MiracleLinux 4 : kernel-2.6.32-220.23.1.el6 (AXSA:2012-646:05)

🗓️ 14 Jan 2026 00:00:00Reported by TenableType

MiracleLinux 4 kernel fixes multiple CVEs in KVM, DRM, and caps to prevent DoS and privilege abuse.

Reporter	Title	Published	Views	Family All 703
Amazon	Medium: kernel	15 Feb 201200:00	–	amazon
Amazon	Medium: kernel	10 Jun 201200:00	–	amazon
Amazon	Medium: kernel	5 Jul 201200:00	–	amazon
Tenable Nessus	Amazon Linux AMI : kernel (ALAS-2012-100)	4 Sep 201300:00	–	nessus
Tenable Nessus	Amazon Linux AMI : kernel (ALAS-2012-45)	4 Sep 201300:00	–	nessus
Tenable Nessus	Amazon Linux AMI : kernel (ALAS-2012-83)	4 Sep 201300:00	–	nessus
Tenable Nessus	CentOS 5 : kernel (CESA-2012:0107)	14 Feb 201200:00	–	nessus
Tenable Nessus	CentOS 6 : kernel (CESA-2012:0571)	17 May 201200:00	–	nessus
Tenable Nessus	CentOS 5 : kvm (CESA-2012:0676)	22 May 201200:00	–	nessus
Tenable Nessus	CentOS 5 : kernel (CESA-2012:0690)	31 May 201200:00	–	nessus

Source	Link
tsn	www.tsn.miraclelinux.com/en/node/3161
cve	www.cve.mitre.org/cgi-bin/cvename.cgi
cve	www.cve.mitre.org/cgi-bin/cvename.cgi
cve	www.cve.mitre.org/cgi-bin/cvename.cgi
cve	www.cve.mitre.org/cgi-bin/cvename.cgi
cve	www.cve.mitre.org/cgi-bin/cvename.cgi
cve	www.cve.mitre.org/cgi-bin/cvename.cgi
cve	www.cve.mitre.org/cgi-bin/cvename.cgi
cve	www.cve.mitre.org/cgi-bin/cvename.cgi
cve	www.cve.mitre.org/cgi-bin/cvename.cgi

#%NASL_MIN_LEVEL 80900
##
# (C) Tenable, Inc.
#
# The package checks in this plugin were extracted from
# Miracle Linux Security Advisory AXSA:2012-646:05.
##

include('deprecated_nasl_level.inc');
include('compat.inc');

if (description)
{
  script_id(284425);
  script_version("1.2");
  script_set_attribute(attribute:"plugin_modification_date", value:"2026/01/19");

  script_cve_id(
    "CVE-2011-4086",
    "CVE-2012-0044",
    "CVE-2012-1179",
    "CVE-2012-1601",
    "CVE-2012-2119",
    "CVE-2012-2121",
    "CVE-2012-2123",
    "CVE-2012-2136",
    "CVE-2012-2137",
    "CVE-2012-2372",
    "CVE-2012-2373"
  );

  script_name(english:"MiracleLinux 4 : kernel-2.6.32-220.23.1.el6 (AXSA:2012-646:05)");

  script_set_attribute(attribute:"synopsis", value:
"The remote MiracleLinux host is missing one or more security updates.");
  script_set_attribute(attribute:"description", value:
"The remote MiracleLinux 4 host has packages installed that are affected by multiple vulnerabilities as referenced in the
AXSA:2012-646:05 advisory.

