The version of kernel installed on the remote host is prior to 5.15.43-20.123. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2KERNEL-5.15-2022-001 advisory.

  - An issue was discovered in Linux: KVM through Improper handling of VM_IO|VM_PFNMAP vmas in KVM can bypass     RO checks and can lead to pages being freed while still accessible by the VMM and guest. This allows users     with the ability to start and control a VM to read/write random pages of memory and can result in local     privilege escalation. (CVE-2021-22543)

  - A flaw was found in unrestricted eBPF usage by the BPF_BTF_LOAD, leading to a possible out-of-bounds     memory write in the Linux kernel's BPF subsystem due to the way a user loads BTF. This flaw allows a local     user to crash or escalate their privileges on the system. (CVE-2022-0500)

  - A flaw was found in the Linux kernel in linux/net/netfilter/nf_tables_api.c of the netfilter subsystem.
    This flaw allows a local user to cause an out-of-bounds write issue. (CVE-2022-1015)

  - A vulnerability was found in the pfkey_register function in net/key/af_key.c in the Linux kernel. This     flaw allows a local, unprivileged user to gain access to kernel memory, leading to a system crash or a     leak of internal kernel information. (CVE-2022-1353)

  - kernel/bpf/verifier.c in the Linux kernel through 5.15.14 allows local users to gain privileges because of     the availability of pointer arithmetic via certain *_OR_NULL pointer types. (CVE-2022-23222)

  - The SUNRPC subsystem in the Linux kernel through 5.17.2 can call xs_xprt_free before ensuring that sockets     are in the intended state. (CVE-2022-28893)

  - Improper Update of Reference Count vulnerability in net/sched of Linux Kernel allows local attacker to     cause privilege escalation to root. This issue affects: Linux Kernel versions prior to 5.18; version 4.14     and later versions. (CVE-2022-29581)

  - In the Linux kernel before 5.17.3, fs/io_uring.c has a use-after-free due to a race condition in io_uring     timeouts. This can be triggered by a local user who has no access to any user namespace; however, the race     condition perhaps can only be exploited infrequently. (CVE-2022-29582)

  - The Linux kernel before 5.17.2 mishandles seccomp permissions. The PTRACE_SEIZE code path allows attackers     to bypass intended restrictions on setting the PT_SUSPEND_SECCOMP flag. (CVE-2022-30594)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

Detections

Analytics

Amazon Linux 2 : kernel (ALASKERNEL-5.15-2022-001)

high Nessus Plugin ID 162006

Version 1.6

Version 1.5

Version 1.4

Version 1.6 Sep 5, 2023, 10:10 PM Detection Plugin requirements Plugin Feed: 202309052210
Version 1.5 Jan 13, 2023, 4:18 PM Exploit attributes ("Exploit framework core" set to "True") CVSS temporal metrics ("CVSSv3 temporal vector" set to "CVSS:3.0/E:F/RL:O/RC:C") CVSS temporal metrics ("CVSSv2 temporal vector" set to "CVSS2#E:F/RL:OF/RC:C") Plugin Feed: 202301131618
Version 1.4 Jan 6, 2023, 4:14 PM CVSS temporal metrics ("CVSSv2 temporal score" set to "5.6") CVSS temporal metrics ("CVSSv2 temporal vector" set to "CVSS2#E:POC/RL:OF/RC:C") CVSS temporal metrics ("CVSSv3 temporal score" set to "7.0") CVSS temporal metrics ("CVSSv3 temporal vector" set to "CVSS:3.0/E:P/RL:O/RC:C") Exploit attributes ("Exploit available" set to "True") Exploit attributes ("Exploitability ease" changed from "No known exploits are available" to "Exploits are available") Plugin Feed: 202301061614