Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nessusThis script is Copyright (C) 2024 and is owned by Tenable, Inc. or an Affiliate thereof.AL2_ALAS-2024-2391.NASL
HistoryJan 09, 2024 - 12:00 a.m.

Amazon Linux 2 : kernel (ALAS-2024-2391)

2024-01-0900:00:00
This script is Copyright (C) 2024 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
20
amazon linux 2
kernel
vulnerabilities
remote host
denial of service
race condition
privilege escalation
local privilege escalation
information leak
icmp6 packet too big
nessus

7.3 High

AI Score

Confidence

High

JSON

The version of kernel installed on the remote host is prior to 4.14.334-252.552. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2-2024-2391 advisory.

  • A use-after-free flaw was found in qdisc_graft in net/sched/sch_api.c in the Linux Kernel due to a race problem. This flaw leads to a denial of service issue. If patch ebda44da44f6 (net: sched: fix race condition in qdisc_graft()) not applied yet, then kernel could be affected. (CVE-2023-0590)

  • A race condition was found in the QXL driver in the Linux kernel. The qxl_mode_dumb_create() function dereferences the qobj returned by the qxl_gem_object_create_with_handle(), but the handle is the only one holding a reference to it. This flaw allows an attacker to guess the returned handle value and trigger a use-after-free issue, potentially leading to a denial of service or privilege escalation. (CVE-2023-39198)

  • A use-after-free vulnerability in the Linux kernel’s ipv4: igmp component can be exploited to achieve local privilege escalation. A race condition can be exploited to cause a timer be mistakenly registered on a RCU read locked object which is freed by another thread. We recommend upgrading past commit e2b706c691905fe78468c361aaabc719d0a496f1. (CVE-2023-6932)

  • A use-after-free issue was found in igmp_start_timer in net/ipv4/igmp.c in the network sub-component in the Linux Kernel. This flaw allows a local user to observe a refcnt use-after-free issue when receiving an igmp query packet, leading to a kernel information leak. (CVE-2024-0584)

  • When a router encounters an IPv6 packet too big to transmit to the next-hop, it returns an ICMP6 Packet Too Big (PTB) message to the sender. The sender caches this updated Maximum Transmission Unit (MTU) so it knows not to exceed this value when subsequently routing to the same host. (CVE-2023-52340)

Note that Nessus has not tested for these issues but has instead relied only on the application’s self-reported version number.

#%NASL_MIN_LEVEL 80900
##
# (C) Tenable, Inc.
#
# The descriptive text and package checks in this plugin were
# extracted from Amazon Linux 2 Security Advisory ALAS-2024-2391.
##

include('compat.inc');

if (description)
{
  script_id(187832);
  script_version("1.3");
  script_set_attribute(attribute:"plugin_modification_date", value:"2024/02/07");

  script_cve_id(
    "CVE-2023-0590",
    "CVE-2023-6932",
    "CVE-2024-0584",
    "CVE-2023-39198",
    "CVE-2023-52340"
  );

  script_name(english:"Amazon Linux 2 : kernel (ALAS-2024-2391)");

  script_set_attribute(attribute:"synopsis", value:
"The remote Amazon Linux 2 host is missing a security update.");
  script_set_attribute(attribute:"description", value:
"The version of kernel installed on the remote host is prior to 4.14.334-252.552. It is, therefore, affected by multiple
vulnerabilities as referenced in the ALAS2-2024-2391 advisory.

  - A use-after-free flaw was found in qdisc_graft in net/sched/sch_api.c in the Linux Kernel due to a race
    problem. This flaw leads to a denial of service issue. If patch ebda44da44f6 (net: sched: fix race
    condition in qdisc_graft()) not applied yet, then kernel could be affected. (CVE-2023-0590)

  - A race condition was found in the QXL driver in the Linux kernel. The qxl_mode_dumb_create() function
    dereferences the qobj returned by the qxl_gem_object_create_with_handle(), but the handle is the only one
    holding a reference to it. This flaw allows an attacker to guess the returned handle value and trigger a
    use-after-free issue, potentially leading to a denial of service or privilege escalation. (CVE-2023-39198)

  - A use-after-free vulnerability in the Linux kernel's ipv4: igmp component can be exploited to achieve
    local privilege escalation. A race condition can be exploited to cause a timer be mistakenly registered on
    a RCU read locked object which is freed by another thread. We recommend upgrading past commit
    e2b706c691905fe78468c361aaabc719d0a496f1. (CVE-2023-6932)

