Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nessusThis script is Copyright (C) 2019-2024 and is owned by Tenable, Inc. or an Affiliate thereof.ALA_ALAS-2019-1322.NASL
HistoryNov 25, 2019 - 12:00 a.m.

Amazon Linux AMI : kernel (ALAS-2019-1322)

2019-11-2500:00:00
This script is Copyright (C) 2019-2024 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
42

7 High

AI Score

Confidence

High

JSON

A flaw was found in the way Intel CPUs handle inconsistency between, virtual to physical memory address translations in CPU’s local cache and system software’s Paging structure entries. A privileged guest user may use this flaw to induce a hardware Machine Check Error on the host processor, resulting in a severe DoS scenario by halting the processor.

System software like OS OR Virtual Machine Monitor (VMM) use virtual memory system for storing program instructions and data in memory.
Virtual Memory system uses Paging structures like Page Tables and Page Directories to manage system memory. The processor’s Memory Management Unit (MMU) uses Paging structure entries to translate program’s virtual memory addresses to physical memory addresses. The processor stores these address translations into its local cache buffer called - Translation Lookaside Buffer (TLB). TLB has two parts, one for instructions and other for data addresses.

System software can modify its Paging structure entries to change address mappings OR certain attributes like page size etc. Upon such Paging structure alterations in memory, system software must invalidate the corresponding address translations in the processor’s TLB cache. But before this TLB invalidation takes place, a privileged guest user may trigger an instruction fetch operation, which could use an already cached, but now invalid, virtual to physical address translation from Instruction TLB (ITLB). Thus accessing an invalid physical memory address and resulting in halting the processor due to the Machine Check Error (MCE) on Page Size Change. (CVE-2018-12207)

#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were
# extracted from Amazon Linux AMI Security Advisory ALAS-2019-1322.
#

include('compat.inc');

if (description)
{
  script_id(131242);
  script_version("1.3");
  script_set_attribute(attribute:"plugin_modification_date", value:"2024/04/10");

  script_cve_id("CVE-2018-12207");
  script_xref(name:"ALAS", value:"2019-1322");

  script_name(english:"Amazon Linux AMI : kernel (ALAS-2019-1322)");

  script_set_attribute(attribute:"synopsis", value:
"The remote Amazon Linux AMI host is missing a security update.");
  script_set_attribute(attribute:"description", value:
"A flaw was found in the way Intel CPUs handle inconsistency between,
virtual to physical memory address translations in CPU's local cache
and system software's Paging structure entries. A privileged guest
user may use this flaw to induce a hardware Machine Check Error on the
host processor, resulting in a severe DoS scenario by halting the
processor.

System software like OS OR Virtual Machine Monitor (VMM) use virtual
memory system for storing program instructions and data in memory.
Virtual Memory system uses Paging structures like Page Tables and Page
Directories to manage system memory. The processor's Memory Management
Unit (MMU) uses Paging structure entries to translate program's
virtual memory addresses to physical memory addresses. The processor
stores these address translations into its local cache buffer called -
Translation Lookaside Buffer (TLB). TLB has two parts, one for
instructions and other for data addresses.

System software can modify its Paging structure entries to change
address mappings OR certain attributes like page size etc. Upon such
Paging structure alterations in memory, system software must
invalidate the corresponding address translations in the processor's
TLB cache. But before this TLB invalidation takes place, a privileged
guest user may trigger an instruction fetch operation, which could use
an already cached, but now invalid, virtual to physical address
translation from Instruction TLB (ITLB). Thus accessing an invalid
physical memory address and resulting in halting the processor due to
the Machine Check Error (MCE) on Page Size Change. (CVE-2018-12207)");
  script_set_attribute(attribute:"see_also", value:"https://alas.aws.amazon.com/ALAS-2019-1322.html");
  script_set_attribute(attribute:"solution", value:
"Run 'yum update kernel' to update your system.");
  script_set_cvss_base_vector("CVSS2#AV:L/AC:L/Au:N/C:N/I:N/A:C");
  script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
  script_set_cvss3_base_vector("CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H");
  script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
  script_set_attribute(attribute:"cvss_score_source", value:"CVE-2018-12207");

  script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"false");

  script_set_attribute(attribute:"vuln_publication_date", value:"2019/11/14");
  script_set_attribute(attribute:"patch_publication_date", value:"2019/11/22");
  script_set_attribute(attribute:"plugin_publication_date", value:"2019/11/25");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:kernel");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:kernel-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:kernel-debuginfo-common-i686");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:kernel-debuginfo-common-x86_64");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:kernel-devel");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:kernel-headers");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:kernel-tools");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:kernel-tools-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:kernel-tools-devel");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:perf");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:perf-debuginfo");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:amazon:linux");
  script_set_attribute(attribute:"generated_plugin", value:"current");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"Amazon Linux Local Security Checks");

  script_copyright(english:"This script is Copyright (C) 2019-2024 and is owned by Tenable, Inc. or an Affiliate thereof.");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/AmazonLinux/release", "Host/AmazonLinux/rpm-list");

  exit(0);
}


include("audit.inc");
include("global_settings.inc");
include("rpm.inc");


if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);

release = get_kb_item("Host/AmazonLinux/release");
if (isnull(release) || !strlen(release)) audit(AUDIT_OS_NOT, "Amazon Linux");
os_ver = pregmatch(pattern: "^AL(A|\d)", string:release);
if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Amazon Linux");
os_ver = os_ver[1];
if (os_ver != "A")
{
  if (os_ver == 'A') os_ver = 'AMI';
  audit(AUDIT_OS_NOT, "Amazon Linux AMI", "Amazon Linux " + os_ver);
}

