Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in

MiracleLinux 4 : kernel-2.6.32-642.11.1.el6 (AXSA:2016-1154:09)

🗓️ 16 Jan 2026 00:00:00Reported by TenableType 
nessus
 nessus🔗 www.tenable.com👁 1 Views

MiracleLinux 4 kernel update fixes CVE-2016-1583, CVE-2016-2143, and related stability bugs.

Related
Refs
Code
ReporterTitlePublishedViews
Family
0day.today		Linux - ecryptfs and /proc/$pid/environ Privilege Escalation
21 Jun 201600:00
zdt
Tenable Nessus		CentOS 7 : kernel (CESA-2016:1539)
4 Aug 201600:00
nessus
Tenable Nessus		CentOS 5 : kernel (CESA-2016:2124) (Dirty COW)
31 Oct 201600:00
nessus
Tenable Nessus		CentOS 6 : kernel (CESA-2016:2766)
21 Nov 201600:00
nessus
Tenable Nessus		Debian DLA-516-1 : linux security update
20 Jun 201600:00
nessus
Tenable Nessus		Debian DSA-3607-1 : linux - security update
29 Jun 201600:00
nessus
Tenable Nessus		EulerOS Virtualization for ARM 64 3.0.1.0 : kernel (EulerOS-SA-2019-1535)
14 May 201900:00
nessus
Tenable Nessus		EulerOS Virtualization 3.0.2.2 : kernel (EulerOS-SA-2020-2222)
21 Oct 202000:00
nessus
Tenable Nessus		EulerOS 2.0 SP3 : kernel (EulerOS-SA-2021-2588)
25 Oct 202100:00
nessus
Tenable Nessus		Fedora 24 : kernel (2016-1c409313f4)
15 Jul 201600:00
nessus
Rows per page
#%NASL_MIN_LEVEL 80900
##
# (C) Tenable, Inc.
#
# The package checks in this plugin were extracted from
# Miracle Linux Security Advisory AXSA:2016-1154:09.
##

include('deprecated_nasl_level.inc');
include('compat.inc');

if (description)
{
  script_id(289802);
  script_version("1.2");
  script_set_attribute(attribute:"plugin_modification_date", value:"2026/01/19");

  script_cve_id("CVE-2016-1583", "CVE-2016-2143");

  script_name(english:"MiracleLinux 4 : kernel-2.6.32-642.11.1.el6 (AXSA:2016-1154:09)");

  script_set_attribute(attribute:"synopsis", value:
"The remote MiracleLinux host is missing one or more security updates.");
  script_set_attribute(attribute:"description", value:
"The remote MiracleLinux 4 host has packages installed that are affected by multiple vulnerabilities as referenced in the
AXSA:2016-1154:09 advisory.

    The kernel package contains the Linux kernel (vmlinuz), the core of any
    Linux operating system.  The kernel handles the basic functions
    of the operating system: memory allocation, process allocation, device
    input and output, etc.
    Security issues fixed with this release:
    CVE-2016-1583
    The ecryptfs_privileged_open function in fs/ecryptfs/kthread.c in the
    Linux kernel before 4.6.3 allows local users to gain privileges or
    cause a denial of service (stack memory consumption) via vectors
    involving crafted mmap calls for /proc pathnames, leading to recursive
    pagefault handling.
    CVE-2016-2143
    The fork implementation in the Linux kernel before 4.5 on s390
    platforms mishandles the case of four page-table levels, which allows
    local users to cause a denial of service (system crash) or possibly
    have unspecified other impact via a crafted application, related to
    arch/s390/include/asm/mmu_context.h and
    arch/s390/include/asm/pgalloc.h.
    Fixed bugs:
    * Use of a multi-threaded workload with high memory mappings sometiems caused a kernel panic, due to a
    race condition between the context switch and the pagetable upgrade. This update fixes the switch_mm() by
    using the complete asce parameter instead of the asce_bits parameter. As a result, the kernel no longer
    panics in the described scenario.
    * When iptables created the Transmission Control Protocol (TCP) reset packet, a kernel crash could occur
    due to uninitialized pointer to the TCP header within the Socket Buffer (SKB). This update fixes the
    transport header pointer in TCP reset for both IPv4 and IPv6, and the kernel no longer crashes in the
    described situation.
    * Previously, when the Enhanced Error Handling (EEH) mechanism did not block the PCI configuration space
    access and an error was detected, a kernel panic occurred. This update fixes EEH to fix this problem. As a
    result, the kernel no longer panics in the described scenario.
    * When the lockd service failed to start up completely, the notifier blocks were in some cases registered
    on a notification chain multiple times, which caused the occurrence of a circular list on the notification
    chain. Consequently, a soft lock-up or a kernel oops occurred. With this update, the notifier blocks are
    unregistered if lockd fails to start up completely, and the soft lock-ups or the kernel oopses no longer
    occur under the described circumstances.
    * When the Fibre Channel over Ethernet (FCoE) was configured, the FCoE MaxFrameSize parameter was
    incorrectly restricted to 1452. With this update, the NETIF_F_ALL_FCOE symbol is no longer ignored, which
    fixes this bug. MaxFrameSize is now restricted to 2112, which is the correct value.
    * When the fnic driver was installed on Cisco UCS Blade Server, the discs were under certain circumstances
    put into the offline state with the following error message: Medium access timeout failure. Offlining
    disk!. This update fixes fnic to set the Small Computer System Interface (SCSI) status as DID_ABORT after
    a successful abort operation. As a result, the discs are no longer put into the offlined state in the
    described situation.