    The kernel package contains the Linux kernel (vmlinuz), the core of any Linux operating system. The kernel
    handles the basic functions of the operating system: memory allocation, process allocation, device input
    and output, etc.
    Security issues fixed with this release:
     CVE-2012-1601
    The KVM implementation in the Linux kernel before 3.3.6 allows host OS users to cause a denial of service
    (NULL pointer dereference and host OS crash) by making a KVM_CREATE_IRQCHIP ioctl call after a virtual CPU
    already exists.
     CVE-2012-0044
    Integer overflow in the drm_mode_dirtyfb_ioctl function in drivers/gpu/drm/drm_crtc.c in the Direct
    Rendering Manager (DRM) subsystem in the Linux kernel before 3.1.5 allows local users to gain privileges
    or cause a denial of service (memory corruption) via a crafted ioctl call.
     CVE-2012-1179
    psThe Linux kernel before 3.3.1, when KVM is used, allows guest OS users to cause a denial of service
    (host OS crash) by leveraging administrative access to the guest OS, related to the pmd_none_or_clear_bad
    function and page faults for huge pages.
     CVE-2012-2121
    The KVM implementation in the Linux kernel before 3.3.4 does not properly anage the relationships between
    memory slots and the iommu, which allows guest OS users to cause a denial of service (host OS crash) by
    leveraging administrative access to the guest OS to conduct hotunplug and hotplug operations on devices.
     CVE-2012-2123
    The cap_bprm_set_creds function in security/commoncap.c in the Linux kernel before 3.3.3 does not properly
    handle the use of file system capabilities (aka fcaps) for implementing a privileged executable file,
    which allows local users to bypass intended personality restrictions via a crafted application, as
    demonstrated by an attack that uses a parent process to disable ASLR.
     CVE-2012-2136
     CVE-2012-2137
     CVE-2012-2372
     CVE-2012-2373
     CVE-2012-2119
     CVE-2011-4086
    No description available at the time of writing.

Tenable has extracted the preceding description block directly from the MiracleLinux security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version
number.");
  script_set_attribute(attribute:"see_also", value:"https://tsn.miraclelinux.com/en/node/3161");
  script_set_attribute(attribute:"solution", value:
"Update the affected packages.");
  script_set_cvss_base_vector("CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C");
  script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C");
  script_set_cvss3_base_vector("CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H");
  script_set_cvss3_temporal_vector("CVSS:3.0/E:P/RL:O/RC:C");
  script_set_attribute(attribute:"cvss_score_source", value:"CVE-2012-2136");
  script_set_attribute(attribute:"cvss3_score_source", value:"CVE-2012-0044");

  script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"true");
  script_set_attribute(attribute:"vendor_severity", value:"High");

  script_set_attribute(attribute:"vuln_publication_date", value:"2012/01/11");
  script_set_attribute(attribute:"patch_publication_date", value:"2012/08/14");
  script_set_attribute(attribute:"plugin_publication_date", value:"2026/01/14");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:miracle:linux:kernel");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:miracle:linux:kernel-debug");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:miracle:linux:kernel-debug-devel");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:miracle:linux:kernel-devel");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:miracle:linux:kernel-firmware");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:miracle:linux:kernel-headers");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:miracle:linux:perf");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:miracle:linux:4");
  script_set_attribute(attribute:"generated_plugin", value:"current");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"Miracle Linux Local Security Checks");

  script_copyright(english:"This script is Copyright (C) 2026 and is owned by Tenable, Inc. or an Affiliate thereof.");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/MiracleLinux/release", "Host/MiracleLinux/rpm-list", "Host/cpu");

  exit(0);
}


include('rpm2.inc');

if (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
var os_product = get_kb_item('installed_os/local/SSH/0/product');
if (isnull(os_product) || 'MIRACLE LINUX' >!< os_product) audit(AUDIT_OS_NOT, 'MIRACLE LINUX');
var os_version = get_kb_item('installed_os/local/SSH/0/version');
if (isnull(os_version)) audit(AUDIT_UNKNOWN_APP_VER, 'MIRACLE LINUX');
if (! preg(pattern:"^4([^0-9]|$)", string:os_version)) audit(AUDIT_OS_NOT, 'MiracleLinux 4.x', 'MIRACLE LINUX ' + os_version);

if (!get_kb_item('Host/MiracleLinux/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);

var cpu = get_kb_item('Host/cpu');
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if ('aarch64' >!< cpu && 'ppc' >!< cpu && 's390' >!< cpu && 'x86_64' >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'MIRACLE LINUX', cpu);

