MiracleLinux 3 : kernel-2.6.18-53.22AXS3 (AXSA:2009-42:04)

🗓️ 14 Jan 2026 00:00:00Reported by TenableType

MiracleLinux 3 kernel vulnerabilities fixed per AXSA-2009-42 advisory for Linux 2.6.x.

Reporter	Title	Published	Views	Family All 294
Tenable Nessus	CentOS 4 : kernel (CESA-2008:0972)	23 Apr 200900:00	–	nessus
Tenable Nessus	CentOS 5 : kernel (CESA-2009:0326)	6 Jan 201000:00	–	nessus
Tenable Nessus	CentOS 4 : kernel (CESA-2009:0331)	6 Jan 201000:00	–	nessus
Tenable Nessus	CentOS 4 : kernel (CESA-2009:0459)	26 May 200900:00	–	nessus
Tenable Nessus	Debian DSA-1681-1 : linux-2.6.24 - denial of service/privilege escalation	5 Dec 200800:00	–	nessus
Tenable Nessus	Debian DSA-1687-1 : linux-2.6 - denial of service/privilege escalation	16 Dec 200800:00	–	nessus
Tenable Nessus	Debian DSA-1749-1 : linux-2.6 - denial of service/privilege escalation/sensitive memory leak	23 Mar 200900:00	–	nessus
Tenable Nessus	Debian DSA-1787-1 : linux-2.6.24 - denial of service/privilege escalation/information leak	4 May 200900:00	–	nessus
Tenable Nessus	Debian DSA-1794-1 : linux-2.6 - denial of service/privilege escalation/information leak	11 May 200900:00	–	nessus
Tenable Nessus	Debian DSA-1800-1 : linux-2.6 - denial of service/privilege escalation/sensitive memory leak	18 May 200900:00	–	nessus

Source	Link
tsn	www.tsn.miraclelinux.com/en/node/679
cve	www.cve.mitre.org/cgi-bin/cvename.cgi
cve	www.cve.mitre.org/cgi-bin/cvename.cgi
cve	www.cve.mitre.org/cgi-bin/cvename.cgi
cve	www.cve.mitre.org/cgi-bin/cvename.cgi
cve	www.cve.mitre.org/cgi-bin/cvename.cgi
cve	www.cve.mitre.org/cgi-bin/cvename.cgi

#%NASL_MIN_LEVEL 80900
##
# (C) Tenable, Inc.
#
# The package checks in this plugin were extracted from
# Miracle Linux Security Advisory AXSA:2009-42:04.
##

include('deprecated_nasl_level.inc');
include('compat.inc');

if (description)
{
  script_id(283985);
  script_version("1.2");
  script_set_attribute(attribute:"plugin_modification_date", value:"2026/01/19");

  script_cve_id(
    "CVE-2008-3528",
    "CVE-2008-5700",
    "CVE-2009-0028",
    "CVE-2009-0322",
    "CVE-2009-0675",
    "CVE-2009-0676"
  );

  script_name(english:"MiracleLinux 3 : kernel-2.6.18-53.22AXS3 (AXSA:2009-42:04)");

  script_set_attribute(attribute:"synopsis", value:
"The remote MiracleLinux host is missing one or more security updates.");
  script_set_attribute(attribute:"description", value:
"The remote MiracleLinux 3 host has packages installed that are affected by multiple vulnerabilities as referenced in the
AXSA:2009-42:04 advisory.

