The version of kernel installed on the remote host is prior to 5.15.69-37.134. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2KERNEL-5.15-2022-008 advisory.
A use-after-free flaw was found in the Linux kernel’s Atheros wireless adapter driver in the way a user forces the ath9k_htc_wait_for_target function to fail with some input messages. This flaw allows a local user to crash or potentially escalate their privileges on the system. (CVE-2022-1679)
It was discovered that when exec’ing from a non-leader thread, armed POSIX CPU timers would be left on a list but freed, leading to a use-after-free. (CVE-2022-2585)
It was discovered that a nft object or expression could reference a nft set on a different nft table, leading to a use-after-free once that table was deleted. (CVE-2022-2586)
It was discovered that the cls_route filter implementation in the Linux kernel would not remove an old filter from the hashtable before freeing it if its handle had the value 0. (CVE-2022-2588)
Non-transparent sharing of return predictor targets between contexts in some Intel® Processors may allow an authorized user to potentially enable information disclosure via local access. (CVE-2022-26373)
An issue was found in the Linux kernel in nf_conntrack_irc where the message handling can be confused and incorrectly matches the message. A firewall may be able to be bypassed when users are using unencrypted IRC with nf_conntrack_irc configured. (CVE-2022-2663)
An out-of-bounds memory read flaw was found in the Linux kernel’s BPF subsystem in how a user calls the bpf_tail_call function with a key larger than the max_entries of the map. This flaw allows a local user to gain unauthorized access to data. (CVE-2022-2905)
A race condition was found in the Linux kernel’s IP framework for transforming packets (XFRM subsystem) when multiple calls to xfrm_probe_algs occurred simultaneously. This flaw could allow a local attacker to potentially trigger an out-of-bounds write or leak kernel heap memory by performing an out-of-bounds read and copying it into a socket. (CVE-2022-3028)
There exists a use-after-free in io_uring in the Linux kernel. Signalfd_poll() and binder_poll() use a waitqueue whose lifetime is the current task. It will send a POLLFREE notification to all waiters before the queue is freed. Unfortunately, the io_uring poll doesn’t handle POLLFREE. This allows a use-after-free to occur if a signalfd or binder fd is polled with io_uring poll, and the waitqueue gets freed. We recommend upgrading past commit fc78b2fc21f10c4c9c4d5d659a685710ffa63659 (CVE-2022-3176)
A race condition flaw was found in the Linux kernel sound subsystem due to improper locking. It could lead to a NULL pointer dereference while handling the SNDCTL_DSP_SYNC ioctl. A privileged local user (root or member of the audio group) could use this flaw to crash the system, resulting in a denial of service condition (CVE-2022-3303)
A vulnerability was found in Linux Kernel. It has been classified as critical. This affects the function devlink_param_set/devlink_param_get of the file net/core/devlink.c of the component IPsec. The manipulation leads to use after free. It is recommended to apply a patch to fix this issue. The identifier VDB-211929 was assigned to this vulnerability. (CVE-2022-3625)
An issue was discovered in include/asm-generic/tlb.h in the Linux kernel before 5.19. Because of a race condition (unmap_mapping_range versus munmap), a device driver can free a page while it still has stale TLB entries. This only occurs in situations with VM_PFNMAP VMAs. (CVE-2022-39188)
An issue was discovered the x86 KVM subsystem in the Linux kernel before 5.18.17. Unprivileged guest users can compromise the guest kernel because TLB flush operations are mishandled in certain KVM_VCPU_PREEMPTED situations. (CVE-2022-39189)
An issue was discovered in net/netfilter/nf_tables_api.c in the Linux kernel before 5.19.6. A denial of service can occur upon binding to an already bound chain. (CVE-2022-39190)
An issue was discovered in the Linux kernel through 5.19.8. drivers/firmware/efi/capsule-loader.c has a race condition with a resultant use-after-free. (CVE-2022-40307)
In nf_tables_updtable, if nf_tables_table_enable returns an error, nft_trans_destroy is called to free the transaction object. nft_trans_destroy() calls list_del(), but the transaction was never placed on a list
– the list head is all zeroes, this results in a NULL pointer dereference. (CVE-2023-1095)
A flaw was found in the Linux kernel’s netdevsim device driver, within the scheduling of events. This issue results from the improper management of a reference count. This may allow an attacker to create a denial of service condition on the system. (CVE-2023-2019)
A use-after-free vulnerability was found in the Linux kernel’s ext4 filesystem in the way it handled the extra inode size for extended attributes. This flaw could allow a privileged local user to cause a system crash or other undefined behaviors. (CVE-2023-2513)
An out-of-bounds read vulnerability was found in the SR-IPv6 implementation in the Linux kernel. The flaw exists within the processing of seg6 attributes. The issue results from the improper validation of user- supplied data, which can result in a read past the end of an allocated buffer. This flaw allows a privileged local user to disclose sensitive information on affected installations of the Linux kernel.
(CVE-2023-2860)
A use after free vulnerability was found in prepare_to_relocate in fs/btrfs/relocation.c in btrfs in the Linux Kernel. This possible flaw can be triggered by calling btrfs_ioctl_balance() before calling btrfs_ioctl_defrag(). (CVE-2023-3111)
A use-after-free flaw was found in the Linux Kernel. When a disk is removed, bdi_unregister is called to stop further write-back and waits for associated delayed work to complete. However, wb_inode_writeback_end() may schedule bandwidth estimation work after this has completed, which can result in the timer attempting to access the recently freed bdi_writeback. (CVE-2024-0562)
Note that Nessus has not tested for these issues but has instead relied only on the application’s self-reported version number.
#%NASL_MIN_LEVEL 80900
##
# (C) Tenable, Inc.
#
# The descriptive text and package checks in this plugin were
# extracted from Amazon Linux 2 Security Advisory ALASKERNEL-5.15-2022-008.
##
include('compat.inc');
if (description)
{
script_id(166118);
script_version("1.14");
script_set_attribute(attribute:"plugin_modification_date", value:"2024/04/11");
script_cve_id(
"CVE-2022-1679",
"CVE-2022-2585",
"CVE-2022-2586",
"CVE-2022-2588",
"CVE-2022-26373",
"CVE-2022-2663",
"CVE-2022-2905",
"CVE-2022-3028",
"CVE-2022-3176",
"CVE-2022-3303",
"CVE-2022-3625",
"CVE-2022-39188",
"CVE-2022-39189",
"CVE-2022-39190",
"CVE-2022-40307",
"CVE-2023-1095",
"CVE-2023-2019",
"CVE-2023-2513",
"CVE-2023-2860",
"CVE-2023-3111",
"CVE-2024-0562"
);
script_name(english:"Amazon Linux 2 : kernel (ALASKERNEL-5.15-2022-008)");
script_set_attribute(attribute:"synopsis", value:
"The remote Amazon Linux 2 host is missing a security update.");
script_set_attribute(attribute:"description", value:
"The version of kernel installed on the remote host is prior to 5.15.69-37.134. It is, therefore, affected by multiple
vulnerabilities as referenced in the ALAS2KERNEL-5.15-2022-008 advisory.
- A use-after-free flaw was found in the Linux kernel's Atheros wireless adapter driver in the way a user
forces the ath9k_htc_wait_for_target function to fail with some input messages. This flaw allows a local
user to crash or potentially escalate their privileges on the system. (CVE-2022-1679)
- It was discovered that when exec'ing from a non-leader thread, armed POSIX CPU timers would be left on a
list but freed, leading to a use-after-free. (CVE-2022-2585)
- It was discovered that a nft object or expression could reference a nft set on a different nft table,
leading to a use-after-free once that table was deleted. (CVE-2022-2586)
- It was discovered that the cls_route filter implementation in the Linux kernel would not remove an old
filter from the hashtable before freeing it if its handle had the value 0. (CVE-2022-2588)
- Non-transparent sharing of return predictor targets between contexts in some Intel(R) Processors may allow
an authorized user to potentially enable information disclosure via local access. (CVE-2022-26373)
- An issue was found in the Linux kernel in nf_conntrack_irc where the message handling can be confused and
incorrectly matches the message. A firewall may be able to be bypassed when users are using unencrypted
IRC with nf_conntrack_irc configured. (CVE-2022-2663)
- An out-of-bounds memory read flaw was found in the Linux kernel's BPF subsystem in how a user calls the
bpf_tail_call function with a key larger than the max_entries of the map. This flaw allows a local user to
gain unauthorized access to data. (CVE-2022-2905)
- A race condition was found in the Linux kernel's IP framework for transforming packets (XFRM subsystem)
when multiple calls to xfrm_probe_algs occurred simultaneously. This flaw could allow a local attacker to
potentially trigger an out-of-bounds write or leak kernel heap memory by performing an out-of-bounds read
and copying it into a socket. (CVE-2022-3028)
- There exists a use-after-free in io_uring in the Linux kernel. Signalfd_poll() and binder_poll() use a
waitqueue whose lifetime is the current task. It will send a POLLFREE notification to all waiters before
the queue is freed. Unfortunately, the io_uring poll doesn't handle POLLFREE. This allows a use-after-free
to occur if a signalfd or binder fd is polled with io_uring poll, and the waitqueue gets freed. We
recommend upgrading past commit fc78b2fc21f10c4c9c4d5d659a685710ffa63659 (CVE-2022-3176)
- A race condition flaw was found in the Linux kernel sound subsystem due to improper locking. It could lead
to a NULL pointer dereference while handling the SNDCTL_DSP_SYNC ioctl. A privileged local user (root or
member of the audio group) could use this flaw to crash the system, resulting in a denial of service
condition (CVE-2022-3303)
- A vulnerability was found in Linux Kernel. It has been classified as critical. This affects the function
devlink_param_set/devlink_param_get of the file net/core/devlink.c of the component IPsec. The
manipulation leads to use after free. It is recommended to apply a patch to fix this issue. The identifier
VDB-211929 was assigned to this vulnerability. (CVE-2022-3625)
- An issue was discovered in include/asm-generic/tlb.h in the Linux kernel before 5.19. Because of a race
condition (unmap_mapping_range versus munmap), a device driver can free a page while it still has stale
TLB entries. This only occurs in situations with VM_PFNMAP VMAs. (CVE-2022-39188)
- An issue was discovered the x86 KVM subsystem in the Linux kernel before 5.18.17. Unprivileged guest users
can compromise the guest kernel because TLB flush operations are mishandled in certain KVM_VCPU_PREEMPTED
situations. (CVE-2022-39189)
- An issue was discovered in net/netfilter/nf_tables_api.c in the Linux kernel before 5.19.6. A denial of
service can occur upon binding to an already bound chain. (CVE-2022-39190)
- An issue was discovered in the Linux kernel through 5.19.8. drivers/firmware/efi/capsule-loader.c has a
race condition with a resultant use-after-free. (CVE-2022-40307)
- In nf_tables_updtable, if nf_tables_table_enable returns an error, nft_trans_destroy is called to free the
transaction object. nft_trans_destroy() calls list_del(), but the transaction was never placed on a list
-- the list head is all zeroes, this results in a NULL pointer dereference. (CVE-2023-1095)
- A flaw was found in the Linux kernel's netdevsim device driver, within the scheduling of events. This
issue results from the improper management of a reference count. This may allow an attacker to create a
denial of service condition on the system. (CVE-2023-2019)
- A use-after-free vulnerability was found in the Linux kernel's ext4 filesystem in the way it handled the
extra inode size for extended attributes. This flaw could allow a privileged local user to cause a system
crash or other undefined behaviors. (CVE-2023-2513)
- An out-of-bounds read vulnerability was found in the SR-IPv6 implementation in the Linux kernel. The flaw
exists within the processing of seg6 attributes. The issue results from the improper validation of user-
supplied data, which can result in a read past the end of an allocated buffer. This flaw allows a
privileged local user to disclose sensitive information on affected installations of the Linux kernel.
(CVE-2023-2860)
- A use after free vulnerability was found in prepare_to_relocate in fs/btrfs/relocation.c in btrfs in the
Linux Kernel. This possible flaw can be triggered by calling btrfs_ioctl_balance() before calling
btrfs_ioctl_defrag(). (CVE-2023-3111)
- A use-after-free flaw was found in the Linux Kernel. When a disk is removed, bdi_unregister is called to
stop further write-back and waits for associated delayed work to complete. However,
wb_inode_writeback_end() may schedule bandwidth estimation work after this has completed, which can result
in the timer attempting to access the recently freed bdi_writeback. (CVE-2024-0562)
Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version
number.");
script_set_attribute(attribute:"see_also", value:"https://alas.aws.amazon.com/AL2/ALASKERNEL-5.15-2022-008.html");
script_set_attribute(attribute:"see_also", value:"https://alas.aws.amazon.com/faqs.html");
script_set_attribute(attribute:"see_also", value:"https://alas.aws.amazon.com/cve/html/CVE-2022-1679.html");
script_set_attribute(attribute:"see_also", value:"https://alas.aws.amazon.com/cve/html/CVE-2022-2585.html");
script_set_attribute(attribute:"see_also", value:"https://alas.aws.amazon.com/cve/html/CVE-2022-2586.html");
script_set_attribute(attribute:"see_also", value:"https://alas.aws.amazon.com/cve/html/CVE-2022-2588.html");
script_set_attribute(attribute:"see_also", value:"https://alas.aws.amazon.com/cve/html/CVE-2022-26373.html");
script_set_attribute(attribute:"see_also", value:"https://alas.aws.amazon.com/cve/html/CVE-2022-2663.html");
script_set_attribute(attribute:"see_also", value:"https://alas.aws.amazon.com/cve/html/CVE-2022-2905.html");
script_set_attribute(attribute:"see_also", value:"https://alas.aws.amazon.com/cve/html/CVE-2022-3028.html");
script_set_attribute(attribute:"see_also", value:"https://alas.aws.amazon.com/cve/html/CVE-2022-3176.html");
script_set_attribute(attribute:"see_also", value:"https://alas.aws.amazon.com/cve/html/CVE-2022-3303.html");
script_set_attribute(attribute:"see_also", value:"https://alas.aws.amazon.com/cve/html/CVE-2022-3625.html");
script_set_attribute(attribute:"see_also", value:"https://alas.aws.amazon.com/cve/html/CVE-2022-39188.html");
script_set_attribute(attribute:"see_also", value:"https://alas.aws.amazon.com/cve/html/CVE-2022-39189.html");
script_set_attribute(attribute:"see_also", value:"https://alas.aws.amazon.com/cve/html/CVE-2022-39190.html");
script_set_attribute(attribute:"see_also", value:"https://alas.aws.amazon.com/cve/html/CVE-2022-40307.html");
script_set_attribute(attribute:"see_also", value:"https://alas.aws.amazon.com/cve/html/CVE-2023-1095.html");
script_set_attribute(attribute:"see_also", value:"https://alas.aws.amazon.com/cve/html/CVE-2023-2019.html");
script_set_attribute(attribute:"see_also", value:"https://alas.aws.amazon.com/cve/html/CVE-2023-2513.html");
script_set_attribute(attribute:"see_also", value:"https://alas.aws.amazon.com/cve/html/CVE-2023-2860.html");
script_set_attribute(attribute:"see_also", value:"https://alas.aws.amazon.com/cve/html/CVE-2023-3111.html");
script_set_attribute(attribute:"see_also", value:"https://alas.aws.amazon.com/cve/html/CVE-2024-0562.html");
script_set_attribute(attribute:"solution", value:
"Run 'yum update kernel' to update your system.");
script_set_cvss_base_vector("CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C");
script_set_cvss_temporal_vector("CVSS2#E:H/RL:OF/RC:C");
script_set_cvss3_base_vector("CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H");
script_set_cvss3_temporal_vector("CVSS:3.0/E:H/RL:O/RC:C");
script_set_attribute(attribute:"cvss_score_source", value:"CVE-2022-1679");
script_set_attribute(attribute:"cvss3_score_source", value:"CVE-2024-0562");
script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
script_set_attribute(attribute:"exploit_available", value:"true");
script_set_attribute(attribute:"exploit_framework_core", value:"true");
script_set_attribute(attribute:"exploited_by_malware", value:"true");
script_set_attribute(attribute:"vuln_publication_date", value:"2022/05/16");
script_set_attribute(attribute:"patch_publication_date", value:"2022/09/30");
script_set_attribute(attribute:"plugin_publication_date", value:"2022/10/14");
script_set_attribute(attribute:"plugin_type", value:"local");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:bpftool");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:bpftool-debuginfo");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:kernel");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:kernel-debuginfo");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:kernel-debuginfo-common-aarch64");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:kernel-debuginfo-common-x86_64");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:kernel-devel");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:kernel-headers");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:kernel-livepatch-5.15.69-37.134");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:kernel-tools");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:kernel-tools-debuginfo");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:kernel-tools-devel");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:perf");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:perf-debuginfo");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:python-perf");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:python-perf-debuginfo");
script_set_attribute(attribute:"cpe", value:"cpe:/o:amazon:linux:2");
script_set_attribute(attribute:"generated_plugin", value:"current");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_family(english:"Amazon Linux Local Security Checks");
script_copyright(english:"This script is Copyright (C) 2022-2024 and is owned by Tenable, Inc. or an Affiliate thereof.");
script_dependencies("ssh_get_info.nasl", "kpatch.nasl");
script_require_keys("Host/local_checks_enabled", "Host/AmazonLinux/release", "Host/AmazonLinux/rpm-list");
exit(0);
}
include("rpm.inc");
include("hotfixes.inc");
if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
var alas_release = get_kb_item("Host/AmazonLinux/release");
if (isnull(alas_release) || !strlen(alas_release)) audit(AUDIT_OS_NOT, "Amazon Linux");
var os_ver = pregmatch(pattern: "^AL(A|\d+|-\d+)", string:alas_release);
if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Amazon Linux");
os_ver = os_ver[1];
if (os_ver != "2")
{
if (os_ver == 'A') os_ver = 'AMI';
audit(AUDIT_OS_NOT, "Amazon Linux 2", "Amazon Linux " + os_ver);
}
if (!get_kb_item("Host/AmazonLinux/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
if (get_one_kb_item("Host/kpatch/kernel-cves"))
{
set_hotfix_type("kpatch");
var cve_list = make_list("CVE-2022-1679", "CVE-2022-2585", "CVE-2022-2586", "CVE-2022-2588", "CVE-2022-2663", "CVE-2022-2905", "CVE-2022-3028", "CVE-2022-3176", "CVE-2022-3303", "CVE-2022-3625", "CVE-2022-26373", "CVE-2022-39188", "CVE-2022-39189", "CVE-2022-39190", "CVE-2022-40307", "CVE-2023-1095", "CVE-2023-2019", "CVE-2023-2513", "CVE-2023-2860", "CVE-2023-3111", "CVE-2024-0562");
if (hotfix_cves_check(cve_list))
{
audit(AUDIT_PATCH_INSTALLED, "kpatch hotfix for ALASKERNEL-5.15-2022-008");
}
else
{
__rpm_report = hotfix_reporting_text();
}
}
var pkgs = [
{'reference':'bpftool-5.15.69-37.134.amzn2', 'cpu':'aarch64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-5.15'},
{'reference':'bpftool-5.15.69-37.134.amzn2', 'cpu':'x86_64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-5.15'},
{'reference':'bpftool-debuginfo-5.15.69-37.134.amzn2', 'cpu':'aarch64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-5.15'},
{'reference':'bpftool-debuginfo-5.15.69-37.134.amzn2', 'cpu':'x86_64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-5.15'},
{'reference':'kernel-5.15.69-37.134.amzn2', 'cpu':'aarch64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-5.15'},
{'reference':'kernel-5.15.69-37.134.amzn2', 'cpu':'x86_64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-5.15'},
{'reference':'kernel-debuginfo-5.15.69-37.134.amzn2', 'cpu':'aarch64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-5.15'},
{'reference':'kernel-debuginfo-5.15.69-37.134.amzn2', 'cpu':'x86_64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-5.15'},
{'reference':'kernel-debuginfo-common-aarch64-5.15.69-37.134.amzn2', 'cpu':'aarch64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-5.15'},
{'reference':'kernel-debuginfo-common-x86_64-5.15.69-37.134.amzn2', 'cpu':'x86_64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-5.15'},
{'reference':'kernel-devel-5.15.69-37.134.amzn2', 'cpu':'aarch64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-5.15'},
{'reference':'kernel-devel-5.15.69-37.134.amzn2', 'cpu':'x86_64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-5.15'},
{'reference':'kernel-headers-5.15.69-37.134.amzn2', 'cpu':'aarch64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-5.15'},
{'reference':'kernel-headers-5.15.69-37.134.amzn2', 'cpu':'i686', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-5.15'},
{'reference':'kernel-headers-5.15.69-37.134.amzn2', 'cpu':'x86_64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-5.15'},
{'reference':'kernel-livepatch-5.15.69-37.134-1.0-0.amzn2', 'cpu':'aarch64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-5.15'},
{'reference':'kernel-livepatch-5.15.69-37.134-1.0-0.amzn2', 'cpu':'x86_64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-5.15'},
{'reference':'kernel-tools-5.15.69-37.134.amzn2', 'cpu':'aarch64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-5.15'},
{'reference':'kernel-tools-5.15.69-37.134.amzn2', 'cpu':'x86_64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-5.15'},
{'reference':'kernel-tools-debuginfo-5.15.69-37.134.amzn2', 'cpu':'aarch64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-5.15'},
{'reference':'kernel-tools-debuginfo-5.15.69-37.134.amzn2', 'cpu':'x86_64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-5.15'},
{'reference':'kernel-tools-devel-5.15.69-37.134.amzn2', 'cpu':'aarch64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-5.15'},
{'reference':'kernel-tools-devel-5.15.69-37.134.amzn2', 'cpu':'x86_64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-5.15'},
{'reference':'perf-5.15.69-37.134.amzn2', 'cpu':'aarch64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-5.15'},
{'reference':'perf-5.15.69-37.134.amzn2', 'cpu':'x86_64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-5.15'},
{'reference':'perf-debuginfo-5.15.69-37.134.amzn2', 'cpu':'aarch64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-5.15'},
{'reference':'perf-debuginfo-5.15.69-37.134.amzn2', 'cpu':'x86_64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-5.15'},
{'reference':'python-perf-5.15.69-37.134.amzn2', 'cpu':'aarch64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-5.15'},
{'reference':'python-perf-5.15.69-37.134.amzn2', 'cpu':'x86_64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-5.15'},
{'reference':'python-perf-debuginfo-5.15.69-37.134.amzn2', 'cpu':'aarch64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-5.15'},
{'reference':'python-perf-debuginfo-5.15.69-37.134.amzn2', 'cpu':'x86_64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-5.15'}
];
var flag = 0;
foreach var package_array ( pkgs ) {
var reference = NULL;
var _release = NULL;
var sp = NULL;
var _cpu = NULL;
var el_string = NULL;
var rpm_spec_vers_cmp = NULL;
var epoch = NULL;
var allowmaj = NULL;
var exists_check = NULL;
if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];
if (!empty_or_null(package_array['release'])) _release = package_array['release'];
if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];
if (!empty_or_null(package_array['cpu'])) _cpu = package_array['cpu'];
if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string'];
if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];
if (!empty_or_null(package_array['epoch'])) epoch = package_array['epoch'];
if (!empty_or_null(package_array['allowmaj'])) allowmaj = package_array['allowmaj'];
if (!empty_or_null(package_array['exists_check'])) exists_check = package_array['exists_check'];
if (reference && _release && (!exists_check || rpm_exists(release:_release, rpm:exists_check))) {
if (rpm_check(release:_release, sp:sp, cpu:_cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;
}
}
if (flag)
{
security_report_v4(
port : 0,
severity : SECURITY_HOLE,
extra : rpm_report_get()
);
exit(0);
}
else
{
var tested = pkg_tests_get();
if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
else audit(AUDIT_PACKAGE_NOT_INSTALLED, "bpftool / bpftool-debuginfo / kernel / etc");
}
Vendor | Product | Version | CPE |
---|---|---|---|
amazon | linux | bpftool | p-cpe:/a:amazon:linux:bpftool |
amazon | linux | bpftool-debuginfo | p-cpe:/a:amazon:linux:bpftool-debuginfo |
amazon | linux | kernel | p-cpe:/a:amazon:linux:kernel |
amazon | linux | kernel-debuginfo | p-cpe:/a:amazon:linux:kernel-debuginfo |
amazon | linux | kernel-debuginfo-common-aarch64 | p-cpe:/a:amazon:linux:kernel-debuginfo-common-aarch64 |
amazon | linux | kernel-debuginfo-common-x86_64 | p-cpe:/a:amazon:linux:kernel-debuginfo-common-x86_64 |
amazon | linux | kernel-devel | p-cpe:/a:amazon:linux:kernel-devel |
amazon | linux | kernel-headers | p-cpe:/a:amazon:linux:kernel-headers |
amazon | linux | kernel-livepatch-5.15.69-37.134 | p-cpe:/a:amazon:linux:kernel-livepatch-5.15.69-37.134 |
amazon | linux | kernel-tools | p-cpe:/a:amazon:linux:kernel-tools |
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1679
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2585
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2586
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2588
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-26373
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2663
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2905
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3028
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3176
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3303
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3625
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-39188
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-39189
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-39190
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-40307
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1095
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-2019
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-2513
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-2860
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-3111
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-0562
alas.aws.amazon.com/AL2/ALASKERNEL-5.15-2022-008.html
alas.aws.amazon.com/cve/html/CVE-2022-1679.html
alas.aws.amazon.com/cve/html/CVE-2022-2585.html
alas.aws.amazon.com/cve/html/CVE-2022-2586.html
alas.aws.amazon.com/cve/html/CVE-2022-2588.html
alas.aws.amazon.com/cve/html/CVE-2022-26373.html
alas.aws.amazon.com/cve/html/CVE-2022-2663.html
alas.aws.amazon.com/cve/html/CVE-2022-2905.html
alas.aws.amazon.com/cve/html/CVE-2022-3028.html
alas.aws.amazon.com/cve/html/CVE-2022-3176.html
alas.aws.amazon.com/cve/html/CVE-2022-3303.html
alas.aws.amazon.com/cve/html/CVE-2022-3625.html
alas.aws.amazon.com/cve/html/CVE-2022-39188.html
alas.aws.amazon.com/cve/html/CVE-2022-39189.html
alas.aws.amazon.com/cve/html/CVE-2022-39190.html
alas.aws.amazon.com/cve/html/CVE-2022-40307.html
alas.aws.amazon.com/cve/html/CVE-2023-1095.html
alas.aws.amazon.com/cve/html/CVE-2023-2019.html
alas.aws.amazon.com/cve/html/CVE-2023-2513.html
alas.aws.amazon.com/cve/html/CVE-2023-2860.html
alas.aws.amazon.com/cve/html/CVE-2023-3111.html
alas.aws.amazon.com/cve/html/CVE-2024-0562.html
alas.aws.amazon.com/faqs.html