RHEL 8:kernel-rt (RHSA-2022: 1975)

critical Nessus Plugin ID 161034

Synopsis

遠端 Red Hat 主機缺少一個或多個安全性更新。

描述

遠端 Redhat Enterprise Linux 8 主機上安裝的多個套件受到 RHSA-2022: 1975 公告中提及的多個弱點影響。

- 核心:避免因格式錯誤的 USB 描述元而造成的循環實體鏈結 (CVE-2020-0404)

- 核心:drivers/tty/vt/keyboard.c 的 k_ascii() 中的整數溢位 (CVE-2020-13974)

- 核心:nouveau 核心模組中的釋放後使用 (CVE-2020-27820)

- 核心:filter.c 的 bpf_skb_change_head() 中因釋放後使用而造成超出邊界讀取 (CVE-2021-0941)

- 核心:基於 ICMP 片段所需封包回覆的新 DNS 快取毒害攻擊 (CVE-2021-20322)

- hw:cpu:CVE-2017-5715 的 LFENCE/JMP 緩解措施更新 (CVE-2021-26401)

- 核心:因 BPF JIT 分支位移計算錯誤而導致的本機權限提升 (CVE-2021-29154)

- 核心:joydev:傳遞給 joydev_handle_JSIOCSBTNMAP() 的零大小 (CVE-2021-3612)

- 核心:讀取 /proc/sysvipc/shm 不會隨著大量共用記憶體區段計數而縮放 (CVE-2021-3669)

- 核心:drivers/net/usb/hso.c 的 hso_free_net_device() 中發生釋放後使用 (CVE-2021-37159)

- 核心:net/qrtr/qrtr.c 的 qrtr_endpoint_post 中的越界讀取 (CVE-2021-3743)

- 核心:crypto:ccp - 修正了 ccp_run_aes_gcm_cmd() 中的資源洩漏弱點 (CVE-2021-3744)

- 核心:藍牙模組中可能發生釋放後使用 (CVE-2021-3752)

- 核心:Linux 核心中不明的 ipc 物件導致違反 memcg 限制和 DoS 攻擊 (CVE-2021-3759)

- 核心:ccp_run_aes_gcm_cmd() 函式中的 DoS (CVE-2021-3764)

- 核心:sctp:無效的區塊可用於遠端移除現有的關聯 (CVE-2021-3772)

- 核心:natd 和 netfilter 中缺少連接埠功能健全檢查,導致 OpenVPN 用戶端遭到惡意利用 (CVE-2021-3773)

- 核心:駐留於 hugetlbfs 的資料可能會洩漏或損毀 (CVE-2021-4002)

- 核心:CVE-2018-13405 的安全性迴歸 (CVE-2021-4037)

- 核心:取得參照後檢查 fget: 是否仍然存在 (CVE-2021-4083)

- 核心:decode_nfs_fh 函式中的緩衝區覆寫 (CVE-2021-4157)

- 核心:kernel/bpf/stackmap.c 的 prealloc_elms_and_freelist() 中的 eBPF 乘法整數溢位導致超出邊界寫入 (CVE-2021-41864)

- 核心:cgroup:使用開放時間認證和命名空間進行移轉 perm 檢查 (CVE-2021-4197)

- 核心:sk_peer_pid 和 sk_peer_cred 存取中的爭用情形 (CVE-2021-4203)

- 核心:firedtv 驅動程式中存在堆積緩衝區溢位弱點 (CVE-2021-42739)

- 核心:drivers/isdn/capi/kcapi.c 的 detach_capi_ctr 中有一個 array-index-out-bounds (CVE-2021-43389)

- 核心:drivers/net/wireless/marvell/mwifiex/usb.c 中的 mwifiex_usb_recv() 允許攻擊者透過特製的 USB 裝置造成 DoS (CVE-2021-43976)

- 核心:TEE 子系統中的釋放後使用 (CVE-2021-44733)

- 核心:IPv6 實作中的資訊洩漏 (CVE-2021-45485)

- 核心:IPv4 實作中的資訊洩漏 (CVE-2021-45486)

