4.6 Medium
CVSS2
Attack Vector
LOCAL
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:L/AC:L/Au:N/C:P/I:P/A:P
8.1 High
CVSS3
Attack Vector
ADJACENT
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H
8.6 High
CVSS4
Attack Vector
LOCAL
Attack Complexity
HIGH
Privileges Required
LOW
User Interaction
NONE
CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/SC:H/VI:H/SI:H/VA:N/SA:N
8 High
AI Score
Confidence
High
0.002 Low
EPSS
Percentile
56.4%
The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2024:1188 advisory.
The kernel packages contain the Linux kernel, the core of any Linux operating system.
Security Fix(es):
* kernel: out-of-bounds write in hw_atl_utils_fw_rpc_wait() in drivers/net/ethernet/aquantia/atlantic/hw_atl/hw_atl_utils.c (CVE-2021-43975)
* kernel: memory leak in drivers/hid/hid-elo.c (CVE-2022-27950)
* kernel: use-after-free in tc_new_tfilter() in net/sched/cls_api.c (CVE-2022-1055)
* kernel: use-after-free when psi trigger is destroyed while being polled (CVE-2022-2938)
* kernel: u8 overflow problem in cfg80211_update_notlisted_nontrans() (CVE-2022-41674)
* kernel: use-after-free in bss_ref_get in net/wireless/scan.c (CVE-2022-42720)
* kernel: BSS list corruption in cfg80211_add_nontrans_list in net/wireless/scan.c (CVE-2022-42721)
* kernel: Denial of service in beacon protection for P2P-device (CVE-2022-42722)
* kernel: KVM: x86/mmu: race condition in direct_page_fault() (CVE-2022-45869)
* kernel: x86/mm: Randomize per-cpu entry area (CVE-2023-0597)
* kernel: Out-Of-Bounds Read vulnerability in smbCalcSize (CVE-2023-6606)
* kernel: refcount leak in ctnetlink_create_conntrack() (CVE-2023-7192)
* kernel: CIFS Filesystem Decryption Improper Input Validation Remote Code Execution Vulnerability in function receive_encrypted_standard of client (CVE-2024-0565)
* kernel: use-after-free during a race condition between a nonblocking atomic commit and a driver unload in drivers/gpu/drm/drm_atomic.c (CVE-2023-51043)
Bug Fix(es):
* kernel: u8 overflow problem in cfg80211_update_notlisted_nontrans() (JIRA:RHEL-18732)
* kernel: use-after-free in bss_ref_get in net/wireless/scan.c (JIRA:RHEL-18733)
* kernel: BSS list corruption in cfg80211_add_nontrans_list in net/wireless/scan.c (JIRA:RHEL-18734)
* kernel: Denial of service in beacon protection for P2P-device (JIRA:RHEL-18735)
* kernel: x86/mm: Randomize per-cpu entry area (JIRA:RHEL-18817)
* kernel: KVM: x86/mmu: race condition in direct_page_fault() (JIRA:RHEL-18829)
* kernel: refcount leak in ctnetlink_create_conntrack() (JIRA:RHEL-20297)
* kernel: use-after-free in tc_new_tfilter() in net/sched/cls_api.c (JIRA:RHEL-20363)
* kernel: Out-Of-Bounds Read vulnerability in smbCalcSize (JIRA:RHEL-21660)
* kernel: CIFS Filesystem Decryption Improper Input Validation Remote Code Execution Vulnerability in function receive_encrypted_standard of client (JIRA:RHEL-22075)
* kernel: use-after-free during a race condition between a nonblocking atomic commit and a driver unload in drivers/gpu/drm/drm_atomic.c (JIRA:RHEL-23475)
* kernel: memory leak in drivers/hid/hid-elo.c (JIRA:RHEL-18557)
* kernel: out-of-bounds write in hw_atl_utils_fw_rpc_wait() in drivers/net/ethernet/aquantia/atlantic/hw_atl/hw_atl_utils.c (JIRA:RHEL-18798)
* kernel: use-after-free when psi trigger is destroyed while being polled (JIRA:RHEL-21919)
* [RHVH] Migration hangs between RHVH release bellow 4.5.1 and RHVH over or equal 4.5.2 release (JIRA:RHEL-23061)
* backport smartpqi: fix disable_managed_interrupts (JIRA:RHEL-26137)
Enhancement(s):
* [MCHP 8.7 FEAT] Update smartpqi driver to latest upstream Second Set of Patches (JIRA:RHEL-21592)
* [IBM 8.10 FEAT] Upgrade the qeth driver to latest from upstream, e.g. kernel 6.4 (JIRA:RHEL-25809)
Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.
