MiracleLinux 7 : kernel-3.10.0-327.10.1.el7 (AXSA:2016-136:02)

#%NASL_MIN_LEVEL 80900
##
# (C) Tenable, Inc.
#
# The package checks in this plugin were extracted from
# Miracle Linux Security Advisory AXSA:2016-136:02.
##

include('deprecated_nasl_level.inc');
include('compat.inc');

if (description)
{
  script_id(289138);
  script_version("1.2");
  script_set_attribute(attribute:"plugin_modification_date", value:"2026/01/19");

  script_cve_id("CVE-2015-5157", "CVE-2015-7872");

  script_name(english:"MiracleLinux 7 : kernel-3.10.0-327.10.1.el7 (AXSA:2016-136:02)");

  script_set_attribute(attribute:"synopsis", value:
"The remote MiracleLinux host is missing one or more security updates.");
  script_set_attribute(attribute:"description", value:
"The remote MiracleLinux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the
AXSA:2016-136:02 advisory.

    The kernel package contains the Linux kernel (vmlinuz), the core of any
    Linux operating system.  The kernel handles the basic functions
    of the operating system: memory allocation, process allocation, device
    input and output, etc.
    Security issues fixed with this release:
    CVE-2015-5157
    arch/x86/entry/entry_64.S in the Linux kernel before 4.1.6 on the
    x86_64 platform mishandles IRET faults in processing NMIs that
    occurred during userspace execution, which might allow local users to
    gain privileges by triggering an NMI.
    CVE-2015-7872
    The key_gc_unused_keys function in security/keys/gc.c in the Linux
    kernel through 4.2.6 allows local users to cause a denial of service
    (OOPS) via crafted keyctl commands.
    Fixed bugs:
    * Previously, processing packets with a lot of different IPv6 source addresses caused the kernel to return
    warnings concerning soft-lockups due to high lock contention and latency increase. With this update, lock
    contention is reduced by backing off concurrent waiting threads on the lock. As a result, the kernel no
    longer issues warnings in the described scenario.
    * Prior to this update, block device readahead was artificially limited. As a consequence, the read
    performance was poor, especially on RAID devices. Now, per-device readahead limits are used for each
    device instead of a global limit. As a result, read performance has improved, especially on RAID devices.
    * After injecting an EEH error, the host was previously not recovering and observing I/O hangs in HTX tool
    logs. This update makes sure that when one or both of EEH_STATE_MMIO_ACTIVE and EEH_STATE_MMIO_ENABLED
    flags is marked in the PE state, the PE's IO path is regarded as enabled as well. As a result, the host no
    longer hangs and recovers as expected.
    * The genwqe device driver was previously using the GFP_ATOMIC flag for allocating consecutive memory
    pages from the kernel's atomic memory pool, even in non-atomic situations. This could lead to allocation
    failures during memory pressure. With this update, the genwqe driver's memory allocations use the
    GFP_KERNEL flag, and the driver can allocate memory even during memory pressure situations.
    * The nx842 co-processor for IBM Power Systems could in some circumstances provide invalid data due to a
    data corruption bug during uncompression. With this update, all compression and uncompression calls to the
    nx842 co-processor contain a cyclic redundancy check (CRC) flag, which forces all compression and
    uncompression operations to check data integrity and prevents the co-processor from providing corrupted
    data.
    * A failed updatepp operation on the little-endian variant of IBM Power Systems could previously cause a
    wrong hash value to be used for the next hash insert operation in the page table. This could result in a
    missing hash pte update or invalidate operation, potentially causing memory corruption. With this update,
    the hash value is always recalculated after a failed updatepp operation, avoiding memory corruption.
    * Large Receive Offload (LRO) flag disabling was not being propagated downwards from above devices in vlan
    and bond hierarchy, breaking the flow of traffic. This problem has been fixed and LRO flags now propagate
    correctly.
    * Due to rounding errors in the CPU frequency of the intel_pstate driver, the CPU frequency never reached
    the value requested by the user. A kernel patch has been applied to fix these rounding errors.
    * When running several containers (up to 100), reports of hung tasks were previously reported. This update
    fixes the AB-BA deadlock in the dm_destroy() function, and the hung reports no longer occur.

Tenable has extracted the preceding description block directly from the MiracleLinux security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version
number.");
  script_set_attribute(attribute:"see_also", value:"https://tsn.miraclelinux.com/en/node/6522");
  script_set_attribute(attribute:"solution", value:
"Update the affected packages.");
  script_set_cvss_base_vector("CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C");
  script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
  script_set_cvss3_base_vector("CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H");
  script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
  script_set_attribute(attribute:"cvss_score_source", value:"CVE-2015-5157");
  script_set_attribute(attribute:"cvss3_score_source", value:"CVE-2015-7872");

  script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"false");
  script_set_attribute(attribute:"vendor_severity", value:"High");

  script_set_attribute(attribute:"vuln_publication_date", value:"2015/07/23");
  script_set_attribute(attribute:"patch_publication_date", value:"2016/03/13");
  script_set_attribute(attribute:"plugin_publication_date", value:"2026/01/16");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:miracle:linux:kernel");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:miracle:linux:kernel-abi-whitelists");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:miracle:linux:kernel-debug");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:miracle:linux:kernel-debug-devel");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:miracle:linux:kernel-devel");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:miracle:linux:kernel-headers");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:miracle:linux:kernel-tools");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:miracle:linux:kernel-tools-libs");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:miracle:linux:perf");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:miracle:linux:python-perf");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:miracle:linux:7");
  script_set_attribute(attribute:"generated_plugin", value:"current");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"Miracle Linux Local Security Checks");