Tenable has extracted the preceding description block directly from the MiracleLinux security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version
number.");
  script_set_attribute(attribute:"see_also", value:"https://tsn.miraclelinux.com/en/node/7586");
  script_set_attribute(attribute:"solution", value:
"Update the affected packages.");
  script_set_cvss_base_vector("CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C");
  script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C");
  script_set_cvss3_base_vector("CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H");
  script_set_cvss3_temporal_vector("CVSS:3.0/E:P/RL:O/RC:C");
  script_set_attribute(attribute:"cvss_score_source", value:"CVE-2016-1583");
  script_set_attribute(attribute:"cvss3_score_source", value:"CVE-2016-2143");

  script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"true");
  script_set_attribute(attribute:"vendor_severity", value:"High");

  script_set_attribute(attribute:"vuln_publication_date", value:"2016/04/27");
  script_set_attribute(attribute:"patch_publication_date", value:"2016/12/06");
  script_set_attribute(attribute:"plugin_publication_date", value:"2026/01/16");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:miracle:linux:kernel");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:miracle:linux:kernel-abi-whitelists");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:miracle:linux:kernel-debug");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:miracle:linux:kernel-debug-devel");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:miracle:linux:kernel-devel");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:miracle:linux:kernel-firmware");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:miracle:linux:kernel-headers");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:miracle:linux:perf");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:miracle:linux:4");
  script_set_attribute(attribute:"generated_plugin", value:"current");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"Miracle Linux Local Security Checks");

  script_copyright(english:"This script is Copyright (C) 2026 and is owned by Tenable, Inc. or an Affiliate thereof.");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/MiracleLinux/release", "Host/MiracleLinux/rpm-list", "Host/cpu");

  exit(0);
}


include('rpm2.inc');

if (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
var os_product = get_kb_item('installed_os/local/SSH/0/product');
if (isnull(os_product) || 'MIRACLE LINUX' >!< os_product) audit(AUDIT_OS_NOT, 'MIRACLE LINUX');
var os_version = get_kb_item('installed_os/local/SSH/0/version');
if (isnull(os_version)) audit(AUDIT_UNKNOWN_APP_VER, 'MIRACLE LINUX');
if (! preg(pattern:"^4([^0-9]|$)", string:os_version)) audit(AUDIT_OS_NOT, 'MiracleLinux 4.x', 'MIRACLE LINUX ' + os_version);

if (!get_kb_item('Host/MiracleLinux/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);

var cpu = get_kb_item('Host/cpu');
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if ('aarch64' >!< cpu && 'ppc' >!< cpu && 's390' >!< cpu && 'x86_64' >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'MIRACLE LINUX', cpu);

