Detections
Analytics
Amazon Linux 2 : kernel (ALAS-2021-1627)
high Nessus Plugin ID 148919
Language:
Synopsis
The remote Amazon Linux 2 host is missing a security update.Description
The version of kernel installed on the remote host is prior to 4.14.231-173.360. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2-2021-1627 advisory.A memory leak in the adis_update_scan_mode() function in drivers/iio/imu/adis_buffer.c in the Linux kernel before 5.3.9 allows attackers to cause a denial of service (memory consumption), aka CID-ab612b1daf41.
(CVE-2019-19060)
A bypass was found for the Spectre v1 hardening in the eBPF engine of the Linux kernel. The code in the kernel/bpf/verifier.c performs undesirable out-of-bounds speculation on pointer arithmetic in various cases, including cases of different branches with different state or limits to sanitize, leading to side- channel attacks. (CVE-2019-7308)
A vulnerability was found in Linux Kernel where refcount leak in llcp_sock_bind() causing use-after-free which might lead to privilege escalations. (CVE-2020-25670)
A vulnerability was found in Linux Kernel, where a refcount leak in llcp_sock_connect() causing use-after- free which might lead to privilege escalations. (CVE-2020-25671)
A memory leak vulnerability was found in Linux kernel in llcp_sock_connect. (CVE-2020-25672)
A flaw was found in the Linux kernels eBPF verification code. By default accessing the eBPF verifier is only accessible to privileged users with CAP_SYS_ADMIN. A flaw that triggers Integer underflow when restricting speculative pointer arithmetic allows unprivileged local users to leak the content of kernel memory. The highest threat from this vulnerability is to data confidentiality. (CVE-2020-27171)
A flaw was found in the Linux kernel. The rtw_wx_set_scan driver allows writing beyond the end of the
->ssid[] array. The highest threat from this vulnerability is to data confidentiality and integrity as well system availability. (CVE-2021-28660)
The fix for XSA-365 includes initialization of pointers such that subsequent cleanup code wouldn't use uninitialized or stale values. This initialization went too far and may under certain conditions also overwrite pointers which are in need of cleaning up. The lack of cleanup would result in leaking persistent grants. The leak in turn would prevent fully cleaning up after a respective guest has died, leaving around zombie domains. All Linux versions having the fix for XSA-365 applied are vulnerable.
XSA-365 was classified to affect versions back to at least 3.11. (CVE-2021-28688)
A race condition flaw was found in get_old_root in fs/btrfs/ctree.c in the Linux kernel in btrfs file- system. This flaw allows a local attacker with a special user privilege to cause a denial of service due to not locking an extent buffer before a cloning operation. The highest threat from this vulnerability is to system availability. (CVE-2021-28964)
A flaw in the Linux kernels implementation of the RPA PCI Hotplug driver for power-pc. A user with permissions to write to the sysfs settings for this driver can trigger a buffer overflow when writing a new device name to the driver from userspace, overwriting data in the kernel's stack. (CVE-2021-28972)
A flaw was found in the Linux kernels eBPF implementation. By default, accessing the eBPF verifier is only accessible to privileged users with CAP_SYS_ADMIN. A local user with the ability to insert eBPF instructions can abuse a flaw in eBPF to corrupt memory. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability. (CVE-2021-29154)
A flaw was found in the Linux kernel. The usbip driver allows attackers to cause a denial of service (GPF) because the stub-up sequence has race conditions during an update of the local and shared status. The highest threat from this vulnerability is to system availability. (CVE-2021-29265)
A flaw was found in the Linux kernel. This flaw allows attackers to obtain sensitive information from kernel memory because of a partially uninitialized data structure. The highest threat from this vulnerability is to confidentiality. (CVE-2021-29647)
A flaw was found in the Nosy driver in the Linux kernel. This issue allows a device to be inserted twice into a doubly-linked list, leading to a use-after-free when one of these devices is removed. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability.
