| Reporter | Title | Published | Views | Family All 2230 |
|---|---|---|---|---|
| CVE-2026-53168 | 26 Jun 202610:56 | – | redhatcve | |
| CVE-2026-53183 | 26 Jun 202610:50 | – | redhatcve | |
| CVE-2026-53184 | 25 Jun 202623:42 | – | redhatcve | |
| CVE-2026-53189 | 26 Jun 202608:04 | – | redhatcve | |
| CVE-2026-53199 | 26 Jun 202601:31 | – | redhatcve | |
| CVE-2026-53207 | 26 Jun 202607:09 | – | redhatcve | |
| CVE-2026-53212 | 25 Jun 202617:47 | – | redhatcve | |
| CVE-2026-53218 | 26 Jun 202609:39 | – | redhatcve | |
| CVE-2026-53219 | 25 Jun 202623:53 | – | redhatcve | |
| CVE-2026-53221 | 25 Jun 202623:52 | – | redhatcve |
#%NASL_MIN_LEVEL 80900
##
# (C) Tenable, Inc.
#
# The descriptive text and package checks in this plugin were
# extracted from Amazon Linux 2023 Security Advisory ALAS2023-2026-1924.
##
include('compat.inc');
if (description)
{
script_id(327380);
script_version("1.1");
script_set_attribute(attribute:"plugin_modification_date", value:"2026/07/16");
script_cve_id(
"CVE-2026-43303",
"CVE-2026-43492",
"CVE-2026-45850",
"CVE-2026-45991",
"CVE-2026-45999",
"CVE-2026-46005",
"CVE-2026-46021",
"CVE-2026-46052",
"CVE-2026-46065",
"CVE-2026-46086",
"CVE-2026-46116",
"CVE-2026-46137",
"CVE-2026-46159",
"CVE-2026-46160",
"CVE-2026-46193",
"CVE-2026-46195",
"CVE-2026-46196",
"CVE-2026-46292",
"CVE-2026-46320",
"CVE-2026-46321",
"CVE-2026-46322",
"CVE-2026-52910",
"CVE-2026-52923",
"CVE-2026-52924",
"CVE-2026-52927",
"CVE-2026-52929",
"CVE-2026-52930",
"CVE-2026-52942",
"CVE-2026-52943",
"CVE-2026-52946",
"CVE-2026-53131",
"CVE-2026-53133",
"CVE-2026-53134",
"CVE-2026-53168",
"CVE-2026-53183",
"CVE-2026-53184",
"CVE-2026-53189",
"CVE-2026-53199",
"CVE-2026-53207",
"CVE-2026-53212",
"CVE-2026-53218",
"CVE-2026-53219",
"CVE-2026-53221",
"CVE-2026-53223",
"CVE-2026-53225",
"CVE-2026-53227",
"CVE-2026-53228",
"CVE-2026-53236",
"CVE-2026-53238",
"CVE-2026-53239",
"CVE-2026-53245",
"CVE-2026-53249",
"CVE-2026-53264",
"CVE-2026-53266",
"CVE-2026-53268",
"CVE-2026-53269",
"CVE-2026-53270",
"CVE-2026-53275",
"CVE-2026-53337",
"CVE-2026-53349",
"CVE-2026-53352",
"CVE-2026-53354",
"CVE-2026-53356"
);
script_name(english:"Amazon Linux 2023 : bpftool, kernel, kernel-devel (ALAS2023-2026-1924)");
script_set_attribute(attribute:"synopsis", value:
"The remote Amazon Linux 2023 host is missing a security update.");
script_set_attribute(attribute:"description", value:
"It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2026-1924 advisory.
