Detections
Analytics

Amazon Linux 2023 : bpftool, kernel, kernel-devel (ALAS2023-2025-809)

high Nessus Plugin ID 214608

Language:

Synopsis

The remote Amazon Linux 2023 host is missing a security update.

Description

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2025-809 advisory.

 In the Linux kernel, the following vulnerability has been resolved:

 fs/ntfs3: Fixed overflow check in mi_enum_attr() (CVE-2024-27407)

 In the Linux kernel, the following vulnerability has been resolved:

 xfs: add bounds checking to xlog_recover_process_data (CVE-2024-41014)

 In the Linux kernel, the following vulnerability has been resolved:

 closures: Change BUG_ON() to WARN_ON() (CVE-2024-42252)

 In the Linux kernel, the following vulnerability has been resolved:

 mm: call the security_mmap_file() LSM hook in remap_file_pages() (CVE-2024-47745)

 In the Linux kernel, the following vulnerability has been resolved:

 bpf: Fix helper writes to read-only maps (CVE-2024-49861)

 In the Linux kernel, the following vulnerability has been resolved:

 rcu-tasks: Fix access non-existent percpu rtpcp variable in rcu_tasks_need_gpcb() (CVE-2024-49926)

 In the Linux kernel, the following vulnerability has been resolved:

 fs/inode: Prevent dump_mapping() accessing invalid dentry.d_name.name (CVE-2024-49934)

 In the Linux kernel, the following vulnerability has been resolved:

 driver core: bus: Fix double free in driver API bus_register() (CVE-2024-50055)

 In the Linux kernel, the following vulnerability has been resolved:

 nfsd: cancel nfsd_shrinker_work using sync mode in nfs4_state_shutdown_net (CVE-2024-50121)

 In the Linux kernel, the following vulnerability has been resolved:

 net/mlx5e: Don't call cleanup on profile rollback failure (CVE-2024-50146)

 In the Linux kernel, the following vulnerability has been resolved:

 ntfs3: Add bounds checking to mi_enum_attr() (CVE-2024-50248)

 In the Linux kernel, the following vulnerability has been resolved:

 net: fix crash when config small gso_max_size/gso_ipv4_max_size (CVE-2024-50258)

 In the Linux kernel, the following vulnerability has been resolved:

 tcp: Fix use-after-free of nreq in reqsk_timer_handler(). (CVE-2024-53206)

 In the Linux kernel, the following vulnerability has been resolved:

 tipc: Fix use-after-free of kernel socket in cleanup_bearer(). (CVE-2024-56642)

 In the Linux kernel, the following vulnerability has been resolved:

 net: defer final 'struct net' free in netns dismantle (CVE-2024-56658)

 In the Linux kernel, the following vulnerability has been resolved:

 ipv6: release nexthop on device removal

 The CI is hitting some aperiodic hangup at device removal time in thepmtu.sh self-test:

 unregister_netdevice: waiting for veth_A-R1 to become free. Usage count = 6ref_tracker:
 veth_A-R1@ffff888013df15d8 has 1/5 users atdst_init+0x84/0x4a0dst_alloc+0x97/0x150ip6_dst_alloc+0x23/0x90i p6_rt_pcpu_alloc+0x1e6/0x520ip6_pol_route+0x56f/0x840fib6_rule_lookup+0x334/0x630ip6_route_output_flags+0x 259/0x480ip6_dst_lookup_tail.constprop.0+0x5c2/0x940ip6_dst_lookup_flow+0x88/0x190udp_tunnel6_dst_lookup+0 x2a7/0x4c0vxlan_xmit_one+0xbde/0x4a50 [vxlan]vxlan_xmit+0x9ad/0xf20 [vxlan]dev_hard_start_xmit+0x10e/0x360
 __dev_queue_xmit+0xf95/0x18c0arp_solicit+0x4a2/0xe00neigh_probe+0xaa/0xf0

 While the first suspect is the dst_cache, explicitly tracking the dstowing the last device reference via probes proved such dst is held bythe nexthop in the originating fib6_info.

 Similar to commit f5b51fe804ec (ipv6: route: purge exception onremoval), we need to explicitly release the originating fib info whendisconnecting a to-be-removed device from a live ipv6 dst: move thefib6_info cleanup into ip6_dst_ifdown().

 Tested running:

 ./pmtu.sh cleanup_ipv6_exception

 in a tight loop for more than 400 iterations with no spat, running anunpatched kernel I observed a splat every ~10 iterations. (CVE-2024-56751)

Tenable has extracted the preceding description block directly from the tested product security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

Solution

Run 'dnf update kernel --releasever 2023.6.20250123' to update your system.