- hw:cpu:intel:分支歷程記錄插入 (BHI) (CVE-2022-0001)

- hw:cpu:intel:Intra-Mode BTI (CVE-2022-0002)

- 核心:bond_ipsec_add_sa 中的本機拒絕服務 (CVE-2022-0286)

- 核心:net/sctp/sm_make_chunk.c 的 sctp_addto_chunk 中的 DoS (CVE-2022-0322)

- 核心:FUSE 允許 UAF 讀取 write() 緩衝區,進而允許竊取 (部分) /etc/shadow 雜湊 (CVE-2022-1011)

請注意,Nessus 並未測試這些問題,而是僅依據應用程式自我報告的版本號碼。

解決方案

更新受影響的套件。

另請參閱

https://access.redhat.com/security/cve/CVE-2020-0404

https://access.redhat.com/security/cve/CVE-2020-13974

https://access.redhat.com/security/cve/CVE-2020-27820

https://access.redhat.com/security/cve/CVE-2021-0941

https://access.redhat.com/security/cve/CVE-2021-3612

https://access.redhat.com/security/cve/CVE-2021-3669

https://access.redhat.com/security/cve/CVE-2021-3743

https://access.redhat.com/security/cve/CVE-2021-3744

https://access.redhat.com/security/cve/CVE-2021-3752

https://access.redhat.com/security/cve/CVE-2021-3759

https://access.redhat.com/security/cve/CVE-2021-3764

https://access.redhat.com/security/cve/CVE-2021-3772

https://access.redhat.com/security/cve/CVE-2021-3773

https://access.redhat.com/security/cve/CVE-2021-4002

https://access.redhat.com/security/cve/CVE-2021-4037

https://access.redhat.com/security/cve/CVE-2021-4083

https://access.redhat.com/security/cve/CVE-2021-4157

https://access.redhat.com/security/cve/CVE-2021-4197

https://access.redhat.com/security/cve/CVE-2021-4203

https://access.redhat.com/security/cve/CVE-2021-20322

https://access.redhat.com/security/cve/CVE-2021-26401

https://access.redhat.com/security/cve/CVE-2021-29154

https://access.redhat.com/security/cve/CVE-2021-37159

https://access.redhat.com/security/cve/CVE-2021-41864

https://access.redhat.com/security/cve/CVE-2021-42739

https://access.redhat.com/security/cve/CVE-2021-43389

https://access.redhat.com/security/cve/CVE-2021-43976

https://access.redhat.com/security/cve/CVE-2021-44733

https://access.redhat.com/security/cve/CVE-2021-45485

https://access.redhat.com/security/cve/CVE-2021-45486

https://access.redhat.com/security/cve/CVE-2022-0001

https://access.redhat.com/security/cve/CVE-2022-0002

https://access.redhat.com/security/cve/CVE-2022-0286

https://access.redhat.com/security/cve/CVE-2022-0322

https://access.redhat.com/security/cve/CVE-2022-1011

https://access.redhat.com/errata/RHSA-2022:1975

https://bugzilla.redhat.com/1901726

https://bugzilla.redhat.com/1919791

https://bugzilla.redhat.com/1946684

https://bugzilla.redhat.com/1951739

https://bugzilla.redhat.com/1974079

https://bugzilla.redhat.com/1985353

https://bugzilla.redhat.com/1986473

https://bugzilla.redhat.com/1997467

https://bugzilla.redhat.com/1997961

https://bugzilla.redhat.com/1999544

https://bugzilla.redhat.com/1999675

https://bugzilla.redhat.com/2000627

https://bugzilla.redhat.com/2000694

https://bugzilla.redhat.com/2004949

https://bugzilla.redhat.com/2010463

https://bugzilla.redhat.com/2013180

