The version of kernel installed on the remote host is prior to 5.10.157-139.675. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2KERNEL-5.10-2022-024 advisory.

  - A flaw was found in the Linux kernel. A denial of service flaw may occur if there is a consecutive request     of the NVME_IOCTL_RESET and the NVME_IOCTL_SUBSYS_RESET through the device file of the driver, resulting     in a PCIe link disconnect. (CVE-2022-3169)

  - An incorrect TLB flush issue was found in the Linux kernel's GPU i915 kernel driver, potentially leading     to random memory corruption or data leaks. This flaw could allow a local user to crash the system or     escalate their privileges on the system. (CVE-2022-4139)

  - An issue was discovered in the Linux kernel 5.10.x before 5.10.155. A use-after-free in io_sqpoll_wait_sq     in fs/io_uring.c allows an attacker to crash the kernel, resulting in denial of service. finish_wait can     be skipped. An attack can occur in some situations by forking a process and then quickly terminating it.
    NOTE: later kernel versions, such as the 5.15 longterm series, substantially changed the implementation of     io_sqpoll_wait_sq. (CVE-2022-47946)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

Detections

Analytics

Amazon Linux 2 : kernel (ALASKERNEL-5.10-2022-024)

high Nessus Plugin ID 168728

Version 1.5