  - A use-after-free issue was found in igmp_start_timer in net/ipv4/igmp.c in the network sub-component in
    the Linux Kernel. This flaw allows a local user to observe a refcnt use-after-free issue when receiving an
    igmp query packet, leading to a kernel information leak. (CVE-2024-0584)

  - When a router encounters an IPv6 packet too big to transmit to the next-hop, it returns an ICMP6 Packet
    Too Big (PTB) message to the sender. The sender caches this updated Maximum Transmission Unit (MTU) so it
    knows not to exceed this value when subsequently routing to the same host. (CVE-2023-52340)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version
number.");
  script_set_attribute(attribute:"see_also", value:"https://alas.aws.amazon.com/AL2/ALAS-2024-2391.html");
  script_set_attribute(attribute:"see_also", value:"https://alas.aws.amazon.com/faqs.html");
  script_set_attribute(attribute:"see_also", value:"https://alas.aws.amazon.com/cve/html/CVE-2023-0590.html");
  script_set_attribute(attribute:"see_also", value:"https://alas.aws.amazon.com/cve/html/CVE-2023-6932.html");
  script_set_attribute(attribute:"see_also", value:"https://alas.aws.amazon.com/cve/html/CVE-2024-0584.html");
  script_set_attribute(attribute:"see_also", value:"https://alas.aws.amazon.com/cve/html/CVE-2023-39198.html");
  script_set_attribute(attribute:"see_also", value:"https://alas.aws.amazon.com/cve/html/CVE-2023-52340.html");
  script_set_attribute(attribute:"solution", value:
"Run 'yum update kernel' to update your system.");
  script_set_cvss_base_vector("CVSS2#AV:L/AC:H/Au:S/C:C/I:C/A:C");
  script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C");
  script_set_cvss3_base_vector("CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H");
  script_set_cvss3_temporal_vector("CVSS:3.0/E:P/RL:O/RC:C");
  script_set_attribute(attribute:"cvss_score_source", value:"CVE-2023-6932");

  script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"true");

  script_set_attribute(attribute:"vuln_publication_date", value:"2023/11/09");
  script_set_attribute(attribute:"patch_publication_date", value:"2024/01/03");
  script_set_attribute(attribute:"plugin_publication_date", value:"2024/01/09");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:kernel");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:kernel-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:kernel-debuginfo-common-aarch64");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:kernel-debuginfo-common-x86_64");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:kernel-devel");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:kernel-headers");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:kernel-livepatch-4.14.334-252.552");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:kernel-tools");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:kernel-tools-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:kernel-tools-devel");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:perf");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:perf-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:python-perf");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:python-perf-debuginfo");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:amazon:linux:2");
  script_set_attribute(attribute:"generated_plugin", value:"current");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"Amazon Linux Local Security Checks");

  script_copyright(english:"This script is Copyright (C) 2024 and is owned by Tenable, Inc. or an Affiliate thereof.");

  script_dependencies("ssh_get_info.nasl", "kpatch.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/AmazonLinux/release", "Host/AmazonLinux/rpm-list");

  exit(0);
}

include("rpm.inc");
include("hotfixes.inc");

if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);

var alas_release = get_kb_item("Host/AmazonLinux/release");
if (isnull(alas_release) || !strlen(alas_release)) audit(AUDIT_OS_NOT, "Amazon Linux");
var os_ver = pregmatch(pattern: "^AL(A|\d+|-\d+)", string:alas_release);
if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Amazon Linux");
os_ver = os_ver[1];
if (os_ver != "2")
{
  if (os_ver == 'A') os_ver = 'AMI';
  audit(AUDIT_OS_NOT, "Amazon Linux 2", "Amazon Linux " + os_ver);
}

if (!get_kb_item("Host/AmazonLinux/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);

