Amazon Linux 2023 : bpftool, kernel, kernel-devel (ALAS2023-2023-461)

high Nessus Plugin ID 186974

Synopsis

The remote Amazon Linux 2023 host is missing a security update.

Description

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2023-461 advisory.

2024-12-05: CVE-2023-52843 was added to this advisory.

2024-12-05: CVE-2023-52859 was added to this advisory.

2024-12-05: CVE-2023-52788 was added to this advisory.

2024-12-05: CVE-2023-52846 was added to this advisory.

2024-12-05: CVE-2023-52868 was added to this advisory.

2024-12-05: CVE-2023-52831 was added to this advisory.

2024-12-05: CVE-2023-52854 was added to this advisory.

2024-12-05: CVE-2023-52869 was added to this advisory.

2024-12-05: CVE-2023-52772 was added to this advisory.

2024-12-05: CVE-2023-52791 was added to this advisory.

2024-12-05: CVE-2023-52781 was added to this advisory.

2024-12-05: CVE-2023-52835 was added to this advisory.

2024-12-05: CVE-2023-52828 was added to this advisory.

2024-11-13: CVE-2023-52752 was added to this advisory.

2024-07-03: CVE-2023-52840 was added to this advisory.

2024-07-03: CVE-2023-6622 was added to this advisory.

2024-07-03: CVE-2023-52813 was added to this advisory.

2024-07-03: CVE-2023-52762 was added to this advisory.

2024-06-19: CVE-2023-52860 was added to this advisory.

2024-06-19: CVE-2023-52796 was added to this advisory.

2024-06-19: CVE-2023-52803 was added to this advisory.

2024-06-19: CVE-2023-52784 was added to this advisory.

2024-06-19: CVE-2023-52778 was added to this advisory.

2024-02-01: CVE-2024-0584 was added to this advisory.

2024-02-01: CVE-2024-0607 was added to this advisory.

2024-01-03: CVE-2023-6932 was added to this advisory.

In the Linux kernel, the following vulnerability has been resolved:

smb: client: fix use-after-free bug in cifs_debug_data_proc_show() (CVE-2023-52752)

In the Linux kernel, the following vulnerability has been resolved:

virtio-blk: fix implicit overflow on virtio_max_dma_size (CVE-2023-52762)

In the Linux kernel, the following vulnerability has been resolved:

af_unix: fix use-after-free in unix_stream_read_actor() (CVE-2023-52772)

In the Linux kernel, the following vulnerability has been resolved:

mptcp: deal with large GSO size (CVE-2023-52778)

In the Linux kernel, the following vulnerability has been resolved:

usb: config: fix iteration issue in 'usb_get_bos_descriptor()' (CVE-2023-52781)

In the Linux kernel, the following vulnerability has been resolved:

bonding: stop the device in bond_setup_by_slave() (CVE-2023-52784)

In the Linux kernel, the following vulnerability has been resolved:

i915/perf: Fix NULL deref bugs with drm_dbg() calls (CVE-2023-52788)

In the Linux kernel, the following vulnerability has been resolved:

i2c: core: Run atomic i2c xfer when !preemptible (CVE-2023-52791)

In the Linux kernel, the following vulnerability has been resolved:

ipvlan: add ipvlan_route_v6_outbound() helper (CVE-2023-52796)

In the Linux kernel, the following vulnerability has been resolved:

SUNRPC: Fix RPC client cleaned up the freed pipefs dentries (CVE-2023-52803)

In the Linux kernel, the following vulnerability has been resolved:

crypto: pcrypt - Fix hungtask for PADATA_RESET (CVE-2023-52813)

In the Linux kernel, the following vulnerability has been resolved:

bpf: Detect IP == ksym.end as part of BPF program (CVE-2023-52828)

In the Linux kernel, the following vulnerability has been resolved:

cpu/hotplug: Don't offline the last non-isolated CPU (CVE-2023-52831)

In the Linux kernel, the following vulnerability has been resolved:

perf/core: Bail out early if the request AUX area is out of bound (CVE-2023-52835)

