RHEL 8:kernel-rt (RHSA-2022: 1975)
critical Nessus Plugin ID 161034
語系:
概要
遠端 Red Hat 主機缺少一個或多個安全性更新。描述
遠端 Redhat Enterprise Linux 8 主機上安裝的多個套件受到 RHSA-2022: 1975 公告中提及的多個弱點影響。- 核心:避免因格式錯誤的 USB 描述元而造成的循環實體鏈結 (CVE-2020-0404)
- 核心:drivers/tty/vt/keyboard.c 的 k_ascii() 中的整數溢位 (CVE-2020-13974)
- 核心:nouveau 核心模組中的釋放後使用 (CVE-2020-27820)
- 核心:filter.c 的 bpf_skb_change_head() 中因釋放後使用而造成超出邊界讀取 (CVE-2021-0941)
- 核心:基於 ICMP 片段所需封包回覆的新 DNS 快取毒害攻擊 (CVE-2021-20322)
- hw:cpu:CVE-2017-5715 的 LFENCE/JMP 緩解措施更新 (CVE-2021-26401)
- 核心:因 BPF JIT 分支位移計算錯誤而導致的本機權限提升 (CVE-2021-29154)
- 核心:joydev:傳遞給 joydev_handle_JSIOCSBTNMAP() 的零大小 (CVE-2021-3612)
- 核心:讀取 /proc/sysvipc/shm 不會隨著大量共用記憶體區段計數而縮放 (CVE-2021-3669)
- 核心:drivers/net/usb/hso.c 的 hso_free_net_device() 中發生釋放後使用 (CVE-2021-37159)
- 核心:net/qrtr/qrtr.c 的 qrtr_endpoint_post 中的越界讀取 (CVE-2021-3743)
- 核心:crypto:ccp - 修正了 ccp_run_aes_gcm_cmd() 中的資源洩漏弱點 (CVE-2021-3744)
- 核心:藍牙模組中可能發生釋放後使用 (CVE-2021-3752)
- 核心:Linux 核心中不明的 ipc 物件導致違反 memcg 限制和 DoS 攻擊 (CVE-2021-3759)
- 核心:ccp_run_aes_gcm_cmd() 函式中的 DoS (CVE-2021-3764)
- 核心:sctp:無效的區塊可用於遠端移除現有的關聯 (CVE-2021-3772)
- 核心:natd 和 netfilter 中缺少連接埠功能健全檢查,導致 OpenVPN 用戶端遭到惡意利用 (CVE-2021-3773)
- 核心:駐留於 hugetlbfs 的資料可能會洩漏或損毀 (CVE-2021-4002)
- 核心:CVE-2018-13405 的安全性迴歸 (CVE-2021-4037)
- 核心:取得參照後檢查 fget: 是否仍然存在 (CVE-2021-4083)
- 核心:decode_nfs_fh 函式中的緩衝區覆寫 (CVE-2021-4157)
- 核心:kernel/bpf/stackmap.c 的 prealloc_elms_and_freelist() 中的 eBPF 乘法整數溢位導致超出邊界寫入 (CVE-2021-41864)
- 核心:cgroup:使用開放時間認證和命名空間進行移轉 perm 檢查 (CVE-2021-4197)
- 核心:sk_peer_pid 和 sk_peer_cred 存取中的爭用情形 (CVE-2021-4203)
- 核心:firedtv 驅動程式中存在堆積緩衝區溢位弱點 (CVE-2021-42739)
- 核心:drivers/isdn/capi/kcapi.c 的 detach_capi_ctr 中有一個 array-index-out-bounds (CVE-2021-43389)
- 核心:drivers/net/wireless/marvell/mwifiex/usb.c 中的 mwifiex_usb_recv() 允許攻擊者透過特製的 USB 裝置造成 DoS (CVE-2021-43976)
- 核心:TEE 子系統中的釋放後使用 (CVE-2021-44733)
- 核心:IPv6 實作中的資訊洩漏 (CVE-2021-45485)
- 核心:IPv4 實作中的資訊洩漏 (CVE-2021-45486)
- hw:cpu:intel:分支歷程記錄插入 (BHI) (CVE-2022-0001)
- hw:cpu:intel:Intra-Mode BTI (CVE-2022-0002)
- 核心:bond_ipsec_add_sa 中的本機拒絕服務 (CVE-2022-0286)
- 核心:net/sctp/sm_make_chunk.c 的 sctp_addto_chunk 中的 DoS (CVE-2022-0322)
- 核心:FUSE 允許 UAF 讀取 write() 緩衝區,進而允許竊取 (部分) /etc/shadow 雜湊 (CVE-2022-1011)
請注意,Nessus 並未測試這些問題,而是僅依據應用程式自我報告的版本號碼。
解決方案
更新受影響的套件。另請參閱
https://access.redhat.com/security/cve/CVE-2021-3744
https://access.redhat.com/security/cve/CVE-2021-3752
https://access.redhat.com/security/cve/CVE-2021-3759
https://access.redhat.com/security/cve/CVE-2021-3764
