Vulners
Lucene search
MiracleLinux 4 : kernel-2.6.32-573.22.1.el6 (AXSA:2016-195:03)
| Reporter | Title | Published | Views | Family All 109 |
|---|---|---|---|---|
 | CentOS 7 : kernel (CESA-2015:2152) | 2 Dec 201500:00 | – | nessus |
| CentOS 6 : kernel (CESA-2016:0494) | 24 Mar 201600:00 | – | nessus |
| Debian DLA-439-1 : linux-2.6 security update | 1 Mar 201600:00 | – | nessus |
| Debian DSA-3503-1 : linux - security update | 4 Mar 201600:00 | – | nessus |
| EulerOS 2.0 SP1 : kernel (EulerOS-SA-2016-1007) | 1 May 201700:00 | – | nessus |
| F5 Networks BIG-IP : Linux kernel vulnerability (K08440897) | 2 Sep 201600:00 | – | nessus |
| Oracle Linux 6 : kernel (ELSA-2016-0494) | 23 Mar 201600:00 | – | nessus |
| Oracle Linux 6 : kernel (ELSA-2016-0855) | 18 May 201600:00 | – | nessus |
| Oracle Linux 6 / 7 : Unbreakable Enterprise kernel (ELSA-2016-3528) | 25 Mar 201600:00 | – | nessus |
| OracleVM 3.3 : kernel-uek (OVMSA-2016-0046) | 9 May 201600:00 | – | nessus |
10
#%NASL_MIN_LEVEL 80900
##
# (C) Tenable, Inc.
#
# The package checks in this plugin were extracted from
# Miracle Linux Security Advisory AXSA:2016-195:03.
##
include('deprecated_nasl_level.inc');
include('compat.inc');
if (description)
{
script_id(288942);
script_version("1.2");
script_set_attribute(attribute:"plugin_modification_date", value:"2026/01/19");
script_cve_id("CVE-2016-0774");
script_name(english:"MiracleLinux 4 : kernel-2.6.32-573.22.1.el6 (AXSA:2016-195:03)");
script_set_attribute(attribute:"synopsis", value:
"The remote MiracleLinux host is missing a security update.");
script_set_attribute(attribute:"description", value:
"The remote MiracleLinux 4 host has packages installed that are affected by a vulnerability as referenced in the
AXSA:2016-195:03 advisory.
The kernel package contains the Linux kernel (vmlinuz), the core of any
Linux operating system. The kernel handles the basic functions
of the operating system: memory allocation, process allocation, device
input and output, etc.
Security issues fixed with this release:
CVE-2016-0774
** RESERVED **
This candidate has been reserved by an organization or individual that
will use it when announcing a new security problem. When the
candidate has been publicized, the details for this candidate will be
provided.
Fixed bugs:
* In the anon_vma structure, the degree counts number of child anon_vmas and of VMAs which points to this
anon_vma. Failure to decrement the parent's degree in the unlink_anon_vma() function, when its list was
empty, previously triggered a BUG_ON() assertion. The provided patch makes sure the anon_vma degree is
always decremented when the VMA list is empty, thus fixing this bug.
* When running Internet Protocol Security (IPSEC) on external storage encrypted with LUKS under a
substantial load on the system, data corruptions could previously occur. A set of upstream patches has
been provided, and data corruption is no longer reported in this situation.
* Due to prematurely decremented calc_load_task, the calculated load average was off by up to the number
of CPUs in the machine. As a consequence, job scheduling worked improperly causing a drop in the system
performance. This update keeps the delta of the CPU going into NO_HZ idle separately, and folds the
pending idle delta into the global active count while correctly aging the averages for the idle-duration
when leaving NO_HZ mode. Now, job scheduling works correctly, ensuring balanced CPU load.
* Due to a regression in the Asianux Server 6.7 kernel, the cgroup OOM notifier accessed a cgroup-specific
internal data structure without a proper locking protection, which led to a kernel panic. This update
adjusts the cgroup OOM notifier to lock internal data properly, thus fixing the bug.
* GFS2 had a rare timing window that sometimes caused it to reference an uninitialized variable.
Consequently, a kernel panic occurred. The code has been changed to reference the correct value during
this timing window, and the kernel no longer panics.
