Lucene search
This script is Copyright (C) 2023 and is owned by Tenable, Inc. or an Affiliate thereof.AL2_ALASMICROVM-KERNEL-4_14-2023-001.NASLHistorySep 27, 2023 - 12:00 a.m.
Amazon Linux 2 : microvm-kernel (ALASMICROVM-KERNEL-4.14-2023-001)
2023-09-2700:00:00
This script is Copyright (C) 2023 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
5
The version of microvm-kernel installed on the remote host is prior to 4.14.252-207.481. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2MICROVM-KERNEL-4.14-2023-001 advisory.
-
A flaw was found in the Linux kernel. A corrupted timer tree caused the task wakeup to be missing in the timerqueue_add function in lib/timerqueue.c. This flaw allows a local attacker with special user privileges to cause a denial of service, slowing and eventually stopping the system while running OSP.
(CVE-2021-20317) -
A race condition accessing file object in the Linux kernel OverlayFS subsystem was found in the way users do rename in specific way with OverlayFS. A local user could use this flaw to crash the system.
(CVE-2021-20321) -
hso_free_net_device in drivers/net/usb/hso.c in the Linux kernel through 5.13.4 calls unregister_netdev without checking for the NETREG_REGISTERED state, leading to a use-after-free and a double free.
(CVE-2021-37159) -
A memory leak flaw was found in the Linux kernel in the ccp_run_aes_gcm_cmd() function in drivers/crypto/ccp/ccp-ops.c, which allows attackers to cause a denial of service (memory consumption).
This vulnerability is similar with the older CVE-2019-18808. (CVE-2021-3744) -
A memory leak flaw was found in the Linux kernel’s ccp_run_aes_gcm_cmd() function that allows an attacker to cause a denial of service. The vulnerability is similar to the older CVE-2019-18808. The highest threat from this vulnerability is to system availability. (CVE-2021-3764)
-
arch/mips/net/bpf_jit.c in the Linux kernel before 5.4.10 can generate undesirable machine code when transforming unprivileged cBPF programs, allowing execution of arbitrary code within the kernel context.
This occurs because conditional branches can exceed the 128 KB limit of the MIPS architecture.
(CVE-2021-38300) -
prealloc_elems_and_freelist in kernel/bpf/stackmap.c in the Linux kernel before 5.14.12 allows unprivileged users to trigger an eBPF multiplication integer overflow with a resultant out-of-bounds write. (CVE-2021-41864)
Note that Nessus has not tested for these issues but has instead relied only on the application’s self-reported version number.
#%NASL_MIN_LEVEL 80900
##
# (C) Tenable, Inc.
#
# The descriptive text and package checks in this plugin were
# extracted from Amazon Linux 2 Security Advisory ALASMICROVM-KERNEL-4.14-2023-001.
##
include('compat.inc');
if (description)
{
script_id(181942);
script_version("1.1");
script_set_attribute(attribute:"plugin_modification_date", value:"2023/09/28");
script_cve_id(
"CVE-2021-3744",
"CVE-2021-3764",
"CVE-2021-20317",
"CVE-2021-20321",
"CVE-2021-37159",
"CVE-2021-38300",
"CVE-2021-41864"
);
script_name(english:"Amazon Linux 2 : microvm-kernel (ALASMICROVM-KERNEL-4.14-2023-001)");
script_set_attribute(attribute:"synopsis", value:
"The remote Amazon Linux 2 host is missing a security update.");
script_set_attribute(attribute:"description", value:
"The version of microvm-kernel installed on the remote host is prior to 4.14.252-207.481. It is, therefore, affected by
multiple vulnerabilities as referenced in the ALAS2MICROVM-KERNEL-4.14-2023-001 advisory.
- A flaw was found in the Linux kernel. A corrupted timer tree caused the task wakeup to be missing in the
timerqueue_add function in lib/timerqueue.c. This flaw allows a local attacker with special user
privileges to cause a denial of service, slowing and eventually stopping the system while running OSP.
(CVE-2021-20317)
- A race condition accessing file object in the Linux kernel OverlayFS subsystem was found in the way users
do rename in specific way with OverlayFS. A local user could use this flaw to crash the system.
(CVE-2021-20321)
- hso_free_net_device in drivers/net/usb/hso.c in the Linux kernel through 5.13.4 calls unregister_netdev
without checking for the NETREG_REGISTERED state, leading to a use-after-free and a double free.
(CVE-2021-37159)
- A memory leak flaw was found in the Linux kernel in the ccp_run_aes_gcm_cmd() function in
drivers/crypto/ccp/ccp-ops.c, which allows attackers to cause a denial of service (memory consumption).
