2024-0033)
2024-02-09 00:00:00
nessus
nessus
Fedora 39 : kernel (2024-50ab089b1d)
2024-02-02 00:00:00
RHEL 9 : kernel (RHSA-2024:0723)
2024-02-07 00:00:00
SUSE SLES15 Security Update : kernel (SUSE-SU-2024:0478-1)
2024-02-17 00:00:00
fedora
fedora
[SECURITY] Fedora 38 Update: kernel-6.6.14-100.fc38
2024-02-02 02:23:23
[SECURITY] Fedora 39 Update: kernel-6.6.14-200.fc39
2024-02-02 01:15:59
ubuntucve
ubuntucve
alpinelinux
alpinelinux
CVE-2023-46838
2024-01-29 11:15:07
cvelist
cvelist
CVE-2023-46838 Linux: netback processing of zero-length transmit fragment
2024-01-29 10:18:48
CVE-2023-6535 Kernel: null pointer dereference in nvmet_tcp_execute_request
2024-02-07 21:04:21
CVE-2023-6356 Kernel: null pointer dereference in nvmet_tcp_build_iovec
2024-02-07 21:04:20
cbl_mariner
cbl_mariner
CVE-2023-46838 affecting package kernel for versions less than 5.15.153.1-1
2024-04-09 20:48:36
citrix
citrix
Citrix Hypervisor Security Bulletin for CVE-2023-46838
2024-01-23 12:22:10
prion
prion
Code injection
2024-01-29 11:15:00
Null pointer dereference
2024-02-07 21:15:00
Null pointer dereference
2024-02-07 21:15:00
xen
xen
Linux: netback processing of zero-length transmit fragment
2024-01-22 18:30:00
cve
cve
osv
osv
CVE-2023-46838
2024-01-29 11:15:07
Important: kernel security update
2024-03-27 04:37:19
Important: kernel security update
2024-02-20 00:00:00
veracode
veracode
NULL Pointer Dereference
2024-01-30 17:14:19
debiancve
debiancve
redhatcve
redhatcve
redhat
redhat
(RHSA-2024:0725) Important: kernel-rt security update
2024-02-07 16:03:29
(RHSA-2024:0723) Important: kernel security update
2024-02-07 16:01:23
(RHSA-2024:1248) Important: kernel security update
2024-03-12 00:03:02
oraclelinux
oraclelinux
kernel security update
2024-03-15 00:00:00
kernel security update
2024-02-22 00:00:00
kernel security update
2024-03-06 00:00:00
photon
photon
Important Photon OS Security Update - PHSA-2024-3.0-0729
2024-02-22 00:00:00
Important Photon OS Security Update - PHSA-2024-5.0-0198
2024-02-06 00:00:00
Important Photon OS Security Update - PHSA-2024-4.0-0559
2024-01-31 00:00:00
mageia
mageia
Updated kernel packages fix security vulnerabilities and other bugs
2024-02-09 05:45:39
Updated kernel-linus fixes security vulnerabilities and many bugs
2024-02-09 04:34:03
rocky
rocky
kernel security update
2024-03-27 04:37:19
ibm
ibm
Security Bulletin: Vulnerabilities in OpenSSH, Linux Kernel might affect IBM Storage Copy Data Management
2024-04-30 21:44:44
Security Bulletin: Vulnerabilities in Spring, Tomcat, Jackson, sudo, and Linux kernel can affect IBM Spectrum Protect Plus
2024-03-20 18:36:29
Security Bulletin: IBM QRadar SIEM contains multiple vulnerabilities
2024-05-09 12:31:16
almalinux
almalinux
Important: kernel security update
2024-02-20 00:00:00
ubuntu
ubuntu
Linux kernel vulnerabilities
2024-04-09 00:00:00
Linux kernel (Azure) vulnerabilities
2024-04-09 00:00:00
Linux kernel vulnerabilities
2024-03-18 00:00:00