urlscan.io logo urlscan.io
SecurityTrails logo

www.tenable.com Open in urlscan Pro
2606:4700:4400::ac40:92c0  Public Scan

Back to summary
URL: https://www.tenable.com/plugins/nessus/181886
Submission: On October 25 via api from EG — Scanned from DE

Form analysis 0 forms found in the DOM

Text Content

 * 
 * Plugins

 * Settings
   
   LINKS
   
   Tenable Cloud Tenable Community & Support Tenable University
   
   Severity
   VPRCVSS v2CVSS v3
   
   Theme
   LightDarkAuto
   
   Help


 * 
 * Plugins
   OverviewPlugins PipelineNewestUpdatedSearchNessus FamiliesWAS FamiliesNNM
   FamiliesLCE FamiliesTenable OT Security FamiliesAbout Plugin FamiliesRelease
   Notes
 * Audits
   OverviewNewestUpdatedSearch Audit FilesSearch
   ItemsReferencesAuthoritiesDocumentationDownload All Audit Files
 * Policies
   OverviewSearchAWS ResourcesAzure ResourcesGCP ResourcesKubernetes Resources
 * Indicators
   OverviewSearchIndicators of AttackIndicators of Exposure
 * CVEs
   OverviewNewestSearch
 * Attack Path Techniques
   OverviewSearch
    * Links
      Tenable CloudTenable Community & SupportTenable University
    * Settings
      Severity
      VPRCVSS v2CVSS v3
      Theme
      LightDarkAuto

DETECTIONS

 * Plugins
   OverviewPlugins PipelineRelease NotesNewestUpdatedSearchNessus FamiliesWAS
   FamiliesNNM FamiliesLCE FamiliesTenable OT Security FamiliesAbout Plugin
   Families
 * Audits
   OverviewNewestUpdatedSearch Audit FilesSearch
   ItemsReferencesAuthoritiesDocumentationDownload All Audit Files
 * Policies
   OverviewSearchAWS ResourcesAzure ResourcesGCP ResourcesKubernetes Resources
 * Indicators
   OverviewSearchIndicators of AttackIndicators of Exposure

ANALYTICS

 * CVEs
   OverviewNewestSearch
 * Attack Path Techniques
   OverviewSearch

 1. Plugins
 2. Nessus
 3. 181886

 1. Nessus


ROCKY LINUX 8 : KERNEL (RLSA-2023:5244)

HIGH NESSUS PLUGIN ID 181886

 * Information
 * Dependencies
 * Dependents
 * Changelog

SYNOPSIS

The remote Rocky Linux host is missing one or more security updates.


DESCRIPTION

The remote Rocky Linux 8 host has packages installed that are affected by
multiple vulnerabilities as referenced in the RLSA-2023:5244 advisory.

- A vulnerability was found in the HCI sockets implementation due to a missing
capability check in net/bluetooth/hci_sock.c in the Linux Kernel. This flaw
allows an attacker to unauthorized execution of management commands,
compromising the confidentiality, integrity, and availability of Bluetooth
communication. (CVE-2023-2002)

- An issue in Zen 2 CPUs, under specific microarchitectural circumstances, may
allow an attacker to potentially access sensitive information. (CVE-2023-20593)

- A heap out-of-bounds write vulnerability in the Linux Kernel ipvlan network
driver can be exploited to achieve local privilege escalation. The out-of-bounds
write is caused by missing skb->cb initialization in the ipvlan network driver.
The vulnerability is reachable if CONFIG_IPVLAN is enabled. We recommend
upgrading past commit 90cbed5247439a966b645b34eb0a2e037836ea8e. (CVE-2023-3090)

- A use-after-free vulnerability was found in the Linux kernel's netfilter
subsystem in net/netfilter/nf_tables_api.c. Mishandled error handling with
NFT_MSG_NEWRULE makes it possible to use a dangling pointer in the same
transaction causing a use-after-free vulnerability. This flaw allows a local
attacker with user access to cause a privilege escalation issue. We recommend
upgrading past commit 1240eb93f0616b21c675416516ff3d74798fdc97. (CVE-2023-3390)

- Linux Kernel nftables Out-Of-Bounds Read/Write Vulnerability; nft_byteorder
poorly handled vm register contents when CAP_NET_ADMIN is in any user or network
namespace (CVE-2023-35001)

- An issue was discovered in fl_set_geneve_opt in net/sched/cls_flower.c in the
Linux kernel before 6.3.7.
It allows an out-of-bounds write in the flower classifier code via
TCA_FLOWER_KEY_ENC_OPTS_GENEVE packets.
This may result in denial of service or privilege escalation. (CVE-2023-35788)