In the Linux kernel, the following vulnerability has been resolved:
mm/page_alloc: clear page->private in free_pages_prepare() (CVE-2026-43303)
In the Linux kernel, the following vulnerability has been resolved:
lib/crypto: mpi: Fix integer underflow in mpi_read_raw_from_sgl() (CVE-2026-43492)
In the Linux kernel, the following vulnerability has been resolved:
ipvs: skip ipv6 extension headers for csum checks (CVE-2026-45850)
In the Linux kernel, the following vulnerability has been resolved:
udf: fix partition descriptor append bookkeeping (CVE-2026-45991)
In the Linux kernel, the following vulnerability has been resolved:
erofs: fix unsigned underflow in z_erofs_lz4_handle_overlap() (CVE-2026-45999)
In the Linux kernel, the following vulnerability has been resolved:
xfs: fix a resource leak in xfs_alloc_buftarg() (CVE-2026-46005)
In the Linux kernel, the following vulnerability has been resolved:
thermal: core: Fix thermal zone governor cleanup issues (CVE-2026-46021)
In the Linux kernel, the following vulnerability has been resolved:
ceph: only d_add() negative dentries when they are unhashed (CVE-2026-46052)
In the Linux kernel, the following vulnerability has been resolved:
fbdev: defio: Disconnect deferred I/O from the lifetime of struct fb_info (CVE-2026-46065)
In the Linux kernel, the following vulnerability has been resolved:
net: bridge: use a stable FDB dst snapshot in RCU readers (CVE-2026-46086)
In the Linux kernel, the following vulnerability has been resolved:
xfrm: defensively unhash xfrm_state lists in __xfrm_state_delete (CVE-2026-46116)
In the Linux kernel, the following vulnerability has been resolved:
mptcp: pm: ADD_ADDR rtx: fix potential data-race (CVE-2026-46137)
In the Linux kernel, the following vulnerability has been resolved:
btrfs: fix btrfs_ioctl_space_info() slot_count TOCTOU which can lead to info-leak (CVE-2026-46159)
In the Linux kernel, the following vulnerability has been resolved:
btrfs: fix missing last_unlink_trans update when removing a directory (CVE-2026-46160)
In the Linux kernel, the following vulnerability has been resolved:
xfrm: ah: account for ESN high bits in async callbacks (CVE-2026-46193)
In the Linux kernel, the following vulnerability has been resolved:
smb: client: validate dacloffset before building DACL pointers (CVE-2026-46195)
In the Linux kernel, the following vulnerability has been resolved:
tracepoint: balance regfunc() on func_add() failure in tracepoint_add_func() (CVE-2026-46196)
In the Linux kernel, the following vulnerability has been resolved:
pmdomain: core: Fix detach procedure for virtual devices in genpd (CVE-2026-46292)
In the Linux kernel, the following vulnerability has been resolved:
tap: free page on error paths in tap_get_user_xdp() (CVE-2026-46320)
In the Linux kernel, the following vulnerability has been resolved:
tun: free page on short-frame rejection in tun_xdp_one() (CVE-2026-46321)
In the Linux kernel, the following vulnerability has been resolved:
tun: free page on build_skb failure in tun_xdp_one() (CVE-2026-46322)
In the Linux kernel, the following vulnerability has been resolved:
bpf: Free reuseport cBPF prog after RCU grace period. (CVE-2026-52910)
In the Linux kernel, the following vulnerability has been resolved:
ipc: limit next_id allocation to the valid ID range (CVE-2026-52923)
In the Linux kernel, the following vulnerability has been resolved:
sctp: purge outqueue on stale COOKIE-ECHO handling (CVE-2026-52924)
In the Linux kernel, the following vulnerability has been resolved:
netfilter: ebtables: fix OOB read in compat_mtw_from_user (CVE-2026-52927)
In the Linux kernel, the following vulnerability has been resolved:
sctp: stream: fully roll back denied add-stream state (CVE-2026-52929)
In the Linux kernel, the following vulnerability has been resolved:
ipc/shm: serialize orphan cleanup with shm_nattch updates (CVE-2026-52930)
In the Linux kernel, the following vulnerability has been resolved:
netfilter: nf_log: validate MAC header was set before dumping it (CVE-2026-52942)
In the Linux kernel, the following vulnerability has been resolved:
net: skbuff: fix missing zerocopy reference in pskb_carve helpers (CVE-2026-52943)
In the Linux kernel, the following vulnerability has been resolved:
fs/fcntl: fix SOFTIRQ-unsafe lock order in fasync signaling (CVE-2026-52946)
In the Linux kernel, the following vulnerability has been resolved:
netfilter: require Ethernet MAC header before using eth_hdr() (CVE-2026-53131)
In the Linux kernel, the following vulnerability has been resolved:
RDMA/umem: Fix truncation for block sizes >= 4G (CVE-2026-53133)
In the Linux kernel, the following vulnerability has been resolved:
netfilter: nft_fib: fix stale stack leak via the OIFNAME register (CVE-2026-53134)
In the Linux kernel, the following vulnerability has been resolved:
fuse: reject fuse_notify() pagecache ops on directories (CVE-2026-53168)
In the Linux kernel, the following vulnerability has been resolved:
mptcp: allow subflow rcv wnd to shrink (CVE-2026-53183)
In the Linux kernel, the following vulnerability has been resolved:
udp: clear skb->dev before running a sockmap verdict (CVE-2026-53184)
In the Linux kernel, the following vulnerability has been resolved:
mm/huge_memory: update file PMD counter before folio_put() (CVE-2026-53189)
In the Linux kernel, the following vulnerability has been resolved:
hv_netvsc: use kmap_local_page in netvsc_copy_to_send_buf (CVE-2026-53199)
