Detections
Analytics
Amazon Linux 2023 : bpftool, kernel, kernel-devel (ALAS2023-2024-488)
high Nessus Plugin ID 189347
Language:
Synopsis
The remote Amazon Linux 2023 host is missing a security update.Description
It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2024-488 advisory.2024-06-06: CVE-2023-52881 was added to this advisory.
2024-05-23: CVE-2023-6531 was added to this advisory.
2024-05-09: CVE-2023-6931 was added to this advisory.
2024-04-25: CVE-2023-6817 was added to this advisory.
2024-04-10: CVE-2024-25744 was added to this advisory.
2024-02-01: CVE-2024-0646 was added to this advisory.
2024-02-01: CVE-2024-0565 was added to this advisory.
In the Linux kernel, the following vulnerability has been resolved:
tcp: do not accept ACK of bytes we never sent (CVE-2023-52881)
A use-after-free flaw was found in the Linux Kernel due to a race problem in the unix garbage collector's deletion of SKB races with unix_stream_read_generic() on the socket that the SKB is queued on.
(CVE-2023-6531)
An out-of-bounds read vulnerability was found in smbCalcSize in fs/smb/client/netmisc.c in the Linux Kernel. This issue could allow a local attacker to crash the system or leak internal kernel information.
(CVE-2023-6606)
A use-after-free vulnerability in the Linux kernel's netfilter: nf_tables component can be exploited to achieve local privilege escalation.
The function nft_pipapo_walk did not skip inactive elements during set walk which could lead double deactivations of PIPAPO (Pile Packet Policies) elements, leading to use-after-free.
We recommend upgrading past commit 317eb9685095678f2c9f5a8189de698c5354316a. (CVE-2023-6817)
A heap out-of-bounds write vulnerability in the Linux kernel's Performance Events system component can be exploited to achieve local privilege escalation.
A perf_event's read_size can overflow, leading to an heap out-of-bounds increment or write in perf_read_group().
We recommend upgrading past commit 382c27f4ed28f803b1f1473ac2d8db0afc795a1b. (CVE-2023-6931)
A use-after-free flaw was found in the netfilter subsystem of the Linux kernel. If the catchall element is garbage-collected when the pipapo set is removed, the element can be deactivated twice. This can cause a use-after-free issue on an NFT_CHAIN object or NFT_OBJECT object, allowing a local unprivileged user with CAP_NET_ADMIN capability to escalate their privileges on the system. (CVE-2024-0193)
An out-of-bounds memory read flaw was found in receive_encrypted_standard in fs/smb/client/smb2ops.c in the SMB Client sub-component in the Linux Kernel. This issue occurs due to integer underflow on the memcpy length, leading to a denial of service. (CVE-2024-0565)
An out-of-bounds memory write flaw was found in the Linux kernel's Transport Layer Security functionality in how a user calls a function splice with a ktls socket as the destination. This flaw allows a local user to crash or potentially escalate their privileges on the system. (CVE-2024-0646)
In the Linux kernel before 6.6.7, an untrusted VMM can trigger int80 syscall handling at any given point.
This is related to arch/x86/coco/tdx/tdx.c and arch/x86/mm/mem_encrypt_amd.c. (CVE-2024-25744)
Tenable has extracted the preceding description block directly from the tested product security advisory.
Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.
Solution
Run 'dnf update kernel --releasever 2023.3.20240122' to update your system.See Also
https://alas.aws.amazon.com/AL2023/ALAS-2024-488.html
https://alas.aws.amazon.com/faqs.html
https://alas.aws.amazon.com/cve/html/CVE-2023-52881.html
https://alas.aws.amazon.com/cve/html/CVE-2023-6531.html
https://alas.aws.amazon.com/cve/html/CVE-2023-6606.html
https://alas.aws.amazon.com/cve/html/CVE-2023-6817.html
https://alas.aws.amazon.com/cve/html/CVE-2023-6931.html
https://alas.aws.amazon.com/cve/html/CVE-2024-0193.html
https://alas.aws.amazon.com/cve/html/CVE-2024-0565.html
Plugin Details
Severity: High
ID: 189347
File Name: al2023_ALAS2023-2024-488.nasl
Version: 1.13
Type: local
Agent: unix
Published: 1/23/2024
Updated: 6/10/2024
Supported Sensors: Agentless Assessment, Frictionless Assessment Agent, Frictionless Assessment AWS, Nessus Agent, Nessus
Risk Information
VPR
Risk Factor: High
Score: 7.4
CVSS v2
Risk Factor: High
Base Score: 7.7
Temporal Score: 6
Vector: CVSS2#AV:A/AC:L/Au:S/C:C/I:C/A:C
CVSS Score Source: CVE-2024-0565
CVSS v3
Risk Factor: High
Base Score: 7.8
Temporal Score: 7
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Temporal Vector: CVSS:3.0/E:P/RL:O/RC:C
CVSS Score Source: CVE-2024-0646
Vulnerability Information
CPE: p-cpe:/a:amazon:linux:kernel-modules-extra-common, p-cpe:/a:amazon:linux:perf-debuginfo, p-cpe:/a:amazon:linux:kernel-modules-extra, p-cpe:/a:amazon:linux:kernel-debuginfo-common-aarch64, p-cpe:/a:amazon:linux:kernel-tools, p-cpe:/a:amazon:linux:python3-perf, p-cpe:/a:amazon:linux:kernel-livepatch-6.1.72-96.166, p-cpe:/a:amazon:linux:kernel-libbpf-static, p-cpe:/a:amazon:linux:kernel-debuginfo, p-cpe:/a:amazon:linux:kernel-libbpf, p-cpe:/a:amazon:linux:bpftool-debuginfo, p-cpe:/a:amazon:linux:kernel-libbpf-devel, p-cpe:/a:amazon:linux:kernel-headers, p-cpe:/a:amazon:linux:kernel-tools-devel, cpe:/o:amazon:linux:2023, p-cpe:/a:amazon:linux:perf, p-cpe:/a:amazon:linux:bpftool, p-cpe:/a:amazon:linux:kernel-tools-debuginfo, p-cpe:/a:amazon:linux:kernel-devel, p-cpe:/a:amazon:linux:kernel, p-cpe:/a:amazon:linux:python3-perf-debuginfo, p-cpe:/a:amazon:linux:kernel-debuginfo-common-x86_64
Required KB Items: Host/local_checks_enabled, Host/AmazonLinux/release, Host/AmazonLinux/rpm-list
Exploit Available: true
Exploit Ease: Exploits are available
Patch Publication Date: 1/19/2024
Vulnerability Publication Date: 12/8/2023
Reference Information
CVE: CVE-2023-52881, CVE-2023-6531, CVE-2023-6606, CVE-2023-6817, CVE-2023-6931, CVE-2024-0193, CVE-2024-0565, CVE-2024-0646, CVE-2024-25744