The version of kernel installed on the remote host is prior to 4.14.241-184.433. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2-2021-1696 advisory.

    A flaw was found in the Linux kernel, where a BPF program can obtain sensitive information from kernel     memory via a Speculative Store Bypass side-channel attack. This issue occurs when the protection mechanism     neglects the possibility of uninitialized memory locations on the BPF stack. The highest threat from this     vulnerability is to confidentiality. (CVE-2021-34556)

    A flaw in the Linux kernel allows a privileged BPF program to obtain sensitive information from kernel     memory via a Speculative Store Bypass side-channel in the eBPF subsystem (CVE-2021-35477)

    A vulnerability was found in the Linux kernel. Missing size validations on inbound SCTP packets may allow     the kernel to read uninitialized memory. (CVE-2021-3655)

    In the Linux kernel, the following vulnerability has been resolved:

    igb: Fix use-after-free error during reset (CVE-2021-47301)

    In the Linux kernel, the following vulnerability has been resolved:

    net: validate lwtstate->data before returning from skb_tunnel_info() (CVE-2021-47309)

    In the Linux kernel, the following vulnerability has been resolved:

    net: qcom/emac: fix UAF in emac_remove (CVE-2021-47311)

    An issue was discovered in the Linux kernel before 5.13.3. lib/seq_buf.c has a seq_buf_putmem_hex buffer     overflow. (CVE-2023-28772)

Tenable has extracted the preceding description block directly from the tested product security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

Detections

Analytics

Amazon Linux 2 : kernel (ALAS-2021-1696)

high Nessus Plugin ID 152238

Version 1.6

Version 1.5

Version 1.6 Mar 1, 2025, 8:12 AM CVE (set "CVE" coverage to "CVE-2021-3655,CVE-2021-47309,CVE-2021-47311,CVE-2023-28772,CVE-2021-34556,CVE-2021-35477") CVSS metrics ("CVSSv3 score" set to 7.8) CVSS metrics ("CVSSv3 vector" set to "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H") CVSS metrics ("Cvssv4 score" set to 0.0) CVSSv2 severity (based on None, severity decreased from "High" to "Low") CVSSv3 score source (changed from "CVE-2021-35477" to "CVE-2021-47311") CVSSv3 severity (based on CVE-2021-47311, severity increased from "Medium" to "High") Detection (updated detection logic) Plugin metadata Plugin Feed: 202503010812
Version 1.5 Dec 12, 2024, 9:55 AM CVSS metrics ("Cvssv4 score" set to 0.0) CVSSv2 severity (based on None, severity decreased from "High" to "Low") Detection (updated detection logic) Plugin metadata Plugin Feed: 202412120955