Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nessusThis script is Copyright (C) 2023 and is owned by Tenable, Inc. or an Affiliate thereof.ROCKY_LINUX_RLSA-2023-0979.NASL
HistoryMar 02, 2023 - 12:00 a.m.

Rocky Linux 9 : kernel-rt (RLSA-2023:0979)

2023-03-0200:00:00
This script is Copyright (C) 2023 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
56
JSON

The remote Rocky Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2023:0979 advisory.

  • A stack overflow flaw was found in the Linux kernel’s SYSCTL subsystem in how a user changes certain kernel parameters and variables. This flaw allows a local user to crash or potentially escalate their privileges on the system. (CVE-2022-4378)

  • An out-of-bounds memory access flaw was found in the Linux kernel Intel’s iSMT SMBus host controller driver in the way a user triggers the I2C_SMBUS_BLOCK_DATA (with the ioctl I2C_SMBUS) with malicious input data. This flaw allows a local user to crash the system. (CVE-2022-2873)

  • A vulnerability classified as critical was found in Linux Kernel. Affected by this vulnerability is the function l2cap_reassemble_sdu of the file net/bluetooth/l2cap_core.c of the component Bluetooth. The manipulation leads to use after free. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-211087. (CVE-2022-3564)

  • A use-after-free vulnerability was found in __nfs42_ssc_open() in fs/nfs/nfs4file.c in the Linux kernel.
    This flaw allows an attacker to conduct a remote denial (CVE-2022-4379)

  • A buffer overflow vulnerability was found in the Netfilter subsystem in the Linux Kernel. This issue could allow the leakage of both stack and heap addresses, and potentially allow Local Privilege Escalation to the root user via arbitrary code execution. (CVE-2023-0179)

Note that Nessus has not tested for these issues but has instead relied only on the application’s self-reported version number.

#%NASL_MIN_LEVEL 80900
##
# (C) Tenable, Inc.
#
# The package checks in this plugin were extracted from
# Rocky Linux Security Advisory RLSA-2023:0979.
##

include('compat.inc');

if (description)
{
  script_id(172046);
  script_version("1.4");
  script_set_attribute(attribute:"plugin_modification_date", value:"2023/09/01");

  script_cve_id(
    "CVE-2022-2873",
    "CVE-2022-3564",
    "CVE-2022-4378",
    "CVE-2022-4379",
    "CVE-2023-0179"
  );
  script_xref(name:"RLSA", value:"2023:0979");

  script_name(english:"Rocky Linux 9 : kernel-rt (RLSA-2023:0979)");

  script_set_attribute(attribute:"synopsis", value:
"The remote Rocky Linux host is missing one or more security updates.");
  script_set_attribute(attribute:"description", value:
"The remote Rocky Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the
RLSA-2023:0979 advisory.

  - A stack overflow flaw was found in the Linux kernel's SYSCTL subsystem in how a user changes certain
    kernel parameters and variables. This flaw allows a local user to crash or potentially escalate their
    privileges on the system. (CVE-2022-4378)

  - An out-of-bounds memory access flaw was found in the Linux kernel Intel's iSMT SMBus host controller
    driver in the way a user triggers the I2C_SMBUS_BLOCK_DATA (with the ioctl I2C_SMBUS) with malicious input
    data. This flaw allows a local user to crash the system. (CVE-2022-2873)

  - A vulnerability classified as critical was found in Linux Kernel. Affected by this vulnerability is the
    function l2cap_reassemble_sdu of the file net/bluetooth/l2cap_core.c of the component Bluetooth. The
    manipulation leads to use after free. It is recommended to apply a patch to fix this issue. The associated
    identifier of this vulnerability is VDB-211087. (CVE-2022-3564)

  - A use-after-free vulnerability was found in __nfs42_ssc_open() in fs/nfs/nfs4file.c in the Linux kernel.
    This flaw allows an attacker to conduct a remote denial (CVE-2022-4379)