In the Linux kernel, the following vulnerability has been resolved:
mm/memory-failure: fix hugetlb_lock AA deadlock in get_huge_page_for_hwpoison (CVE-2026-53207)
In the Linux kernel, the following vulnerability has been resolved:
netfilter: nft_tunnel: fix use-after-free on object destroy (CVE-2026-53212)
In the Linux kernel, the following vulnerability has been resolved:
netfilter: nft_exthdr: fix register tracking for F_PRESENT flag (CVE-2026-53218)
In the Linux kernel, the following vulnerability has been resolved:
netfilter: x_tables: avoid leaking percpu counter pointers (CVE-2026-53219)
In the Linux kernel, the following vulnerability has been resolved:
ip6_vti: fix incorrect tunnel matching in vti6_tnl_lookup() (CVE-2026-53221)
In the Linux kernel, the following vulnerability has been resolved:
net: guard timestamp cmsgs to real error queue skbs (CVE-2026-53223)
In the Linux kernel, the following vulnerability has been resolved:
sctp: fix uninit-value in __sctp_rcv_asconf_lookup() (CVE-2026-53225)
In the Linux kernel, the following vulnerability has been resolved:
net: openvswitch: fix possible kfree_skb of ERR_PTR (CVE-2026-53227)
In the Linux kernel, the following vulnerability has been resolved:
ipv6: sit: reload inner IPv6 header after GSO offloads (CVE-2026-53228)
In the Linux kernel, the following vulnerability has been resolved:
tcp: restrict SO_ATTACH_FILTER to priv users (CVE-2026-53236)
In the Linux kernel, the following vulnerability has been resolved:
netlabel: validate unlabeled address and mask attribute lengths (CVE-2026-53238)
In the Linux kernel, the following vulnerability has been resolved:
xfrm: policy: fix use-after-free on inexact bin in xfrm_policy_bysel_ctx() (CVE-2026-53239)
In the Linux kernel, the following vulnerability has been resolved:
net/802/mrp: fix vector attribute parsing in mrp_pdu_parse_vecattr (CVE-2026-53245)
In the Linux kernel, the following vulnerability has been resolved:
ipv4: restrict IPOPT_SSRR and IPOPT_LSRR options (CVE-2026-53249)
In the Linux kernel, the following vulnerability has been resolved:
net/sched: act_api: use RCU with deferred freeing for action lifecycle (CVE-2026-53264)
In the Linux kernel, the following vulnerability has been resolved:
netfilter: bridge: make ebt_snat ARP rewrite writable (CVE-2026-53266)
In the Linux kernel, the following vulnerability has been resolved:
netfilter: conntrack_irc: fix possible out-of-bounds read (CVE-2026-53268)
In the Linux kernel, the following vulnerability has been resolved:
netfilter: synproxy: add mutex to guard hook reference counting (CVE-2026-53269)
In the Linux kernel, the following vulnerability has been resolved:
ipvs: clear the svc scheduler ptr early on edit (CVE-2026-53270)
In the Linux kernel, the following vulnerability has been resolved:
ipv6: mcast: Fix use-after-free when processing MLD queries (CVE-2026-53275)
In the Linux kernel, the following vulnerability has been resolved:
net: bonding: fix NULL pointer dereference in bond_do_ioctl()
In bond_do_ioctl(), slave_dev is obtained via __dev_get_by_name() whichcan return NULL if the requested
interface name does not exist. However,the subsequent slave_dbg() call is placed before the NULL check:
slave_dev = __dev_get_by_name(net, ifr->ifr_slave);slave_dbg(bond_dev, slave_dev, slave_dev=%p:\n,
slave_dev); //hereif (!slave_dev)return -ENODEV;
The slave_dbg() macro expands to netdev_dbg(bond_dev, (slave %s): fmt,(slave_dev)->name, ...) which
unconditionally dereferences slave_dev->namebefore the NULL check is performed. This results in a NULL
pointerdereference kernel oops when a user calls bonding ioctl (e.g.SIOCBONDENSLAVE, SIOCBONDRELEASE,
etc.) with a non-existent slaveinterface name.
This is reachable from userspace via the bonding ioctl interface withCAP_NET_ADMIN capability, making it a
potential local denial-of-servicevector.
Fix by moving the slave_dbg() call after the NULL check. (CVE-2026-53337)
In the Linux kernel, the following vulnerability has been resolved:
netfilter: nf_conntrack: destroy stale expectfn expectations on unregister
NAT helpers such as nf_nat_h323 store a raw pointer to module text inexp->expectfn (e.g.
ip_nat_q931_expect). nf_ct_helper_expectfn_unregister()only unlinks the callback descriptor and never
walks the expectation table,so an expectation pending at module removal survives with a
danglingexp->expectfn into freed module text.
When the expected connection arrives, init_conntrack() invokesexp->expectfn(), now a stale pointer into
the unloaded module. Reproducedon a KASAN build by loading the H.323 helpers, creating a Q.931expectation,
unloading nf_nat_h323, then connecting to the expected port:
Oops: int3: 0000 [#1] SMP KASAN NOPTIRIP: 0010:0xffffffffa06102d1init_conntrack.isra.0
(net/netfilter/nf_conntrack_core.c:1862)nf_conntrack_in
(net/netfilter/nf_conntrack_core.c:2049)ipv4_conntrack_local
(net/netfilter/nf_conntrack_proto.c:223)nf_hook_slow (net/netfilter/core.c:619)__ip_local_out
(net/ipv4/ip_output.c:120)__tcp_transmit_skb (net/ipv4/tcp_output.c:1715)tcp_connect
(net/ipv4/tcp_output.c:4374)tcp_v4_connect (net/ipv4/tcp_ipv4.c:345)__sys_connect
(net/socket.c:2167)Modules linked in: nf_conntrack_h323 [last unloaded: nf_nat_h323]
Reaching the dangling state requires CAP_SYS_MODULE in the initial usernamespace to remove a NAT helper
that still has live expectations, so thisis a robustness fix; leaving an expectation pointing at freed
text is wrongregardless.