if (get_one_kb_item("Host/kpatch/kernel-cves"))
{
  set_hotfix_type("kpatch");
  var cve_list = make_list("CVE-2023-0590", "CVE-2023-6932", "CVE-2023-39198", "CVE-2023-52340", "CVE-2024-0584");
  if (hotfix_cves_check(cve_list))
  {
    audit(AUDIT_PATCH_INSTALLED, "kpatch hotfix for ALAS-2024-2391");
  }
  else
  {
    __rpm_report = hotfix_reporting_text();
  }
}
var pkgs = [
    {'reference':'kernel-4.14.334-252.552.amzn2', 'cpu':'aarch64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},
    {'reference':'kernel-4.14.334-252.552.amzn2', 'cpu':'x86_64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},
    {'reference':'kernel-debuginfo-4.14.334-252.552.amzn2', 'cpu':'aarch64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},
    {'reference':'kernel-debuginfo-4.14.334-252.552.amzn2', 'cpu':'x86_64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},
    {'reference':'kernel-debuginfo-common-aarch64-4.14.334-252.552.amzn2', 'cpu':'aarch64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},
    {'reference':'kernel-debuginfo-common-x86_64-4.14.334-252.552.amzn2', 'cpu':'x86_64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},
    {'reference':'kernel-devel-4.14.334-252.552.amzn2', 'cpu':'aarch64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},
    {'reference':'kernel-devel-4.14.334-252.552.amzn2', 'cpu':'x86_64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},
    {'reference':'kernel-headers-4.14.334-252.552.amzn2', 'cpu':'aarch64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},
    {'reference':'kernel-headers-4.14.334-252.552.amzn2', 'cpu':'i686', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},
    {'reference':'kernel-headers-4.14.334-252.552.amzn2', 'cpu':'x86_64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},
    {'reference':'kernel-livepatch-4.14.334-252.552-1.0-0.amzn2', 'cpu':'x86_64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},
    {'reference':'kernel-tools-4.14.334-252.552.amzn2', 'cpu':'aarch64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},
    {'reference':'kernel-tools-4.14.334-252.552.amzn2', 'cpu':'x86_64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},
    {'reference':'kernel-tools-debuginfo-4.14.334-252.552.amzn2', 'cpu':'aarch64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},
    {'reference':'kernel-tools-debuginfo-4.14.334-252.552.amzn2', 'cpu':'x86_64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},
    {'reference':'kernel-tools-devel-4.14.334-252.552.amzn2', 'cpu':'aarch64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},
    {'reference':'kernel-tools-devel-4.14.334-252.552.amzn2', 'cpu':'x86_64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},
    {'reference':'perf-4.14.334-252.552.amzn2', 'cpu':'aarch64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},
    {'reference':'perf-4.14.334-252.552.amzn2', 'cpu':'x86_64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},
    {'reference':'perf-debuginfo-4.14.334-252.552.amzn2', 'cpu':'aarch64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},
    {'reference':'perf-debuginfo-4.14.334-252.552.amzn2', 'cpu':'x86_64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},
    {'reference':'python-perf-4.14.334-252.552.amzn2', 'cpu':'aarch64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},
    {'reference':'python-perf-4.14.334-252.552.amzn2', 'cpu':'x86_64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},
    {'reference':'python-perf-debuginfo-4.14.334-252.552.amzn2', 'cpu':'aarch64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},
    {'reference':'python-perf-debuginfo-4.14.334-252.552.amzn2', 'cpu':'x86_64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE}
];

var flag = 0;
foreach var package_array ( pkgs ) {
  var reference = NULL;
  var _release = NULL;
  var sp = NULL;
  var _cpu = NULL;
  var el_string = NULL;
  var rpm_spec_vers_cmp = NULL;
  var epoch = NULL;
  var allowmaj = NULL;
  var exists_check = NULL;
  if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];
  if (!empty_or_null(package_array['release'])) _release = package_array['release'];
  if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];
  if (!empty_or_null(package_array['cpu'])) _cpu = package_array['cpu'];
  if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string'];
  if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];
  if (!empty_or_null(package_array['epoch'])) epoch = package_array['epoch'];
  if (!empty_or_null(package_array['allowmaj'])) allowmaj = package_array['allowmaj'];
  if (!empty_or_null(package_array['exists_check'])) exists_check = package_array['exists_check'];
  if (reference && _release && (!exists_check || rpm_exists(release:_release, rpm:exists_check))) {
    if (rpm_check(release:_release, sp:sp, cpu:_cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;
  }
}