* Due to a race condition whereby a cache operation could be submitted after a cache object was killed,
the kernel occasionally crashed on systems running the cachefilesd service. The provided patch prevents
the race condition by adding serialization in the code that makes the object unavailable. As a result, all
subsequent operations targetted on the object are rejected and the kernel no longer crashes in this
scenario.
Enhancements:
* The lpfc driver has been updated to version 11.0.0.4.
Tenable has extracted the preceding description block directly from the MiracleLinux security advisory.
Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version
number.");
script_set_attribute(attribute:"see_also", value:"https://tsn.miraclelinux.com/en/node/6581");
script_set_attribute(attribute:"solution", value:
"Update the affected packages.");
script_set_cvss_base_vector("CVSS2#AV:L/AC:L/Au:N/C:P/I:N/A:C");
script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
script_set_cvss3_base_vector("CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H");
script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
script_set_attribute(attribute:"cvss_score_source", value:"CVE-2016-0774");
script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
script_set_attribute(attribute:"exploit_available", value:"false");
script_set_attribute(attribute:"vendor_severity", value:"Moderate");
script_set_attribute(attribute:"vuln_publication_date", value:"2015/11/19");
script_set_attribute(attribute:"patch_publication_date", value:"2016/04/03");
script_set_attribute(attribute:"plugin_publication_date", value:"2026/01/16");
script_set_attribute(attribute:"plugin_type", value:"local");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:miracle:linux:kernel");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:miracle:linux:kernel-abi-whitelists");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:miracle:linux:kernel-debug");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:miracle:linux:kernel-debug-devel");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:miracle:linux:kernel-devel");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:miracle:linux:kernel-firmware");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:miracle:linux:kernel-headers");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:miracle:linux:perf");
script_set_attribute(attribute:"cpe", value:"cpe:/o:miracle:linux:4");
script_set_attribute(attribute:"generated_plugin", value:"current");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_family(english:"Miracle Linux Local Security Checks");
script_copyright(english:"This script is Copyright (C) 2026 and is owned by Tenable, Inc. or an Affiliate thereof.");
script_dependencies("ssh_get_info.nasl");
script_require_keys("Host/local_checks_enabled", "Host/MiracleLinux/release", "Host/MiracleLinux/rpm-list", "Host/cpu");
exit(0);
}
include('rpm2.inc');
if (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
var os_product = get_kb_item('installed_os/local/SSH/0/product');
if (isnull(os_product) || 'MIRACLE LINUX' >!< os_product) audit(AUDIT_OS_NOT, 'MIRACLE LINUX');
var os_version = get_kb_item('installed_os/local/SSH/0/version');
if (isnull(os_version)) audit(AUDIT_UNKNOWN_APP_VER, 'MIRACLE LINUX');
if (! preg(pattern:"^4([^0-9]|$)", string:os_version)) audit(AUDIT_OS_NOT, 'MiracleLinux 4.x', 'MIRACLE LINUX ' + os_version);
if (!get_kb_item('Host/MiracleLinux/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);
var cpu = get_kb_item('Host/cpu');
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if ('aarch64' >!< cpu && 'ppc' >!< cpu && 's390' >!< cpu && 'x86_64' >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'MIRACLE LINUX', cpu);
