It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2022-2022-114 advisory.

  - A use-after-free flaw was found in fs/ext4/namei.c:dx_insert_block() in the Linux kernel's filesystem sub-     component. This flaw allows a local attacker with a user privilege to cause a denial of service.
    (CVE-2022-1184)

  - With shadow paging enabled, the INVPCID instruction results in a call to kvm_mmu_invpcid_gva. If INVPCID     is executed with CR0.PG=0, the invlpg callback is not set and the result is a NULL pointer dereference.
    (CVE-2022-1789)

  - A NULL pointer dereference flaw was found in the Linux kernel's KVM module, which can lead to a denial of     service in the x86_emulate_insn in arch/x86/kvm/emulate.c. This flaw occurs while executing an illegal     instruction in guest in the Intel CPU. (CVE-2022-1852)

  - A use-after-free flaw was found in the Linux kernel in log_replay in fs/ntfs3/fslog.c in the NTFS journal.
    This flaw allows a local attacker to crash the system and leads to a kernel information leak problem.
    (CVE-2022-1973)

  - A vulnerability was found in the Linux kernel's nft_set_desc_concat_parse() function .This flaw allows an     attacker to trigger a buffer overflow via nft_set_desc_concat_parse() , causing a denial of service and     possibly to run code. (CVE-2022-2078)

  - Linux disk/nic frontends data leaks T[his CNA information record relates to multiple CVEs; the text     explains which aspects/vulnerabilities correspond to which CVE.] Linux Block and Network PV device     frontends don't zero memory regions before sharing them with the backend (CVE-2022-26365, CVE-2022-33740).
    Additionally the granularity of the grant table doesn't allow sharing less than a 4K page, leading to     unrelated data residing in the same 4K page as data shared with a backend being accessible by such backend     (CVE-2022-33741, CVE-2022-33742). (CVE-2022-26365, CVE-2022-33740, CVE-2022-33741, CVE-2022-33742)

  - net/netfilter/nf_tables_api.c in the Linux kernel through 5.18.1 allows a local user (able to create     user/net namespaces) to escalate privileges to root because an incorrect NFT_STATEFUL_EXPR check leads to     a use-after-free. (CVE-2022-32250)

  - An issue was discovered in the Linux kernel through 5.18.3 on powerpc 32-bit platforms. There is a buffer     overflow in ptrace PEEKUSER and POKEUSER (aka PEEKUSR and POKEUSR) when accessing floating point     registers. (CVE-2022-32981)

  - network backend may cause Linux netfront to use freed SKBs While adding logic to support XDP (eXpress Data     Path), a code label was moved in a way allowing for SKBs having references (pointers) retained for further     processing to nevertheless be freed. (CVE-2022-33743)

  - rpmsg_virtio_add_ctrl_dev in drivers/rpmsg/virtio_rpmsg_bus.c in the Linux kernel before 5.18.4 has a     double free. (CVE-2022-34494)

  - rpmsg_probe in drivers/rpmsg/virtio_rpmsg_bus.c in the Linux kernel before 5.18.4 has a double free.
    (CVE-2022-34495)

  - An issue was discovered in the Linux kernel through 5.18.9. A type confusion bug in nft_set_elem_init     (leading to a buffer overflow) could be used by a local attacker to escalate privileges, a different     vulnerability than CVE-2022-32250. (The attacker can obtain root access, but must start with an     unprivileged user namespace to obtain CAP_NET_ADMIN access.) This can be fixed in nft_setelem_parse_data     in net/netfilter/nf_tables_api.c. (CVE-2022-34918)

  - A use-after-free flaw was found in fs/ext4/namei.c:dx_insert_block() in the Linux kernel's filesystem sub-     component. This flaw allows a local attacker with a user privilege to cause a denial of service.
    (CVE-2022-1184) (CVE-2022-1972)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

Detections

Analytics

Amazon Linux 2022 : (ALAS2022-2022-114)

high Nessus Plugin ID 164769

Version 1.6

Version 1.5

Version 1.5

Version 1.3

Version 1.6 Jan 16, 2024, 5:39 PM CVE (Removed rejected CVE) Plugin Feed: 202401161739
Version 1.5 Jan 13, 2023, 4:18 PM Exploit attributes ("Exploit framework core" set to "True") Plugin Feed: 202301131618
Version 1.5 Jan 16, 2024, 3:43 PM CVE (Removed rejected CVE) Plugin Feed: 202401161543
Version 1.3 Sep 29, 2022, 12:06 AM CVSS temporal metrics Exploit attributes Plugin Feed: 202209290006