Lucene search
This script is Copyright (C) 2023 and is owned by Tenable, Inc. or an Affiliate thereof.AL2_ALASKERNEL-5_10-2023-041.NASLHistoryOct 18, 2023 - 12:00 a.m.
Amazon Linux 2 : kernel (ALASKERNEL-5.10-2023-041)
2023-10-1800:00:00
This script is Copyright (C) 2023 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
11
amazon linux 2
kernel
alaskernel-5.10-2023-041
vulnerabilities
rsvp
nf_tables
local privilege escalation
denial of service
cve-2023-42755
cve-2023-5197
nessus scanner
out-of-bounds read
7.8 High
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
6.8 Medium
AI Score
Confidence
High
0.001 Low
EPSS
Percentile
21.9%
The version of kernel installed on the remote host is prior to 5.10.197-186.748. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2KERNEL-5.10-2023-041 advisory.
-
A flaw was found in the IPv4 Resource Reservation Protocol (RSVP) classifier in the Linux kernel. The xprt pointer may go beyond the linear part of the skb, leading to an out-of-bounds read in the
rsvp_classifyfunction. This issue may allow a local user to crash the system and cause a denial of service.
(CVE-2023-42755) -
A use-after-free vulnerability in the Linux kernel’s netfilter: nf_tables component can be exploited to achieve local privilege escalation. Addition and removal of rules from chain bindings within the same transaction causes leads to use-after-free. We recommend upgrading past commit f15f29fd4779be8a418b66e9d52979bb6d6c2325. (CVE-2023-5197)
Note that Nessus has not tested for these issues but has instead relied only on the application’s self-reported version number.
#%NASL_MIN_LEVEL 80900
##
# (C) Tenable, Inc.
#
# The descriptive text and package checks in this plugin were
# extracted from Amazon Linux 2 Security Advisory ALASKERNEL-5.10-2023-041.
##
include('compat.inc');
if (description)
{
script_id(183265);
script_version("1.4");
script_set_attribute(attribute:"plugin_modification_date", value:"2023/12/22");
script_cve_id("CVE-2023-5197", "CVE-2023-42755");
script_name(english:"Amazon Linux 2 : kernel (ALASKERNEL-5.10-2023-041)");
script_set_attribute(attribute:"synopsis", value:
"The remote Amazon Linux 2 host is missing a security update.");
script_set_attribute(attribute:"description", value:
"The version of kernel installed on the remote host is prior to 5.10.197-186.748. It is, therefore, affected by multiple
vulnerabilities as referenced in the ALAS2KERNEL-5.10-2023-041 advisory.
- A flaw was found in the IPv4 Resource Reservation Protocol (RSVP) classifier in the Linux kernel. The xprt
pointer may go beyond the linear part of the skb, leading to an out-of-bounds read in the `rsvp_classify`
function. This issue may allow a local user to crash the system and cause a denial of service.
(CVE-2023-42755)
- A use-after-free vulnerability in the Linux kernel's netfilter: nf_tables component can be exploited to
achieve local privilege escalation. Addition and removal of rules from chain bindings within the same
transaction causes leads to use-after-free. We recommend upgrading past commit
f15f29fd4779be8a418b66e9d52979bb6d6c2325. (CVE-2023-5197)
Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version
number.");
script_set_attribute(attribute:"see_also", value:"https://alas.aws.amazon.com/AL2/ALASKERNEL-5.10-2023-041.html");
script_set_attribute(attribute:"see_also", value:"https://alas.aws.amazon.com/cve/html/CVE-2023-42755.html");
script_set_attribute(attribute:"see_also", value:"https://alas.aws.amazon.com/cve/html/CVE-2023-5197.html");
script_set_attribute(attribute:"see_also", value:"https://alas.aws.amazon.com/faqs.html");
script_set_attribute(attribute:"solution", value:
"Run 'yum update kernel' to update your system.");
script_set_cvss_base_vector("CVSS2#AV:L/AC:L/Au:S/C:P/I:P/A:C");
script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C");
script_set_cvss3_base_vector("CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H");
script_set_cvss3_temporal_vector("CVSS:3.0/E:P/RL:O/RC:C");
script_set_attribute(attribute:"cvss_score_source", value:"CVE-2023-5197");
script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
