The version of kernel installed on the remote host is prior to 5.4.226-129.415. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2KERNEL-5.4-2024-071 advisory.

    2025-01-21: CVE-2022-48999 was added to this advisory.

    2025-01-21: CVE-2022-49014 was added to this advisory.

    2025-01-21: CVE-2022-49006 was added to this advisory.

    2025-01-21: CVE-2022-49015 was added to this advisory.

    2024-06-19: CVE-2022-3435 was added to this advisory.

    2024-06-19: CVE-2022-3169 was added to this advisory.

    A flaw was found in the Linux kernel. A denial of service flaw may occur if there is a consecutive request     of the NVME_IOCTL_RESET and the NVME_IOCTL_SUBSYS_RESET through the device file of the driver, resulting     in a PCIe link disconnect. (CVE-2022-3169)

    A vulnerability classified as problematic has been found in Linux Kernel. This affects the function     fib_nh_match of the file net/ipv4/fib_semantics.c of the component IPv4 Handler. The manipulation leads to     out-of-bounds read. It is possible to initiate the attack remotely. It is recommended to apply a patch to     fix this issue. The identifier VDB-210357 was assigned to this vulnerability. (CVE-2022-3435)

    In the Linux kernel, the following vulnerability has been resolved:

    ipv4: Handle attempt to delete multipath route when fib_info contains an nh reference (CVE-2022-48999)

    In the Linux kernel, the following vulnerability has been resolved:

    tracing: Free buffers when a used dynamic event is removed (CVE-2022-49006)

    In the Linux kernel, the following vulnerability has been resolved:

    net: tun: Fix use-after-free in tun_detach() (CVE-2022-49014)

    In the Linux kernel, the following vulnerability has been resolved:

    net: hsr: Fix potential use-after-free (CVE-2022-49015)

    In the Linux kernel 6.0.8, there is an out-of-bounds read in ntfs_attr_find in fs/ntfs/attrib.c.
    (CVE-2023-26607)

Tenable has extracted the preceding description block directly from the tested product security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

Detections

Analytics

Amazon Linux 2 : kernel (ALASKERNEL-5.4-2024-071)

high Nessus Plugin ID 200364

Version 1.6