Amazon Linux 2023 : bpftool, kernel, kernel-devel (ALAS2023-2024-517)

high Nessus Plugin ID 190743

Language:

Synopsis

The remote Amazon Linux 2023 host is missing a security update.

Description

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2024-517 advisory.

2024-07-03: CVE-2023-52619 was added to this advisory.

2024-07-03: CVE-2024-26626 was added to this advisory.

2024-07-03: CVE-2024-26635 was added to this advisory.

2024-07-03: CVE-2023-52614 was added to this advisory.

2024-07-03: CVE-2023-52615 was added to this advisory.

2024-07-03: CVE-2024-26640 was added to this advisory.

2024-07-03: CVE-2024-26634 was added to this advisory.

2024-07-03: CVE-2024-26641 was added to this advisory.

2024-07-03: CVE-2024-26627 was added to this advisory.

2024-07-03: CVE-2023-52583 was added to this advisory.

2024-07-03: CVE-2024-26638 was added to this advisory.

2024-06-06: CVE-2023-52498 was added to this advisory.

2024-06-06: CVE-2023-52489 was added to this advisory.

2024-06-06: CVE-2024-26614 was added to this advisory.

2024-06-06: CVE-2023-52486 was added to this advisory.

2024-06-06: CVE-2023-52672 was added to this advisory.

2024-06-06: CVE-2024-26612 was added to this advisory.

2024-06-06: CVE-2023-52492 was added to this advisory.

2024-05-23: CVE-2024-26625 was added to this advisory.

2024-05-23: CVE-2024-26668 was added to this advisory.

2024-02-29: CVE-2024-1086 was added to this advisory.

In the Linux kernel, the following vulnerability has been resolved:

drm: Don't unref the same fb many times by mistake due to deadlock handling (CVE-2023-52486)

In the Linux kernel, the following vulnerability has been resolved:

mm/sparsemem: fix race in accessing memory_section->usage (CVE-2023-52489)

In the Linux kernel, the following vulnerability has been resolved:

dmaengine: fix NULL pointer in channel unregistration function (CVE-2023-52492)

In the Linux kernel, the following vulnerability has been resolved:

PM: sleep: Fix possible deadlocks in core system-wide PM code (CVE-2023-52498)

In the Linux kernel, the following vulnerability has been resolved:

ceph: fix deadlock or deadcode of misusing dget() (CVE-2023-52583)

In the Linux kernel, the following vulnerability has been resolved:

PM / devfreq: Fix buffer overflow in trans_stat_show (CVE-2023-52614)

In the Linux kernel, the following vulnerability has been resolved:

hwrng: core - Fix page fault dead lock on mmap-ed hwrng (CVE-2023-52615)

In the Linux kernel, the following vulnerability has been resolved:

pstore/ram: Fix crash when setting number of cpus to an odd number (CVE-2023-52619)

In the Linux kernel, the following vulnerability has been resolved:

pipe: wakeup wr_wait after setting max_usage (CVE-2023-52672)

A use-after-free vulnerability in the Linux kernel's netfilter: nf_tables component can be exploited to achieve local privilege escalation.

The nft_verdict_init() function allows positive values as drop error within the hook verdict, and hence the nf_hook_slow() function can cause a double free vulnerability when NF_DROP is issued with a drop error which resembles NF_ACCEPT.

We recommend upgrading past commit f342de4e2f33e0e39165d8639387aa6c19dff660. (CVE-2024-1086)

In rds_recv_track_latency in net/rds/af_rds.c in the Linux kernel through 6.7.1, there is an off-by-one error for an RDS_MSG_RX_DGRAM_TRACE_MAX comparison, resulting in out-of-bounds access. (CVE-2024-23849)

In the Linux kernel, the following vulnerability has been resolved:

netfs, fscache: Prevent Oops in fscache_put_cache() (CVE-2024-26612)

In the Linux kernel, the following vulnerability has been resolved:

tcp: make sure init the accept_queue's spinlocks once (CVE-2024-26614)

In the Linux kernel, the following vulnerability has been resolved:

llc: call sock_orphan() at release time (CVE-2024-26625)

In the Linux kernel, the following vulnerability has been resolved:

ipmr: fix kernel panic when forwarding mcast packets (CVE-2024-26626)