Note that Nessus has not tested for these issues but has instead relied only on the application’s self-reported version number.
#%NASL_MIN_LEVEL 80900
##
# (C) Tenable, Inc.
#
# The descriptive text and package checks in this plugin were
# extracted from Red Hat Security Advisory RHSA-2024:1188. The text
# itself is copyright (C) Red Hat, Inc.
##
include('compat.inc');
if (description)
{
script_id(191650);
script_version("1.2");
script_set_attribute(attribute:"plugin_modification_date", value:"2024/06/03");
script_cve_id(
"CVE-2021-43975",
"CVE-2022-1055",
"CVE-2022-2938",
"CVE-2022-27950",
"CVE-2022-41674",
"CVE-2022-42720",
"CVE-2022-42721",
"CVE-2022-42722",
"CVE-2022-45869",
"CVE-2023-0597",
"CVE-2023-6606",
"CVE-2023-7192",
"CVE-2023-51043",
"CVE-2024-0565"
);
script_xref(name:"RHSA", value:"2024:1188");
script_name(english:"RHEL 8 : kernel (RHSA-2024:1188)");
script_set_attribute(attribute:"synopsis", value:
"The remote Red Hat host is missing one or more security updates.");
script_set_attribute(attribute:"description", value:
"The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as
referenced in the RHSA-2024:1188 advisory.
The kernel packages contain the Linux kernel, the core of any Linux operating system.
Security Fix(es):
* kernel: out-of-bounds write in hw_atl_utils_fw_rpc_wait() in
drivers/net/ethernet/aquantia/atlantic/hw_atl/hw_atl_utils.c (CVE-2021-43975)
* kernel: memory leak in drivers/hid/hid-elo.c (CVE-2022-27950)
* kernel: use-after-free in tc_new_tfilter() in net/sched/cls_api.c (CVE-2022-1055)
* kernel: use-after-free when psi trigger is destroyed while being polled (CVE-2022-2938)
* kernel: u8 overflow problem in cfg80211_update_notlisted_nontrans() (CVE-2022-41674)
* kernel: use-after-free in bss_ref_get in net/wireless/scan.c (CVE-2022-42720)
* kernel: BSS list corruption in cfg80211_add_nontrans_list in net/wireless/scan.c (CVE-2022-42721)
* kernel: Denial of service in beacon protection for P2P-device (CVE-2022-42722)
* kernel: KVM: x86/mmu: race condition in direct_page_fault() (CVE-2022-45869)
* kernel: x86/mm: Randomize per-cpu entry area (CVE-2023-0597)
* kernel: Out-Of-Bounds Read vulnerability in smbCalcSize (CVE-2023-6606)
* kernel: refcount leak in ctnetlink_create_conntrack() (CVE-2023-7192)
* kernel: CIFS Filesystem Decryption Improper Input Validation Remote Code Execution Vulnerability in
function receive_encrypted_standard of client (CVE-2024-0565)
* kernel: use-after-free during a race condition between a nonblocking atomic commit and a driver unload
in drivers/gpu/drm/drm_atomic.c (CVE-2023-51043)
Bug Fix(es):
* kernel: u8 overflow problem in cfg80211_update_notlisted_nontrans() (JIRA:RHEL-18732)
* kernel: use-after-free in bss_ref_get in net/wireless/scan.c (JIRA:RHEL-18733)
* kernel: BSS list corruption in cfg80211_add_nontrans_list in net/wireless/scan.c (JIRA:RHEL-18734)
* kernel: Denial of service in beacon protection for P2P-device (JIRA:RHEL-18735)
* kernel: x86/mm: Randomize per-cpu entry area (JIRA:RHEL-18817)
* kernel: KVM: x86/mmu: race condition in direct_page_fault() (JIRA:RHEL-18829)
* kernel: refcount leak in ctnetlink_create_conntrack() (JIRA:RHEL-20297)
* kernel: use-after-free in tc_new_tfilter() in net/sched/cls_api.c (JIRA:RHEL-20363)
* kernel: Out-Of-Bounds Read vulnerability in smbCalcSize (JIRA:RHEL-21660)
* kernel: CIFS Filesystem Decryption Improper Input Validation Remote Code Execution Vulnerability in