- A use-after-free vulnerability in the Linux kernel's net/sched: cls_fw
component can be exploited to achieve local privilege escalation. If
tcf_change_indev() fails, fw_set_parms() will immediately return an error after
incrementing or decrementing the reference counter in tcf_bind_filter(). If an
attacker can control the reference counter and set it to zero, they can cause
the reference to be freed, leading to a use-after-free vulnerability. We
recommend upgrading past commit 0323bce598eea038714f941ce2b22541c46d488f.
(CVE-2023-3776)

- A use-after-free flaw was found in the Linux kernel's netfilter in the way a
user triggers the nft_pipapo_remove function with the element, without a
NFT_SET_EXT_KEY_END. This issue could allow a local user to crash the system or
potentially escalate their privileges on the system. (CVE-2023-4004)

Note that Nessus has not tested for these issues but has instead relied only on
the application's self-reported version number.


SOLUTION

Update the affected packages.


SEE ALSO

https://errata.rockylinux.org/RLSA-2023:5244

https://bugzilla.redhat.com/show_bug.cgi?id=2187308

https://bugzilla.redhat.com/show_bug.cgi?id=2213260

https://bugzilla.redhat.com/show_bug.cgi?id=2215768

https://bugzilla.redhat.com/show_bug.cgi?id=2217845

https://bugzilla.redhat.com/show_bug.cgi?id=2218672

https://bugzilla.redhat.com/show_bug.cgi?id=2220892

https://bugzilla.redhat.com/show_bug.cgi?id=2225097

https://bugzilla.redhat.com/show_bug.cgi?id=2225275

PLUGIN DETAILS

Severity: High

ID: 181886

File Name: rocky_linux_RLSA-2023-5244.nasl

Version: 1.0

Type: local

Family: Rocky Linux Local Security Checks

Published: 9/26/2023

Updated: 9/26/2023





RISK INFORMATION



VPR

Risk Factor: High

Score: 7.4

CVSS V2

Risk Factor: Medium

Base Score: 6.8

Temporal Score: 5.3

Vector: CVSS2#AV:L/AC:L/Au:S/C:C/I:C/A:C



CVSS Score Source: CVE-2023-4004

CVSS V3

Risk Factor: High

Base Score: 7.8

Temporal Score: 7

Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Temporal Vector: CVSS:3.0/E:P/RL:O/RC:C



VULNERABILITY INFORMATION

CPE: p-cpe:/a:rocky:linux:kernel-core,
p-cpe:/a:rocky:linux:kernel-debug-debuginfo, p-cpe:/a:rocky:linux:kernel-tools,
p-cpe:/a:rocky:linux:kernel-tools-libs, p-cpe:/a:rocky:linux:bpftool-debuginfo,
p-cpe:/a:rocky:linux:bpftool, p-cpe:/a:rocky:linux:kernel-modules-extra,
p-cpe:/a:rocky:linux:python3-perf, p-cpe:/a:rocky:linux:kernel-devel,
p-cpe:/a:rocky:linux:kernel, p-cpe:/a:rocky:linux:kernel-tools-libs-devel,
p-cpe:/a:rocky:linux:perf-debuginfo, p-cpe:/a:rocky:linux:perf,
p-cpe:/a:rocky:linux:python3-perf-debuginfo,
p-cpe:/a:rocky:linux:kernel-debug-core, p-cpe:/a:rocky:linux:kernel-debug-devel,
p-cpe:/a:rocky:linux:kernel-debug-modules-extra,
p-cpe:/a:rocky:linux:kernel-headers, p-cpe:/a:rocky:linux:kernel-debug,
p-cpe:/a:rocky:linux:kernel-debug-modules,
p-cpe:/a:rocky:linux:kernel-debuginfo,
p-cpe:/a:rocky:linux:kernel-tools-debuginfo, cpe:/o:rocky:linux:8,
p-cpe:/a:rocky:linux:kernel-abi-stablelists,
p-cpe:/a:rocky:linux:kernel-cross-headers,
p-cpe:/a:rocky:linux:kernel-debuginfo-common-aarch64,
p-cpe:/a:rocky:linux:kernel-modules

Required KB Items: Host/local_checks_enabled, Host/RockyLinux/release,
Host/RockyLinux/rpm-list, Host/cpu

Exploit Available: true

Exploit Ease: Exploits are available



Patch Publication Date: 9/26/2023

Vulnerability Publication Date: 4/27/2023



REFERENCE INFORMATION

CVE: CVE-2023-2002, CVE-2023-20593, CVE-2023-3090, CVE-2023-3390,
CVE-2023-35001, CVE-2023-35788, CVE-2023-3776, CVE-2023-4004


 * Tenable.com
 * Community & Support
 * Documentation
 * Education

 * © 2023 Tenable®, Inc. All Rights Reserved
 * Privacy Policy
 * Legal
 * 508 Compliance