    The kernel packages contain the Linux kernel, the core of any Linux operating system.
    Fixed bugs:
    CVE-2008-3528
    The error-reporting functionality in (1) fs/ext2/dir.c, (2) fs/ext3/dir.c, and possibly (3) fs/ext4/dir.c
    in the Linux kernel 2.6.26.5 does not limit the number of printk console messages that report directory
    corruption, which allows physically proximate attackers to cause a denial of service (temporary system
    hang) by mounting a filesystem that has corrupted dir->i_size and dir->i_blocks values and performing (a)
    read or (b) write operations.
    NOTES:
    there are limited scenarios in which this crosses privilege boundaries.
    The ext4 fix is omitted because there is no ext4 in AXS3 SP1 kernel.
    CVE-2008-5700
    libata in the Linux kernel before 2.6.27.9 does not set minimum timeouts for SG_IO requests, which allows
    local users to cause a denial of service (Programmed I/O mode on drives) via multiple simultaneous
    invocations of an unspecified test program.
    CVE-2009-0028
    The clone system call in the Linux kernel 2.6.28 and earlier allows local users to send arbitrary signals
    to a parent process from an unprivileged child process by launching an additional child process with the
    CLONE_PARENT flag, and then letting this new process exit.
    CVE-2009-0322
    drivers/firmware/dell_rbu.c in the Linux kernel before 2.6.27.13, and 2.6.28.x before 2.6.28.2, allows
    local users to cause a denial of service (system crash) via a read system call that specifies zero bytes
    from the (1) image_type or (2) packet_size file in /sys/devices/platform/dell_rbu/.
    CVE-2009-0675
    The skfp_ioctl function in drivers/net/skfp/skfddi.c in the Linux kernel before 2.6.28.6 permits
    SKFP_CLR_STATS requests only when the CAP_NET_ADMIN capability is absent, instead of when this capability
    is present, which allows local users to reset the driver statistics, related to an inverted logic issue.
    CVE-2009-0676
    The sock_getsockopt function in net/core/sock.c in the Linux kernel before 2.6.28.6 does not initialize a
    certain structure member, which allows local users to obtain potentially sensitive information from kernel
    memory via an SO_BSDCOMPAT getsockopt request.
    Panic problem:
    This release also fixes a panic problem introduced with the release of the previous kernel
    (kernel-2.6.18-53.21AXS3) on Toshiba server (seen on Pentium DC E2160/1.80GHz  CPU) and Nehalem CPU.

Tenable has extracted the preceding description block directly from the MiracleLinux security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version
number.");
  script_set_attribute(attribute:"see_also", value:"https://tsn.miraclelinux.com/en/node/679");
  script_set_attribute(attribute:"solution", value:
"Update the affected packages.");
  script_set_cvss_base_vector("CVSS2#AV:L/AC:L/Au:N/C:P/I:N/A:N");
  script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C");
  script_set_cvss3_base_vector("CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N");
  script_set_cvss3_temporal_vector("CVSS:3.0/E:P/RL:O/RC:C");
  script_set_attribute(attribute:"cvss_score_source", value:"CVE-2009-0676");

  script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"true");
  script_set_attribute(attribute:"vendor_severity", value:"High");

  script_set_attribute(attribute:"vuln_publication_date", value:"2008/09/27");
  script_set_attribute(attribute:"patch_publication_date", value:"2009/04/28");
  script_set_attribute(attribute:"plugin_publication_date", value:"2026/01/14");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:miracle:linux:kernel");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:miracle:linux:kernel-PAE");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:miracle:linux:kernel-PAE-devel");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:miracle:linux:kernel-devel");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:miracle:linux:kernel-headers");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:miracle:linux:kernel-xen");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:miracle:linux:kernel-xen-devel");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:miracle:linux:3");
  script_set_attribute(attribute:"generated_plugin", value:"current");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"Miracle Linux Local Security Checks");

  script_copyright(english:"This script is Copyright (C) 2026 and is owned by Tenable, Inc. or an Affiliate thereof.");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/MiracleLinux/release", "Host/MiracleLinux/rpm-list", "Host/cpu");

  exit(0);
}


include('rpm2.inc');

if (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
var os_product = get_kb_item('installed_os/local/SSH/0/product');
if (isnull(os_product) || 'MIRACLE LINUX' >!< os_product) audit(AUDIT_OS_NOT, 'MIRACLE LINUX');
var os_version = get_kb_item('installed_os/local/SSH/0/version');
if (isnull(os_version)) audit(AUDIT_UNKNOWN_APP_VER, 'MIRACLE LINUX');
if (! preg(pattern:"^3([^0-9]|$)", string:os_version)) audit(AUDIT_OS_NOT, 'MiracleLinux 3.x', 'MIRACLE LINUX ' + os_version);

if (!get_kb_item('Host/MiracleLinux/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);

var cpu = get_kb_item('Host/cpu');
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if ('aarch64' >!< cpu && 'ppc' >!< cpu && 's390' >!< cpu && 'x86_64' >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'MIRACLE LINUX', cpu);