  - A buffer overflow vulnerability was found in the Netfilter subsystem in the Linux Kernel. This issue could
    allow the leakage of both stack and heap addresses, and potentially allow Local Privilege Escalation to
    the root user via arbitrary code execution. (CVE-2023-0179)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version
number.");
  script_set_attribute(attribute:"see_also", value:"https://errata.rockylinux.org/RLSA-2023:0979");
  script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=2119048");
  script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=2150999");
  script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=2152548");
  script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=2152807");
  script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=2161713");
  script_set_attribute(attribute:"solution", value:
"Update the affected packages.");
  script_set_cvss_base_vector("CVSS2#AV:L/AC:L/Au:S/C:C/I:C/A:C");
  script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C");
  script_set_cvss3_base_vector("CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H");
  script_set_cvss3_temporal_vector("CVSS:3.0/E:P/RL:O/RC:C");
  script_set_attribute(attribute:"cvss_score_source", value:"CVE-2023-0179");

  script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"true");

  script_set_attribute(attribute:"vuln_publication_date", value:"2023/03/02");
  script_set_attribute(attribute:"patch_publication_date", value:"2023/03/02");
  script_set_attribute(attribute:"plugin_publication_date", value:"2023/03/02");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:rocky:linux:kernel-rt");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:rocky:linux:kernel-rt-core");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:rocky:linux:kernel-rt-debug");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:rocky:linux:kernel-rt-debug-core");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:rocky:linux:kernel-rt-debug-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:rocky:linux:kernel-rt-debug-devel");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:rocky:linux:kernel-rt-debug-kvm");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:rocky:linux:kernel-rt-debug-modules");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:rocky:linux:kernel-rt-debug-modules-extra");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:rocky:linux:kernel-rt-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:rocky:linux:kernel-rt-devel");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:rocky:linux:kernel-rt-kvm");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:rocky:linux:kernel-rt-modules");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:rocky:linux:kernel-rt-modules-extra");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:rocky:linux:9");
  script_set_attribute(attribute:"generated_plugin", value:"current");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"Rocky Linux Local Security Checks");

  script_copyright(english:"This script is Copyright (C) 2023 and is owned by Tenable, Inc. or an Affiliate thereof.");

  script_dependencies("ssh_get_info.nasl", "linux_alt_patch_detect.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/RockyLinux/release", "Host/RockyLinux/rpm-list", "Host/cpu");

  exit(0);
}


include('rpm.inc');
include('ksplice.inc');

if (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
var os_release = get_kb_item('Host/RockyLinux/release');
if (isnull(os_release) || 'Rocky Linux' >!< os_release) audit(AUDIT_OS_NOT, 'Rocky Linux');
var os_ver = pregmatch(pattern: "Rocky(?: Linux)? release ([0-9]+(\.[0-9]+)?)", string:os_release);
if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'Rocky Linux');
os_ver = os_ver[1];
if (! preg(pattern:"^9([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, 'Rocky Linux 9.x', 'Rocky Linux ' + os_ver);

if (!get_kb_item('Host/RockyLinux/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);

var cpu = get_kb_item('Host/cpu');
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if ('x86_64' >!< cpu && cpu !~ "^i[3-6]86$" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Rocky Linux', cpu);

if (get_one_kb_item('Host/ksplice/kernel-cves'))
{
  rm_kb_item(name:'Host/uptrack-uname-r');
  var cve_list = make_list('CVE-2022-2873', 'CVE-2022-3564', 'CVE-2022-4378', 'CVE-2022-4379', 'CVE-2023-0179');
  if (ksplice_cves_check(cve_list))
  {
    audit(AUDIT_PATCH_INSTALLED, 'KSplice hotfix for RLSA-2023:0979');
  }
  else
  {
    __rpm_report = ksplice_reporting_text();
  }
}

