Nucleus - [High] - 440044

[mcsaez2]

Source: QUALYS
Finding Description: CentOS has released security update for kernel to fix the vulnerabilities.
Affected Product: centos 6

Impact: An unprivileged attacker could use this flaw to cross the syscall boundary and read privileged memory by conducting targeted cache side-channel attacks. (CVE-2017-5753)
An unprivileged attacker could use this flaw to cross the syscall and guest/host boundaries and read privileged memory by conducting targeted cache side-channel attacks. (CVE-2017-5715)
An unprivileged local attacker could use this flaw to read privileged (kernel space) memory by conducting targeted cache side-channel attacks. (CVE-2017-5754)

Target(s): Asset name: 192.168.56.103
IP: 192.168.56.103

Solution: To resolve this issue, upgrade to the latest packages which contain a patch.
Refer to CentOS advisory centos 6 (https://lists.centos.org/pipermail/centos-announce/2018-January/022701.html) for updates and patch information.
Patch:
Following are links for downloading patches to fix the vulnerabilities:
CESA-2018:0008: centos 6 (https://lists.centos.org/pipermail/centos-announce/2018-January/022701.html)

References:
QID:440044
CVE:CVE-2017-5715, CVE-2017-5753, CVE-2017-5754
Category:CentOS
PCI Flagged:yes
Vendor References:CESA-2018:0008 centos 6
Bugtraq IDs:102376, 102371, 102378, 106128

Severity: High
Exploitable: Yes
Date Discovered: 2023-06-01 10:43:00
Nucleus Notification Rules Triggered: R4 - GitHub
Project Name: 10397
Please see Nucleus for more information on these vulnerabilities:https://192.168.56.101/nucleus/public/app/index.html#vuln/124000001/NDQwMDQ0/UVVBTFlT/VnVsbg--/false/MTI0MDAwMDAx/c3VtbWFyeQ--/false

[mcsaez2]

By Nucleus Bot

Ticket was updated via a ticketing rule from Nucleus as new data was ingested.

1 new asset was discovered to have this vulnerability.
1 asset had this vulnerability remediated.
New Assets:
Asset name: 192.168.56.104

Remediated Assets:
Asset name: 192.168.56.103