(CVE-2021-3483)
A flaw was discovered in processing setsockopt IPT_SO_SET_REPLACE (or IP6T_SO_SET_REPLACE) for 32 bit processes on 64 bit systems. This flaw will allow local user to gain privileges or cause a DoS through user name space. This action is usually restricted to root-privileged users but can also be leveraged if the kernel is compiled with CONFIG_USER_NS and CONFIG_NET_NS and the user is granted elevated privileges.
(CVE-2021-22555)
CVE-2021-22555 has been added after the original release, however it was fixed in the patch from 2021-04-20.
Tenable has extracted the preceding description block directly from the tested product security advisory.
Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.
Solution
Run 'yum update kernel' to update your system.See Also
https://alas.aws.amazon.com/AL2/ALAS-2021-1627.html
https://access.redhat.com/security/cve/CVE-2019-7308
https://access.redhat.com/security/cve/CVE-2019-19060
https://access.redhat.com/security/cve/CVE-2020-25670
https://access.redhat.com/security/cve/CVE-2020-25671
https://access.redhat.com/security/cve/CVE-2020-25672
https://access.redhat.com/security/cve/CVE-2020-27171
https://access.redhat.com/security/cve/CVE-2021-22555
https://access.redhat.com/security/cve/CVE-2021-3483
https://access.redhat.com/security/cve/CVE-2021-28660
https://access.redhat.com/security/cve/CVE-2021-28688
https://access.redhat.com/security/cve/CVE-2021-28964
https://access.redhat.com/security/cve/CVE-2021-28972
https://access.redhat.com/security/cve/CVE-2021-29154
Plugin Details
Severity: High
ID: 148919
File Name: al2_ALAS-2021-1627.nasl
Version: 1.7
Type: local
Agent: unix
Published: 4/22/2021
Updated: 12/17/2024
Supported Sensors: Agentless Assessment, Continuous Assessment, Frictionless Assessment Agent, Frictionless Assessment AWS, Nessus Agent, Nessus
Risk Information
VPR
Risk Factor: Critical
Score: 9.7
CVSS v2
Risk Factor: High
Base Score: 8.3
Temporal Score: 7.2
Vector: CVSS2#AV:A/AC:L/Au:N/C:C/I:C/A:C
CVSS Score Source: CVE-2021-28660
CVSS v3
Risk Factor: High
Base Score: 8.8
Temporal Score: 8.4
Vector: CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Temporal Vector: CVSS:3.0/E:H/RL:O/RC:C
Vulnerability Information
CPE: p-cpe:/a:amazon:linux:perf, p-cpe:/a:amazon:linux:perf-debuginfo, p-cpe:/a:amazon:linux:kernel-tools-debuginfo, p-cpe:/a:amazon:linux:kernel-debuginfo-common-aarch64, p-cpe:/a:amazon:linux:kernel-tools, p-cpe:/a:amazon:linux:kernel-devel, p-cpe:/a:amazon:linux:python-perf-debuginfo, p-cpe:/a:amazon:linux:kernel, p-cpe:/a:amazon:linux:kernel-debuginfo, p-cpe:/a:amazon:linux:kernel-headers, p-cpe:/a:amazon:linux:kernel-livepatch-4.14.231-173.360, cpe:/o:amazon:linux:2, p-cpe:/a:amazon:linux:kernel-tools-devel, p-cpe:/a:amazon:linux:kernel-debuginfo-common-x86_64, p-cpe:/a:amazon:linux:python-perf
Required KB Items: Host/local_checks_enabled, Host/AmazonLinux/release, Host/AmazonLinux/rpm-list
Exploit Available: true
Exploit Ease: Exploits are available
Patch Publication Date: 4/20/2021
Vulnerability Publication Date: 1/31/2019
Exploitable With
CANVAS (CANVAS)
Core Impact
Metasploit (Netfilter x_tables Heap OOB Write Privilege Escalation)
Reference Information
CVE: CVE-2019-19060, CVE-2019-7308, CVE-2020-25670, CVE-2020-25671, CVE-2020-25672, CVE-2020-27171, CVE-2021-22555, CVE-2021-28660, CVE-2021-28688, CVE-2021-28964, CVE-2021-28972, CVE-2021-29154, CVE-2021-29265, CVE-2021-29647, CVE-2021-3483
ALAS: 2021-1627