See Also

https://alas.aws.amazon.com/cve/html/CVE-2024-56642.html

https://alas.aws.amazon.com/cve/html/CVE-2024-56658.html

https://alas.aws.amazon.com/cve/html/CVE-2024-56751.html

https://alas.aws.amazon.com/faqs.html

https://alas.aws.amazon.com/AL2023/ALAS-2025-809.html

https://alas.aws.amazon.com/cve/html/CVE-2024-27407.html

https://alas.aws.amazon.com/cve/html/CVE-2024-41014.html

https://alas.aws.amazon.com/cve/html/CVE-2024-42252.html

https://alas.aws.amazon.com/cve/html/CVE-2024-47745.html

https://alas.aws.amazon.com/cve/html/CVE-2024-49861.html

https://alas.aws.amazon.com/cve/html/CVE-2024-49926.html

https://alas.aws.amazon.com/cve/html/CVE-2024-49934.html

https://alas.aws.amazon.com/cve/html/CVE-2024-50055.html

https://alas.aws.amazon.com/cve/html/CVE-2024-50121.html

https://alas.aws.amazon.com/cve/html/CVE-2024-50146.html

https://alas.aws.amazon.com/cve/html/CVE-2024-50248.html

https://alas.aws.amazon.com/cve/html/CVE-2024-50258.html

https://alas.aws.amazon.com/cve/html/CVE-2024-53206.html

Plugin Details

Severity: High

ID: 214608

File Name: al2023_ALAS2023-2025-809.nasl

Version: 1.1

Type: local

Agent: unix

Published: 1/24/2025

Updated: 1/24/2025

Supported Sensors: Frictionless Assessment AWS, Frictionless Assessment Agent, Nessus Agent, Agentless Assessment, Continuous Assessment, Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 6.7

CVSS v2

Risk Factor: Medium

Base Score: 6.8

Temporal Score: 5

Vector: CVSS2#AV:L/AC:L/Au:S/C:C/I:C/A:C

CVSS Score Source: CVE-2024-56658

CVSS v3

Risk Factor: High

Base Score: 7.8

Temporal Score: 6.8

Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Temporal Vector: CVSS:3.0/E:U/RL:O/RC:C

Vulnerability Information

CPE: p-cpe:/a:amazon:linux:kernel-modules-extra-common, p-cpe:/a:amazon:linux:perf-debuginfo, p-cpe:/a:amazon:linux:kernel-modules-extra, p-cpe:/a:amazon:linux:kernel-debuginfo-common-aarch64, p-cpe:/a:amazon:linux:kernel-livepatch-6.1.124-134.200, p-cpe:/a:amazon:linux:kernel-tools, p-cpe:/a:amazon:linux:python3-perf, p-cpe:/a:amazon:linux:kernel-libbpf-static, p-cpe:/a:amazon:linux:kernel-debuginfo, p-cpe:/a:amazon:linux:kernel-libbpf, p-cpe:/a:amazon:linux:bpftool-debuginfo, p-cpe:/a:amazon:linux:kernel-libbpf-devel, p-cpe:/a:amazon:linux:kernel-headers, p-cpe:/a:amazon:linux:kernel-tools-devel, cpe:/o:amazon:linux:2023, p-cpe:/a:amazon:linux:perf, p-cpe:/a:amazon:linux:bpftool, p-cpe:/a:amazon:linux:kernel-tools-debuginfo, p-cpe:/a:amazon:linux:kernel-devel, p-cpe:/a:amazon:linux:kernel, p-cpe:/a:amazon:linux:python3-perf-debuginfo, p-cpe:/a:amazon:linux:kernel-debuginfo-common-x86_64

Required KB Items: Host/local_checks_enabled, Host/AmazonLinux/release, Host/AmazonLinux/rpm-list

Exploit Ease: No known exploits are available

Patch Publication Date: 1/21/2025

Vulnerability Publication Date: 5/17/2024

Reference Information

CVE: CVE-2024-27407, CVE-2024-41014, CVE-2024-42252, CVE-2024-47745, CVE-2024-49861, CVE-2024-49926, CVE-2024-49934, CVE-2024-50055, CVE-2024-50121, CVE-2024-50146, CVE-2024-50248, CVE-2024-50258, CVE-2024-53206, CVE-2024-56642, CVE-2024-56658, CVE-2024-56751