function receive_encrypted_standard of client (JIRA:RHEL-22075)
* kernel: use-after-free during a race condition between a nonblocking atomic commit and a driver unload
in drivers/gpu/drm/drm_atomic.c (JIRA:RHEL-23475)
* kernel: memory leak in drivers/hid/hid-elo.c (JIRA:RHEL-18557)
* kernel: out-of-bounds write in hw_atl_utils_fw_rpc_wait() in
drivers/net/ethernet/aquantia/atlantic/hw_atl/hw_atl_utils.c (JIRA:RHEL-18798)
* kernel: use-after-free when psi trigger is destroyed while being polled (JIRA:RHEL-21919)
* [RHVH] Migration hangs between RHVH release bellow 4.5.1 and RHVH over or equal 4.5.2 release
(JIRA:RHEL-23061)
* backport smartpqi: fix disable_managed_interrupts (JIRA:RHEL-26137)
Enhancement(s):
* [MCHP 8.7 FEAT] Update smartpqi driver to latest upstream Second Set of Patches (JIRA:RHEL-21592)
* [IBM 8.10 FEAT] Upgrade the qeth driver to latest from upstream, e.g. kernel 6.4 (JIRA:RHEL-25809)
Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.
Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version
number.");
# https://access.redhat.com/security/data/csaf/v2/advisories/2024/rhsa-2024_1188.json
script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?a4193288");
script_set_attribute(attribute:"see_also", value:"https://access.redhat.com/security/updates/classification/#moderate");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=2024989");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=2069408");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=2070220");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=2120175");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=2134377");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=2134451");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=2134506");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=2134517");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=2151317");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=2165926");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=2253611");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=2256279");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=2258518");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=2260005");
script_set_attribute(attribute:"see_also", value:"https://access.redhat.com/errata/RHSA-2024:1188");
script_set_attribute(attribute:"solution", value:
"Update the affected packages.");
script_set_cvss_base_vector("CVSS2#AV:L/AC:L/Au:N/C:P/I:P/A:P");
script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C");
script_set_cvss3_base_vector("CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H");
script_set_cvss3_temporal_vector("CVSS:3.0/E:P/RL:O/RC:C");
script_set_attribute(attribute:"cvss_score_source", value:"CVE-2022-1055");
script_set_attribute(attribute:"cvss3_score_source", value:"CVE-2022-41674");
script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
script_set_attribute(attribute:"exploit_available", value:"true");
script_cwe_id(20, 120, 125, 191, 362, 401, 416, 705, 787);
script_set_attribute(attribute:"vendor_severity", value:"Moderate");
script_set_attribute(attribute:"vuln_publication_date", value:"2021/11/09");
script_set_attribute(attribute:"patch_publication_date", value:"2024/03/06");
script_set_attribute(attribute:"plugin_publication_date", value:"2024/03/06");
script_set_attribute(attribute:"plugin_type", value:"local");
script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:8");
