The version of kernel installed on the remote host is prior to 5.10.109-104.500. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2KERNEL-5.10-2022-013 advisory.

    2024-08-27: CVE-2022-48843 was added to this advisory.

    2024-08-27: CVE-2022-48834 was added to this advisory.

    A use-after-free flaw was found in the Linux kernel's sound subsystem in the way a user triggers     concurrent calls of PCM hw_params. The hw_free ioctls or similar race condition happens inside ALSA PCM     for other ioctls. This flaw allows a local user to crash or potentially escalate their privileges on the     system. (CVE-2022-1048)

    Product: AndroidVersions: Android kernelAndroid ID: A-224546354References: Upstream kernel     (CVE-2022-20368)

    A buffer overflow flaw was found in the Linux kernel's NFC protocol functionality. This flaw allows a     local user to crash or escalate their privileges on the system. (CVE-2022-26490)

    In the Linux kernel before 5.17.1, a refcount leak bug was found in net/llc/af_llc.c. (CVE-2022-28356)

    In the Linux kernel, the following vulnerability has been resolved:

    usb: usbtmc: Fix bug in pipe direction for control transfers (CVE-2022-48834)

    In the Linux kernel, the following vulnerability has been resolved:

    drm/vrr: Set VRR capable prop only if it is attached to connector (CVE-2022-48843)

Tenable has extracted the preceding description block directly from the tested product security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

Detections

Analytics

Amazon Linux 2 : kernel (ALASKERNEL-5.10-2022-013)

high Nessus Plugin ID 160426

Version 1.11

Version 1.9

Version 1.8

Version 1.7

Version 1.11 Aug 29, 2024, 7:18 AM Exploit attributes ("Exploitability ease" changed from "No known exploits are available" to "Exploits are available") Plugin Feed: 202408290718
Version 1.9 Oct 31, 2023, 1:53 PM CVSSv3 score source (changed from "CVE-2022-27666" to "CVE-2022-26490") Plugin Feed: 202310311353
Version 1.8 Aug 14, 2023, 10:00 PM CVE (set "CVE" coverage to "CVE-2022-1048,CVE-2022-20368,CVE-2022-26490,CVE-2022-28356") Detection Plugin metadata Plugin requirements Plugin Feed: 202308142200
Version 1.7 Dec 7, 2022, 1:48 PM CVE (set "CVE" coverage to "CVE-2022-20368") Exploit attributes ("Exploit available" changed from "True" to "False") Plugin metadata Plugin Feed: 202212071348