In the Linux kernel, the following vulnerability has been resolved:

Input: synaptics-rmi4 - fix use after free in rmi_unregister_function() (CVE-2023-52840)

In the Linux kernel, the following vulnerability has been resolved:

llc: verify mac len before reading mac header (CVE-2023-52843)

In the Linux kernel, the following vulnerability has been resolved:

hsr: Prevent use after free in prp_create_tagged_frame() (CVE-2023-52846)

In the Linux kernel, the following vulnerability has been resolved:

padata: Fix refcnt handling in padata_free_shell() (CVE-2023-52854)

In the Linux kernel, the following vulnerability has been resolved:

perf: hisi: Fix use-after-free when register pmu fails (CVE-2023-52859)

In the Linux kernel, the following vulnerability has been resolved:

drivers/perf: hisi: use cpuhp_state_remove_instance_nocalls() for hisi_hns3_pmu uninit process (CVE-2023-52860)

In the Linux kernel, the following vulnerability has been resolved:

thermal: core: prevent potential string overflow (CVE-2023-52868)

In the Linux kernel, the following vulnerability has been resolved:

pstore/platform: Add check for kstrdup (CVE-2023-52869)

A use-after-free vulnerability in the Linux kernel's netfilter: nf_tables component can be exploited to achieve local privilege escalation.

The function nft_trans_gc_catchall did not remove the catchall set element from the catchall_list when the argument sync is true, making it possible to free a catchall set element many times.

We recommend upgrading past commit 93995bf4af2c5a99e2a87f0cd5ce547d31eb7630. (CVE-2023-6111)

A null pointer dereference vulnerability was found in nft_dynset_init() in net/netfilter/nft_dynset.c in nf_tables in the Linux kernel. This issue may allow a local attacker with CAP_NET_ADMIN user privilege to trigger a denial of service. (CVE-2023-6622)

A use-after-free vulnerability in the Linux kernel's ipv4: igmp component can be exploited to achieve local privilege escalation.

A race condition can be exploited to cause a timer be mistakenly registered on a RCU read locked object which is freed by another thread.

We recommend upgrading past commit e2b706c691905fe78468c361aaabc719d0a496f1. (CVE-2023-6932)

A use-after-free issue was found in igmp_start_timer in net/ipv4/igmp.c in the network sub-component in the Linux Kernel. This flaw allows a local user to observe a refcnt use-after-free issue when receiving an igmp query packet, leading to a kernel information leak. (CVE-2024-0584)

netfilter: nf_tables: fix pointer math issue in nft_byteorder_eval() (CVE-2024-0607)

Tenable has extracted the preceding description block directly from the tested product security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

Solution

Run 'dnf update kernel --releasever 2023.3.20231211' to update your system.