script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:rhel_eus:8.6");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:bpftool");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:kernel");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:kernel-core");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:kernel-cross-headers");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:kernel-debug");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:kernel-debug-core");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:kernel-debug-devel");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:kernel-debug-modules");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:kernel-debug-modules-extra");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:kernel-devel");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:kernel-modules");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:kernel-modules-extra");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:kernel-tools");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:kernel-tools-libs");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:kernel-tools-libs-devel");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:kernel-zfcpdump");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:kernel-zfcpdump-core");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:kernel-zfcpdump-devel");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:kernel-zfcpdump-modules");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:kernel-zfcpdump-modules-extra");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:perf");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:python3-perf");
script_set_attribute(attribute:"generated_plugin", value:"current");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_family(english:"Red Hat Local Security Checks");
script_copyright(english:"This script is Copyright (C) 2024 and is owned by Tenable, Inc. or an Affiliate thereof.");
script_dependencies("ssh_get_info.nasl", "redhat_repos.nasl", "linux_alt_patch_detect.nasl");
script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list", "Host/cpu");
exit(0);
}
include('rpm.inc');
include('rhel.inc');
include('ksplice.inc');
if (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
var os_release = get_kb_item('Host/RedHat/release');
if (isnull(os_release) || 'Red Hat' >!< os_release) audit(AUDIT_OS_NOT, 'Red Hat');
var os_ver = pregmatch(pattern: "Red Hat Enterprise Linux.*release ([0-9]+(\.[0-9]+)?)", string:os_release);
if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'Red Hat');
os_ver = os_ver[1];
if (!rhel_check_release_list(operator: 'ge', os_version: os_ver, rhel_versions: ['8','8.6'])) audit(AUDIT_OS_NOT, 'Red Hat 8.x / 8.x', 'Red Hat ' + os_ver);
if (!get_kb_item('Host/RedHat/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);
var cpu = get_kb_item('Host/cpu');
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if ('x86_64' >!< cpu && cpu !~ "^i[3-6]86$" && 's390' >!< cpu && 'aarch64' >!< cpu && 'ppc' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Red Hat', cpu);
if (get_one_kb_item('Host/ksplice/kernel-cves'))
{
rm_kb_item(name:'Host/uptrack-uname-r');
var cve_list = make_list('CVE-2021-43975', 'CVE-2022-1055', 'CVE-2022-2938', 'CVE-2022-27950', 'CVE-2022-41674', 'CVE-2022-42720', 'CVE-2022-42721', 'CVE-2022-42722', 'CVE-2022-45869', 'CVE-2023-0597', 'CVE-2023-6606', 'CVE-2023-7192', 'CVE-2023-51043', 'CVE-2024-0565');
if (ksplice_cves_check(cve_list))
