The version of kernel installed on the remote host is prior to 5.10.102-99.473. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2KERNEL-5.10-2022-011 advisory.

    2024-07-03: CVE-2023-1582 was added to this advisory.

    AMD recommends using a software mitigation for this issue, which the kernel is enabling by default. The     Linux kernel will use the generic retpoline software mitigation, instead of the specialized AMD one, on     AMD instances (*5a*). This is done by default, and no administrator action is needed. (CVE-2021-26341)

    AMD recommends using a software mitigation for this issue, which the kernel is enabling by default. The     Linux kernel will use the generic retpoline software mitigation, instead of the specialized AMD one, on     AMD instances (*5a*). This is done by default, and no administrator action is needed. (CVE-2021-26401)

    An unprivileged write to the file handler flaw in the Linux kernel's control groups and namespaces     subsystem was found in the way users have access to some less privileged process that are controlled by     cgroups and have higher privileged parent process. It is actually both for cgroup2 and cgroup1 versions of     control groups. A local user could use this flaw to crash the system or escalate their privileges on the     system. (CVE-2021-4197)

    Non-transparent sharing of branch predictor selectors between contexts in some Intel(R) Processors may     allow an authorized user to potentially enable information disclosure. (CVE-2022-0001)

    Non-transparent sharing of branch predictor within a context in some Intel(r) Processors may allow an     authorized user to potentially enable information disclosure via local access. (CVE-2022-0002)

    A stack overflow flaw was found in the Linux kernel's TIPC protocol functionality in the way a user sends     a packet with malicious content where the number of domain member nodes is higher than the 64 allowed.
    This flaw allows a remote user to crash the system or possibly escalate their privileges if they have     access to the TIPC network. (CVE-2022-0435)

    A flaw was found in the way the flags member of the new pipe buffer structure was lacking proper     initialization in copy_page_to_iter_pipe and push_pipe functions in the Linux kernel and could thus     contain stale values. An unprivileged local user could use this flaw to write to pages in the page cache     backed by read only files and as such escalate their privileges on the system. (CVE-2022-0847)

    A use-after-free vulnerability was found in the tc_new_tfilter function in net/sched/cls_api.c in the     Linux kernel. The availability of local, unprivileged user namespaces allows privilege escalation.
    (CVE-2022-1055)

    The Amazon Linux kernel now enables, by default, a software mitigation for this issue, on all ARM-based     EC2 instance types. (CVE-2022-23960)

    A flaw was found in the Linux kernel's driver for the ASIX AX88179_178A-based USB 2.0/3.0 Gigabit Ethernet     Devices. The vulnerability contains multiple out-of-bounds reads and possible out-of-bounds writes.
    (CVE-2022-2964)

    A race problem was found in fs/proc/task_mmu.c in the memory management sub-component in the Linux kernel.
    This issue may allow a local attacker with user privilege to cause a denial of service. (CVE-2023-1582)

Tenable has extracted the preceding description block directly from the tested product security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

Detections

Analytics

Amazon Linux 2 : kernel (ALASKERNEL-5.10-2022-011)

high Nessus Plugin ID 160425

Version 1.14

Version 1.12

Version 1.11

Version 1.10

Version 1.14 Jul 5, 2024, 2:41 PM CVE (set "CVE" coverage to "CVE-2021-4197,CVE-2021-26341,CVE-2021-26401,CVE-2022-0001,CVE-2022-0002,CVE-2022-0435,CVE-2022-0847,CVE-2022-1055,CVE-2022-2964,CVE-2023-1582,CVE-2022-23960") Detection (updated detection logic) Exploit attributes ("Exploit framework canvas" set to "True". "Exploit framework core" set to "True". "Exploitability ease" changed from "Exploits are available" to "No known exploits are available". "Exploited by malware" set to "True". "Exploitability ease" changed from "No known exploits are available" to "Exploits are available". "Exploit framework metasploit" set to "True") Plugin metadata Plugin Feed: 202407051441
Version 1.12 Sep 5, 2023, 10:10 PM Detection Plugin metadata Plugin requirements Plugin Feed: 202309052210
Version 1.11 Jan 13, 2023, 4:18 PM Exploit attributes ("Exploit framework core" set to "True") Plugin Feed: 202301131618
Version 1.10 Dec 7, 2022, 4:47 PM CVE (set "CVE" coverage to "CVE-2022-2964") Plugin metadata Plugin Feed: 202212071647