Add nf_ct_helper_expectfn_destroy(), which walks the expectation table anddrops every expectation whose
->expectfn matches the descriptor being torndown. Call it from each NAT helper's exit path after the
existing RCU graceperiod, so no expectation outlives the code it points at and no extrasynchronize_rcu()
is introduced. With the fix, the same reproducer runs tocompletion without the Oops. (CVE-2026-53349)
In the Linux kernel, the following vulnerability has been resolved:
signal: clear JOBCTL_PENDING_MASK for caller in zap_other_threads()
When a multi-threaded process receives a stop signal (e.g., SIGSTOP),do_signal_stop() sets
JOBCTL_STOP_PENDING and JOBCTL_STOP_CONSUME on allthreads and sets signal->group_stop_count to the number
of threads. Ifone of the threads concurrently calls execve(), de_thread() invokeszap_other_threads() to
kill all other threads. zap_other_threads()aborts the pending group stop by resetting
signal->group_stop_count to 0and clears the JOBCTL_PENDING_MASK for all other threads. However, itfails to
clear the job control flags for the calling thread.
When execve() completes, the calling thread returns to user mode andchecks for pending signals. Seeing the
stale JOBCTL_STOP_PENDING flag,it calls do_signal_stop(), which invokes
task_participate_group_stop().Since JOBCTL_STOP_CONSUME is still set, it attempts to decrement thealready-
zero signal->group_stop_count, triggering a warning:
sig->group_stop_count == 0WARNING: CPU: 1 PID: 6475 at
kernel/signal.c:373task_participate_group_stop+0x215/0x2d0Call Trace:<TASK>do_signal_stop+0x3be/0x5c0
kernel/signal.c:2619get_signal+0xa8c/0x1330 kernel/signal.c:2884arch_do_signal_or_restart+0xbc/0x840
arch/x86/kernel/signal.c:337exit_to_user_mode_loop+0x8c/0x4d0
kernel/entry/common.c:98do_syscall_64+0x33e/0xf80
arch/x86/entry/syscall_64.c:100entry_SYSCALL_64_after_hwframe+0x77/0x7f</TASK>
Fix this race condition by clearing the JOBCTL_PENDING_MASK for thecalling thread in zap_other_threads(),
ensuring it does not retain anystale job control state after the thread group is destroyed. This
alignswith other functions that tear down a thread group and abort groupstops, such as zap_process() and
complete_signal(), which correctlyclear these flags for all threads including the current one.
(CVE-2026-53352)
In the Linux kernel, the following vulnerability has been resolved:
arm64: errata: Mitigate TLBI errata on various Arm CPUs
A number of CPUs developed by Arm suffer from errata whereby a broadcastTLBI;DSB sequence may complete
before the global observation of writeswhich are translated by an affected TLB entry.
These errata ONLY affect the completion of memory accesses which havebeen translated by an invalidated TLB
entry, and these errata DO NOTaffect the actual invalidation of TLB entries. TLB entries are
removedcorrectly.
This issue has been assigned CVE ID CVE-2025-10263.
To mitigate this issue, Arm recommends that software follows anyaffected TLBI;DSB sequence with an
additional TLBI;DSB, which willensure that all memory write effects affected by the first TLBI havebeen
globally observed. The additional TLBI can use any operation thatis broadcast to affected CPUs, and the
additional DSB can use any optionthat is sufficient to complete the additional TLBI.
The ARM64_WORKAROUND_REPEAT_TLBI workaround is sufficient to mitigatethe issue. Enable this workaround for
affected CPUs, and update thesilicon errata documentation accordingly.
Note that due to the manner in which Arm develops IP and tracks errata,some CPUs share a common erratum
number. (CVE-2026-53354)
In the Linux kernel, the following vulnerability has been resolved:
drm/i915/gem: Fix phys BO pread/pwrite with offset (CVE-2026-53356)
Tenable has extracted the preceding description block directly from the tested product security advisory.
Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version
number.");
script_set_attribute(attribute:"see_also", value:"https://alas.aws.amazon.com//AL2023/ALAS2023-2026-1924.html");
script_set_attribute(attribute:"see_also", value:"https://alas.aws.amazon.com/faqs.html");
script_set_attribute(attribute:"see_also", value:"https://explore.alas.aws.amazon.com/CVE-2026-43303.html");
script_set_attribute(attribute:"see_also", value:"https://explore.alas.aws.amazon.com/CVE-2026-43492.html");
script_set_attribute(attribute:"see_also", value:"https://explore.alas.aws.amazon.com/CVE-2026-45850.html");
script_set_attribute(attribute:"see_also", value:"https://explore.alas.aws.amazon.com/CVE-2026-45991.html");
script_set_attribute(attribute:"see_also", value:"https://explore.alas.aws.amazon.com/CVE-2026-45999.html");
script_set_attribute(attribute:"see_also", value:"https://explore.alas.aws.amazon.com/CVE-2026-46005.html");
script_set_attribute(attribute:"see_also", value:"https://explore.alas.aws.amazon.com/CVE-2026-46021.html");
script_set_attribute(attribute:"see_also", value:"https://explore.alas.aws.amazon.com/CVE-2026-46052.html");
script_set_attribute(attribute:"see_also", value:"https://explore.alas.aws.amazon.com/CVE-2026-46065.html");
script_set_attribute(attribute:"see_also", value:"https://explore.alas.aws.amazon.com/CVE-2026-46086.html");
script_set_attribute(attribute:"see_also", value:"https://explore.alas.aws.amazon.com/CVE-2026-46116.html");
script_set_attribute(attribute:"see_also", value:"https://explore.alas.aws.amazon.com/CVE-2026-46137.html");
script_set_attribute(attribute:"see_also", value:"https://explore.alas.aws.amazon.com/CVE-2026-46159.html");
script_set_attribute(attribute:"see_also", value:"https://explore.alas.aws.amazon.com/CVE-2026-46160.html");
script_set_attribute(attribute:"see_also", value:"https://explore.alas.aws.amazon.com/CVE-2026-46193.html");
script_set_attribute(attribute:"see_also", value:"https://explore.alas.aws.amazon.com/CVE-2026-46195.html");
script_set_attribute(attribute:"see_also", value:"https://explore.alas.aws.amazon.com/CVE-2026-46196.html");
script_set_attribute(attribute:"see_also", value:"https://explore.alas.aws.amazon.com/CVE-2026-46292.html");
script_set_attribute(attribute:"see_also", value:"https://explore.alas.aws.amazon.com/CVE-2026-46320.html");
script_set_attribute(attribute:"see_also", value:"https://explore.alas.aws.amazon.com/CVE-2026-46321.html");
script_set_attribute(attribute:"see_also", value:"https://explore.alas.aws.amazon.com/CVE-2026-46322.html");
script_set_attribute(attribute:"see_also", value:"https://explore.alas.aws.amazon.com/CVE-2026-52910.html");
script_set_attribute(attribute:"see_also", value:"https://explore.alas.aws.amazon.com/CVE-2026-52923.html");
script_set_attribute(attribute:"see_also", value:"https://explore.alas.aws.amazon.com/CVE-2026-52924.html");
script_set_attribute(attribute:"see_also", value:"https://explore.alas.aws.amazon.com/CVE-2026-52927.html");
script_set_attribute(attribute:"see_also", value:"https://explore.alas.aws.amazon.com/CVE-2026-52929.html");
script_set_attribute(attribute:"see_also", value:"https://explore.alas.aws.amazon.com/CVE-2026-52930.html");
script_set_attribute(attribute:"see_also", value:"https://explore.alas.aws.amazon.com/CVE-2026-52942.html");
script_set_attribute(attribute:"see_also", value:"https://explore.alas.aws.amazon.com/CVE-2026-52943.html");
script_set_attribute(attribute:"see_also", value:"https://explore.alas.aws.amazon.com/CVE-2026-52946.html");
script_set_attribute(attribute:"see_also", value:"https://explore.alas.aws.amazon.com/CVE-2026-53131.html");
script_set_attribute(attribute:"see_also", value:"https://explore.alas.aws.amazon.com/CVE-2026-53133.html");
script_set_attribute(attribute:"see_also", value:"https://explore.alas.aws.amazon.com/CVE-2026-53134.html");
script_set_attribute(attribute:"see_also", value:"https://explore.alas.aws.amazon.com/CVE-2026-53168.html");
script_set_attribute(attribute:"see_also", value:"https://explore.alas.aws.amazon.com/CVE-2026-53183.html");
script_set_attribute(attribute:"see_also", value:"https://explore.alas.aws.amazon.com/CVE-2026-53184.html");
script_set_attribute(attribute:"see_also", value:"https://explore.alas.aws.amazon.com/CVE-2026-53189.html");
script_set_attribute(attribute:"see_also", value:"https://explore.alas.aws.amazon.com/CVE-2026-53199.html");
script_set_attribute(attribute:"see_also", value:"https://explore.alas.aws.amazon.com/CVE-2026-53207.html");
script_set_attribute(attribute:"see_also", value:"https://explore.alas.aws.amazon.com/CVE-2026-53212.html");
script_set_attribute(attribute:"see_also", value:"https://explore.alas.aws.amazon.com/CVE-2026-53218.html");
script_set_attribute(attribute:"see_also", value:"https://explore.alas.aws.amazon.com/CVE-2026-53219.html");