script_set_attribute(attribute:"exploit_available", value:"true");
script_set_attribute(attribute:"vuln_publication_date", value:"2023/09/27");
script_set_attribute(attribute:"patch_publication_date", value:"2023/10/12");
script_set_attribute(attribute:"plugin_publication_date", value:"2023/10/18");
script_set_attribute(attribute:"plugin_type", value:"local");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:bpftool");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:bpftool-debuginfo");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:kernel");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:kernel-debuginfo");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:kernel-debuginfo-common-aarch64");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:kernel-debuginfo-common-x86_64");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:kernel-devel");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:kernel-headers");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:kernel-livepatch-5.10.197-186.748");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:kernel-tools");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:kernel-tools-debuginfo");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:kernel-tools-devel");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:perf");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:perf-debuginfo");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:python-perf");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:python-perf-debuginfo");
script_set_attribute(attribute:"cpe", value:"cpe:/o:amazon:linux:2");
script_set_attribute(attribute:"generated_plugin", value:"current");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_family(english:"Amazon Linux Local Security Checks");
script_copyright(english:"This script is Copyright (C) 2023 and is owned by Tenable, Inc. or an Affiliate thereof.");
script_dependencies("ssh_get_info.nasl", "kpatch.nasl");
script_require_keys("Host/local_checks_enabled", "Host/AmazonLinux/release", "Host/AmazonLinux/rpm-list");
exit(0);
}
include("rpm.inc");
include("hotfixes.inc");
if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
var alas_release = get_kb_item("Host/AmazonLinux/release");
if (isnull(alas_release) || !strlen(alas_release)) audit(AUDIT_OS_NOT, "Amazon Linux");
var os_ver = pregmatch(pattern: "^AL(A|\d+|-\d+)", string:alas_release);
if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Amazon Linux");
os_ver = os_ver[1];
if (os_ver != "2")
{
if (os_ver == 'A') os_ver = 'AMI';
audit(AUDIT_OS_NOT, "Amazon Linux 2", "Amazon Linux " + os_ver);
}
if (!get_kb_item("Host/AmazonLinux/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
if (get_one_kb_item("Host/kpatch/kernel-cves"))
{
set_hotfix_type("kpatch");
var cve_list = make_list("CVE-2023-5197", "CVE-2023-42755");
if (hotfix_cves_check(cve_list))
{
audit(AUDIT_PATCH_INSTALLED, "kpatch hotfix for ALASKERNEL-5.10-2023-041");
}
else
{
__rpm_report = hotfix_reporting_text();
}
}
var pkgs = [
{'reference':'bpftool-5.10.197-186.748.amzn2', 'cpu':'aarch64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-5.10'},
{'reference':'bpftool-5.10.197-186.748.amzn2', 'cpu':'x86_64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-5.10'},
{'reference':'bpftool-debuginfo-5.10.197-186.748.amzn2', 'cpu':'aarch64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-5.10'},
{'reference':'bpftool-debuginfo-5.10.197-186.748.amzn2', 'cpu':'x86_64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-5.10'},
{'reference':'kernel-5.10.197-186.748.amzn2', 'cpu':'aarch64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-5.10'},
{'reference':'kernel-5.10.197-186.748.amzn2', 'cpu':'x86_64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-5.10'},
{'reference':'kernel-debuginfo-5.10.197-186.748.amzn2', 'cpu':'aarch64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-5.10'},
{'reference':'kernel-debuginfo-5.10.197-186.748.amzn2', 'cpu':'x86_64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-5.10'},
{'reference':'kernel-debuginfo-common-aarch64-5.10.197-186.748.amzn2', 'cpu':'aarch64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-5.10'},
{'reference':'kernel-debuginfo-common-x86_64-5.10.197-186.748.amzn2', 'cpu':'x86_64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-5.10'},
{'reference':'kernel-devel-5.10.197-186.748.amzn2', 'cpu':'aarch64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-5.10'},
{'reference':'kernel-devel-5.10.197-186.748.amzn2', 'cpu':'x86_64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-5.10'},
{'reference':'kernel-headers-5.10.197-186.748.amzn2', 'cpu':'aarch64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-5.10'},
{'reference':'kernel-headers-5.10.197-186.748.amzn2', 'cpu':'i686', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-5.10'},
{'reference':'kernel-headers-5.10.197-186.748.amzn2', 'cpu':'x86_64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-5.10'},
{'reference':'kernel-livepatch-5.10.197-186.748-1.0-0.amzn2', 'cpu':'aarch64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-5.10'},
{'reference':'kernel-livepatch-5.10.197-186.748-1.0-0.amzn2', 'cpu':'x86_64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-5.10'},
{'reference':'kernel-tools-5.10.197-186.748.amzn2', 'cpu':'aarch64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-5.10'},
{'reference':'kernel-tools-5.10.197-186.748.amzn2', 'cpu':'x86_64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-5.10'},
{'reference':'kernel-tools-debuginfo-5.10.197-186.748.amzn2', 'cpu':'aarch64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-5.10'},
{'reference':'kernel-tools-debuginfo-5.10.197-186.748.amzn2', 'cpu':'x86_64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-5.10'},
{'reference':'kernel-tools-devel-5.10.197-186.748.amzn2', 'cpu':'aarch64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-5.10'},
{'reference':'kernel-tools-devel-5.10.197-186.748.amzn2', 'cpu':'x86_64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-5.10'},
{'reference':'perf-5.10.197-186.748.amzn2', 'cpu':'aarch64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-5.10'},
{'reference':'perf-5.10.197-186.748.amzn2', 'cpu':'x86_64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-5.10'},
{'reference':'perf-debuginfo-5.10.197-186.748.amzn2', 'cpu':'aarch64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-5.10'},
{'reference':'perf-debuginfo-5.10.197-186.748.amzn2', 'cpu':'x86_64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-5.10'},
{'reference':'python-perf-5.10.197-186.748.amzn2', 'cpu':'aarch64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-5.10'},
{'reference':'python-perf-5.10.197-186.748.amzn2', 'cpu':'x86_64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-5.10'},
{'reference':'python-perf-debuginfo-5.10.197-186.748.amzn2', 'cpu':'aarch64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-5.10'},
{'reference':'python-perf-debuginfo-5.10.197-186.748.amzn2', 'cpu':'x86_64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-5.10'}
];
var flag = 0;
foreach var package_array ( pkgs ) {
var reference = NULL;
var _release = NULL;
var sp = NULL;
var _cpu = NULL;
var el_string = NULL;
var rpm_spec_vers_cmp = NULL;
var epoch = NULL;
var allowmaj = NULL;
var exists_check = NULL;
if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];
if (!empty_or_null(package_array['release'])) _release = package_array['release'];
if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];
if (!empty_or_null(package_array['cpu'])) _cpu = package_array['cpu'];
if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string'];
if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];
if (!empty_or_null(package_array['epoch'])) epoch = package_array['epoch'];
if (!empty_or_null(package_array['allowmaj'])) allowmaj = package_array['allowmaj'];
if (!empty_or_null(package_array['exists_check'])) exists_check = package_array['exists_check'];
if (reference && _release && (!exists_check || rpm_exists(release:_release, rpm:exists_check))) {
if (rpm_check(release:_release, sp:sp, cpu:_cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;
}
}
if (flag)
{
security_report_v4(
port : 0,
severity : SECURITY_WARNING,
extra : rpm_report_get()
);
exit(0);
}
else
{
var tested = pkg_tests_get();
if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
else audit(AUDIT_PACKAGE_NOT_INSTALLED, "bpftool / bpftool-debuginfo / kernel / etc");
}| Vendor | Product | Version | CPE |
|---|---|---|---|
| amazon | linux | kernel-headers | p-cpe:/a:amazon:linux:kernel-headers |
| amazon | linux | kernel-livepatch-5.10.197-186.748 | p-cpe:/a:amazon:linux:kernel-livepatch-5.10.197-186.748 |
| amazon | linux | kernel-tools | p-cpe:/a:amazon:linux:kernel-tools |
| amazon | linux | kernel-tools-debuginfo | p-cpe:/a:amazon:linux:kernel-tools-debuginfo |
| amazon | linux | kernel-tools-devel | p-cpe:/a:amazon:linux:kernel-tools-devel |
| amazon | linux | perf | p-cpe:/a:amazon:linux:perf |
| amazon | linux | perf-debuginfo | p-cpe:/a:amazon:linux:perf-debuginfo |
| amazon | linux | python-perf | p-cpe:/a:amazon:linux:python-perf |
| amazon | linux | python-perf-debuginfo | p-cpe:/a:amazon:linux:python-perf-debuginfo |
| amazon | linux | bpftool | p-cpe:/a:amazon:linux:bpftool |
Related
osv
osv
debiancve
debiancve
CVE-2023-42755
2023-10-05 19:15:11
CVE-2023-5197
2023-09-27 15:19:43
nvd
nvd
cvelist
cvelist
CVE-2023-42755 Kernel: rsvp: out-of-bounds read in rsvp_classify()
2023-10-05 18:25:23
prion
prion
Out-of-bounds
2023-10-05 19:15:00
Design/Logic Flaw
2023-09-27 15:19:00
Information disclosure
2023-09-28 17:15:00
redhatcve
redhatcve
cbl_mariner
cbl_mariner
CVE-2023-42755 affecting package kernel for versions less than 5.15.135.1-2
2023-11-08 02:07:28
CVE-2023-5197 affecting package kernel for versions less than 5.15.135.1-2
2023-11-08 02:07:28
ubuntucve
ubuntucve
CVE-2023-5197
2023-09-27 00:00:00
CVE-2023-42755
2023-10-05 00:00:00
openvas
openvas
Ubuntu: Security Advisory (USN-6443-1)
2023-10-20 00:00:00
Ubuntu: Security Advisory (USN-6446-2)
2023-10-25 00:00:00
Ubuntu: Security Advisory (USN-6444-2)
2023-10-25 00:00:00
cve
cve
zdi
zdi
ubuntu
ubuntu
Linux kernel (OEM) vulnerabilities
2023-10-19 00:00:00
Linux kernel vulnerabilities
2023-10-24 00:00:00
Linux kernel (StarFive) vulnerabilities
2023-11-01 00:00:00
nessus
nessus
Ubuntu 22.04 LTS : Linux kernel (OEM) vulnerabilities (USN-6443-1)
2023-10-20 00:00:00
Ubuntu 22.04 LTS / 23.04 : Linux kernel vulnerabilities (USN-6444-1)
2023-10-20 00:00:00
Ubuntu 23.10 : Linux kernel (ARM laptop) vulnerabilities (USN-6454-3)
2023-10-31 00:00:00
photon
photon
Moderate Photon OS Security Update - PHSA-2023-5.0-0102
2023-09-27 00:00:00
Moderate Photon OS Security Update - PHSA-2023-4.0-0479
2023-09-27 00:00:00
Important Photon OS Security Update - PHSA-2023-4.0-0491
2023-10-17 00:00:00
virtuozzo
virtuozzo
mageia
mageia
Updated kernel-linus packages fix security vulnerabilities
2023-10-23 00:04:51
Updated kernel packages fix security vulnerabilities
2023-10-23 00:04:51
oraclelinux
oraclelinux
Unbreakable Enterprise kernel security update
2023-12-13 00:00:00
kernel security, bug fix, and enhancement update
2024-05-23 00:00:00
chrome
chrome
Stable Channel Update for ChromeOS/ChromeOS Flex
2023-11-14 00:00:00
amazon
amazon
Important: kernel
2023-09-27 22:48:00
Important: kernel
2023-09-27 22:15:00
debian
debian
[SECURITY] [DSA 5594-1] linux security update
2024-01-02 21:05:08
[SECURITY] [DLA 3711-1] linux-5.10 security update
2024-01-11 17:58:27
[SECURITY] [DLA 3710-1] linux security update
2024-01-11 18:20:04
slackware
slackware
[slackware-security] Slackware 15.0 kernel
2023-11-21 21:37:49
redhat
redhat
(RHSA-2024:3138) Moderate: kernel security, bug fix, and enhancement update
2024-05-22 06:35:43
(RHSA-2024:2950) Moderate: kernel-rt security and bug fix update
2024-05-22 06:35:10
rocky
rocky
kernel security, bug fix, and enhancement update
2024-06-14 13:59:16
kernel-rt security and bug fix update
2024-06-14 13:59:36
ibm
ibm
Security Bulletin: IBM QRadar SIEM contains multiple kernel vulnerabilities
2024-06-07 15:32:38
ics
ics
Siemens SIMATIC S7-1500 CPU 1518(F)-4 PN/DP MFP V3.1
2023-12-14 12:00:00
7.8 High
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
6.8 Medium
AI Score
Confidence
High
0.001 Low
EPSS
Percentile
21.9%
Related for AL2_ALASKERNEL-5_10-2023-041.NASL