This vulnerability is similar with the older CVE-2019-18808. (CVE-2021-3744)
- A memory leak flaw was found in the Linux kernel's ccp_run_aes_gcm_cmd() function that allows an attacker
to cause a denial of service. The vulnerability is similar to the older CVE-2019-18808. The highest threat
from this vulnerability is to system availability. (CVE-2021-3764)
- arch/mips/net/bpf_jit.c in the Linux kernel before 5.4.10 can generate undesirable machine code when
transforming unprivileged cBPF programs, allowing execution of arbitrary code within the kernel context.
This occurs because conditional branches can exceed the 128 KB limit of the MIPS architecture.
(CVE-2021-38300)
- prealloc_elems_and_freelist in kernel/bpf/stackmap.c in the Linux kernel before 5.14.12 allows
unprivileged users to trigger an eBPF multiplication integer overflow with a resultant out-of-bounds
write. (CVE-2021-41864)
Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version
number.");
script_set_attribute(attribute:"see_also", value:"https://alas.aws.amazon.com/AL2/ALASMICROVM-KERNEL-4.14-2023-001.html");
script_set_attribute(attribute:"see_also", value:"https://alas.aws.amazon.com/cve/html/CVE-2021-20317.html");
script_set_attribute(attribute:"see_also", value:"https://alas.aws.amazon.com/cve/html/CVE-2021-20321.html");
script_set_attribute(attribute:"see_also", value:"https://alas.aws.amazon.com/cve/html/CVE-2021-37159.html");
script_set_attribute(attribute:"see_also", value:"https://alas.aws.amazon.com/cve/html/CVE-2021-3744.html");
script_set_attribute(attribute:"see_also", value:"https://alas.aws.amazon.com/cve/html/CVE-2021-3764.html");
script_set_attribute(attribute:"see_also", value:"https://alas.aws.amazon.com/cve/html/CVE-2021-38300.html");
script_set_attribute(attribute:"see_also", value:"https://alas.aws.amazon.com/cve/html/CVE-2021-41864.html");
script_set_attribute(attribute:"see_also", value:"https://alas.aws.amazon.com/faqs.html");
script_set_attribute(attribute:"solution", value:
"Run 'yum update microvm-kernel' to update your system.");
script_set_cvss_base_vector("CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C");
script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C");
script_set_cvss3_base_vector("CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H");
script_set_cvss3_temporal_vector("CVSS:3.0/E:P/RL:O/RC:C");
script_set_attribute(attribute:"cvss_score_source", value:"CVE-2021-38300");
script_set_attribute(attribute:"cvss3_score_source", value:"CVE-2021-41864");
script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
script_set_attribute(attribute:"exploit_available", value:"true");
script_set_attribute(attribute:"vuln_publication_date", value:"2021/07/21");
script_set_attribute(attribute:"patch_publication_date", value:"2023/09/14");
script_set_attribute(attribute:"plugin_publication_date", value:"2023/09/27");
script_set_attribute(attribute:"plugin_type", value:"local");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:microvm-kernel");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:microvm-kernel-debuginfo");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:microvm-kernel-debuginfo-common-aarch64");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:microvm-kernel-debuginfo-common-x86_64");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:microvm-kernel-devel");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:microvm-kernel-headers");
script_set_attribute(attribute:"cpe", value:"cpe:/o:amazon:linux:2");
script_set_attribute(attribute:"generated_plugin", value:"current");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_family(english:"Amazon Linux Local Security Checks");
script_copyright(english:"This script is Copyright (C) 2023 and is owned by Tenable, Inc. or an Affiliate thereof.");
script_dependencies("ssh_get_info.nasl");
script_require_keys("Host/local_checks_enabled", "Host/AmazonLinux/release", "Host/AmazonLinux/rpm-list");
exit(0);
}
include("rpm.inc");
if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
var alas_release = get_kb_item("Host/AmazonLinux/release");
if (isnull(alas_release) || !strlen(alas_release)) audit(AUDIT_OS_NOT, "Amazon Linux");
var os_ver = pregmatch(pattern: "^AL(A|\d+|-\d+)", string:alas_release);