https://access.redhat.com/security/cve/CVE-2021-3772
https://access.redhat.com/security/cve/CVE-2021-3773
https://access.redhat.com/security/cve/CVE-2021-4002
https://access.redhat.com/security/cve/CVE-2021-4037
https://access.redhat.com/security/cve/CVE-2021-4083
https://access.redhat.com/security/cve/CVE-2021-4157
https://access.redhat.com/security/cve/CVE-2021-4197
https://access.redhat.com/security/cve/CVE-2021-4203
https://access.redhat.com/security/cve/CVE-2021-20322
https://access.redhat.com/security/cve/CVE-2021-26401
https://access.redhat.com/security/cve/CVE-2021-29154
https://access.redhat.com/security/cve/CVE-2021-37159
https://access.redhat.com/security/cve/CVE-2021-41864
https://access.redhat.com/security/cve/CVE-2021-42739
https://access.redhat.com/security/cve/CVE-2021-43389
https://access.redhat.com/security/cve/CVE-2021-43976
https://access.redhat.com/security/cve/CVE-2021-44733
https://access.redhat.com/security/cve/CVE-2021-45485
https://access.redhat.com/security/cve/CVE-2021-45486
https://access.redhat.com/security/cve/CVE-2022-0001
https://access.redhat.com/security/cve/CVE-2022-0002
https://access.redhat.com/security/cve/CVE-2022-0286
https://access.redhat.com/security/cve/CVE-2022-0322
https://access.redhat.com/security/cve/CVE-2022-1011
https://access.redhat.com/errata/RHSA-2022:1975
https://bugzilla.redhat.com/1901726
https://bugzilla.redhat.com/1919791
https://bugzilla.redhat.com/1946684
https://bugzilla.redhat.com/1951739
https://bugzilla.redhat.com/1974079
https://bugzilla.redhat.com/1985353
https://bugzilla.redhat.com/1986473
https://bugzilla.redhat.com/1997467
https://bugzilla.redhat.com/1997961
https://bugzilla.redhat.com/1999544
https://bugzilla.redhat.com/1999675
https://bugzilla.redhat.com/2000627
https://bugzilla.redhat.com/2000694
https://bugzilla.redhat.com/2004949
https://bugzilla.redhat.com/2010463
https://bugzilla.redhat.com/2013180
https://bugzilla.redhat.com/2014230
https://bugzilla.redhat.com/2016169
https://bugzilla.redhat.com/2018205
https://bugzilla.redhat.com/2025003
https://bugzilla.redhat.com/2025726
https://bugzilla.redhat.com/2027239
https://bugzilla.redhat.com/2029923
https://bugzilla.redhat.com/2030747
https://bugzilla.redhat.com/2034342
https://bugzilla.redhat.com/2035652
https://bugzilla.redhat.com/2036934
https://bugzilla.redhat.com/2037019
https://bugzilla.redhat.com/2039911
https://bugzilla.redhat.com/2039914
https://bugzilla.redhat.com/2042822
https://bugzilla.redhat.com/2061700