var pkgs = [
    {'reference':'kernel-rt-5.14.0-162.18.1.rt21.181.el9_1', 'cpu':'x86_64', 'release':'9', 'rpm_spec_vers_cmp':TRUE},
    {'reference':'kernel-rt-core-5.14.0-162.18.1.rt21.181.el9_1', 'cpu':'x86_64', 'release':'9', 'rpm_spec_vers_cmp':TRUE},
    {'reference':'kernel-rt-debug-5.14.0-162.18.1.rt21.181.el9_1', 'cpu':'x86_64', 'release':'9', 'rpm_spec_vers_cmp':TRUE},
    {'reference':'kernel-rt-debug-core-5.14.0-162.18.1.rt21.181.el9_1', 'cpu':'x86_64', 'release':'9', 'rpm_spec_vers_cmp':TRUE},
    {'reference':'kernel-rt-debug-debuginfo-5.14.0-162.18.1.rt21.181.el9_1', 'cpu':'x86_64', 'release':'9', 'rpm_spec_vers_cmp':TRUE},
    {'reference':'kernel-rt-debug-devel-5.14.0-162.18.1.rt21.181.el9_1', 'cpu':'x86_64', 'release':'9', 'rpm_spec_vers_cmp':TRUE},
    {'reference':'kernel-rt-debug-kvm-5.14.0-162.18.1.rt21.181.el9_1', 'cpu':'x86_64', 'release':'9', 'rpm_spec_vers_cmp':TRUE},
    {'reference':'kernel-rt-debug-modules-5.14.0-162.18.1.rt21.181.el9_1', 'cpu':'x86_64', 'release':'9', 'rpm_spec_vers_cmp':TRUE},
    {'reference':'kernel-rt-debug-modules-extra-5.14.0-162.18.1.rt21.181.el9_1', 'cpu':'x86_64', 'release':'9', 'rpm_spec_vers_cmp':TRUE},
    {'reference':'kernel-rt-debuginfo-5.14.0-162.18.1.rt21.181.el9_1', 'cpu':'x86_64', 'release':'9', 'rpm_spec_vers_cmp':TRUE},
    {'reference':'kernel-rt-devel-5.14.0-162.18.1.rt21.181.el9_1', 'cpu':'x86_64', 'release':'9', 'rpm_spec_vers_cmp':TRUE},
    {'reference':'kernel-rt-kvm-5.14.0-162.18.1.rt21.181.el9_1', 'cpu':'x86_64', 'release':'9', 'rpm_spec_vers_cmp':TRUE},
    {'reference':'kernel-rt-modules-5.14.0-162.18.1.rt21.181.el9_1', 'cpu':'x86_64', 'release':'9', 'rpm_spec_vers_cmp':TRUE},
    {'reference':'kernel-rt-modules-extra-5.14.0-162.18.1.rt21.181.el9_1', 'cpu':'x86_64', 'release':'9', 'rpm_spec_vers_cmp':TRUE}
];

var flag = 0;
foreach var package_array ( pkgs ) {
  var reference = NULL;
  var _release = NULL;
  var sp = NULL;
  var _cpu = NULL;
  var el_string = NULL;
  var rpm_spec_vers_cmp = NULL;
  var epoch = NULL;
  var allowmaj = NULL;
  var exists_check = NULL;
  if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];
  if (!empty_or_null(package_array['release'])) _release = 'Rocky-' + package_array['release'];
  if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];
  if (!empty_or_null(package_array['cpu'])) _cpu = package_array['cpu'];
  if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string'];
  if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];
  if (!empty_or_null(package_array['epoch'])) epoch = package_array['epoch'];
  if (!empty_or_null(package_array['allowmaj'])) allowmaj = package_array['allowmaj'];
  if (!empty_or_null(package_array['exists_check'])) exists_check = package_array['exists_check'];
  if (reference && _release && (!exists_check || rpm_exists(release:_release, rpm:exists_check))) {
    if (rpm_check(release:_release, sp:sp, cpu:_cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;
  }
}