script_set_attribute(attribute:"see_also", value:"https://explore.alas.aws.amazon.com/CVE-2026-53221.html");
script_set_attribute(attribute:"see_also", value:"https://explore.alas.aws.amazon.com/CVE-2026-53223.html");
script_set_attribute(attribute:"see_also", value:"https://explore.alas.aws.amazon.com/CVE-2026-53225.html");
script_set_attribute(attribute:"see_also", value:"https://explore.alas.aws.amazon.com/CVE-2026-53227.html");
script_set_attribute(attribute:"see_also", value:"https://explore.alas.aws.amazon.com/CVE-2026-53228.html");
script_set_attribute(attribute:"see_also", value:"https://explore.alas.aws.amazon.com/CVE-2026-53236.html");
script_set_attribute(attribute:"see_also", value:"https://explore.alas.aws.amazon.com/CVE-2026-53238.html");
script_set_attribute(attribute:"see_also", value:"https://explore.alas.aws.amazon.com/CVE-2026-53239.html");
script_set_attribute(attribute:"see_also", value:"https://explore.alas.aws.amazon.com/CVE-2026-53245.html");
script_set_attribute(attribute:"see_also", value:"https://explore.alas.aws.amazon.com/CVE-2026-53249.html");
script_set_attribute(attribute:"see_also", value:"https://explore.alas.aws.amazon.com/CVE-2026-53264.html");
script_set_attribute(attribute:"see_also", value:"https://explore.alas.aws.amazon.com/CVE-2026-53266.html");
script_set_attribute(attribute:"see_also", value:"https://explore.alas.aws.amazon.com/CVE-2026-53268.html");
script_set_attribute(attribute:"see_also", value:"https://explore.alas.aws.amazon.com/CVE-2026-53269.html");
script_set_attribute(attribute:"see_also", value:"https://explore.alas.aws.amazon.com/CVE-2026-53270.html");
script_set_attribute(attribute:"see_also", value:"https://explore.alas.aws.amazon.com/CVE-2026-53275.html");
script_set_attribute(attribute:"see_also", value:"https://explore.alas.aws.amazon.com/CVE-2026-53337.html");
script_set_attribute(attribute:"see_also", value:"https://explore.alas.aws.amazon.com/CVE-2026-53349.html");
script_set_attribute(attribute:"see_also", value:"https://explore.alas.aws.amazon.com/CVE-2026-53352.html");
script_set_attribute(attribute:"see_also", value:"https://explore.alas.aws.amazon.com/CVE-2026-53354.html");
script_set_attribute(attribute:"see_also", value:"https://explore.alas.aws.amazon.com/CVE-2026-53356.html");
script_set_attribute(attribute:"solution", value:
"Run 'dnf update kernel --releasever 2023.12.20260706' or
or 'dnf update --advisory ALAS2023-2026-1924 --releasever 2023.12.20260706' to update your system.");
script_set_cvss_base_vector("CVSS2#AV:L/AC:L/Au:S/C:N/I:N/A:C");
script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C");
script_set_cvss3_base_vector("CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H");
script_set_cvss3_temporal_vector("CVSS:3.0/E:P/RL:O/RC:C");
script_set_attribute(attribute:"cvss_score_source", value:"CVE-2026-53249");
script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
script_set_attribute(attribute:"exploit_available", value:"true");
script_set_attribute(attribute:"vuln_publication_date", value:"2026/05/08");
script_set_attribute(attribute:"patch_publication_date", value:"2026/07/07");
script_set_attribute(attribute:"plugin_publication_date", value:"2026/07/16");
script_set_attribute(attribute:"plugin_type", value:"local");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:bpftool");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:bpftool-debuginfo");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:kernel");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:kernel-debuginfo");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:kernel-debuginfo-common-aarch64");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:kernel-debuginfo-common-x86_64");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:kernel-devel");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:kernel-headers");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:kernel-livepatch-6.1.176-220.358");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:kernel-modules-extra");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:kernel-modules-extra-common");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:kernel-tools");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:kernel-tools-debuginfo");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:kernel-tools-devel");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:perf");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:perf-debuginfo");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:python3-perf");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:python3-perf-debuginfo");
script_set_attribute(attribute:"cpe", value:"cpe:/o:amazon:linux:2023");
script_set_attribute(attribute:"generated_plugin", value:"current");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_family(english:"Amazon Linux Local Security Checks");
