Synopsis
The remote Amazon Linux 2 host is missing a security update.
Description
The version of kernel installed on the remote host is prior to 5.15.50-23.125. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2KERNEL-5.15-2022-002 advisory.
A use-after-free flaw was found in fs/ext4/namei.c:dx_insert_block() in the Linux kernel's filesystem sub- component. This flaw allows a local attacker with a user privilege to cause a denial of service.
(CVE-2022-1184)
With shadow paging enabled, the INVPCID instruction results in a call to kvm_mmu_invpcid_gva. If INVPCID is executed with CR0.PG=0, the invlpg callback is not set and the result is a NULL pointer dereference.
(CVE-2022-1789)
A NULL pointer dereference flaw was found in the Linux kernel's KVM module, which can lead to a denial of service in the x86_emulate_insn in arch/x86/kvm/emulate.c. This flaw occurs while executing an illegal instruction in guest in the Intel CPU. (CVE-2022-1852)
A use-after-free vulnerability was found in the Linux kernel's Netfilter subsystem in net/netfilter/nf_tables_api.c. This flaw allows a local attacker with user access to cause a privilege escalation issue. (CVE-2022-1966)
No description is available for this CVE. (CVE-2022-1972)
A use-after-free flaw was found in the Linux kernel in log_replay in fs/ntfs3/fslog.c in the NTFS journal.
This flaw allows a local attacker to crash the system and leads to a kernel information leak problem.
(CVE-2022-1973)
A vulnerability was found in the Linux kernel's nft_set_desc_concat_parse() function .This flaw allows an attacker to trigger a buffer overflow via nft_set_desc_concat_parse() , causing a denial of service and possibly to run code. (CVE-2022-2078)
A flaw was found in hw. Incomplete cleanup of multi-core shared buffers for some Intel(r) Processors may allow an authenticated user to enable information disclosure via local access. (CVE-2022-21123)
A flaw was found in hw. Incomplete cleanup of microarchitectural fill buffers on some Intel(r) Processors may allow an authenticated user to enable information disclosure via local access. (CVE-2022-21125)
A flaw was found in hw. Incomplete cleanup in specific special register write operations for some Intel Processors may allow an authenticated user to enable information disclosure via local access.
(CVE-2022-21166)
net/netfilter/nf_tables_api.c in the Linux kernel through 5.18.1 allows a local user (able to create user/net namespaces) to escalate privileges to root because an incorrect NFT_STATEFUL_EXPR check leads to a use-after-free. (CVE-2022-32250)
An issue was discovered in the Linux kernel through 5.18.3 on powerpc 32-bit platforms. There is a buffer overflow in ptrace PEEKUSER and POKEUSER (aka PEEKUSR and POKEUSR) when accessing floating point registers. (CVE-2022-32981)
rpmsg_virtio_add_ctrl_dev in drivers/rpmsg/virtio_rpmsg_bus.c in the Linux kernel before 5.18.4 has a double free. (CVE-2022-34494)
rpmsg_probe in drivers/rpmsg/virtio_rpmsg_bus.c in the Linux kernel before 5.18.4 has a double free.
(CVE-2022-34495)
In the Linux kernel, the following vulnerability has been resolved:
nbd: fix io hung while disconnecting device (CVE-2022-49297)
In the Linux kernel, the following vulnerability has been resolved:
iommu/arm-smmu: fix possible null-ptr-deref in arm_smmu_device_probe() (CVE-2022-49323)
In the Linux kernel, the following vulnerability has been resolved:
ip_gre: test csum_start instead of transport header (CVE-2022-49340)
In the Linux kernel, the following vulnerability has been resolved:
net: xfrm: unexport __init-annotated xfrm4_protocol_init() (CVE-2022-49345)
In the Linux kernel, the following vulnerability has been resolved:
ext4: fix bug_on in ext4_writepages (CVE-2022-49347)
In the Linux kernel, the following vulnerability has been resolved:
ext4: fix use-after-free in ext4_rename_dir_prepare (CVE-2022-49349)
In the Linux kernel, the following vulnerability has been resolved:
blk-mq: don't touch ->tagset in blk_mq_get_sq_hctx (CVE-2022-49377)
In the Linux kernel, the following vulnerability has been resolved:
driver: base: fix UAF when driver_attach failed (CVE-2022-49385)
In the Linux kernel, the following vulnerability has been resolved:
md: Don't set mddev private to NULL in raid0 pers->free (CVE-2022-49400)
In the Linux kernel, the following vulnerability has been resolved:
ftrace: Clean up hash direct_functions on register failures (CVE-2022-49402)
In the Linux kernel, the following vulnerability has been resolved:
dlm: fix plock invalid read (CVE-2022-49407)