var constraints = [
  {
    'release': '3',
    'pkgs': [
      {'reference':'kernel-2.6.18-53.22AXS3', 'cpu':'i686', 'rpm_spec_vers_cmp':TRUE, 'epoch':'0'},
      {'reference':'kernel-2.6.18-53.22AXS3', 'cpu':'x86_64', 'rpm_spec_vers_cmp':TRUE, 'epoch':'0'},
      {'reference':'kernel-devel-2.6.18-53.22AXS3', 'cpu':'i686', 'rpm_spec_vers_cmp':TRUE, 'epoch':'0'},
      {'reference':'kernel-devel-2.6.18-53.22AXS3', 'cpu':'x86_64', 'rpm_spec_vers_cmp':TRUE, 'epoch':'0'},
      {'reference':'kernel-headers-2.6.18-53.22AXS3', 'cpu':'x86_64', 'rpm_spec_vers_cmp':TRUE, 'epoch':'0'},
      {'reference':'kernel-PAE-2.6.18-53.22AXS3', 'cpu':'i686', 'rpm_spec_vers_cmp':TRUE, 'epoch':'0'},
      {'reference':'kernel-PAE-devel-2.6.18-53.22AXS3', 'cpu':'i686', 'rpm_spec_vers_cmp':TRUE, 'epoch':'0'},
      {'reference':'kernel-xen-2.6.18-53.22AXS3', 'cpu':'i686', 'rpm_spec_vers_cmp':TRUE, 'epoch':'0'},
      {'reference':'kernel-xen-2.6.18-53.22AXS3', 'cpu':'x86_64', 'rpm_spec_vers_cmp':TRUE, 'epoch':'0'},
      {'reference':'kernel-xen-devel-2.6.18-53.22AXS3', 'cpu':'i686', 'rpm_spec_vers_cmp':TRUE, 'epoch':'0'},
      {'reference':'kernel-xen-devel-2.6.18-53.22AXS3', 'cpu':'x86_64', 'rpm_spec_vers_cmp':TRUE, 'epoch':'0'}
    ]
  }
];

var os_release = get_one_kb_item('installed_os/local/SSH/0/release');
var os_sp = get_one_kb_item('Host/*/minor_release');

var flag = 0;
var reference;
var sp;
var _cpu;
var el_string;
var rpm_spec_vers_cmp;
var epoch;
var allowmaj;
var exists_check;
var cves;
foreach var constraint ( constraints ) {
  # Check that the target release is equal to the affected release
  if (!empty_or_null(constraint['release'])){
    if (constraint['release'] != os_release) continue;
  }
  if (!empty_or_null(constraint['sp'])){
    if (constraint['sp'] != os_sp) continue;
  }
  foreach var pkg ( constraint['pkgs'] ) {
    reference = NULL;
    sp = NULL;
    _cpu = NULL;
    el_string = NULL;
    rpm_spec_vers_cmp = NULL;
    epoch = NULL;
    allowmaj = NULL;
    exists_check = NULL;
    cves = NULL;
    if (!empty_or_null(pkg['reference'])) reference = pkg['reference'];
    if (!empty_or_null(pkg['sp'])) sp = pkg['sp'];
    if (!empty_or_null(pkg['cpu'])) _cpu = pkg['cpu'];
    if (!empty_or_null(pkg['el_string'])) el_string = pkg['el_string'];
    if (!empty_or_null(pkg['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = pkg['rpm_spec_vers_cmp'];
    if (!empty_or_null(pkg['epoch'])) epoch = pkg['epoch'];
    if (!empty_or_null(pkg['allowmaj'])) allowmaj = pkg['allowmaj'];
    if (!empty_or_null(pkg['exists_check'])) exists_check = pkg['exists_check'];
    if (!empty_or_null(pkg['cves'])) cves = pkg['cves'];
    if (reference &&
        ## (no known rpm to check OR known rpm_exists)
        (!exists_check || rpm_exists(rpm:exists_check)) &&
        rpm_check(sp:sp, cpu:_cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj, cves:cves)) flag++;
  }
}
if (flag)
{
  security_report_v4(
      port       : 0,
      severity   : SECURITY_NOTE,
      extra      : rpm_report_get()
  );
  exit(0);
}
else
{
  var tested = pkg_tests_get();
  if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
  else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'kernel / kernel-PAE / kernel-PAE-devel / kernel-devel / etc');
}

19 Jan 2026 00:00Current

6.1Medium risk

Vulners AI Score6.1

CVSS 24.9

EPSS0.00352