https://bugzilla.redhat.com/2014230

https://bugzilla.redhat.com/2016169

https://bugzilla.redhat.com/2018205

https://bugzilla.redhat.com/2025003

https://bugzilla.redhat.com/2025726

https://bugzilla.redhat.com/2027239

https://bugzilla.redhat.com/2029923

https://bugzilla.redhat.com/2030747

https://bugzilla.redhat.com/2034342

https://bugzilla.redhat.com/2035652

https://bugzilla.redhat.com/2036934

https://bugzilla.redhat.com/2037019

https://bugzilla.redhat.com/2039911

https://bugzilla.redhat.com/2039914

https://bugzilla.redhat.com/2042822

https://bugzilla.redhat.com/2061700

https://bugzilla.redhat.com/2061712

https://bugzilla.redhat.com/2061721

https://bugzilla.redhat.com/2064855

Plugin 詳細資訊

嚴重性: Critical

ID: 161034

檔案名稱: redhat-RHSA-2022-1975.nasl

版本: 1.6

類型: local

代理程式: unix

已發布: 2022/5/11

已更新: 2022/9/22

支持的傳感器: Agentless Assessment, Frictionless Assessment Agent, Frictionless Assessment AWS, Frictionless Assessment Azure, Nessus Agent

風險資訊

VPR

風險因素: High

分數: 7.4

CVSS v2

風險因素: High

基本分數: 7.9

時間分數: 6.2

媒介: AV:A/AC:M/Au:N/C:C/I:C/A:C

時間媒介: E:POC/RL:OF/RC:C

CVSS 評分資料來源: CVE-2021-3752

CVSS v3

風險因素: Critical

基本分數: 9.8

時間分數: 8.8

媒介: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

時間媒介: E:P/RL:O/RC:C

CVSS 評分資料來源: CVE-2021-3773

弱點資訊

CPE: cpe:/o:redhat:enterprise_linux:8, cpe:/o:redhat:rhel_aus:8.6, cpe:/o:redhat:rhel_e4s:8.6, cpe:/o:redhat:rhel_eus:8.6, cpe:/o:redhat:rhel_tus:8.6, p-cpe:/a:redhat:enterprise_linux:kernel-rt, p-cpe:/a:redhat:enterprise_linux:kernel-rt-core, p-cpe:/a:redhat:enterprise_linux:kernel-rt-debug, p-cpe:/a:redhat:enterprise_linux:kernel-rt-debug-core, p-cpe:/a:redhat:enterprise_linux:kernel-rt-debug-devel, p-cpe:/a:redhat:enterprise_linux:kernel-rt-debug-kvm, p-cpe:/a:redhat:enterprise_linux:kernel-rt-debug-modules, p-cpe:/a:redhat:enterprise_linux:kernel-rt-debug-modules-extra, p-cpe:/a:redhat:enterprise_linux:kernel-rt-devel, p-cpe:/a:redhat:enterprise_linux:kernel-rt-kvm, p-cpe:/a:redhat:enterprise_linux:kernel-rt-modules, p-cpe:/a:redhat:enterprise_linux:kernel-rt-modules-extra

必要的 KB 項目: Host/local_checks_enabled, Host/RedHat/release, Host/RedHat/rpm-list, Host/cpu

可被惡意程式利用: true

可輕鬆利用: Exploits are available

修補程式發佈日期: 2022/5/10

弱點發布日期: 2022/5/10

參考資訊

CVE: CVE-2020-0404, CVE-2020-13974, CVE-2020-27820, CVE-2021-0941, CVE-2021-3612, CVE-2021-3669, CVE-2021-3743, CVE-2021-3744, CVE-2021-3752, CVE-2021-3759, CVE-2021-3764, CVE-2021-3772, CVE-2021-3773, CVE-2021-4002, CVE-2021-4037, CVE-2021-4083, CVE-2021-4157, CVE-2021-4197, CVE-2021-4203, CVE-2021-20322, CVE-2021-26401, CVE-2021-29154, CVE-2021-37159, CVE-2021-41864, CVE-2021-42739, CVE-2021-43389, CVE-2021-43976, CVE-2021-44733, CVE-2021-45485, CVE-2021-45486, CVE-2022-0001, CVE-2022-0002, CVE-2022-0286, CVE-2022-0322, CVE-2022-1011

RHSA: 2022:1975

CWE: 20, 119, 125, 129, 190, 200, 284, 287, 327, 330, 354, 362, 400, 401, 416, 459, 476, 681, 787, 908