In the Linux kernel, the following vulnerability has been resolved:
bfq: Make sure bfqg for which we are queueing requests is online (CVE-2022-49411)
In the Linux kernel, the following vulnerability has been resolved:
bfq: Avoid merging queues with different parents (CVE-2022-49412)
In the Linux kernel, the following vulnerability has been resolved:
bfq: Update cgroup information before merging bio (CVE-2022-49413)
In the Linux kernel, the following vulnerability has been resolved:
ext4: fix race condition between ext4_write and ext4_convert_inline_data (CVE-2022-49414)
In the Linux kernel, the following vulnerability has been resolved:
iommu/arm-smmu-v3-sva: Fix mm use-after-free (CVE-2022-49426)
In the Linux kernel, the following vulnerability has been resolved:
thermal/core: Fix memory leak in __thermal_cooling_device_register() (CVE-2022-49468)
In the Linux kernel, the following vulnerability has been resolved:
HID: elan: Fix potential double free in elan_input_configured (CVE-2022-49508)
In the Linux kernel, the following vulnerability has been resolved:
rcu-tasks: Fix race in schedule and flush work (CVE-2022-49540)
In the Linux kernel, the following vulnerability has been resolved:
cifs: fix potential double free during failed mount (CVE-2022-49541)
In the Linux kernel, the following vulnerability has been resolved:
bpf: Fix potential array overflow in bpf_trampoline_get_progs() (CVE-2022-49548)
In the Linux kernel, the following vulnerability has been resolved:
KVM: x86: Drop WARNs that assert a triple fault never escapes from L2 (CVE-2022-49559)
In the Linux kernel, the following vulnerability has been resolved:
exfat: check if cluster num is valid (CVE-2022-49560)
In the Linux kernel, the following vulnerability has been resolved:
netfilter: conntrack: re-fetch conntrack after insertion (CVE-2022-49561)
In the Linux kernel, the following vulnerability has been resolved:
ext4: fix bug_on ext4_mb_use_inode_pa (CVE-2022-49708)
In the Linux kernel, the following vulnerability has been resolved:
block: Fix handling of offline queues in blk_mq_alloc_request_hctx() (CVE-2022-49720)
In the Linux kernel, the following vulnerability has been resolved:
drm/i915/reset: Fix error_state_read ptr + offset use (CVE-2022-49723)
In the Linux kernel, the following vulnerability has been resolved:
ata: libata-core: fix NULL pointer deref in ata_host_alloc_pinfo() (CVE-2022-49731)
Tenable has extracted the preceding description block directly from the tested product security advisory.
Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.
Solution
Run 'yum update kernel' to update your system.
Plugin Details
File Name: al2_ALASKERNEL-5_15-2022-002.nasl
Agent: unix
Supported Sensors: Frictionless Assessment AWS, Frictionless Assessment Agent, Nessus Agent, Agentless Assessment, Continuous Assessment, Nessus
Risk Information
Vector: CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Temporal Vector: CVSS:3.0/E:H/RL:O/RC:C
Vulnerability Information
CPE: p-cpe:/a:amazon:linux:perf, p-cpe:/a:amazon:linux:bpftool, p-cpe:/a:amazon:linux:perf-debuginfo, p-cpe:/a:amazon:linux:kernel-tools-debuginfo, p-cpe:/a:amazon:linux:kernel-debuginfo-common-aarch64, p-cpe:/a:amazon:linux:kernel-tools, p-cpe:/a:amazon:linux:kernel-devel, p-cpe:/a:amazon:linux:python-perf-debuginfo, p-cpe:/a:amazon:linux:kernel, p-cpe:/a:amazon:linux:kernel-debuginfo, p-cpe:/a:amazon:linux:kernel-headers, cpe:/o:amazon:linux:2, p-cpe:/a:amazon:linux:kernel-livepatch-5.15.50-23.125, p-cpe:/a:amazon:linux:bpftool-debuginfo, p-cpe:/a:amazon:linux:kernel-tools-devel, p-cpe:/a:amazon:linux:kernel-debuginfo-common-x86_64, p-cpe:/a:amazon:linux:python-perf
Required KB Items: Host/local_checks_enabled, Host/AmazonLinux/release, Host/AmazonLinux/rpm-list
Exploit Ease: No known exploits are available
Patch Publication Date: 6/30/2022
Vulnerability Publication Date: 6/2/2022
Reference Information
CVE: CVE-2022-1184, CVE-2022-1789, CVE-2022-1852, CVE-2022-1966, CVE-2022-1972, CVE-2022-1973, CVE-2022-2078, CVE-2022-21123, CVE-2022-21125, CVE-2022-21166, CVE-2022-32250, CVE-2022-32981, CVE-2022-34494, CVE-2022-34495, CVE-2022-49297, CVE-2022-49323, CVE-2022-49340, CVE-2022-49345, CVE-2022-49347, CVE-2022-49349, CVE-2022-49377, CVE-2022-49385, CVE-2022-49400, CVE-2022-49402, CVE-2022-49407, CVE-2022-49411, CVE-2022-49412, CVE-2022-49413, CVE-2022-49414, CVE-2022-49426, CVE-2022-49468, CVE-2022-49508, CVE-2022-49540, CVE-2022-49541, CVE-2022-49548, CVE-2022-49559, CVE-2022-49560, CVE-2022-49561, CVE-2022-49708, CVE-2022-49720, CVE-2022-49723, CVE-2022-49731