The version of kernel installed on the remote host is prior to 5.4.196-108.356. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2KERNEL-5.4-2022-026 advisory.

  - A kernel information leak flaw was identified in the scsi_ioctl function in drivers/scsi/scsi_ioctl.c in     the Linux kernel. This flaw allows a local attacker with a special user privilege (CAP_SYS_ADMIN or     CAP_SYS_RAWIO) to create issues with confidentiality. (CVE-2022-0494)

  - A memory leak flaw was found in the Linux kernel's DMA subsystem, in the way a user calls DMA_FROM_DEVICE.
    This flaw allows a local user to read random memory from the kernel space. (CVE-2022-0854)

  - A race condition was found the Linux kernel in perf_event_open() which can be exploited by an unprivileged     user to gain root privileges. The bug allows to build several exploit primitives such as kernel address     information leak, arbitrary execution, etc. (CVE-2022-1729)

  - Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2022-33981. Reason: This candidate is a     reservation duplicate of CVE-2022-33981. Notes: All CVE users should reference CVE-2022-33981 instead of     this candidate. All references and descriptions in this candidate have been removed to prevent accidental     usage (CVE-2022-1836)

  - An integer coercion error was found in the openvswitch kernel module. Given a sufficiently large number of     actions, while copying and reserving memory for a new action of a new flow, the reserve_sfa_size()     function does not return -EMSGSIZE as expected, potentially leading to an out-of-bounds write access. This     flaw allows a local user to crash or potentially escalate their privileges on the system. (CVE-2022-2639)

  - The SUNRPC subsystem in the Linux kernel through 5.17.2 can call xs_xprt_free before ensuring that sockets     are in the intended state. (CVE-2022-28893)

  - Improper Update of Reference Count vulnerability in net/sched of Linux Kernel allows local attacker to     cause privilege escalation to root. This issue affects: Linux Kernel versions prior to 5.18; version 4.14     and later versions. (CVE-2022-29581)

  - An issue was discovered in drivers/input/input.c in the Linux kernel before 5.17.10. An attacker can cause     a denial of service (panic) because input_set_capability mishandles the situation in which an event code     falls outside of a bitmap. (CVE-2022-48619)

  - A use-after-free flaw was found in vhost_net_set_backend in drivers/vhost/net.c in virtio network     subcomponent in the Linux kernel due to a double fget. This flaw could allow a local attacker to crash the     system, and could even lead to a kernel information leak problem. (CVE-2023-1838)

  - A use-after-free flaw was found in vmxnet3_rq_alloc_rx_buf in drivers/net/vmxnet3/vmxnet3_drv.c in     VMware's vmxnet3 ethernet NIC driver in the Linux Kernel. This issue could allow a local attacker to crash     the system due to a double-free while cleaning up vmxnet3_rq_cleanup_all, which could also lead to a     kernel information leak problem. (CVE-2023-4387)

  - A NULL pointer dereference flaw was found in vmxnet3_rq_cleanup in drivers/net/vmxnet3/vmxnet3_drv.c in     the networking sub-component in vmxnet3 in the Linux Kernel. This issue may allow a local attacker with     normal user privilege to cause a denial of service due to a missing sanity check during cleanup.
    (CVE-2023-4459)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

Detections

Analytics

Amazon Linux 2 : kernel (ALASKERNEL-5.4-2022-026)

high Nessus Plugin ID 162005

Version 1.8

Version 1.7

Version 1.5

Version 1.4

Version 1.3

Version 1.8 Feb 7, 2024, 4:20 PM Exploit attributes ("Exploitability ease" changed from "No known exploits are available" to "Exploits are available". "Exploited by malware" set to "True") Plugin Feed: 202402071620
Version 1.7 Feb 7, 2024, 2:22 PM Exploit attributes ("Exploitability ease" changed from "No known exploits are available" to "Exploits are available") Exploit attributes ("Exploited by malware" set to "True") Plugin Feed: 202402071422
Version 1.5 May 2, 2023, 10:03 PM Regenerated based on advisory update Plugin Feed: 202305022203
Version 1.4 Apr 18, 2023, 6:10 AM Regenerated based on advisory update Plugin Feed: 202304180610
Version 1.3 Mar 21, 2023, 7:30 PM Plugin metadata Plugin Feed: 202303211930