{
audit(AUDIT_PATCH_INSTALLED, 'KSplice hotfix for RHSA-2024:1188');
}
else
{
__rpm_report = ksplice_reporting_text();
}
}
var constraints = [
{
'repo_relative_urls': [
'content/aus/rhel8/8.6/x86_64/baseos/debug',
'content/aus/rhel8/8.6/x86_64/baseos/os',
'content/aus/rhel8/8.6/x86_64/baseos/source/SRPMS',
'content/e4s/rhel8/8.6/ppc64le/baseos/debug',
'content/e4s/rhel8/8.6/ppc64le/baseos/os',
'content/e4s/rhel8/8.6/ppc64le/baseos/source/SRPMS',
'content/e4s/rhel8/8.6/x86_64/baseos/debug',
'content/e4s/rhel8/8.6/x86_64/baseos/os',
'content/e4s/rhel8/8.6/x86_64/baseos/source/SRPMS',
'content/eus/rhel8/8.6/aarch64/baseos/debug',
'content/eus/rhel8/8.6/aarch64/baseos/os',
'content/eus/rhel8/8.6/aarch64/baseos/source/SRPMS',
'content/eus/rhel8/8.6/aarch64/codeready-builder/debug',
'content/eus/rhel8/8.6/aarch64/codeready-builder/os',
'content/eus/rhel8/8.6/aarch64/codeready-builder/source/SRPMS',
'content/eus/rhel8/8.6/ppc64le/baseos/debug',
'content/eus/rhel8/8.6/ppc64le/baseos/os',
'content/eus/rhel8/8.6/ppc64le/baseos/source/SRPMS',
'content/eus/rhel8/8.6/ppc64le/codeready-builder/debug',
'content/eus/rhel8/8.6/ppc64le/codeready-builder/os',
'content/eus/rhel8/8.6/ppc64le/codeready-builder/source/SRPMS',
'content/eus/rhel8/8.6/s390x/baseos/debug',
'content/eus/rhel8/8.6/s390x/baseos/os',
'content/eus/rhel8/8.6/s390x/baseos/source/SRPMS',
'content/eus/rhel8/8.6/s390x/codeready-builder/debug',
'content/eus/rhel8/8.6/s390x/codeready-builder/os',
'content/eus/rhel8/8.6/s390x/codeready-builder/source/SRPMS',
'content/eus/rhel8/8.6/x86_64/baseos/debug',
'content/eus/rhel8/8.6/x86_64/baseos/os',
'content/eus/rhel8/8.6/x86_64/baseos/source/SRPMS',
'content/eus/rhel8/8.6/x86_64/codeready-builder/debug',
'content/eus/rhel8/8.6/x86_64/codeready-builder/os',
'content/eus/rhel8/8.6/x86_64/codeready-builder/source/SRPMS',
'content/tus/rhel8/8.6/x86_64/baseos/debug',
'content/tus/rhel8/8.6/x86_64/baseos/os',
'content/tus/rhel8/8.6/x86_64/baseos/source/SRPMS'
],
'pkgs': [
{'reference':'bpftool-4.18.0-372.95.1.el8_6', 'sp':'6', 'release':'8', 'rpm_spec_vers_cmp':TRUE},
{'reference':'kernel-4.18.0-372.95.1.el8_6', 'sp':'6', 'release':'8', 'rpm_spec_vers_cmp':TRUE},
{'reference':'kernel-core-4.18.0-372.95.1.el8_6', 'sp':'6', 'release':'8', 'rpm_spec_vers_cmp':TRUE},
{'reference':'kernel-cross-headers-4.18.0-372.95.1.el8_6', 'sp':'6', 'release':'8', 'rpm_spec_vers_cmp':TRUE},
{'reference':'kernel-debug-4.18.0-372.95.1.el8_6', 'sp':'6', 'release':'8', 'rpm_spec_vers_cmp':TRUE},
{'reference':'kernel-debug-core-4.18.0-372.95.1.el8_6', 'sp':'6', 'release':'8', 'rpm_spec_vers_cmp':TRUE},
{'reference':'kernel-debug-devel-4.18.0-372.95.1.el8_6', 'sp':'6', 'release':'8', 'rpm_spec_vers_cmp':TRUE},
{'reference':'kernel-debug-modules-4.18.0-372.95.1.el8_6', 'sp':'6', 'release':'8', 'rpm_spec_vers_cmp':TRUE},
{'reference':'kernel-debug-modules-extra-4.18.0-372.95.1.el8_6', 'sp':'6', 'release':'8', 'rpm_spec_vers_cmp':TRUE},
{'reference':'kernel-devel-4.18.0-372.95.1.el8_6', 'sp':'6', 'release':'8', 'rpm_spec_vers_cmp':TRUE},
{'reference':'kernel-modules-4.18.0-372.95.1.el8_6', 'sp':'6', 'release':'8', 'rpm_spec_vers_cmp':TRUE},
{'reference':'kernel-modules-extra-4.18.0-372.95.1.el8_6', 'sp':'6', 'release':'8', 'rpm_spec_vers_cmp':TRUE},
{'reference':'kernel-tools-4.18.0-372.95.1.el8_6', 'sp':'6', 'release':'8', 'rpm_spec_vers_cmp':TRUE},
{'reference':'kernel-tools-libs-4.18.0-372.95.1.el8_6', 'sp':'6', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},
