Amazon Linux 2 : kernel (ALASKERNEL-5.10-2022-017)

high Nessus Plugin ID 163368

Synopsis

The remote Amazon Linux 2 host is missing a security update.

Description

The version of kernel installed on the remote host is prior to 5.10.126-117.518. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2KERNEL-5.10-2022-017 advisory.

- With shadow paging enabled, the INVPCID instruction results in a call to kvm_mmu_invpcid_gva. If INVPCID is executed with CR0.PG=0, the invlpg callback is not set and the result is a NULL pointer dereference.
(CVE-2022-1789)

- A vulnerability was found in the Linux kernel's nft_set_desc_concat_parse() function .This flaw allows an attacker to trigger a buffer overflow via nft_set_desc_concat_parse() , causing a denial of service and possibly to run code. (CVE-2022-2078)

- KGDB and KDB allow read and write access to kernel memory, and thus should be restricted during lockdown.
An attacker with access to a serial port could trigger the debugger so it is important that the debugger respect the lockdown mode when/if it is triggered. CVSS 3.1 Base Score 6.5 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H). (CVE-2022-21499)

- net/netfilter/nf_tables_api.c in the Linux kernel through 5.18.1 allows a local user (able to create user/net namespaces) to escalate privileges to root because an incorrect NFT_STATEFUL_EXPR check leads to a use-after-free. (CVE-2022-32250)

- The Linux kernel before 5.17.9 allows TCP servers to identify clients by observing what source ports are used. (CVE-2022-32296)

- An issue was discovered in the Linux kernel through 5.18.3 on powerpc 32-bit platforms. There is a buffer overflow in ptrace PEEKUSER and POKEUSER (aka PEEKUSR and POKEUSR) when accessing floating point registers. (CVE-2022-32981)

- kernel: Small table perturb size in the TCP source port generation algorithm can lead to information leak (CVE-2022-1012)

- A kernel information leak flaw was identified in the scsi_ioctl function in drivers/scsi/scsi_ioctl.c in the Linux kernel. This flaw allows a local attacker with a special user privilege (CAP_SYS_ADMIN or CAP_SYS_RAWIO) to create issues with confidentiality. (CVE-2022-0494) (CVE-2022-1184)

- Due to the small table perturb size, a memory leak flaw was found in the Linux kernel's TCP source port generation algorithm in the net/ipv4/tcp.c function. This flaw allows an attacker to leak information and may cause a denial of service. (CVE-2022-1012) (CVE-2022-1972)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

Solution

Run 'yum update kernel' to update your system.

See Also

https://alas.aws.amazon.com/AL2/ALASKERNEL-5.10-2022-017.html

https://alas.aws.amazon.com/cve/html/CVE-2022-1012.html

https://alas.aws.amazon.com/cve/html/CVE-2022-1184.html

https://alas.aws.amazon.com/cve/html/CVE-2022-1789.html

https://alas.aws.amazon.com/cve/html/CVE-2022-1972.html

https://alas.aws.amazon.com/cve/html/CVE-2022-2078.html

https://alas.aws.amazon.com/cve/html/CVE-2022-21499.html

https://alas.aws.amazon.com/cve/html/CVE-2022-32250.html

https://alas.aws.amazon.com/cve/html/CVE-2022-32296.html

https://alas.aws.amazon.com/cve/html/CVE-2022-32981.html

Plugin Details

Severity: High

ID: 163368

File Name: al2_ALASKERNEL-5_10-2022-017.nasl

Version: 1.8

Type: local

Agent: unix

Published: 7/21/2022

Updated: 1/16/2024

Supported Sensors: Agentless Assessment, Continuous Assessment, Frictionless Assessment Agent, Frictionless Assessment AWS, Nessus Agent, Nessus

Risk Information

VPR

Risk Factor: Critical

Score: 9.4

CVSS v2

Risk Factor: High

Base Score: 7.2

Temporal Score: 6.3

Vector: CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C

CVSS Score Source: CVE-2022-32250

CVSS v3

Risk Factor: High

Base Score: 8.2

Temporal Score: 7.8

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H

Temporal Vector: CVSS:3.0/E:H/RL:O/RC:C

CVSS Score Source: CVE-2022-1012

Vulnerability Information

CPE: p-cpe:/a:amazon:linux:perf, p-cpe:/a:amazon:linux:bpftool, p-cpe:/a:amazon:linux:perf-debuginfo, p-cpe:/a:amazon:linux:kernel-tools-debuginfo, p-cpe:/a:amazon:linux:kernel-debuginfo-common-aarch64, p-cpe:/a:amazon:linux:kernel-tools, p-cpe:/a:amazon:linux:kernel-devel, p-cpe:/a:amazon:linux:python-perf-debuginfo, p-cpe:/a:amazon:linux:kernel, p-cpe:/a:amazon:linux:kernel-debuginfo, p-cpe:/a:amazon:linux:kernel-headers, cpe:/o:amazon:linux:2, p-cpe:/a:amazon:linux:kernel-livepatch-5.10.126-117.518, p-cpe:/a:amazon:linux:bpftool-debuginfo, p-cpe:/a:amazon:linux:kernel-tools-devel, p-cpe:/a:amazon:linux:kernel-debuginfo-common-x86_64, p-cpe:/a:amazon:linux:python-perf

Required KB Items: Host/local_checks_enabled, Host/AmazonLinux/release, Host/AmazonLinux/rpm-list

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 7/19/2022

Vulnerability Publication Date: 6/2/2022

Reference Information

CVE: CVE-2022-1012, CVE-2022-1184, CVE-2022-1789, CVE-2022-1972, CVE-2022-2078, CVE-2022-21499, CVE-2022-32250, CVE-2022-32296, CVE-2022-32981