Lucene search
Amazon Linux 2 : kernel (ALASKERNEL-5.4-2022-016)
🗓️ 02 May 2022 00:00:00Reported by This script is Copyright (C) 2022-2024 and is owned by Tenable, Inc. or an Affiliate thereof.Type 
nessus🔗 www.tenable.com👁 37 Views
Amazon Linux 2 kernel (ALASKERNEL-5.4-2022-016) has multiple critical vulnerabilities affecting system availabilit
Show more
| Reporter | Title | Published | Views | Family All 199 |
|---|---|---|---|---|
| Photon OS 3.0: Linux PHSA-2020-3.0-0142 | 21 Sep 202000:00 | – | nessus |
| Amazon Linux AMI : kernel (ALAS-2020-1437) | 28 Oct 202000:00 | – | nessus |
| EulerOS 2.0 SP9 : kernel (EulerOS-SA-2020-2176) | 9 Oct 202000:00 | – | nessus |
| Oracle Linux 7 / 8 : Unbreakable Enterprise kernel (ELSA-2020-5884) | 12 Oct 202000:00 | – | nessus |
| NewStart CGSL MAIN 6.02 : kernel Multiple Vulnerabilities (NS-SA-2021-0051) | 10 Mar 202100:00 | – | nessus |
| EulerOS 2.0 SP9 : kernel (EulerOS-SA-2020-2166) | 9 Oct 202000:00 | – | nessus |
| Amazon Linux 2 : kernel (ALAS-2020-1495) | 1 Oct 202000:00 | – | nessus |
| Photon OS 2.0: Linux PHSA-2020-2.0-0288 | 14 Oct 202000:00 | – | nessus |
| Debian DLA-2385-1 : linux-4.19 security update | 29 Sep 202000:00 | – | nessus |
| Ubuntu 18.04 LTS / 20.04 LTS : Linux kernel vulnerabilities (USN-4576-1) | 14 Oct 202000:00 | – | nessus |
10
10
##
# (C) Tenable, Inc.
#
# The descriptive text and package checks in this plugin were
# extracted from Amazon Linux 2 Security Advisory ALASKERNEL-5.4-2022-016.
##
include('compat.inc');
if (description)
{
script_id(160437);
script_version("1.6");
script_set_attribute(attribute:"plugin_modification_date", value:"2024/12/11");
script_cve_id(
"CVE-2019-19448",
"CVE-2019-19770",
"CVE-2020-12888",
"CVE-2020-14314",
"CVE-2020-14385",
"CVE-2020-14390",
"CVE-2020-25212",
"CVE-2020-25284",
"CVE-2020-25285",
"CVE-2020-25641"
);
script_name(english:"Amazon Linux 2 : kernel (ALASKERNEL-5.4-2022-016)");
script_set_attribute(attribute:"synopsis", value:
"The remote Amazon Linux 2 host is missing a security update.");
script_set_attribute(attribute:"description", value:
"The version of kernel installed on the remote host is prior to 5.4.68-34.125. It is, therefore, affected by multiple
vulnerabilities as referenced in the ALAS2KERNEL-5.4-2022-016 advisory.
A flaw was found in the Linux kernel's implementation of BTRFS free space management, where the kernel
does not correctly manage the lifetime of internal data structures used. An attacker could use this flaw
to corrupt memory or escalate privileges. (CVE-2019-19448)
A use-after-free flaw was found in the debugfs_remove function in the Linux kernel. The flaw could allow a
local attacker with special user (or root) privilege to crash the system at the time of file or directory
removal. This vulnerability can lead to a kernel information leak. The highest threat from this
vulnerability is to system availability. (CVE-2019-19770)
A flaw was found in the Linux kernel, where it allows userspace processes, for example, a guest VM, to
directly access h/w devices via its VFIO driver modules. The VFIO modules allow users to enable or disable
access to the devices' MMIO memory address spaces. If a user attempts to access the read/write devices'
MMIO address space when it is disabled, some h/w devices issue an interrupt to the CPU to indicate a fatal
error condition, crashing the system. This flaw allows a guest user or process to crash the host system
resulting in a denial of service. (CVE-2020-12888)
A memory out-of-bounds read flaw was found in the Linux kernel's ext3/ext4 file system, in the way it
accesses a directory with broken indexing. This flaw allows a local user to crash the system if the
directory exists. The highest threat from this vulnerability is to system availability. (CVE-2020-14314)
A flaw was found in the Linux kernel. A failure of the file system metadata validator in XFS can cause an
inode with a valid, user-creatable extended attribute to be flagged as corrupt. This can lead to the
filesystem being shutdown, or otherwise rendered inaccessible until it is remounted, leading to a denial
of service. The highest threat from this vulnerability is to system availability. (CVE-2020-14385)
A flaw was found in the Linux kernel. When changing screen size, an out-of-bounds memory write can occur
leading to memory corruption or a denial of service. Due to the nature of the flaw, privilege escalation
cannot be fully ruled out. (CVE-2020-14390)
A flaw was found in the NFSv4 implementation where when mounting a remote attacker controlled server it
could return specially crafted response allow for local memory corruption and possibly privilege
escalation. (CVE-2020-25212)
A flaw was found in the capabilities check of the rados block device functionality in the Linux kernel.
Incorrect capability checks could alllow a local user with root priviledges (but no capabilities) to add
or remove Rados Block Devices from the system. (CVE-2020-25284)
A flaw was found in the Linux kernels sysctl handling code for hugepages management. When multiple root
level processes would write to modify the /proc/sys/vm/nr_hugepages file it could create a race on
internal variables leading to a system crash or memory corruption. (CVE-2020-25285)
A flaw was found in the Linux kernel's implementation of biovecs. A zero-length biovec request issued by
the block subsystem could cause the kernel to enter an infinite loop, causing a denial of service. This
flaw allows a local attacker with basic privileges to issue requests to a block device, resulting in a
denial of service. The highest threat from this vulnerability is to system availability. (CVE-2020-25641)
Tenable has extracted the preceding description block directly from the tested product security advisory.
Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version
number.");
script_set_attribute(attribute:"see_also", value:"https://alas.aws.amazon.com/AL2/ALASKERNEL-5.4-2022-016.html");
script_set_attribute(attribute:"see_also", value:"https://alas.aws.amazon.com/cve/html/CVE-2019-19448.html");
script_set_attribute(attribute:"see_also", value:"https://alas.aws.amazon.com/cve/html/CVE-2019-19770.html");
script_set_attribute(attribute:"see_also", value:"https://alas.aws.amazon.com/cve/html/CVE-2020-12888.html");
script_set_attribute(attribute:"see_also", value:"https://alas.aws.amazon.com/cve/html/CVE-2020-14314.html");
script_set_attribute(attribute:"see_also", value:"https://alas.aws.amazon.com/cve/html/CVE-2020-14385.html");
script_set_attribute(attribute:"see_also", value:"https://alas.aws.amazon.com/cve/html/CVE-2020-14390.html");
script_set_attribute(attribute:"see_also", value:"https://alas.aws.amazon.com/cve/html/CVE-2020-25212.html");
script_set_attribute(attribute:"see_also", value:"https://alas.aws.amazon.com/cve/html/CVE-2020-25284.html");
script_set_attribute(attribute:"see_also", value:"https://alas.aws.amazon.com/cve/html/CVE-2020-25285.html");
script_set_attribute(attribute:"see_also", value:"https://alas.aws.amazon.com/cve/html/CVE-2020-25641.html");
script_set_attribute(attribute:"solution", value:
"Run 'yum update kernel' to update your system.");
script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P");
script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C");
script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H");
script_set_cvss3_temporal_vector("CVSS:3.0/E:P/RL:O/RC:C");
script_set_attribute(attribute:"cvss_score_source", value:"CVE-2019-19448");
script_set_attribute(attribute:"cvss3_score_source", value:"CVE-2019-19770");
script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
script_set_attribute(attribute:"exploit_available", value:"true");
script_set_attribute(attribute:"vuln_publication_date", value:"2019/12/08");
script_set_attribute(attribute:"patch_publication_date", value:"2022/01/20");
script_set_attribute(attribute:"plugin_publication_date", value:"2022/05/02");
script_set_attribute(attribute:"plugin_type", value:"local");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:kernel");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:kernel-debuginfo");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:kernel-debuginfo-common-aarch64");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:kernel-debuginfo-common-x86_64");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:kernel-devel");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:kernel-headers");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:kernel-tools");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:kernel-tools-debuginfo");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:kernel-tools-devel");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:perf");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:perf-debuginfo");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:python-perf");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:python-perf-debuginfo");
script_set_attribute(attribute:"cpe", value:"cpe:/o:amazon:linux:2");
script_set_attribute(attribute:"generated_plugin", value:"current");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_family(english:"Amazon Linux Local Security Checks");
script_copyright(english:"This script is Copyright (C) 2022-2024 and is owned by Tenable, Inc. or an Affiliate thereof.");
script_dependencies("kpatch.nasl", "ssh_get_info.nasl");
script_require_keys("Host/local_checks_enabled", "Host/AmazonLinux/release", "Host/AmazonLinux/rpm-list");
exit(0);
}
include("rpm.inc");
include("hotfixes.inc");
if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
var alas_release = get_kb_item("Host/AmazonLinux/release");
if (isnull(alas_release) || !strlen(alas_release)) audit(AUDIT_OS_NOT, "Amazon Linux");
var os_ver = pregmatch(pattern: "^AL(A|\d+|-\d+)", string:alas_release);
if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Amazon Linux");
os_ver = os_ver[1];
if (os_ver != "2")
{
if (os_ver == 'A') os_ver = 'AMI';
audit(AUDIT_OS_NOT, "Amazon Linux 2", "Amazon Linux " + os_ver);
}
if (!get_kb_item("Host/AmazonLinux/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
if (get_one_kb_item("Host/kpatch/kernel-cves"))
{
set_hotfix_type("kpatch");
var cve_list = make_list("CVE-2019-19448", "CVE-2019-19770", "CVE-2020-12888", "CVE-2020-14314", "CVE-2020-14385", "CVE-2020-14390", "CVE-2020-25212", "CVE-2020-25284", "CVE-2020-25285", "CVE-2020-25641");
if (hotfix_cves_check(cve_list))
{
audit(AUDIT_PATCH_INSTALLED, "kpatch hotfix for ALASKERNEL-5.4-2022-016");
}
else
{
__rpm_report = hotfix_reporting_text();
}
}
var pkgs = [
{'reference':'kernel-5.4.68-34.125.amzn2', 'cpu':'aarch64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-5.4'},
{'reference':'kernel-5.4.68-34.125.amzn2', 'cpu':'x86_64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-5.4'},
{'reference':'kernel-debuginfo-5.4.68-34.125.amzn2', 'cpu':'aarch64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-5.4'},
{'reference':'kernel-debuginfo-5.4.68-34.125.amzn2', 'cpu':'x86_64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-5.4'},
{'reference':'kernel-debuginfo-common-aarch64-5.4.68-34.125.amzn2', 'cpu':'aarch64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-5.4'},
{'reference':'kernel-debuginfo-common-x86_64-5.4.68-34.125.amzn2', 'cpu':'x86_64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-5.4'},
{'reference':'kernel-devel-5.4.68-34.125.amzn2', 'cpu':'aarch64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-5.4'},
{'reference':'kernel-devel-5.4.68-34.125.amzn2', 'cpu':'x86_64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-5.4'},
{'reference':'kernel-headers-5.4.68-34.125.amzn2', 'cpu':'aarch64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-5.4'},
{'reference':'kernel-headers-5.4.68-34.125.amzn2', 'cpu':'i686', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-5.4'},
{'reference':'kernel-headers-5.4.68-34.125.amzn2', 'cpu':'x86_64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-5.4'},
{'reference':'kernel-tools-5.4.68-34.125.amzn2', 'cpu':'aarch64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-5.4'},
{'reference':'kernel-tools-5.4.68-34.125.amzn2', 'cpu':'x86_64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-5.4'},
{'reference':'kernel-tools-debuginfo-5.4.68-34.125.amzn2', 'cpu':'aarch64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-5.4'},
{'reference':'kernel-tools-debuginfo-5.4.68-34.125.amzn2', 'cpu':'x86_64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-5.4'},
{'reference':'kernel-tools-devel-5.4.68-34.125.amzn2', 'cpu':'aarch64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-5.4'},
{'reference':'kernel-tools-devel-5.4.68-34.125.amzn2', 'cpu':'x86_64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-5.4'},
{'reference':'perf-5.4.68-34.125.amzn2', 'cpu':'aarch64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-5.4'},
{'reference':'perf-5.4.68-34.125.amzn2', 'cpu':'x86_64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-5.4'},
{'reference':'perf-debuginfo-5.4.68-34.125.amzn2', 'cpu':'aarch64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-5.4'},
{'reference':'perf-debuginfo-5.4.68-34.125.amzn2', 'cpu':'x86_64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-5.4'},
{'reference':'python-perf-5.4.68-34.125.amzn2', 'cpu':'aarch64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-5.4'},
{'reference':'python-perf-5.4.68-34.125.amzn2', 'cpu':'x86_64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-5.4'},
{'reference':'python-perf-debuginfo-5.4.68-34.125.amzn2', 'cpu':'aarch64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-5.4'},
{'reference':'python-perf-debuginfo-5.4.68-34.125.amzn2', 'cpu':'x86_64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-5.4'}
];
var flag = 0;
foreach var package_array ( pkgs ) {
var reference = NULL;
var _release = NULL;
var sp = NULL;
var _cpu = NULL;
var el_string = NULL;
var rpm_spec_vers_cmp = NULL;
var epoch = NULL;
var allowmaj = NULL;
var exists_check = NULL;
var cves = NULL;
if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];
if (!empty_or_null(package_array['release'])) _release = package_array['release'];
if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];
if (!empty_or_null(package_array['cpu'])) _cpu = package_array['cpu'];
if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string'];
if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];
if (!empty_or_null(package_array['epoch'])) epoch = package_array['epoch'];
if (!empty_or_null(package_array['allowmaj'])) allowmaj = package_array['allowmaj'];
if (!empty_or_null(package_array['exists_check'])) exists_check = package_array['exists_check'];
if (!empty_or_null(package_array['cves'])) cves = package_array['cves'];
if (reference && _release && (!exists_check || rpm_exists(release:_release, rpm:exists_check))) {
if (rpm_check(release:_release, sp:sp, cpu:_cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj, cves:cves)) flag++;
}
}
if (flag)
{
security_report_v4(
port : 0,
severity : SECURITY_WARNING,
extra : rpm_report_get()
);
exit(0);
}
else
{
var tested = pkg_tests_get();
if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
else audit(AUDIT_PACKAGE_NOT_INSTALLED, "kernel / kernel-debuginfo / kernel-debuginfo-common-x86_64 / etc");
}
Transform Your Security Services
Elevate your offerings with Vulners' advanced Vulnerability Intelligence. Contact us for a demo and discover the difference comprehensive, actionable intelligence can make in your security strategy.
Book a live demo02 May 2022 00:00Current
7.9High risk
Vulners AI Score7.9
CVSS26.4
CVSS35.5 - 8.2
EPSS0.0113