{'reference':'kernel-tools-libs-4.18.0-372.95.1.el8_6', 'sp':'6', 'cpu':'ppc64le', 'release':'8', 'rpm_spec_vers_cmp':TRUE},
{'reference':'kernel-tools-libs-4.18.0-372.95.1.el8_6', 'sp':'6', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},
{'reference':'kernel-tools-libs-devel-4.18.0-372.95.1.el8_6', 'sp':'6', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},
{'reference':'kernel-tools-libs-devel-4.18.0-372.95.1.el8_6', 'sp':'6', 'cpu':'ppc64le', 'release':'8', 'rpm_spec_vers_cmp':TRUE},
{'reference':'kernel-tools-libs-devel-4.18.0-372.95.1.el8_6', 'sp':'6', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},
{'reference':'kernel-zfcpdump-4.18.0-372.95.1.el8_6', 'sp':'6', 'cpu':'s390x', 'release':'8', 'rpm_spec_vers_cmp':TRUE},
{'reference':'kernel-zfcpdump-core-4.18.0-372.95.1.el8_6', 'sp':'6', 'cpu':'s390x', 'release':'8', 'rpm_spec_vers_cmp':TRUE},
{'reference':'kernel-zfcpdump-devel-4.18.0-372.95.1.el8_6', 'sp':'6', 'cpu':'s390x', 'release':'8', 'rpm_spec_vers_cmp':TRUE},
{'reference':'kernel-zfcpdump-modules-4.18.0-372.95.1.el8_6', 'sp':'6', 'cpu':'s390x', 'release':'8', 'rpm_spec_vers_cmp':TRUE},
{'reference':'kernel-zfcpdump-modules-extra-4.18.0-372.95.1.el8_6', 'sp':'6', 'cpu':'s390x', 'release':'8', 'rpm_spec_vers_cmp':TRUE},
{'reference':'perf-4.18.0-372.95.1.el8_6', 'sp':'6', 'release':'8', 'rpm_spec_vers_cmp':TRUE},
{'reference':'python3-perf-4.18.0-372.95.1.el8_6', 'sp':'6', 'release':'8', 'rpm_spec_vers_cmp':TRUE}
]
},
{
'repo_relative_urls': [
'content/dist/layered/rhel8/ppc64le/rhv-mgmt-agent/4/debug',
'content/dist/layered/rhel8/ppc64le/rhv-mgmt-agent/4/os',
'content/dist/layered/rhel8/ppc64le/rhv-mgmt-agent/4/source/SRPMS',
'content/dist/layered/rhel8/ppc64le/rhv-tools/4/debug',
'content/dist/layered/rhel8/ppc64le/rhv-tools/4/os',
'content/dist/layered/rhel8/ppc64le/rhv-tools/4/source/SRPMS',
'content/dist/layered/rhel8/x86_64/rhv-mgmt-agent/4/debug',
'content/dist/layered/rhel8/x86_64/rhv-mgmt-agent/4/os',
'content/dist/layered/rhel8/x86_64/rhv-mgmt-agent/4/source/SRPMS',
'content/dist/layered/rhel8/x86_64/rhv-tools/4/debug',
'content/dist/layered/rhel8/x86_64/rhv-tools/4/os',
'content/dist/layered/rhel8/x86_64/rhv-tools/4/source/SRPMS',
'content/dist/layered/rhel8/x86_64/rhvh-build/4/debug',
'content/dist/layered/rhel8/x86_64/rhvh-build/4/os',
'content/dist/layered/rhel8/x86_64/rhvh-build/4/source/SRPMS',
'content/dist/layered/rhel8/x86_64/rhvh/4/debug',
'content/dist/layered/rhel8/x86_64/rhvh/4/os',
'content/dist/layered/rhel8/x86_64/rhvh/4/source/SRPMS'
],
'pkgs': [
{'reference':'bpftool-4.18.0-372.95.1.el8_6', 'release':'8', 'rpm_spec_vers_cmp':TRUE},
{'reference':'kernel-4.18.0-372.95.1.el8_6', 'release':'8', 'rpm_spec_vers_cmp':TRUE},
{'reference':'kernel-core-4.18.0-372.95.1.el8_6', 'release':'8', 'rpm_spec_vers_cmp':TRUE},
{'reference':'kernel-cross-headers-4.18.0-372.95.1.el8_6', 'release':'8', 'rpm_spec_vers_cmp':TRUE},
{'reference':'kernel-debug-4.18.0-372.95.1.el8_6', 'release':'8', 'rpm_spec_vers_cmp':TRUE},
{'reference':'kernel-debug-core-4.18.0-372.95.1.el8_6', 'release':'8', 'rpm_spec_vers_cmp':TRUE},
{'reference':'kernel-debug-devel-4.18.0-372.95.1.el8_6', 'release':'8', 'rpm_spec_vers_cmp':TRUE},
{'reference':'kernel-debug-modules-4.18.0-372.95.1.el8_6', 'release':'8', 'rpm_spec_vers_cmp':TRUE},
{'reference':'kernel-debug-modules-extra-4.18.0-372.95.1.el8_6', 'release':'8', 'rpm_spec_vers_cmp':TRUE},