var constraints = [
{
'release': '4',
'pkgs': [
{'reference':'kernel-2.6.32-573.22.1.el6', 'cpu':'i686', 'rpm_spec_vers_cmp':TRUE, 'epoch':'0'},
{'reference':'kernel-2.6.32-573.22.1.el6', 'cpu':'x86_64', 'rpm_spec_vers_cmp':TRUE, 'epoch':'0'},
{'reference':'kernel-abi-whitelists-2.6.32-573.22.1.el6', 'rpm_spec_vers_cmp':TRUE, 'epoch':'0'},
{'reference':'kernel-debug-2.6.32-573.22.1.el6', 'cpu':'i686', 'rpm_spec_vers_cmp':TRUE, 'epoch':'0'},
{'reference':'kernel-debug-2.6.32-573.22.1.el6', 'cpu':'x86_64', 'rpm_spec_vers_cmp':TRUE, 'epoch':'0'},
{'reference':'kernel-debug-devel-2.6.32-573.22.1.el6', 'cpu':'i686', 'rpm_spec_vers_cmp':TRUE, 'epoch':'0'},
{'reference':'kernel-debug-devel-2.6.32-573.22.1.el6', 'cpu':'x86_64', 'rpm_spec_vers_cmp':TRUE, 'epoch':'0'},
{'reference':'kernel-devel-2.6.32-573.22.1.el6', 'cpu':'i686', 'rpm_spec_vers_cmp':TRUE, 'epoch':'0'},
{'reference':'kernel-devel-2.6.32-573.22.1.el6', 'cpu':'x86_64', 'rpm_spec_vers_cmp':TRUE, 'epoch':'0'},
{'reference':'kernel-firmware-2.6.32-573.22.1.el6', 'rpm_spec_vers_cmp':TRUE, 'epoch':'0'},
{'reference':'kernel-headers-2.6.32-573.22.1.el6', 'cpu':'i686', 'rpm_spec_vers_cmp':TRUE, 'epoch':'0'},
{'reference':'kernel-headers-2.6.32-573.22.1.el6', 'cpu':'x86_64', 'rpm_spec_vers_cmp':TRUE, 'epoch':'0'},
{'reference':'perf-2.6.32-573.22.1.el6', 'cpu':'i686', 'rpm_spec_vers_cmp':TRUE, 'epoch':'0'},
{'reference':'perf-2.6.32-573.22.1.el6', 'cpu':'x86_64', 'rpm_spec_vers_cmp':TRUE, 'epoch':'0'}
]
}
];
var os_release = get_one_kb_item('installed_os/local/SSH/0/release');
var os_sp = get_one_kb_item('Host/*/minor_release');
var flag = 0;
var reference;
var sp;
var _cpu;
var el_string;
var rpm_spec_vers_cmp;
var epoch;
var allowmaj;
var exists_check;
var cves;
foreach var constraint ( constraints ) {
# Check that the target release is equal to the affected release
if (!empty_or_null(constraint['release'])){
if (constraint['release'] != os_release) continue;
}
if (!empty_or_null(constraint['sp'])){
if (constraint['sp'] != os_sp) continue;
}
foreach var pkg ( constraint['pkgs'] ) {
reference = NULL;
sp = NULL;
_cpu = NULL;
el_string = NULL;
rpm_spec_vers_cmp = NULL;
epoch = NULL;
allowmaj = NULL;
exists_check = NULL;
cves = NULL;
if (!empty_or_null(pkg['reference'])) reference = pkg['reference'];
if (!empty_or_null(pkg['sp'])) sp = pkg['sp'];
if (!empty_or_null(pkg['cpu'])) _cpu = pkg['cpu'];
if (!empty_or_null(pkg['el_string'])) el_string = pkg['el_string'];
if (!empty_or_null(pkg['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = pkg['rpm_spec_vers_cmp'];
if (!empty_or_null(pkg['epoch'])) epoch = pkg['epoch'];
if (!empty_or_null(pkg['allowmaj'])) allowmaj = pkg['allowmaj'];
if (!empty_or_null(pkg['exists_check'])) exists_check = pkg['exists_check'];
if (!empty_or_null(pkg['cves'])) cves = pkg['cves'];
if (reference &&
## (no known rpm to check OR known rpm_exists)
(!exists_check || rpm_exists(rpm:exists_check)) &&
rpm_check(sp:sp, cpu:_cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj, cves:cves)) flag++;
}
}
if (flag)
{
security_report_v4(
port : 0,
severity : SECURITY_WARNING,
extra : rpm_report_get()
);
exit(0);
}
else
{
var tested = pkg_tests_get();
if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'kernel / kernel-abi-whitelists / kernel-debug / kernel-debug-devel / etc');
}
Data
Build on a solid foundation with Vulners data
We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data
Api
Power your application with Vulners API
The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access
App
Assess and manage vulnerabilities with Vulners tools
Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation
19 Jan 2026 00:00Current
6.8Medium risk
Vulners AI Score6.8
CVSS 25.6
CVSS 36.8
EPSS0.00022