if (flag)
{
  security_report_v4(
      port       : 0,
      severity   : SECURITY_WARNING,
      extra      : rpm_report_get()
  );
  exit(0);
}
else
{
  var tested = pkg_tests_get();
  if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
  else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'kernel-rt / kernel-rt-core / kernel-rt-debug / kernel-rt-debug-core / etc');
}
VendorProductVersionCPE
rockylinuxkernel-rtp-cpe:/a:rocky:linux:kernel-rt
rockylinuxkernel-rt-corep-cpe:/a:rocky:linux:kernel-rt-core
rockylinuxkernel-rt-debugp-cpe:/a:rocky:linux:kernel-rt-debug
rockylinuxkernel-rt-debug-corep-cpe:/a:rocky:linux:kernel-rt-debug-core
rockylinuxkernel-rt-debug-debuginfop-cpe:/a:rocky:linux:kernel-rt-debug-debuginfo
rockylinuxkernel-rt-debug-develp-cpe:/a:rocky:linux:kernel-rt-debug-devel
rockylinuxkernel-rt-debug-kvmp-cpe:/a:rocky:linux:kernel-rt-debug-kvm
rockylinuxkernel-rt-debug-modulesp-cpe:/a:rocky:linux:kernel-rt-debug-modules
rockylinuxkernel-rt-debug-modules-extrap-cpe:/a:rocky:linux:kernel-rt-debug-modules-extra
rockylinuxkernel-rt-debuginfop-cpe:/a:rocky:linux:kernel-rt-debuginfo
Rows per page:
1-10 of 151