In the Linux kernel, the following vulnerability has been resolved:

scsi: core: Move scsi_host_busy() out of host lock for waking up EH handler (CVE-2024-26627)

In the Linux kernel, the following vulnerability has been resolved:

net: fix removing a namespace with conflicting altnames (CVE-2024-26634)

In the Linux kernel, the following vulnerability has been resolved:

llc: Drop support for ETH_P_TR_802_2. (CVE-2024-26635)

In the Linux kernel, the following vulnerability has been resolved:

nbd: always initialize struct msghdr completely (CVE-2024-26638)

In the Linux kernel, the following vulnerability has been resolved:

tcp: add sanity checks to rx zerocopy (CVE-2024-26640)

In the Linux kernel, the following vulnerability has been resolved:

ip6_tunnel: make sure to pull inner header in __ip6_tnl_rcv() (CVE-2024-26641)

In the Linux kernel, the following vulnerability has been resolved:

netfilter: nft_limit: reject configurations that cause integer overflow (CVE-2024-26668)

Tenable has extracted the preceding description block directly from the tested product security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

Solution

Run 'dnf update kernel --releasever 2023.3.20240219' to update your system.

Plugin Details

Severity: High

ID: 190743

File Name: al2023_ALAS2023-2024-517.nasl

Version: 1.10

Type: local

Agent: unix

Family: Amazon Linux Local Security Checks

Published: 2/20/2024

Updated: 7/5/2024

Supported Sensors: Frictionless Assessment AWS, Frictionless Assessment Agent, Nessus Agent, Agentless Assessment, Nessus

Risk Information

VPR

Risk Factor: Critical

Score: 9.6

CVSS v2

Risk Factor: Medium

Base Score: 6.8

Temporal Score: 5.9

Vector: CVSS2#AV:L/AC:L/Au:S/C:C/I:C/A:C

CVSS Score Source: CVE-2024-1086

CVSS v3

Risk Factor: High

Base Score: 7.8

Temporal Score: 7.5

Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Temporal Vector: CVSS:3.0/E:H/RL:O/RC:C

Vulnerability Information

CPE: p-cpe:/a:amazon:linux:kernel-modules-extra-common, p-cpe:/a:amazon:linux:perf-debuginfo, p-cpe:/a:amazon:linux:kernel-modules-extra, p-cpe:/a:amazon:linux:kernel-debuginfo-common-aarch64, p-cpe:/a:amazon:linux:kernel-tools, p-cpe:/a:amazon:linux:python3-perf, p-cpe:/a:amazon:linux:kernel-libbpf-static, p-cpe:/a:amazon:linux:kernel-debuginfo, p-cpe:/a:amazon:linux:kernel-libbpf, p-cpe:/a:amazon:linux:bpftool-debuginfo, p-cpe:/a:amazon:linux:kernel-libbpf-devel, p-cpe:/a:amazon:linux:kernel-headers, p-cpe:/a:amazon:linux:kernel-tools-devel, p-cpe:/a:amazon:linux:kernel-livepatch-6.1.77-99.164, cpe:/o:amazon:linux:2023, p-cpe:/a:amazon:linux:perf, p-cpe:/a:amazon:linux:bpftool, p-cpe:/a:amazon:linux:kernel-tools-debuginfo, p-cpe:/a:amazon:linux:kernel-devel, p-cpe:/a:amazon:linux:kernel, p-cpe:/a:amazon:linux:python3-perf-debuginfo, p-cpe:/a:amazon:linux:kernel-debuginfo-common-x86_64

Required KB Items: Host/local_checks_enabled, Host/AmazonLinux/release, Host/AmazonLinux/rpm-list

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 2/15/2024

Vulnerability Publication Date: 1/23/2024

CISA Known Exploited Vulnerability Due Dates: 6/20/2024

Reference Information

CVE: CVE-2023-52486, CVE-2023-52489, CVE-2023-52492, CVE-2023-52498, CVE-2023-52583, CVE-2023-52614, CVE-2023-52615, CVE-2023-52619, CVE-2023-52672, CVE-2024-1086, CVE-2024-23849, CVE-2024-26612, CVE-2024-26614, CVE-2024-26625, CVE-2024-26626, CVE-2024-26627, CVE-2024-26634, CVE-2024-26635, CVE-2024-26638, CVE-2024-26640, CVE-2024-26641, CVE-2024-26668

Detections

Analytics