{'reference':'kernel-devel-4.18.0-372.95.1.el8_6', 'release':'8', 'rpm_spec_vers_cmp':TRUE},
{'reference':'kernel-modules-4.18.0-372.95.1.el8_6', 'release':'8', 'rpm_spec_vers_cmp':TRUE},
{'reference':'kernel-modules-extra-4.18.0-372.95.1.el8_6', 'release':'8', 'rpm_spec_vers_cmp':TRUE},
{'reference':'kernel-tools-4.18.0-372.95.1.el8_6', 'release':'8', 'rpm_spec_vers_cmp':TRUE},
{'reference':'kernel-tools-libs-4.18.0-372.95.1.el8_6', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},
{'reference':'kernel-tools-libs-4.18.0-372.95.1.el8_6', 'cpu':'ppc64le', 'release':'8', 'rpm_spec_vers_cmp':TRUE},
{'reference':'kernel-tools-libs-4.18.0-372.95.1.el8_6', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},
{'reference':'kernel-tools-libs-devel-4.18.0-372.95.1.el8_6', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},
{'reference':'kernel-tools-libs-devel-4.18.0-372.95.1.el8_6', 'cpu':'ppc64le', 'release':'8', 'rpm_spec_vers_cmp':TRUE},
{'reference':'kernel-tools-libs-devel-4.18.0-372.95.1.el8_6', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},
{'reference':'kernel-zfcpdump-4.18.0-372.95.1.el8_6', 'cpu':'s390x', 'release':'8', 'rpm_spec_vers_cmp':TRUE},
{'reference':'kernel-zfcpdump-core-4.18.0-372.95.1.el8_6', 'cpu':'s390x', 'release':'8', 'rpm_spec_vers_cmp':TRUE},
{'reference':'kernel-zfcpdump-devel-4.18.0-372.95.1.el8_6', 'cpu':'s390x', 'release':'8', 'rpm_spec_vers_cmp':TRUE},
{'reference':'kernel-zfcpdump-modules-4.18.0-372.95.1.el8_6', 'cpu':'s390x', 'release':'8', 'rpm_spec_vers_cmp':TRUE},
{'reference':'kernel-zfcpdump-modules-extra-4.18.0-372.95.1.el8_6', 'cpu':'s390x', 'release':'8', 'rpm_spec_vers_cmp':TRUE},
{'reference':'perf-4.18.0-372.95.1.el8_6', 'release':'8', 'rpm_spec_vers_cmp':TRUE},
{'reference':'python3-perf-4.18.0-372.95.1.el8_6', 'release':'8', 'rpm_spec_vers_cmp':TRUE}
]
}
];
var applicable_repo_urls = rhel_determine_applicable_repository_urls(constraints:constraints);
if(applicable_repo_urls == RHEL_REPOS_NO_OVERLAP_MESSAGE) exit(0, RHEL_REPO_NOT_ENABLED);
var flag = 0;
foreach var constraint_array ( constraints ) {
var repo_relative_urls = NULL;
if (!empty_or_null(constraint_array['repo_relative_urls'])) repo_relative_urls = constraint_array['repo_relative_urls'];
foreach var pkg ( constraint_array['pkgs'] ) {
var reference = NULL;
var _release = NULL;
var sp = NULL;
var _cpu = NULL;
var el_string = NULL;
var rpm_spec_vers_cmp = NULL;
var epoch = NULL;
var allowmaj = NULL;
var exists_check = NULL;
var cves = NULL;
if (!empty_or_null(pkg['reference'])) reference = pkg['reference'];
if (!empty_or_null(pkg['release'])) _release = 'RHEL' + pkg['release'];
if (!empty_or_null(pkg['sp'])) sp = pkg['sp'];
if (!empty_or_null(pkg['cpu'])) _cpu = pkg['cpu'];
if (!empty_or_null(pkg['el_string'])) el_string = pkg['el_string'];
if (!empty_or_null(pkg['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = pkg['rpm_spec_vers_cmp'];
if (!empty_or_null(pkg['epoch'])) epoch = pkg['epoch'];
if (!empty_or_null(pkg['allowmaj'])) allowmaj = pkg['allowmaj'];
if (!empty_or_null(pkg['exists_check'])) exists_check = pkg['exists_check'];
if (!empty_or_null(pkg['cves'])) cves = pkg['cves'];
if (reference &&
_release &&
rhel_decide_repo_relative_url_check(required_repo_url_list:repo_relative_urls) &&
(applicable_repo_urls || (!exists_check || rpm_exists(release:_release, rpm:exists_check))) &&
rpm_check(release:_release, sp:sp, cpu:_cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj, cves:cves)) flag++;