if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Amazon Linux");
os_ver = os_ver[1];
if (os_ver != "2")
{
if (os_ver == 'A') os_ver = 'AMI';
audit(AUDIT_OS_NOT, "Amazon Linux 2", "Amazon Linux " + os_ver);
}
if (!get_kb_item("Host/AmazonLinux/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
var pkgs = [
{'reference':'microvm-kernel-4.14.252-207.481.amzn2', 'cpu':'aarch64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'microvm-kernel-4.14'},
{'reference':'microvm-kernel-4.14.252-207.481.amzn2', 'cpu':'x86_64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'microvm-kernel-4.14'},
{'reference':'microvm-kernel-debuginfo-4.14.252-207.481.amzn2', 'cpu':'aarch64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'microvm-kernel-4.14'},
{'reference':'microvm-kernel-debuginfo-4.14.252-207.481.amzn2', 'cpu':'x86_64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'microvm-kernel-4.14'},
{'reference':'microvm-kernel-debuginfo-common-aarch64-4.14.252-207.481.amzn2', 'cpu':'aarch64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'microvm-kernel-4.14'},
{'reference':'microvm-kernel-debuginfo-common-x86_64-4.14.252-207.481.amzn2', 'cpu':'x86_64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'microvm-kernel-4.14'},
{'reference':'microvm-kernel-devel-4.14.252-207.481.amzn2', 'cpu':'aarch64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'microvm-kernel-4.14'},
{'reference':'microvm-kernel-devel-4.14.252-207.481.amzn2', 'cpu':'x86_64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'microvm-kernel-4.14'},
{'reference':'microvm-kernel-headers-4.14.252-207.481.amzn2', 'cpu':'aarch64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'microvm-kernel-4.14'},
{'reference':'microvm-kernel-headers-4.14.252-207.481.amzn2', 'cpu':'i686', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'microvm-kernel-4.14'},
{'reference':'microvm-kernel-headers-4.14.252-207.481.amzn2', 'cpu':'x86_64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'microvm-kernel-4.14'}
];
var flag = 0;
foreach var package_array ( pkgs ) {
var reference = NULL;
var _release = NULL;
var sp = NULL;
var _cpu = NULL;
var el_string = NULL;
var rpm_spec_vers_cmp = NULL;
var epoch = NULL;
var allowmaj = NULL;
var exists_check = NULL;
if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];
if (!empty_or_null(package_array['release'])) _release = package_array['release'];
if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];
if (!empty_or_null(package_array['cpu'])) _cpu = package_array['cpu'];
if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string'];
if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];
if (!empty_or_null(package_array['epoch'])) epoch = package_array['epoch'];
if (!empty_or_null(package_array['allowmaj'])) allowmaj = package_array['allowmaj'];
if (!empty_or_null(package_array['exists_check'])) exists_check = package_array['exists_check'];
if (reference && _release && (!exists_check || rpm_exists(release:_release, rpm:exists_check))) {
if (rpm_check(release:_release, sp:sp, cpu:_cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;
}
}
if (flag)
{
security_report_v4(
port : 0,
severity : SECURITY_HOLE,
extra : rpm_report_get()
);
exit(0);
}
else
{
var tested = pkg_tests_get();
if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
else audit(AUDIT_PACKAGE_NOT_INSTALLED, "microvm-kernel / microvm-kernel-debuginfo / microvm-kernel-debuginfo-common-x86_64 / etc");
}| Vendor | Product | Version | CPE |
|---|---|---|---|
| amazon | linux | microvm-kernel | p-cpe:/a:amazon:linux:microvm-kernel |
| amazon | linux | microvm-kernel-debuginfo | p-cpe:/a:amazon:linux:microvm-kernel-debuginfo |
| amazon | linux | microvm-kernel-debuginfo-common-aarch64 | p-cpe:/a:amazon:linux:microvm-kernel-debuginfo-common-aarch64 |
| amazon | linux | microvm-kernel-debuginfo-common-x86_64 | p-cpe:/a:amazon:linux:microvm-kernel-debuginfo-common-x86_64 |
| amazon | linux | microvm-kernel-devel | p-cpe:/a:amazon:linux:microvm-kernel-devel |
| amazon | linux | microvm-kernel-headers | p-cpe:/a:amazon:linux:microvm-kernel-headers |
| amazon | linux | 2 | cpe:/o:amazon:linux:2 |
References
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-20317
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-20321