https://bugzilla.redhat.com/2061712
https://bugzilla.redhat.com/2061721
https://bugzilla.redhat.com/2064855
https://access.redhat.com/security/cve/CVE-2020-0404
https://access.redhat.com/security/cve/CVE-2020-13974
https://access.redhat.com/security/cve/CVE-2020-27820
https://access.redhat.com/security/cve/CVE-2021-0941
https://access.redhat.com/security/cve/CVE-2021-3612
Plugin 詳細資訊
嚴重性: Critical
ID: 161034
檔案名稱: redhat-RHSA-2022-1975.nasl
版本: 1.7
類型: local
代理程式: unix
發布日期: 2022/5/11
更新日期: 2023/1/23
支援的感應器: Agentless Assessment, Frictionless Assessment Agent, Frictionless Assessment AWS, Frictionless Assessment Azure, Nessus Agent
風險資訊
VPR
風險因素: Medium
分數: 6.7
CVSS v2
風險因素: High
基本分數: 7.9
時間分數: 6.2
媒介: CVSS2#AV:A/AC:M/Au:N/C:C/I:C/A:C
時間媒介: CVSS2#E:POC/RL:OF/RC:C
CVSS 評分資料來源: CVE-2021-3752
CVSS v3
風險因素: Critical
基本分數: 9.8
時間分數: 8.8
媒介: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
時間媒介: CVSS:3.0/E:P/RL:O/RC:C
CVSS 評分資料來源: CVE-2021-3773
弱點資訊
CPE: cpe:/o:redhat:enterprise_linux:8, cpe:/o:redhat:rhel_aus:8.6, cpe:/o:redhat:rhel_e4s:8.6, cpe:/o:redhat:rhel_eus:8.6, cpe:/o:redhat:rhel_tus:8.6, p-cpe:/a:redhat:enterprise_linux:kernel-rt, p-cpe:/a:redhat:enterprise_linux:kernel-rt-core, p-cpe:/a:redhat:enterprise_linux:kernel-rt-debug, p-cpe:/a:redhat:enterprise_linux:kernel-rt-debug-core, p-cpe:/a:redhat:enterprise_linux:kernel-rt-debug-devel, p-cpe:/a:redhat:enterprise_linux:kernel-rt-debug-kvm, p-cpe:/a:redhat:enterprise_linux:kernel-rt-debug-modules, p-cpe:/a:redhat:enterprise_linux:kernel-rt-debug-modules-extra, p-cpe:/a:redhat:enterprise_linux:kernel-rt-devel, p-cpe:/a:redhat:enterprise_linux:kernel-rt-kvm, p-cpe:/a:redhat:enterprise_linux:kernel-rt-modules, p-cpe:/a:redhat:enterprise_linux:kernel-rt-modules-extra
必要的 KB 項目: Host/local_checks_enabled, Host/RedHat/release, Host/RedHat/rpm-list, Host/cpu
可被惡意程式利用: true
可輕鬆利用: Exploits are available
修補程式發佈日期: 2022/5/10
弱點發布日期: 2020/6/9
參考資訊
CVE: CVE-2020-0404, CVE-2020-13974, CVE-2020-27820, CVE-2021-0941, CVE-2021-20322, CVE-2021-26401, CVE-2021-29154, CVE-2021-3612, CVE-2021-3669, CVE-2021-37159, CVE-2021-3743, CVE-2021-3744, CVE-2021-3752, CVE-2021-3759, CVE-2021-3764, CVE-2021-3772, CVE-2021-3773, CVE-2021-4002, CVE-2021-4037, CVE-2021-4083, CVE-2021-4157, CVE-2021-41864, CVE-2021-4197, CVE-2021-4203, CVE-2021-42739, CVE-2021-43389, CVE-2021-43976, CVE-2021-44733, CVE-2021-45485, CVE-2021-45486, CVE-2022-0001, CVE-2022-0002, CVE-2022-0286, CVE-2022-0322, CVE-2022-1011