if (flag)
{
  security_report_v4(
      port       : 0,
      severity   : SECURITY_WARNING,
      extra      : rpm_report_get()
  );
  exit(0);
}
else
{
  var tested = pkg_tests_get();
  if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
  else audit(AUDIT_PACKAGE_NOT_INSTALLED, "kernel / kernel-debuginfo / kernel-debuginfo-common-x86_64 / etc");
}
VendorProductVersionCPE
amazonlinuxkernelp-cpe:/a:amazon:linux:kernel
amazonlinuxkernel-debuginfop-cpe:/a:amazon:linux:kernel-debuginfo
amazonlinuxkernel-debuginfo-common-aarch64p-cpe:/a:amazon:linux:kernel-debuginfo-common-aarch64
amazonlinuxkernel-debuginfo-common-x86_64p-cpe:/a:amazon:linux:kernel-debuginfo-common-x86_64
amazonlinuxkernel-develp-cpe:/a:amazon:linux:kernel-devel
amazonlinuxkernel-headersp-cpe:/a:amazon:linux:kernel-headers
amazonlinuxkernel-livepatch-4.14.334-252.552p-cpe:/a:amazon:linux:kernel-livepatch-4.14.334-252.552
amazonlinuxkernel-toolsp-cpe:/a:amazon:linux:kernel-tools
amazonlinuxkernel-tools-debuginfop-cpe:/a:amazon:linux:kernel-tools-debuginfo
amazonlinuxkernel-tools-develp-cpe:/a:amazon:linux:kernel-tools-devel
Rows per page:
1-10 of 151

Related

amazon 2
nessus 107
prion 4
cve 4
ubuntucve 5
cbl_mariner 5
debiancve 5
redhatcve 5
ubuntu 16
openvas 31
osv 12
virtuozzo 1
oraclelinux 1
ics 1
amazon
amazon
Important: kernel
2024-01-03 21:04:00
Important: kernel
2024-01-03 22:37:00
nessus
nessus
Amazon Linux AMI : kernel (ALAS-2024-1899)
2024-01-09 00:00:00
Amazon Linux 2 : kernel (ALASKERNEL-5.10-2024-045)
2024-01-09 00:00:00
Amazon Linux 2 : kernel (ALASKERNEL-5.4-2024-057)
2024-01-09 00:00:00
prion
prion
Design/Logic Flaw
2024-01-16 14:15:00
Race condition
2023-11-09 20:15:00
Race condition
2023-12-19 14:15:00
cve
cve
CVE-2024-0584
2024-01-16 14:15:49
CVE-2023-39198
2023-11-09 20:15:08
CVE-2023-6932
2023-12-19 14:15:08
ubuntucve
ubuntucve
CVE-2024-0584
2024-01-16 00:00:00
CVE-2023-52340
2024-01-29 00:00:00
CVE-2023-39198
2023-11-09 00:00:00
cbl_mariner
cbl_mariner
CVE-2023-39198 affecting package kernel for versions less than 5.15.138.1-4
2023-12-05 04:40:34
CVE-2024-0584 affecting package kernel for versions less than 5.15.153.1-1
2024-04-09 20:48:36
CVE-2023-6932 affecting package kernel for versions less than 5.15.143.1-1
2024-01-19 03:54:24
debiancve
debiancve
CVE-2023-39198
2023-11-09 20:15:08
CVE-2023-52340
2024-01-23 02:33:47
CVE-2024-0584
2024-01-16 14:15:49
redhatcve
redhatcve
CVE-2023-39198
2023-11-08 15:00:54
CVE-2023-52340
2024-01-28 09:52:33
CVE-2024-0584
2024-01-16 12:22:00
ubuntu
ubuntu
Linux kernel vulnerability
2024-01-25 00:00:00
Linux kernel (AWS) vulnerabilities
2024-01-25 00:00:00
Linux kernel (KVM) vulnerabilities
2024-01-29 00:00:00
openvas
openvas
openSUSE: Security Advisory for the Linux Kernel (Live Patch 21 for SLE 15 SP4) (SUSE-SU-2024:0429-1)
2024-03-04 00:00:00
Ubuntu: Security Advisory (USN-6601-1)
2024-01-26 00:00:00
Huawei EulerOS: Security Advisory for kernel (EulerOS-SA-2024-1176)
2024-02-09 00:00:00
osv
osv
linux vulnerability
2024-01-25 19:32:56
linux-aws vulnerabilities
2024-01-25 20:24:48
linux-kvm vulnerabilities
2024-01-29 22:43:38
virtuozzo
virtuozzo
[Important] [Security] Virtuozzo ReadyKernel Patch 158.1 for Virtuozzo Hybrid Server 7.5
2023-07-24 00:00:00
oraclelinux
oraclelinux
Unbreakable Enterprise kernel security update
2024-02-12 00:00:00
ics
ics
Siemens SIMATIC S7-1500
2024-04-11 12:00:00

7.3 High

AI Score

Confidence

High

JSON
Related for AL2_ALAS-2024-2391.NASL
amazon2nessus107prion4cve4ubuntucve5cbl_mariner5debiancve5redhatcve5ubuntu16openvas31osv12virtuozzo1oraclelinux1ics1