}
}
if (flag)
{
var extra = NULL;
if (isnull(applicable_repo_urls) || !applicable_repo_urls) extra = rpm_report_get() + redhat_report_repo_caveat();
else extra = rpm_report_get();
security_report_v4(
port : 0,
severity : SECURITY_WARNING,
extra : extra
);
exit(0);
}
else
{
var tested = pkg_tests_get();
if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'bpftool / kernel / kernel-core / kernel-cross-headers / etc');
}
Vendor | Product | Version | CPE |
---|---|---|---|
redhat | enterprise_linux | kernel-debug-core | p-cpe:/a:redhat:enterprise_linux:kernel-debug-core |
redhat | enterprise_linux | kernel-tools-libs-devel | p-cpe:/a:redhat:enterprise_linux:kernel-tools-libs-devel |
redhat | enterprise_linux | kernel-debug-devel | p-cpe:/a:redhat:enterprise_linux:kernel-debug-devel |
redhat | enterprise_linux | kernel-core | p-cpe:/a:redhat:enterprise_linux:kernel-core |
redhat | enterprise_linux | kernel-cross-headers | p-cpe:/a:redhat:enterprise_linux:kernel-cross-headers |
redhat | enterprise_linux | kernel-tools-libs | p-cpe:/a:redhat:enterprise_linux:kernel-tools-libs |
redhat | enterprise_linux | perf | p-cpe:/a:redhat:enterprise_linux:perf |
redhat | enterprise_linux | bpftool | p-cpe:/a:redhat:enterprise_linux:bpftool |
redhat | enterprise_linux | kernel-tools | p-cpe:/a:redhat:enterprise_linux:kernel-tools |
redhat | enterprise_linux | kernel-zfcpdump | p-cpe:/a:redhat:enterprise_linux:kernel-zfcpdump |
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43975
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1055
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-27950
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2938
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41674
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-42720
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-42721
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-42722
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-45869
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0597
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-51043
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-6606
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-7192
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-0565
www.nessus.org/u?a4193288
access.redhat.com/errata/RHSA-2024:1188
access.redhat.com/security/updates/classification/#moderate
bugzilla.redhat.com/show_bug.cgi?id=2024989
bugzilla.redhat.com/show_bug.cgi?id=2069408
bugzilla.redhat.com/show_bug.cgi?id=2070220
bugzilla.redhat.com/show_bug.cgi?id=2120175
bugzilla.redhat.com/show_bug.cgi?id=2134377
bugzilla.redhat.com/show_bug.cgi?id=2134451
bugzilla.redhat.com/show_bug.cgi?id=2134506
bugzilla.redhat.com/show_bug.cgi?id=2134517
bugzilla.redhat.com/show_bug.cgi?id=2151317
bugzilla.redhat.com/show_bug.cgi?id=2165926
bugzilla.redhat.com/show_bug.cgi?id=2253611
bugzilla.redhat.com/show_bug.cgi?id=2256279
bugzilla.redhat.com/show_bug.cgi?id=2258518
bugzilla.redhat.com/show_bug.cgi?id=2260005
4.6 Medium
CVSS2
Attack Vector
LOCAL
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:L/AC:L/Au:N/C:P/I:P/A:P
8.1 High
CVSS3
Attack Vector
ADJACENT
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H
8.6 High
CVSS4
Attack Vector
LOCAL
Attack Complexity
HIGH
Privileges Required
LOW
User Interaction
NONE
CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/SC:H/VI:H/SI:H/VA:N/SA:N
8 High
AI Score
Confidence
High
0.002 Low
EPSS
Percentile
56.4%