var constraints = [
  {
    'release': '4',
    'pkgs': [
      {'reference':'kernel-2.6.32-220.23.1.el6', 'cpu':'i686', 'rpm_spec_vers_cmp':TRUE, 'epoch':'0'},
      {'reference':'kernel-2.6.32-220.23.1.el6', 'cpu':'x86_64', 'rpm_spec_vers_cmp':TRUE, 'epoch':'0'},
      {'reference':'kernel-debug-2.6.32-220.23.1.el6', 'cpu':'i686', 'rpm_spec_vers_cmp':TRUE, 'epoch':'0'},
      {'reference':'kernel-debug-2.6.32-220.23.1.el6', 'cpu':'x86_64', 'rpm_spec_vers_cmp':TRUE, 'epoch':'0'},
      {'reference':'kernel-debug-devel-2.6.32-220.23.1.el6', 'cpu':'i686', 'rpm_spec_vers_cmp':TRUE, 'epoch':'0'},
      {'reference':'kernel-debug-devel-2.6.32-220.23.1.el6', 'cpu':'x86_64', 'rpm_spec_vers_cmp':TRUE, 'epoch':'0'},
      {'reference':'kernel-devel-2.6.32-220.23.1.el6', 'cpu':'i686', 'rpm_spec_vers_cmp':TRUE, 'epoch':'0'},
      {'reference':'kernel-devel-2.6.32-220.23.1.el6', 'cpu':'x86_64', 'rpm_spec_vers_cmp':TRUE, 'epoch':'0'},
      {'reference':'kernel-firmware-2.6.32-220.23.1.el6', 'rpm_spec_vers_cmp':TRUE, 'epoch':'0'},
      {'reference':'kernel-headers-2.6.32-220.23.1.el6', 'cpu':'i686', 'rpm_spec_vers_cmp':TRUE, 'epoch':'0'},
      {'reference':'kernel-headers-2.6.32-220.23.1.el6', 'cpu':'x86_64', 'rpm_spec_vers_cmp':TRUE, 'epoch':'0'},
      {'reference':'perf-2.6.32-220.23.1.el6', 'cpu':'i686', 'rpm_spec_vers_cmp':TRUE, 'epoch':'0'},
      {'reference':'perf-2.6.32-220.23.1.el6', 'cpu':'x86_64', 'rpm_spec_vers_cmp':TRUE, 'epoch':'0'}
    ]
  }
];

var os_release = get_one_kb_item('installed_os/local/SSH/0/release');
var os_sp = get_one_kb_item('Host/*/minor_release');

var flag = 0;
var reference;
var sp;
var _cpu;
var el_string;
var rpm_spec_vers_cmp;
var epoch;
var allowmaj;
var exists_check;
var cves;
foreach var constraint ( constraints ) {
  # Check that the target release is equal to the affected release
  if (!empty_or_null(constraint['release'])){
    if (constraint['release'] != os_release) continue;
  }
  if (!empty_or_null(constraint['sp'])){
    if (constraint['sp'] != os_sp) continue;
  }
  foreach var pkg ( constraint['pkgs'] ) {
    reference = NULL;
    sp = NULL;
    _cpu = NULL;
    el_string = NULL;
    rpm_spec_vers_cmp = NULL;
    epoch = NULL;
    allowmaj = NULL;
    exists_check = NULL;
    cves = NULL;
    if (!empty_or_null(pkg['reference'])) reference = pkg['reference'];
    if (!empty_or_null(pkg['sp'])) sp = pkg['sp'];
    if (!empty_or_null(pkg['cpu'])) _cpu = pkg['cpu'];
    if (!empty_or_null(pkg['el_string'])) el_string = pkg['el_string'];
    if (!empty_or_null(pkg['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = pkg['rpm_spec_vers_cmp'];
    if (!empty_or_null(pkg['epoch'])) epoch = pkg['epoch'];
    if (!empty_or_null(pkg['allowmaj'])) allowmaj = pkg['allowmaj'];
    if (!empty_or_null(pkg['exists_check'])) exists_check = pkg['exists_check'];
    if (!empty_or_null(pkg['cves'])) cves = pkg['cves'];
    if (reference &&
        ## (no known rpm to check OR known rpm_exists)
        (!exists_check || rpm_exists(rpm:exists_check)) &&
        rpm_check(sp:sp, cpu:_cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj, cves:cves)) flag++;
  }
}
if (flag)
{
  security_report_v4(
      port       : 0,
      severity   : SECURITY_HOLE,
      extra      : rpm_report_get()
  );
  exit(0);
}
else
{
  var tested = pkg_tests_get();
  if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
  else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'kernel / kernel-debug / kernel-debug-devel / kernel-devel / etc');
}

19 Jan 2026 00:00Current

6.8Medium risk

Vulners AI Score6.8

CVSS 27.2

CVSS 3.17.8

EPSS0.00358