Related

almalinux 2
nessus 76
osv 6
redhat 33
rocky 2
oraclelinux 11
virtuozzo 1
cbl_mariner 9
debiancve 5
prion 5
ubuntucve 5
redhatcve 4
cve 5
ibm 2
veracode 2
openvas 11
f5 3
ubuntu 2
githubexploit 4
redos 1
rosalinux 1
centos 1
fedora 8
almalinux
almalinux
Important: kernel security and bug fix update
2023-02-28 00:00:00
Important: kernel-rt security and bug fix update
2023-02-28 00:00:00
nessus
nessus
AlmaLinux 9 : kernel-rt (ALSA-2023:0979)
2023-02-28 00:00:00
RHEL 9 : kernel-rt (RHSA-2023:0979)
2023-02-28 00:00:00
Oracle Linux 9 : kernel (ELSA-2023-0951)
2023-03-01 00:00:00
osv
osv
Important: kernel security and bug fix update
2023-04-06 15:54:58
Important: kernel-rt security and bug fix update
2023-02-28 00:00:00
Important: kernel-rt security and bug fix update
2023-03-02 01:17:39
redhat
redhat
(RHSA-2023:0979) Important: kernel-rt security and bug fix update
2023-02-28 09:46:58
(RHSA-2023:0951) Important: kernel security and bug fix update
2023-02-28 07:52:58
(RHSA-2023:1008) Important: kpatch-patch security update
2023-02-28 11:39:02
rocky
rocky
kernel-rt security and bug fix update
2023-03-02 01:17:39
kernel security and bug fix update
2023-04-06 15:54:58
oraclelinux
oraclelinux
kernel security and bug fix update
2023-03-01 00:00:00
Unbreakable Enterprise kernel security update
2022-12-12 00:00:00
Unbreakable Enterprise kernel-container security update
2023-01-09 00:00:00
virtuozzo
virtuozzo
[Important] [Security] Virtuozzo ReadyKernel Patch 155.1 for Virtuozzo Hybrid Server 7.5
2023-03-27 00:00:00
cbl_mariner
cbl_mariner
CVE-2022-4379 affecting package kernel 5.10.174.1-1
2023-05-03 19:35:26
CVE-2022-4379 affecting package hyperv-daemons 5.15.87.1-1
2023-02-14 20:21:22
CVE-2022-4379 affecting package hyperv-daemons 5.10.172.1-1
2023-04-07 04:59:28
debiancve
debiancve
CVE-2022-4379
2023-01-10 22:15:14
CVE-2022-2873
2022-08-22 15:15:00
CVE-2022-4378
2023-01-05 16:15:11
prion
prion
Design/Logic Flaw
2023-01-10 22:15:00
Design/Logic Flaw
2022-08-22 15:15:00
Stack overflow
2023-01-05 16:15:00
ubuntucve
ubuntucve
CVE-2022-4379
2023-01-10 00:00:00
CVE-2022-2873
2022-08-22 00:00:00
CVE-2022-4378
2023-01-05 00:00:00
redhatcve
redhatcve
CVE-2022-4379
2022-12-27 19:04:50
CVE-2022-2873
2022-08-18 09:08:24
CVE-2022-4378
2022-12-12 13:04:58
cve
cve
CVE-2022-4379
2023-01-10 22:15:14
CVE-2022-2873
2022-08-22 15:15:00
CVE-2022-4378
2023-01-05 16:15:11
ibm
ibm
Security Bulletin: Vulnerabilities in Linux Kernel might affect IBM Spectrum Copy Data Management (CVE-2022-1280, CVE-2023-0386, CVE-2022-4269, CVE-2022-2873, CVE-2022-4378)
2023-06-16 19:23:44
Security Bulletin: Multiple Linux Kernel vulnerabilities may affect IBM Elastic Storage System
2023-08-11 07:13:16
veracode
veracode
Denial Of Service (DoS)
2023-03-13 00:47:38
Denial Of Service (DoS)
2022-12-06 12:17:34
openvas
openvas
Ubuntu: Security Advisory (USN-5799-1)
2023-01-11 00:00:00
CentOS: Security Advisory for bpftool (CESA-2023:4151)
2023-08-04 00:00:00
Fedora: Security Advisory for kernel (FEDORA-2023-0597579983)
2023-01-24 00:00:00
f5
f5
K000134768 : Linux kernel vulnerability CVE-2022-4378
2023-05-25 00:00:00
K000137186 : Linux kernel vulnerability CVE-2022-3564
2023-10-09 00:00:00
K000132425 : Linux kernel vulnerability CVE-2023-0179
2023-02-07 00:00:00
ubuntu
ubuntu
Linux kernel (OEM) vulnerability
2023-01-11 00:00:00
Linux kernel (OEM) vulnerability
2023-02-09 00:00:00
githubexploit
githubexploit
Exploit for Race Condition in Linux Linux Kernel
2023-09-14 09:07:11
Exploit for Race Condition in Linux Linux Kernel
2023-09-15 10:04:05
Exploit for Integer Overflow or Wraparound in Linux Linux Kernel
2023-03-16 02:20:52
redos
redos
ROS-20230915-09
2023-09-15 00:00:00
rosalinux
rosalinux
Advisory ROSA-SA-2023-2113
2023-02-14 13:01:31
centos
centos
bpftool, kernel, perf, python security update
2023-08-03 14:33:32
fedora
fedora
[SECURITY] Fedora 37 Update: kernel-6.1.7-200.fc37
2023-01-24 00:29:44
[SECURITY] Fedora 36 Update: kernel-6.1.7-100.fc36
2023-01-23 02:00:15
[SECURITY] Fedora 37 Update: kernel-tools-6.1.5-200.fc37
2023-01-15 02:01:34
JSON
Related for ROCKY_LINUX_RLSA-2023-0979.NASL
almalinux2nessus76osv6redhat33rocky2oraclelinux11virtuozzo1cbl_mariner9debiancve5prion5ubuntucve5redhatcve4cve5ibm2veracode2openvas11f53ubuntu2githubexploit4redos1rosalinux1centos1fedora8