script_copyright(english:"This script is Copyright (C) 2026 and is owned by Tenable, Inc. or an Affiliate thereof.");
script_dependencies("ssh_get_info.nasl", "kpatch.nasl");
script_require_keys("Host/local_checks_enabled", "Host/AmazonLinux/release", "Host/AmazonLinux/rpm-list");
exit(0);
}
include("rpm2.inc");
include("hotfixes.inc");
if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
var alas_release = get_kb_item("Host/AmazonLinux/release");
if (isnull(alas_release) || !strlen(alas_release)) audit(AUDIT_OS_NOT, "Amazon Linux");
var os_ver = pregmatch(pattern: "^AL(A|\d+|-\d+)", string:alas_release);
if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Amazon Linux");
os_ver = os_ver[1];
if (os_ver != "-2023")
{
if (os_ver == 'A') os_ver = 'AMI';
audit(AUDIT_OS_NOT, "Amazon Linux 2023", "Amazon Linux " + os_ver);
}
if (!get_kb_item("Host/AmazonLinux/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
if (get_one_kb_item("Host/kpatch/kernel-cves"))
{
var cve_list = make_list("CVE-2026-43303", "CVE-2026-43492", "CVE-2026-45850", "CVE-2026-45991", "CVE-2026-45999", "CVE-2026-46005", "CVE-2026-46021", "CVE-2026-46052", "CVE-2026-46065", "CVE-2026-46086", "CVE-2026-46116", "CVE-2026-46137", "CVE-2026-46159", "CVE-2026-46160", "CVE-2026-46193", "CVE-2026-46195", "CVE-2026-46196", "CVE-2026-46292", "CVE-2026-46320", "CVE-2026-46321", "CVE-2026-46322", "CVE-2026-52910", "CVE-2026-52923", "CVE-2026-52924", "CVE-2026-52927", "CVE-2026-52929", "CVE-2026-52930", "CVE-2026-52942", "CVE-2026-52943", "CVE-2026-52946", "CVE-2026-53131", "CVE-2026-53133", "CVE-2026-53134", "CVE-2026-53168", "CVE-2026-53183", "CVE-2026-53184", "CVE-2026-53189", "CVE-2026-53199", "CVE-2026-53207", "CVE-2026-53212", "CVE-2026-53218", "CVE-2026-53219", "CVE-2026-53221", "CVE-2026-53223", "CVE-2026-53225", "CVE-2026-53227", "CVE-2026-53228", "CVE-2026-53236", "CVE-2026-53238", "CVE-2026-53239", "CVE-2026-53245", "CVE-2026-53249", "CVE-2026-53264", "CVE-2026-53266", "CVE-2026-53268", "CVE-2026-53269", "CVE-2026-53270", "CVE-2026-53275", "CVE-2026-53337", "CVE-2026-53349", "CVE-2026-53352", "CVE-2026-53354", "CVE-2026-53356");
if (hotfix_cves_check(cve_list))
{
audit(AUDIT_PATCH_INSTALLED, "kpatch hotfix for ALAS2023-2026-1924");
}
else
{
__rpm_report = hotfix_reporting_text();
}
}
var pkgs = [
{'reference':'bpftool-6.1.176-220.358.amzn2023', 'cpu':'aarch64', 'release':'AL-2023', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'bpftool-6.1.'},
{'reference':'bpftool-6.1.176-220.358.amzn2023', 'cpu':'x86_64', 'release':'AL-2023', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'bpftool-6.1.'},
{'reference':'bpftool-debuginfo-6.1.176-220.358.amzn2023', 'cpu':'aarch64', 'release':'AL-2023', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'bpftool-debuginfo-6.1.'},
{'reference':'bpftool-debuginfo-6.1.176-220.358.amzn2023', 'cpu':'x86_64', 'release':'AL-2023', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'bpftool-debuginfo-6.1.'},
{'reference':'kernel-6.1.176-220.358.amzn2023', 'cpu':'aarch64', 'release':'AL-2023', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-6.1.'},
{'reference':'kernel-6.1.176-220.358.amzn2023', 'cpu':'x86_64', 'release':'AL-2023', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-6.1.'},
{'reference':'kernel-debuginfo-6.1.176-220.358.amzn2023', 'cpu':'aarch64', 'release':'AL-2023', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-debuginfo-6.1.'},
{'reference':'kernel-debuginfo-6.1.176-220.358.amzn2023', 'cpu':'x86_64', 'release':'AL-2023', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-debuginfo-6.1.'},
{'reference':'kernel-debuginfo-common-aarch64-6.1.176-220.358.amzn2023', 'cpu':'aarch64', 'release':'AL-2023', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-debuginfo-common-aarch64-6.1.'},
{'reference':'kernel-debuginfo-common-x86_64-6.1.176-220.358.amzn2023', 'cpu':'x86_64', 'release':'AL-2023', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-debuginfo-common-x86_64-6.1.'},
{'reference':'kernel-devel-6.1.176-220.358.amzn2023', 'cpu':'aarch64', 'release':'AL-2023', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-devel-6.1.'},
{'reference':'kernel-devel-6.1.176-220.358.amzn2023', 'cpu':'x86_64', 'release':'AL-2023', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-devel-6.1.'},
{'reference':'kernel-headers-6.1.176-220.358.amzn2023', 'cpu':'aarch64', 'release':'AL-2023', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-headers-6.1.'},
{'reference':'kernel-headers-6.1.176-220.358.amzn2023', 'cpu':'x86_64', 'release':'AL-2023', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-headers-6.1.'},
{'reference':'kernel-livepatch-6.1.176-220.358-1.0-0.amzn2023', 'cpu':'aarch64', 'release':'AL-2023', 'rpm_spec_vers_cmp':TRUE},
{'reference':'kernel-livepatch-6.1.176-220.358-1.0-0.amzn2023', 'cpu':'x86_64', 'release':'AL-2023', 'rpm_spec_vers_cmp':TRUE},