var constraints = [
  {
    'release': '4',
    'pkgs': [
      {'reference':'kernel-2.6.32-642.11.1.el6', 'cpu':'i686', 'rpm_spec_vers_cmp':TRUE, 'epoch':'0'},
      {'reference':'kernel-2.6.32-642.11.1.el6', 'cpu':'x86_64', 'rpm_spec_vers_cmp':TRUE, 'epoch':'0'},
      {'reference':'kernel-abi-whitelists-2.6.32-642.11.1.el6', 'rpm_spec_vers_cmp':TRUE, 'epoch':'0'},
      {'reference':'kernel-debug-2.6.32-642.11.1.el6', 'cpu':'i686', 'rpm_spec_vers_cmp':TRUE, 'epoch':'0'},
      {'reference':'kernel-debug-2.6.32-642.11.1.el6', 'cpu':'x86_64', 'rpm_spec_vers_cmp':TRUE, 'epoch':'0'},
      {'reference':'kernel-debug-devel-2.6.32-642.11.1.el6', 'cpu':'i686', 'rpm_spec_vers_cmp':TRUE, 'epoch':'0'},
      {'reference':'kernel-debug-devel-2.6.32-642.11.1.el6', 'cpu':'x86_64', 'rpm_spec_vers_cmp':TRUE, 'epoch':'0'},
      {'reference':'kernel-devel-2.6.32-642.11.1.el6', 'cpu':'i686', 'rpm_spec_vers_cmp':TRUE, 'epoch':'0'},
      {'reference':'kernel-devel-2.6.32-642.11.1.el6', 'cpu':'x86_64', 'rpm_spec_vers_cmp':TRUE, 'epoch':'0'},
      {'reference':'kernel-firmware-2.6.32-642.11.1.el6', 'rpm_spec_vers_cmp':TRUE, 'epoch':'0'},
      {'reference':'kernel-headers-2.6.32-642.11.1.el6', 'cpu':'i686', 'rpm_spec_vers_cmp':TRUE, 'epoch':'0'},
      {'reference':'kernel-headers-2.6.32-642.11.1.el6', 'cpu':'x86_64', 'rpm_spec_vers_cmp':TRUE, 'epoch':'0'},
      {'reference':'perf-2.6.32-642.11.1.el6', 'cpu':'i686', 'rpm_spec_vers_cmp':TRUE, 'epoch':'0'},
      {'reference':'perf-2.6.32-642.11.1.el6', 'cpu':'x86_64', 'rpm_spec_vers_cmp':TRUE, 'epoch':'0'}
    ]
  }
];

var os_release = get_one_kb_item('installed_os/local/SSH/0/release');
var os_sp = get_one_kb_item('Host/*/minor_release');

var flag = 0;
var reference;
var sp;
var _cpu;
var el_string;
var rpm_spec_vers_cmp;
var epoch;
var allowmaj;
var exists_check;
var cves;
foreach var constraint ( constraints ) {
  # Check that the target release is equal to the affected release
  if (!empty_or_null(constraint['release'])){
    if (constraint['release'] != os_release) continue;
  }
  if (!empty_or_null(constraint['sp'])){
    if (constraint['sp'] != os_sp) continue;
  }
  foreach var pkg ( constraint['pkgs'] ) {
    reference = NULL;
    sp = NULL;
    _cpu = NULL;
    el_string = NULL;
    rpm_spec_vers_cmp = NULL;
    epoch = NULL;
    allowmaj = NULL;
    exists_check = NULL;
    cves = NULL;
    if (!empty_or_null(pkg['reference'])) reference = pkg['reference'];
    if (!empty_or_null(pkg['sp'])) sp = pkg['sp'];
    if (!empty_or_null(pkg['cpu'])) _cpu = pkg['cpu'];
    if (!empty_or_null(pkg['el_string'])) el_string = pkg['el_string'];
    if (!empty_or_null(pkg['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = pkg['rpm_spec_vers_cmp'];
    if (!empty_or_null(pkg['epoch'])) epoch = pkg['epoch'];
    if (!empty_or_null(pkg['allowmaj'])) allowmaj = pkg['allowmaj'];
    if (!empty_or_null(pkg['exists_check'])) exists_check = pkg['exists_check'];
    if (!empty_or_null(pkg['cves'])) cves = pkg['cves'];
    if (reference &&
        ## (no known rpm to check OR known rpm_exists)
        (!exists_check || rpm_exists(rpm:exists_check)) &&
        rpm_check(sp:sp, cpu:_cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj, cves:cves)) flag++;
  }
}
if (flag)
{
  security_report_v4(
      port       : 0,
      severity   : SECURITY_HOLE,
      extra      : rpm_report_get()
  );
  exit(0);
}
else
{
  var tested = pkg_tests_get();
  if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
  else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'kernel / kernel-abi-whitelists / kernel-debug / kernel-debug-devel / etc');
}

Data

Build on a solid foundation with Vulners data

We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data

Api

Power your application with Vulners API

The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access

App

Assess and manage vulnerabilities with Vulners tools

Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation

Book a live demo
19 Jan 2026 00:00Current
6.8Medium risk
Vulners AI Score6.8
CVSS 27.2
CVSS 3.17.8
EPSS0.00424
linux kernel vulnerabilitymemory denial vulnerabilitytcp header bug
1