Amazon Linux 2 : kernel (ALASKERNEL-5.10-2022-006)

high Nessus Plugin ID 160432

Synopsis

The remote Amazon Linux 2 host is missing a security update.

Description

The version of kernel installed on the remote host is prior to 5.10.68-62.173. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2KERNEL-5.10-2022-006 advisory.

2024-03-13: CVE-2021-46913 was added to this advisory.

A flaw was found in the Linux kernel. When reusing a socket with an attached dccps_hc_tx_ccid as a listener, the socket will be used after being released leading to denial of service (DoS) or a potential code execution. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability. (CVE-2020-16119)

A flaw in the processing of received ICMP errors (ICMP fragment needed and ICMP redirect) in the Linux kernel functionality was found to allow the ability to quickly scan open UDP ports. This flaw allows an off-path remote user to effectively bypass the source port UDP randomization. The highest threat from this vulnerability is to confidentiality and possibly integrity, because software that relies on UDP source port randomization are indirectly affected as well. (CVE-2021-20322)

A flaw was found in loop_rw_iter in fs/io_uring.c in the Linux kernel. This problem gives the ability to a local user with a normal user privilege to free a user-defined kernel space buffer. (CVE-2021-41073)

In the Linux kernel, the following vulnerability has been resolved:

netfilter: nftables: clone set element expression template

memcpy() breaks when using connlimit in set elements. Usenft_expr_clone() to initialize the connlimit expression list, otherwiseconnlimit garbage collector crashes when walking on the list head copy.

[ 493.064656] Workqueue: events_power_efficient nft_rhash_gc [nf_tables][ 493.064685] RIP:
0010:find_or_evict+0x5a/0x90 [nf_conncount][ 493.064694] Code: 2b 43 40 83 f8 01 77 0d 48 c7 c0 f5 ff ff ff 44 39 63 3c 75 df 83 6d 18 01 48 8b 43 08 48 89 de 48 8b 13 48 8b 3d ee 2f 00 00 <48> 89 42 08 48 89 10 48 b8 00 01 00 00 00 00 ad de 48 89 03 48 83[ 493.064699] RSP: 0018:ffffc90000417dc0 EFLAGS: 00010297[ 493.064704] RAX: 0000000000000000 RBX: ffff888134f38410 RCX: 0000000000000000[ 493.064708] RDX:
0000000000000000 RSI: ffff888134f38410 RDI: ffff888100060cc0[ 493.064711] RBP: ffff88812ce594a8 R08:
ffff888134f38438 R09: 00000000ebb9025c[ 493.064714] R10: ffffffff8219f838 R11: 0000000000000017 R12:
0000000000000001[ 493.064718] R13: ffffffff82146740 R14: ffff888134f38410 R15: 0000000000000000[ 493.064721] FS: 0000000000000000(0000) GS:ffff88840e440000(0000) knlGS:0000000000000000[ 493.064725] CS:
0010 DS: 0000 ES: 0000 CR0: 0000000080050033[ 493.064729] CR2: 0000000000000008 CR3: 00000001330aa002 CR4: 00000000001706e0[ 493.064733] Call Trace:[ 493.064737] nf_conncount_gc_list+0x8f/0x150 [nf_conncount][ 493.064746] nft_rhash_gc+0x106/0x390 [nf_tables] (CVE-2021-46913)

In ip_check_mc_rcu of igmp.c, there is a possible use after free due to improper locking. This could lead to local escalation of privilege when opening and closing inet sockets with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-112551163References: Upstream kernel (CVE-2022-20141)

Tenable has extracted the preceding description block directly from the tested product security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

Solution

Run 'yum update kernel' to update your system.

See Also

https://alas.aws.amazon.com/AL2/ALASKERNEL-5.10-2022-006.html

https://alas.aws.amazon.com/cve/html/CVE-2020-16119.html

https://alas.aws.amazon.com/cve/html/CVE-2021-20322.html

https://alas.aws.amazon.com/cve/html/CVE-2021-41073.html

https://alas.aws.amazon.com/cve/html/CVE-2021-46913.html

https://alas.aws.amazon.com/cve/html/CVE-2022-20141.html

https://alas.aws.amazon.com/faqs.html

Plugin Details

Severity: High

ID: 160432

File Name: al2_ALASKERNEL-5_10-2022-006.nasl

Version: 1.7

Type: local

Agent: unix

Published: 5/2/2022

Updated: 12/11/2024

Supported Sensors: Agentless Assessment, Continuous Assessment, Frictionless Assessment Agent, Frictionless Assessment AWS, Nessus Agent, Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 6.7

CVSS v2

Risk Factor: High

Base Score: 7.2

Temporal Score: 5.3

Vector: CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C

CVSS Score Source: CVE-2021-41073

CVSS v3

Risk Factor: High

Base Score: 7.8

Temporal Score: 6.8

Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Temporal Vector: CVSS:3.0/E:U/RL:O/RC:C

Vulnerability Information

CPE: p-cpe:/a:amazon:linux:perf, p-cpe:/a:amazon:linux:bpftool, p-cpe:/a:amazon:linux:perf-debuginfo, p-cpe:/a:amazon:linux:kernel-tools-debuginfo, p-cpe:/a:amazon:linux:kernel-debuginfo-common-aarch64, p-cpe:/a:amazon:linux:kernel-tools, p-cpe:/a:amazon:linux:kernel-devel, p-cpe:/a:amazon:linux:python-perf-debuginfo, p-cpe:/a:amazon:linux:kernel, p-cpe:/a:amazon:linux:kernel-debuginfo, p-cpe:/a:amazon:linux:kernel-headers, cpe:/o:amazon:linux:2, p-cpe:/a:amazon:linux:bpftool-debuginfo, p-cpe:/a:amazon:linux:kernel-tools-devel, p-cpe:/a:amazon:linux:kernel-debuginfo-common-x86_64, p-cpe:/a:amazon:linux:kernel-livepatch-5.10.68-62.173, p-cpe:/a:amazon:linux:python-perf

Required KB Items: Host/local_checks_enabled, Host/AmazonLinux/release, Host/AmazonLinux/rpm-list

Exploit Ease: No known exploits are available

Patch Publication Date: 1/20/2022

Vulnerability Publication Date: 10/15/2020

Reference Information

CVE: CVE-2020-16119, CVE-2021-20322, CVE-2021-41073, CVE-2021-46913, CVE-2022-20141