Detections
Analytics

Amazon Linux AMI : kernel (ALAS-2021-1503)

high Nessus Plugin ID 149872

Language:

Synopsis

The remote Amazon Linux AMI host is missing a security update.

Description

The version of kernel installed on the remote host is prior to 4.14.232-123.381. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS-2021-1503 advisory.

 kernel: refcount leak in llcp_sock_bind() (CVE-2020-25670)

 kernel: refcount leak in llcp_sock_connect() (CVE-2020-25671)

 kernel: memory leak in llcp_sock_connect() (CVE-2020-25672)

 An issue was discovered in the Linux kernel related to mm/gup.c and mm/huge_memory.c. The get_user_pages (aka gup) implementation, when used for a copy-on-write page, does not properly consider the semantics of read operations and therefore can grant unintended write access. (CVE-2020-29374)

 A use-after-free flaw was found in the Linux kernel's SCTP socket functionality that triggers a race condition. This flaw allows a local user to escalate their privileges on the system. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability. (CVE-2021-23133)

 The fix for XSA-365 includes initialization of pointers such that subsequent cleanup code wouldn't use uninitialized or stale values. This initialization went too far and may under certain conditions also overwrite pointers which are in need of cleaning up. The lack of cleanup would result in leaking persistent grants. The leak in turn would prevent fully cleaning up after a respective guest has died, leaving around zombie domains. All Linux versions having the fix for XSA-365 applied are vulnerable.
 XSA-365 was classified to affect versions back to at least 3.11. (CVE-2021-28688)

 A race condition flaw was found in get_old_root in fs/btrfs/ctree.c in the Linux kernel in btrfs file- system. This flaw allows a local attacker with a special user privilege to cause a denial of service due to not locking an extent buffer before a cloning operation. The highest threat from this vulnerability is to system availability. (CVE-2021-28964)

 A flaw was found in the Linux kernel. On some Haswell CPUs, userspace applications (such as perf-fuzzer) can cause a system crash because the PEBS status in a PEBS record is mishandled. (CVE-2021-28971)

 A flaw was found in the Linux kernels eBPF implementation. By default, accessing the eBPF verifier is only accessible to privileged users with CAP_SYS_ADMIN. A local user with the ability to insert eBPF instructions can abuse a flaw in eBPF to corrupt memory. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability. (CVE-2021-29154)

 A vulnerability was discovered in retrieve_ptr_limit in kernel/bpf/verifier.c in the Linux kernel mechanism to mitigate speculatively out-of-bounds loads (Spectre mitigation). In this flaw a local, special user privileged (CAP_SYS_ADMIN) BPF program running on affected systems may bypass the protection, and execute speculatively out-of-bounds loads from the kernel memory. This can be abused to extract contents of kernel memory via side-channel. (CVE-2021-29155)

 A flaw was found in the Linux kernel's eBPF verification code. By default, accessing the eBPF verifier is only accessible to privileged users with CAP_SYS_ADMIN. This flaw allows a local user who can insert eBPF instructions, to use the eBPF verifier to abuse a spectre-like flaw and infer all system memory. The highest threat from this vulnerability is to confidentiality. (CVE-2021-31829)

 An out-of-bounds (OOB) memory write flaw was found in list_devices in drivers/md/dm-ioctl.c in the Multi- device driver module in the Linux kernel. A bound check failure allows an attacker with special user (CAP_SYS_ADMIN) privilege to gain access to out-of-bounds memory leading to a system crash or a leak of internal kernel information. The highest threat from this vulnerability is to system availability.
 (CVE-2021-31916)

 The Linux kernel before 5.11.14 has a use-after-free in cipso_v4_genopt in net/ipv4/cipso_ipv4.c because the CIPSO and CALIPSO refcounting for the DOI definitions is mishandled, aka CID-ad5d07f4a9cd. This leads to writing an arbitrary value. (CVE-2021-33033)

Tenable has extracted the preceding description block directly from the tested product security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

Solution

Run 'yum update kernel' to update your system.

See Also

https://alas.aws.amazon.com/ALAS-2021-1503.html

https://access.redhat.com/security/cve/CVE-2020-25670

https://access.redhat.com/security/cve/CVE-2020-25671

https://access.redhat.com/security/cve/CVE-2020-25672

https://access.redhat.com/security/cve/CVE-2020-25673

https://access.redhat.com/security/cve/CVE-2020-29374

https://access.redhat.com/security/cve/CVE-2021-23133

https://access.redhat.com/security/cve/CVE-2021-28688

https://access.redhat.com/security/cve/CVE-2021-28964

https://access.redhat.com/security/cve/CVE-2021-28971

https://access.redhat.com/security/cve/CVE-2021-29154

https://access.redhat.com/security/cve/CVE-2021-29155

https://access.redhat.com/security/cve/CVE-2021-31829

https://access.redhat.com/security/cve/CVE-2021-31916

https://access.redhat.com/security/cve/CVE-2021-33033

Plugin Details

Severity: High

ID: 149872

File Name: ala_ALAS-2021-1503.nasl

Version: 1.4

Type: local

Agent: unix

Published: 5/24/2021

Updated: 12/11/2024

Supported Sensors: Agentless Assessment, Continuous Assessment, Frictionless Assessment Agent, Frictionless Assessment AWS, Nessus Agent, Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 6.7

CVSS v2

Risk Factor: High

Base Score: 7.2

Temporal Score: 5.6

Vector: CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C

CVSS Score Source: CVE-2021-29154

CVSS v3

Risk Factor: High

Base Score: 7.8

Temporal Score: 7

Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Temporal Vector: CVSS:3.0/E:P/RL:O/RC:C

CVSS Score Source: CVE-2021-33033

Vulnerability Information

CPE: p-cpe:/a:amazon:linux:perf, p-cpe:/a:amazon:linux:perf-debuginfo, p-cpe:/a:amazon:linux:kernel-tools-debuginfo, p-cpe:/a:amazon:linux:kernel-tools-devel, p-cpe:/a:amazon:linux:kernel-tools, p-cpe:/a:amazon:linux:kernel-devel, p-cpe:/a:amazon:linux:kernel, p-cpe:/a:amazon:linux:kernel-debuginfo, p-cpe:/a:amazon:linux:kernel-headers, p-cpe:/a:amazon:linux:kernel-debuginfo-common-i686, p-cpe:/a:amazon:linux:kernel-debuginfo-common-x86_64, cpe:/o:amazon:linux

Required KB Items: Host/local_checks_enabled, Host/AmazonLinux/release, Host/AmazonLinux/rpm-list

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 5/20/2021

Vulnerability Publication Date: 11/28/2020

Reference Information

CVE: CVE-2020-25670, CVE-2020-25671, CVE-2020-25672, CVE-2020-25673, CVE-2020-29374, CVE-2021-23133, CVE-2021-28688, CVE-2021-28964, CVE-2021-28971, CVE-2021-29154, CVE-2021-29155, CVE-2021-31829, CVE-2021-31916, CVE-2021-33033

ALAS: 2021-1503