See Also

https://alas.aws.amazon.com/AL2023/ALAS-2023-461.html

https://alas.aws.amazon.com/faqs.html

https://alas.aws.amazon.com/cve/html/CVE-2023-52752.html

https://alas.aws.amazon.com/cve/html/CVE-2023-52762.html

https://alas.aws.amazon.com/cve/html/CVE-2023-52772.html

https://alas.aws.amazon.com/cve/html/CVE-2023-52778.html

https://alas.aws.amazon.com/cve/html/CVE-2023-52781.html

https://alas.aws.amazon.com/cve/html/CVE-2023-52784.html

https://alas.aws.amazon.com/cve/html/CVE-2023-52788.html

https://alas.aws.amazon.com/cve/html/CVE-2023-52791.html

https://alas.aws.amazon.com/cve/html/CVE-2023-52796.html

https://alas.aws.amazon.com/cve/html/CVE-2023-52803.html

https://alas.aws.amazon.com/cve/html/CVE-2023-52813.html

https://alas.aws.amazon.com/cve/html/CVE-2023-52828.html

https://alas.aws.amazon.com/cve/html/CVE-2023-52831.html

https://alas.aws.amazon.com/cve/html/CVE-2023-52835.html

https://alas.aws.amazon.com/cve/html/CVE-2023-52840.html

https://alas.aws.amazon.com/cve/html/CVE-2023-52843.html

https://alas.aws.amazon.com/cve/html/CVE-2023-52846.html

https://alas.aws.amazon.com/cve/html/CVE-2023-52854.html

https://alas.aws.amazon.com/cve/html/CVE-2023-52859.html

https://alas.aws.amazon.com/cve/html/CVE-2023-52860.html

https://alas.aws.amazon.com/cve/html/CVE-2023-52868.html

https://alas.aws.amazon.com/cve/html/CVE-2023-52869.html

https://alas.aws.amazon.com/cve/html/CVE-2023-6111.html

https://alas.aws.amazon.com/cve/html/CVE-2023-6622.html

https://alas.aws.amazon.com/cve/html/CVE-2023-6932.html

https://alas.aws.amazon.com/cve/html/CVE-2024-0584.html

https://alas.aws.amazon.com/cve/html/CVE-2024-0607.html

Plugin Details

Severity: High

ID: 186974

File Name: al2023_ALAS2023-2023-461.nasl

Version: 1.7

Type: local

Agent: unix

Published: 12/15/2023

Updated: 12/11/2024

Supported Sensors: Agentless Assessment, Continuous Assessment, Frictionless Assessment Agent, Frictionless Assessment AWS, Nessus Agent, Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 6.7

CVSS v2

Risk Factor: Medium

Base Score: 6.8

Temporal Score: 5

Vector: CVSS2#AV:L/AC:L/Au:S/C:C/I:C/A:C

CVSS Score Source: CVE-2023-6111

CVSS v3

Risk Factor: High

Base Score: 7.8

Temporal Score: 6.8

Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Temporal Vector: CVSS:3.0/E:U/RL:O/RC:C

Vulnerability Information

CPE: p-cpe:/a:amazon:linux:perf-debuginfo, p-cpe:/a:amazon:linux:kernel-modules-extra, p-cpe:/a:amazon:linux:kernel-debuginfo-common-aarch64, p-cpe:/a:amazon:linux:kernel-tools, p-cpe:/a:amazon:linux:python3-perf, p-cpe:/a:amazon:linux:kernel-libbpf-static, p-cpe:/a:amazon:linux:kernel-debuginfo, p-cpe:/a:amazon:linux:kernel-libbpf, p-cpe:/a:amazon:linux:bpftool-debuginfo, p-cpe:/a:amazon:linux:kernel-libbpf-devel, p-cpe:/a:amazon:linux:kernel, p-cpe:/a:amazon:linux:python3-perf-debuginfo, p-cpe:/a:amazon:linux:kernel-debuginfo-common-x86_64, p-cpe:/a:amazon:linux:kernel-headers, p-cpe:/a:amazon:linux:kernel-livepatch-6.1.66-91.160, p-cpe:/a:amazon:linux:kernel-tools-devel, cpe:/o:amazon:linux:2023, p-cpe:/a:amazon:linux:perf, p-cpe:/a:amazon:linux:bpftool, p-cpe:/a:amazon:linux:kernel-tools-debuginfo, p-cpe:/a:amazon:linux:kernel-devel

Required KB Items: Host/local_checks_enabled, Host/AmazonLinux/release, Host/AmazonLinux/rpm-list

Exploit Ease: No known exploits are available

Patch Publication Date: 12/13/2023

Vulnerability Publication Date: 11/14/2023

Reference Information

CVE: CVE-2023-52752, CVE-2023-52762, CVE-2023-52772, CVE-2023-52778, CVE-2023-52781, CVE-2023-52784, CVE-2023-52788, CVE-2023-52791, CVE-2023-52796, CVE-2023-52803, CVE-2023-52813, CVE-2023-52828, CVE-2023-52831, CVE-2023-52835, CVE-2023-52840, CVE-2023-52843, CVE-2023-52846, CVE-2023-52854, CVE-2023-52859, CVE-2023-52860, CVE-2023-52868, CVE-2023-52869, CVE-2023-6111, CVE-2023-6622, CVE-2023-6932, CVE-2024-0584, CVE-2024-0607