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-37159
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3744
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3764
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-38300
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-41864
alas.aws.amazon.com/AL2/ALASMICROVM-KERNEL-4.14-2023-001.html
alas.aws.amazon.com/cve/html/CVE-2021-20317.html
alas.aws.amazon.com/cve/html/CVE-2021-20321.html
alas.aws.amazon.com/cve/html/CVE-2021-37159.html
alas.aws.amazon.com/cve/html/CVE-2021-3744.html
alas.aws.amazon.com/cve/html/CVE-2021-3764.html
alas.aws.amazon.com/cve/html/CVE-2021-38300.html
alas.aws.amazon.com/cve/html/CVE-2021-41864.html
alas.aws.amazon.com/faqs.html
Related
amazon
amazon
Important: kernel
2021-10-28 23:22:00
nessus
nessus
Amazon Linux 2 : kernel (ALAS-2021-1719)
2021-11-05 00:00:00
Amazon Linux 2 : kernel (ALASKERNEL-5.4-2022-031)
2022-07-22 00:00:00
Amazon Linux 2 : kernel (ALASKERNEL-5.4-2022-027)
2022-07-21 00:00:00
openvas
openvas
Mageia: Security Advisory (MGASA-2021-0490)
2022-01-28 00:00:00
Mageia: Security Advisory (MGASA-2021-0489)
2022-01-28 00:00:00
Ubuntu: Security Advisory (USN-5140-1)
2021-11-12 00:00:00
mageia
mageia
Updated kernel packages fix security vulnerabilities
2021-10-25 18:49:26
Updated kernel-linus packages fix security vulnerabilities
2021-10-25 18:49:26
ubuntucve
ubuntucve
ubuntu
ubuntu
Linux kernel vulnerabilities
2021-11-30 00:00:00
Linux kernel (OEM 5.14) vulnerabilities
2021-11-11 00:00:00
Linux kernel vulnerabilities
2021-11-30 00:00:00
cloudfoundry
cloudfoundry
USN-5164-1: Linux kernel vulnerabilities | Cloud Foundry
2022-01-20 00:00:00
USN-5163-1: Linux kernel vulnerabilities | Cloud Foundry
2022-01-20 00:00:00
USN-5209-1: Linux kernel vulnerabilities | Cloud Foundry
2022-03-08 00:00:00
osv
osv
linux-oem-5.14 vulnerabilities
2021-11-11 05:40:50
cve
cve
redhatcve
redhatcve
debiancve
debiancve
prion
prion
Memory corruption
2022-08-23 16:15:00
Memory corruption
2022-03-04 16:15:00
Code injection
2021-09-20 06:15:00
fedora
fedora
[SECURITY] Fedora 34 Update: kernel-5.14.10-200.fc34
2021-10-11 21:33:46
[SECURITY] Fedora 35 Update: kernel-5.14.10-300.fc35
2021-10-09 01:36:43
[SECURITY] Fedora 33 Update: kernel-5.14.10-100.fc33
2021-10-11 21:36:34
photon
photon
Important Photon OS Security Update - PHSA-2021-3.0-0325
2021-11-04 00:00:00
cbl_mariner
cbl_mariner
CVE-2021-38300 affecting package kernel 5.10.168.1-1
2021-11-03 19:21:29
CVE-2021-38300 affecting package kernel 5.10.78.1-1
2022-04-09 06:52:47
CVE-2021-37159 affecting package kernel 5.10.123.1-1
2022-08-12 16:45:24
f5
f5
K49440205 : Linux kernel vulnerability CVE-2021-38300
2022-10-12 00:00:00
Linux kernel vulnerability CVE-2019-18808
2022-05-20 17:59:00
K11255393 : Linux kernel vulnerability CVE-2021-41864
2022-10-18 00:00:00
veracode
veracode
Denial Of Service (DoS)
2021-12-23 00:41:04
Denial Of Service (DoS)
2021-11-28 00:41:03
Denial Of Service (DoS)
2020-09-24 11:04:08
cnvd
cnvd
Linux kernel has unspecified vulnerabilities (CNVD-2022-06509)
2021-09-27 00:00:00
Linux kernel competition condition issue vulnerability (CNVD-2022-21490)
2021-12-21 00:00:00
oraclelinux
oraclelinux
kernel security and bug fix update
2021-12-22 00:00:00
Unbreakable Enterprise kernel-container security update
2021-12-20 00:00:00
Unbreakable Enterprise kernel security update
2021-12-20 00:00:00
redhat
redhat
(RHSA-2021:5227) Moderate: kernel security and bug fix update
2021-12-21 09:07:34
(RHSA-2021:5241) Moderate: kernel-rt security and bug fix update
2021-12-21 09:12:29
(RHSA-2021:4646) Important: kernel-rt security and bug fix update
2021-11-15 09:56:17
rocky
rocky
kernel security and bug fix update
2021-12-21 09:07:34
kernel-rt security and bug fix update
2021-12-21 09:12:29
kernel-rt security and bug fix update
2021-11-15 09:56:17
almalinux
almalinux
Moderate: kernel security and bug fix update
2021-12-21 09:07:34
Important: kernel security update
2021-11-15 09:57:15
suse
suse
Security update for the Linux Kernel (important)
2021-10-18 00:00:00
Security update for the Linux Kernel (important)
2021-10-15 00:00:00
Security update for the Linux Kernel (important)
2021-10-12 00:00:00
Related for AL2_ALASMICROVM-KERNEL-4_14-2023-001.NASL