  script_copyright(english:"This script is Copyright (C) 2026 and is owned by Tenable, Inc. or an Affiliate thereof.");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/MiracleLinux/release", "Host/MiracleLinux/rpm-list", "Host/cpu");

  exit(0);
}


include('rpm2.inc');

if (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
var os_product = get_kb_item('installed_os/local/SSH/0/product');
if (isnull(os_product) || 'MIRACLE LINUX' >!< os_product) audit(AUDIT_OS_NOT, 'MIRACLE LINUX');
var os_version = get_kb_item('installed_os/local/SSH/0/version');
if (isnull(os_version)) audit(AUDIT_UNKNOWN_APP_VER, 'MIRACLE LINUX');
if (! preg(pattern:"^7([^0-9]|$)", string:os_version)) audit(AUDIT_OS_NOT, 'MiracleLinux 7.x', 'MIRACLE LINUX ' + os_version);

if (!get_kb_item('Host/MiracleLinux/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);

var cpu = get_kb_item('Host/cpu');
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if ('aarch64' >!< cpu && 'ppc' >!< cpu && 's390' >!< cpu && 'x86_64' >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'MIRACLE LINUX', cpu);

var constraints = [
  {
    'release': '7',
    'pkgs': [
      {'reference':'kernel-3.10.0-327.10.1.el7', 'cpu':'x86_64', 'rpm_spec_vers_cmp':TRUE, 'epoch':'0'},
      {'reference':'kernel-abi-whitelists-3.10.0-327.10.1.el7', 'rpm_spec_vers_cmp':TRUE, 'epoch':'0'},
      {'reference':'kernel-debug-3.10.0-327.10.1.el7', 'cpu':'x86_64', 'rpm_spec_vers_cmp':TRUE, 'epoch':'0'},
      {'reference':'kernel-debug-devel-3.10.0-327.10.1.el7', 'cpu':'x86_64', 'rpm_spec_vers_cmp':TRUE, 'epoch':'0'},
      {'reference':'kernel-devel-3.10.0-327.10.1.el7', 'cpu':'x86_64', 'rpm_spec_vers_cmp':TRUE, 'epoch':'0'},
      {'reference':'kernel-headers-3.10.0-327.10.1.el7', 'cpu':'x86_64', 'rpm_spec_vers_cmp':TRUE, 'epoch':'0'},
      {'reference':'kernel-tools-3.10.0-327.10.1.el7', 'cpu':'x86_64', 'rpm_spec_vers_cmp':TRUE, 'epoch':'0'},
      {'reference':'kernel-tools-libs-3.10.0-327.10.1.el7', 'cpu':'x86_64', 'rpm_spec_vers_cmp':TRUE, 'epoch':'0'},
      {'reference':'perf-3.10.0-327.10.1.el7', 'cpu':'x86_64', 'rpm_spec_vers_cmp':TRUE, 'epoch':'0'},
      {'reference':'python-perf-3.10.0-327.10.1.el7', 'cpu':'x86_64', 'rpm_spec_vers_cmp':TRUE, 'epoch':'0'}
    ]
  }
];

var os_release = get_one_kb_item('installed_os/local/SSH/0/release');
var os_sp = get_one_kb_item('Host/*/minor_release');

var flag = 0;
var reference;
var sp;
var _cpu;
var el_string;
var rpm_spec_vers_cmp;
var epoch;
var allowmaj;
var exists_check;
var cves;
foreach var constraint ( constraints ) {
  # Check that the target release is equal to the affected release
  if (!empty_or_null(constraint['release'])){
    if (constraint['release'] != os_release) continue;
  }
  if (!empty_or_null(constraint['sp'])){
    if (constraint['sp'] != os_sp) continue;
  }
  foreach var pkg ( constraint['pkgs'] ) {
    reference = NULL;
    sp = NULL;
    _cpu = NULL;
    el_string = NULL;
    rpm_spec_vers_cmp = NULL;
    epoch = NULL;
    allowmaj = NULL;
    exists_check = NULL;
    cves = NULL;
    if (!empty_or_null(pkg['reference'])) reference = pkg['reference'];
    if (!empty_or_null(pkg['sp'])) sp = pkg['sp'];
    if (!empty_or_null(pkg['cpu'])) _cpu = pkg['cpu'];
    if (!empty_or_null(pkg['el_string'])) el_string = pkg['el_string'];
    if (!empty_or_null(pkg['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = pkg['rpm_spec_vers_cmp'];
    if (!empty_or_null(pkg['epoch'])) epoch = pkg['epoch'];
    if (!empty_or_null(pkg['allowmaj'])) allowmaj = pkg['allowmaj'];
    if (!empty_or_null(pkg['exists_check'])) exists_check = pkg['exists_check'];
    if (!empty_or_null(pkg['cves'])) cves = pkg['cves'];
    if (reference &&
        ## (no known rpm to check OR known rpm_exists)
        (!exists_check || rpm_exists(rpm:exists_check)) &&
        rpm_check(sp:sp, cpu:_cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj, cves:cves)) flag++;
  }
}
if (flag)
{
  security_report_v4(
      port       : 0,
      severity   : SECURITY_HOLE,
      extra      : rpm_report_get()
  );
  exit(0);
}
else
{
  var tested = pkg_tests_get();
  if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
  else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'kernel / kernel-abi-whitelists / kernel-debug / kernel-debug-devel / etc');
}