{'reference':'kernel-modules-extra-6.1.176-220.358.amzn2023', 'cpu':'aarch64', 'release':'AL-2023', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-modules-extra-6.1.'},
{'reference':'kernel-modules-extra-6.1.176-220.358.amzn2023', 'cpu':'x86_64', 'release':'AL-2023', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-modules-extra-6.1.'},
{'reference':'kernel-modules-extra-common-6.1.176-220.358.amzn2023', 'cpu':'aarch64', 'release':'AL-2023', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-modules-extra-common-6.1.'},
{'reference':'kernel-modules-extra-common-6.1.176-220.358.amzn2023', 'cpu':'x86_64', 'release':'AL-2023', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-modules-extra-common-6.1.'},
{'reference':'kernel-tools-6.1.176-220.358.amzn2023', 'cpu':'aarch64', 'release':'AL-2023', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-tools-6.1.'},
{'reference':'kernel-tools-6.1.176-220.358.amzn2023', 'cpu':'x86_64', 'release':'AL-2023', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-tools-6.1.'},
{'reference':'kernel-tools-debuginfo-6.1.176-220.358.amzn2023', 'cpu':'aarch64', 'release':'AL-2023', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-tools-debuginfo-6.1.'},
{'reference':'kernel-tools-debuginfo-6.1.176-220.358.amzn2023', 'cpu':'x86_64', 'release':'AL-2023', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-tools-debuginfo-6.1.'},
{'reference':'kernel-tools-devel-6.1.176-220.358.amzn2023', 'cpu':'aarch64', 'release':'AL-2023', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-tools-devel-6.1.'},
{'reference':'kernel-tools-devel-6.1.176-220.358.amzn2023', 'cpu':'x86_64', 'release':'AL-2023', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-tools-devel-6.1.'},
{'reference':'perf-6.1.176-220.358.amzn2023', 'cpu':'aarch64', 'release':'AL-2023', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'perf-6.1.'},
{'reference':'perf-6.1.176-220.358.amzn2023', 'cpu':'x86_64', 'release':'AL-2023', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'perf-6.1.'},
{'reference':'perf-debuginfo-6.1.176-220.358.amzn2023', 'cpu':'aarch64', 'release':'AL-2023', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'perf-debuginfo-6.1.'},
{'reference':'perf-debuginfo-6.1.176-220.358.amzn2023', 'cpu':'x86_64', 'release':'AL-2023', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'perf-debuginfo-6.1.'},
{'reference':'python3-perf-6.1.176-220.358.amzn2023', 'cpu':'aarch64', 'release':'AL-2023', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'python3-perf-6.1.'},
{'reference':'python3-perf-6.1.176-220.358.amzn2023', 'cpu':'x86_64', 'release':'AL-2023', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'python3-perf-6.1.'},
{'reference':'python3-perf-debuginfo-6.1.176-220.358.amzn2023', 'cpu':'aarch64', 'release':'AL-2023', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'python3-perf-debuginfo-6.1.'},
{'reference':'python3-perf-debuginfo-6.1.176-220.358.amzn2023', 'cpu':'x86_64', 'release':'AL-2023', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'python3-perf-debuginfo-6.1.'}
];
var flag = 0;
foreach var package_array ( pkgs ) {
var reference = NULL;
var _release = NULL;
var sp = NULL;
var _cpu = NULL;
var el_string = NULL;
var rpm_spec_vers_cmp = NULL;
var epoch = NULL;
var allowmaj = NULL;
var exists_check = NULL;
var cves = NULL;
if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];
if (!empty_or_null(package_array['release'])) _release = package_array['release'];
if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];
if (!empty_or_null(package_array['cpu'])) _cpu = package_array['cpu'];
if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string'];
if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];
if (!empty_or_null(package_array['epoch'])) epoch = package_array['epoch'];
if (!empty_or_null(package_array['allowmaj'])) allowmaj = package_array['allowmaj'];
if (!empty_or_null(package_array['exists_check'])) exists_check = package_array['exists_check'];
if (!empty_or_null(package_array['cves'])) cves = package_array['cves'];
if (reference && _release && (!exists_check || rpm_exists(release:_release, rpm:exists_check))) {
if (rpm_check(release:_release, sp:sp, cpu:_cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj, cves:cves)) flag++;
}
}
if (flag)
{
security_report_v4(
port : 0,
severity : SECURITY_WARNING,
extra : rpm_report_get()
);
exit(0);
}
else
{
var tested = pkg_tests_get();
if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
else audit(AUDIT_PACKAGE_NOT_INSTALLED, "bpftool / bpftool-debuginfo / kernel / etc");
}
Data
Build on a solid foundation with Vulners data
We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data
Api
Power your application with Vulners API
The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access
App
Assess and manage vulnerabilities with Vulners tools
Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation