Amazon Linux 2 : kernel (ALASKERNEL-5.4-2022-004)

high Nessus Plugin ID 160440

Language:

Synopsis

The remote Amazon Linux 2 host is missing a security update.

Description

The version of kernel installed on the remote host is prior to 5.4.129-62.227. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2KERNEL-5.4-2022-004 advisory.

2024-08-27: CVE-2021-47171 was added to this advisory.

2024-08-27: CVE-2021-47162 was added to this advisory.

2024-08-27: CVE-2021-47163 was added to this advisory.

2024-08-27: CVE-2021-47142 was added to this advisory.

2024-08-01: CVE-2021-47167 was added to this advisory.

2024-08-01: CVE-2021-47117 was added to this advisory.

2024-08-01: CVE-2021-47060 was added to this advisory.

2024-08-01: CVE-2021-47109 was added to this advisory.

2024-08-01: CVE-2021-47177 was added to this advisory.

2024-08-01: CVE-2021-47118 was added to this advisory.

2024-08-01: CVE-2021-47159 was added to this advisory.

2024-08-01: CVE-2021-47058 was added to this advisory.

2024-08-01: CVE-2021-47054 was added to this advisory.

2024-08-01: CVE-2021-47168 was added to this advisory.

2024-08-01: CVE-2021-47112 was added to this advisory.

2024-08-01: CVE-2021-47144 was added to this advisory.

2024-08-01: CVE-2021-47170 was added to this advisory.

2024-08-01: CVE-2021-47071 was added to this advisory.

2024-08-01: CVE-2021-47138 was added to this advisory.

2024-08-01: CVE-2021-47145 was added to this advisory.

2024-08-01: CVE-2021-47146 was added to this advisory.

2024-08-01: CVE-2021-46959 was added to this advisory.

2024-08-01: CVE-2021-47120 was added to this advisory.

2024-08-01: CVE-2021-47126 was added to this advisory.

2024-08-01: CVE-2021-47129 was added to this advisory.

2024-08-01: CVE-2021-47078 was added to this advisory.

2024-08-01: CVE-2021-47055 was added to this advisory.

2024-06-07: CVE-2021-46939 was added to this advisory.

2024-06-07: CVE-2021-47010 was added to this advisory.

2024-06-07: CVE-2021-46985 was added to this advisory.

2024-06-07: CVE-2021-46960 was added to this advisory.

2024-06-07: CVE-2021-47006 was added to this advisory.

2024-06-07: CVE-2021-47000 was added to this advisory.

2024-06-07: CVE-2021-46961 was added to this advisory.

2024-06-07: CVE-2021-47015 was added to this advisory.

2024-06-07: CVE-2021-47013 was added to this advisory.

2024-06-07: CVE-2021-47166 was added to this advisory.

2024-06-07: CVE-2021-46906 was added to this advisory.

2024-06-07: CVE-2021-46938 was added to this advisory.

2024-06-07: CVE-2021-46950 was added to this advisory.

2024-06-07: CVE-2021-46993 was added to this advisory.

2024-06-07: CVE-2021-46956 was added to this advisory.

2024-06-07: CVE-2021-46955 was added to this advisory.

2024-06-07: CVE-2021-46951 was added to this advisory.

2024-06-07: CVE-2021-46981 was added to this advisory.

2024-06-07: CVE-2021-47110 was added to this advisory.

2024-06-07: CVE-2021-46953 was added to this advisory.

2024-06-07: CVE-2021-46963 was added to this advisory.

A flaw was found in the Linux kernels implementation of wifi fragmentation handling. An attacker with the ability to transmit within the wireless transmission range of an access point can abuse a flaw where previous contents of wifi fragments can be unintentionally transmitted to another device. (CVE-2020-24586)

A flaw was found in the Linux kernel's WiFi implementation. An attacker within the wireless range can abuse a logic flaw in the WiFi implementation by reassembling packets from multiple fragments under different keys, treating them as valid. This flaw allows an attacker to send a fragment under an incorrect key, treating them as a valid fragment under the new key. The highest threat from this vulnerability is to confidentiality. (CVE-2020-24587)

A flaw was found in the Linux kernels wifi implementation. An attacker within wireless broadcast range can inject custom data into the wireless communication circumventing checks on the data. This can cause the frame to pass checks and be considered a valid frame of a different type. (CVE-2020-24588)

Frames used for authentication and key management between the AP and connected clients. Some clients may take these redirected frames masquerading as control mechanisms from the AP. (CVE-2020-26139)

A vulnerability was found in Linux kernel's WiFi implementation. An attacker within wireless range can inject a control packet fragment where the kernel does not verify the Message Integrity Check (authenticity) of fragmented TKIP frames. (CVE-2020-26141)

A flaw was found in ath10k_htt_rx_proc_rx_frag_ind_hl in drivers/net/wireless/ath/ath10k/htt_rx.c in the Linux kernel WiFi implementations, where it accepts a second (or subsequent) broadcast fragments even when sent in plaintext and then process them as full unfragmented frames. The highest threat from this vulnerability is to integrity. (CVE-2020-26145)

A flaw was found in ieee80211_rx_h_defragment in net/mac80211/rx.c in the Linux Kernel's WiFi implementation. This vulnerability can be abused to inject packets or exfiltrate selected fragments when another device sends fragmented frames, and the WEP, CCMP, or GCMP data-confidentiality protocol is used.
The highest threat from this vulnerability is to integrity. (CVE-2020-26147)

A flaw was found in the Linux kernel in certs/blacklist.c, When signature entries for EFI_CERT_X509_GUID are contained in the Secure Boot Forbidden Signature Database, the entries are skipped. This can cause a security threat and breach system integrity, confidentiality and even lead to a denial of service problem.
(CVE-2020-26541)

A vulnerability was found in the bluez, where Passkey Entry protocol used in Secure Simple Pairing (SSP), Secure Connections (SC) and LE Secure Connections (LESC) of the Bluetooth Core Specification is vulnerable to an impersonation attack where an active attacker can impersonate the initiating device without any previous knowledge. (CVE-2020-26558)

A flaw was found in the Linux kernel. Improper access control in BlueZ may allow an authenticated user to potentially enable information disclosure via adjacent access. The highest threat from this vulnerability is to data confidentiality and integrity. (CVE-2021-0129)

A flaw was found in the Linux kernel's KVM implementation, where improper handing of the VM_IO|VM_PFNMAP VMAs in KVM bypasses RO checks and leads to pages being freed while still accessible by the VMM and guest.
This flaw allows users who can start and control a VM to read/write random pages of memory, resulting in local privilege escalation. The highest threat from this vulnerability is to confidentiality, integrity, and system availability. (CVE-2021-22543)

A flaw was found in the Linux kernel's handling of the removal of Bluetooth HCI controllers. This flaw allows an attacker with a local account to exploit a race condition, leading to corrupted memory and possible privilege escalation. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability. (CVE-2021-32399)

A use-after-free flaw was found in hci_send_acl in the bluetooth host controller interface (HCI) in Linux kernel, where a local attacker with an access rights could cause a denial of service problem on the system The issue results from the object hchan, freed in hci_disconn_loglink_complete_evt, yet still used in other places. The highest threat from this vulnerability is to data integrity, confidentiality and system availability. (CVE-2021-33034)

The canbus filesystem in the Linux kernel contains an information leak of kernel memory to devices on the CAN bus network link layer. An attacker with the ability to dump messages on the CAN bus is able to learn of uninitialized stack values by dumbing messages on the can bus. (CVE-2021-34693)

An out-of-bounds (OOB) memory access flaw was found in fs/f2fs/node.c in the f2fs module in the Linux kernel. A bounds check failure allows a local attacker to gain access to out-of-bounds memory leading to a system crash or a leak of internal kernel information. The highest threat from this vulnerability is to system availability. (CVE-2021-3506)

A flaw double-free memory corruption in the Linux kernel HCI device initialization subsystem was found in the way user attach malicious HCI TTY Bluetooth device. A local user could use this flaw to crash the system. (CVE-2021-3564)

A flaw use-after-free in function hci_sock_bound_ioctl() of the Linux kernel HCI subsystem was found in the way user calls ioct HCIUNBLOCKADDR or other way triggers race condition of the call hci_unregister_dev() together with one of the calls hci_sock_blacklist_add(), hci_sock_blacklist_del(), hci_get_conn_info(), hci_get_auth_info(). A privileged local user could use this flaw to crash the system or escalate their privileges on the system. (CVE-2021-3573)

A flaw was found in the Linux kernels NFC implementation, A NULL pointer dereference and BUG leading to a denial of service can be triggered by a local unprivileged user causing a kernel panic. (CVE-2021-38208)

In the Linux kernel, the following vulnerability has been resolved:

HID: usbhid: fix info leak in hid_submit_ctrl

In hid_submit_ctrl(), the way of calculating the report length doesn'ttake into account that report->size can be zero. When running thesyzkaller reproducer, a report of size 0 causes hid_submit_ctrl) tocalculate transfer_buffer_length as 16384. When this urb is passed tothe usb core layer, KMSAN reports an info leak of 16384 bytes.

To fix this, first modify hid_report_len() to account for the zeroreport size case by using DIV_ROUND_UP for the division. Then, call itfrom hid_submit_ctrl(). (CVE-2021-46906)

In the Linux kernel, the following vulnerability has been resolved:

dm rq: fix double free of blk_mq_tag_set in dev remove after table load fails (CVE-2021-46938)

In the Linux kernel, the following vulnerability has been resolved:

tracing: Restructure trace_clock_global() to never block (CVE-2021-46939)

In the Linux kernel, the following vulnerability has been resolved:

md/raid1: properly indicate failure when ending a failed write request

This patch addresses a data corruption bug in raid1 arrays using bitmaps.Without this fix, the bitmap bits for the failed I/O end up being cleared.

Since we are in the failure leg of raid1_end_write_request, the requesteither needs to be retried (R1BIO_WriteError) or failed (R1BIO_Degraded). (CVE-2021-46950)

In the Linux kernel, the following vulnerability has been resolved:

tpm: efi: Use local variable for calculating final log size (CVE-2021-46951)

In the Linux kernel, the following vulnerability has been resolved:

ACPI: GTDT: Don't corrupt interrupt mappings on watchdow probe failure (CVE-2021-46953)

In the Linux kernel, the following vulnerability has been resolved:

openvswitch: fix stack OOB read while fragmenting IPv4 packets (CVE-2021-46955)

In the Linux kernel, the following vulnerability has been resolved:

virtiofs: fix memory leak in virtio_fs_probe() (CVE-2021-46956)

In the Linux kernel, the following vulnerability has been resolved:

spi: Fix use-after-free with devm_spi_alloc_* (CVE-2021-46959)

In the Linux kernel, the following vulnerability has been resolved:

cifs: Return correct error code from smb2_get_enc_key (CVE-2021-46960)

In the Linux kernel, the following vulnerability has been resolved:

irqchip/gic-v3: Do not enable irqs when handling spurious interrups (CVE-2021-46961)

In the Linux kernel, the following vulnerability has been resolved:

scsi: qla2xxx: Fix crash in qla2xxx_mqueuecommand() (CVE-2021-46963)

In the Linux kernel, the following vulnerability has been resolved:

nbd: Fix NULL pointer in flush_workqueue (CVE-2021-46981)

In the Linux kernel, the following vulnerability has been resolved:

ACPI: scan: Fix a memory leak in an error handling path (CVE-2021-46985)

In the Linux kernel, the following vulnerability has been resolved:

sched: Fix out-of-bound access in uclamp (CVE-2021-46993)

In the Linux kernel, the following vulnerability has been resolved:

ceph: fix inode leak on getattr error in __fh_to_dentry (CVE-2021-47000)

In the Linux kernel, the following vulnerability has been resolved:

ARM: 9064/1: hw_breakpoint: Do not directly check the event's overflow_handler hook (CVE-2021-47006)

In the Linux kernel, the following vulnerability has been resolved:

net: Only allow init netns to set default tcp cong to a restricted algo (CVE-2021-47010)

In the Linux kernel, the following vulnerability has been resolved:

net:emac/emac-mac: Fix a use after free in emac_mac_tx_buf_send (CVE-2021-47013)

In the Linux kernel, the following vulnerability has been resolved:

bnxt_en: Fix RX consumer index logic in the error path. (CVE-2021-47015)

In the Linux kernel, the following vulnerability has been resolved:

bus: qcom: Put child node before return (CVE-2021-47054)

In the Linux kernel, the following vulnerability has been resolved:

mtd: require write permissions for locking and badblock ioctls (CVE-2021-47055)

In the Linux kernel, the following vulnerability has been resolved:

regmap: set debugfs_name to NULL after it is freed (CVE-2021-47058)

In the Linux kernel, the following vulnerability has been resolved:

KVM: Stop looking for coalesced MMIO zones if the bus is destroyed (CVE-2021-47060)

In the Linux kernel, the following vulnerability has been resolved:

uio_hv_generic: Fix a memory leak in error handling paths (CVE-2021-47071)

In the Linux kernel, the following vulnerability has been resolved:

RDMA/rxe: Clear all QP fields if creation failed (CVE-2021-47078)

In the Linux kernel, the following vulnerability has been resolved:

neighbour: allow NUD_NOARP entries to be forced GCed (CVE-2021-47109)

In the Linux kernel, the following vulnerability has been resolved:

x86/kvm: Disable kvmclock on all CPUs on shutdown (CVE-2021-47110)

In the Linux kernel, the following vulnerability has been resolved:

x86/kvm: Teardown PV features on boot CPU as well (CVE-2021-47112)

In the Linux kernel, the following vulnerability has been resolved:

ext4: fix bug on in ext4_es_cache_extent as ext4_split_extent_at failed (CVE-2021-47117)

In the Linux kernel, the following vulnerability has been resolved:

pid: take a reference when initializing `cad_pid` (CVE-2021-47118)

In the Linux kernel, the following vulnerability has been resolved:

HID: magicmouse: fix NULL-deref on disconnect (CVE-2021-47120)

In the Linux kernel, the following vulnerability has been resolved:

ipv6: Fix KASAN: slab-out-of-bounds Read in fib6_nh_flush_exceptions (CVE-2021-47126)

In the Linux kernel, the following vulnerability has been resolved:

netfilter: nft_ct: skip expectations for confirmed conntrack (CVE-2021-47129)

In the Linux kernel, the following vulnerability has been resolved:

cxgb4: avoid accessing registers when clearing filters (CVE-2021-47138)

In the Linux kernel, the following vulnerability has been resolved:

drm/amdgpu: Fix a use-after-free (CVE-2021-47142)

In the Linux kernel, the following vulnerability has been resolved:

drm/amd/amdgpu: fix refcount leak (CVE-2021-47144)

In the Linux kernel, the following vulnerability has been resolved:

btrfs: do not BUG_ON in link_to_fixup_dir (CVE-2021-47145)

In the Linux kernel, the following vulnerability has been resolved:

mld: fix panic in mld_newpack() (CVE-2021-47146)

In the Linux kernel, the following vulnerability has been resolved:

net: dsa: fix a crash if ->get_sset_count() fails (CVE-2021-47159)

In the Linux kernel, the following vulnerability has been resolved:

tipc: skb_linearize the head skb when reassembling msgs (CVE-2021-47162)

In the Linux kernel, the following vulnerability has been resolved:

tipc: wait and exit until all work queues are done (CVE-2021-47163)

In the Linux kernel, the following vulnerability has been resolved:

NFS: Don't corrupt the value of pg_bytes_written in nfs_do_recoalesce() (CVE-2021-47166)

In the Linux kernel, the following vulnerability has been resolved:

NFS: Fix an Oopsable condition in __nfs_pageio_add_request() (CVE-2021-47167)

In the Linux kernel, the following vulnerability has been resolved:

NFS: fix an incorrect limit in filelayout_decode_layout() (CVE-2021-47168)

In the Linux kernel, the following vulnerability has been resolved:

USB: usbfs: Don't WARN about excessively large memory allocations (CVE-2021-47170)

In the Linux kernel, the following vulnerability has been resolved:

net: usb: fix memory leak in smsc75xx_bind (CVE-2021-47171)

In the Linux kernel, the following vulnerability has been resolved:

iommu/vt-d: Fix sysfs leak in alloc_iommu() (CVE-2021-47177)

Tenable has extracted the preceding description block directly from the tested product security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

Solution

Run 'yum update kernel' to update your system.

Plugin Details

Severity: High

ID: 160440

File Name: al2_ALASKERNEL-5_4-2022-004.nasl

Version: 1.9

Type: local

Agent: unix

Family: Amazon Linux Local Security Checks

Published: 5/2/2022

Updated: 8/29/2024

Supported Sensors: Frictionless Assessment AWS, Frictionless Assessment Agent, Nessus Agent, Agentless Assessment, Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 6.7

CVSS v2

Risk Factor: Medium

Base Score: 6.9

Temporal Score: 5.4

Vector: CVSS2#AV:L/AC:M/Au:N/C:C/I:C/A:C

CVSS Score Source: CVE-2021-3573

CVSS v3

Risk Factor: High

Base Score: 7.8

Temporal Score: 7

Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Temporal Vector: CVSS:3.0/E:P/RL:O/RC:C

CVSS Score Source: CVE-2021-46950

Vulnerability Information

CPE: p-cpe:/a:amazon:linux:perf, p-cpe:/a:amazon:linux:bpftool, p-cpe:/a:amazon:linux:perf-debuginfo, p-cpe:/a:amazon:linux:kernel-tools-debuginfo, p-cpe:/a:amazon:linux:kernel-debuginfo-common-aarch64, p-cpe:/a:amazon:linux:kernel-tools, p-cpe:/a:amazon:linux:kernel-devel, p-cpe:/a:amazon:linux:python-perf-debuginfo, p-cpe:/a:amazon:linux:kernel, p-cpe:/a:amazon:linux:kernel-debuginfo, p-cpe:/a:amazon:linux:kernel-headers, cpe:/o:amazon:linux:2, p-cpe:/a:amazon:linux:bpftool-debuginfo, p-cpe:/a:amazon:linux:kernel-tools-devel, p-cpe:/a:amazon:linux:kernel-debuginfo-common-x86_64, p-cpe:/a:amazon:linux:python-perf

Required KB Items: Host/local_checks_enabled, Host/AmazonLinux/release, Host/AmazonLinux/rpm-list

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 1/12/2022

Vulnerability Publication Date: 10/2/2020

Reference Information

CVE: CVE-2020-24586, CVE-2020-24587, CVE-2020-24588, CVE-2020-26139, CVE-2020-26141, CVE-2020-26145, CVE-2020-26147, CVE-2020-26541, CVE-2020-26558, CVE-2021-0129, CVE-2021-22543, CVE-2021-32399, CVE-2021-33034, CVE-2021-34693, CVE-2021-3506, CVE-2021-3564, CVE-2021-3573, CVE-2021-38208, CVE-2021-46906, CVE-2021-46938, CVE-2021-46939, CVE-2021-46950, CVE-2021-46951, CVE-2021-46953, CVE-2021-46955, CVE-2021-46956, CVE-2021-46959, CVE-2021-46960, CVE-2021-46961, CVE-2021-46963, CVE-2021-46981, CVE-2021-46985, CVE-2021-46993, CVE-2021-47000, CVE-2021-47006, CVE-2021-47010, CVE-2021-47013, CVE-2021-47015, CVE-2021-47054, CVE-2021-47055, CVE-2021-47058, CVE-2021-47060, CVE-2021-47071, CVE-2021-47078, CVE-2021-47109, CVE-2021-47110, CVE-2021-47112, CVE-2021-47117, CVE-2021-47118, CVE-2021-47120, CVE-2021-47126, CVE-2021-47129, CVE-2021-47138, CVE-2021-47142, CVE-2021-47144, CVE-2021-47145, CVE-2021-47146, CVE-2021-47159, CVE-2021-47162, CVE-2021-47163, CVE-2021-47166, CVE-2021-47167, CVE-2021-47168, CVE-2021-47170, CVE-2021-47171, CVE-2021-47177

IAVA: 2021-A-0222-S, 2021-A-0223-S

Detections

Analytics