if (!get_kb_item("Host/AmazonLinux/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);


flag = 0;
if (rpm_check(release:"ALA", reference:"kernel-4.14.154-99.181.amzn1")) flag++;
if (rpm_check(release:"ALA", reference:"kernel-debuginfo-4.14.154-99.181.amzn1")) flag++;
if (rpm_check(release:"ALA", cpu:"i686", reference:"kernel-debuginfo-common-i686-4.14.154-99.181.amzn1")) flag++;
if (rpm_check(release:"ALA", cpu:"x86_64", reference:"kernel-debuginfo-common-x86_64-4.14.154-99.181.amzn1")) flag++;
if (rpm_check(release:"ALA", reference:"kernel-devel-4.14.154-99.181.amzn1")) flag++;
if (rpm_check(release:"ALA", reference:"kernel-headers-4.14.154-99.181.amzn1")) flag++;
if (rpm_check(release:"ALA", reference:"kernel-tools-4.14.154-99.181.amzn1")) flag++;
if (rpm_check(release:"ALA", reference:"kernel-tools-debuginfo-4.14.154-99.181.amzn1")) flag++;
if (rpm_check(release:"ALA", reference:"kernel-tools-devel-4.14.154-99.181.amzn1")) flag++;
if (rpm_check(release:"ALA", reference:"perf-4.14.154-99.181.amzn1")) flag++;
if (rpm_check(release:"ALA", reference:"perf-debuginfo-4.14.154-99.181.amzn1")) flag++;

if (flag)
{
  if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());
  else security_warning(0);
  exit(0);
}
else
{
  tested = pkg_tests_get();
  if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
  else audit(AUDIT_PACKAGE_NOT_INSTALLED, "kernel / kernel-debuginfo / kernel-debuginfo-common-i686 / etc");
}
VendorProductVersionCPE
amazonlinuxkernelp-cpe:/a:amazon:linux:kernel
amazonlinuxkernel-debuginfop-cpe:/a:amazon:linux:kernel-debuginfo
amazonlinuxkernel-debuginfo-common-i686p-cpe:/a:amazon:linux:kernel-debuginfo-common-i686
amazonlinuxkernel-debuginfo-common-x86_64p-cpe:/a:amazon:linux:kernel-debuginfo-common-x86_64
amazonlinuxkernel-develp-cpe:/a:amazon:linux:kernel-devel
amazonlinuxkernel-headersp-cpe:/a:amazon:linux:kernel-headers
amazonlinuxkernel-toolsp-cpe:/a:amazon:linux:kernel-tools
amazonlinuxkernel-tools-debuginfop-cpe:/a:amazon:linux:kernel-tools-debuginfo
amazonlinuxkernel-tools-develp-cpe:/a:amazon:linux:kernel-tools-devel
amazonlinuxperfp-cpe:/a:amazon:linux:perf
Rows per page:
1-10 of 121

Related

nessus 65
xen 1
cve 3
symantec 1
osv 3
prion 3
ubuntucve 2
debiancve 1
f5 1
veracode 1
amazon 2
freebsd 1
freebsd_advisory 1
redhatcve 2
intel 1
openvas 43
mscve 1
vmware 1
redhat 20
suse 6
citrix 1
oraclelinux 11
mskb 1
mageia 4
centos 2
fedora 12
virtuozzo 2
ubuntu 3
debian 3
photon 1
nessus
nessus
Amazon Linux 2 : kernel (ALAS-2019-1366)
2019-11-25 00:00:00
Xen Denial of Service vulnerability (XSA-304)
2020-03-02 00:00:00
FreeBSD : FreeBSD -- Machine Check Exception on Page Size Change (edc0bf7e-05a1-11ea-9dfa-f8b156ac3ff9)
2019-11-26 00:00:00
xen
xen
x86: Machine Check Error on Page Size Change DoS
2019-11-12 17:53:00
cve
cve
CVE-2018-12207
2019-11-14 20:15:00
CVE-2019-1391
2019-11-12 19:15:00
CVE-2019-19339
2020-01-17 19:15:00
symantec
symantec
Multiple Intel Processors CVE-2018-12207 Denial of Service Vulnerability
2019-11-12 00:00:00
osv
osv
CVE-2018-12207
2019-11-14 20:15:11
linux - security update
2019-11-12 00:00:00
linux-4.9 - security update
2019-11-12 00:00:00
prion
prion
Input validation
2019-11-14 20:15:00
Denial of service
2019-11-12 19:15:00
Code injection
2020-01-17 19:15:00
ubuntucve
ubuntucve
CVE-2018-12207
2019-11-12 00:00:00
CVE-2019-19339
2020-01-17 00:00:00
debiancve
debiancve
CVE-2018-12207
2019-11-14 20:15:00
f5
f5
K17269881 : Intel MCE vulnerability CVE-2018-12207
2019-12-04 00:00:00
veracode
veracode
Denial Of Service (DoS)
2019-11-13 00:19:59
amazon
amazon
Important: kernel
2019-11-19 17:31:00
Important: kernel
2019-11-19 17:52:00
freebsd
freebsd
FreeBSD -- Machine Check Exception on Page Size Change
2019-11-14 00:00:00
freebsd_advisory
freebsd_advisory
FreeBSD-SA-19:25.mcepsc
2019-11-12 00:00:00
redhatcve
redhatcve
CVE-2018-12207
2020-04-09 10:06:17
CVE-2019-19339
2019-12-11 12:21:10
intel
intel
2019.2 IPU – Intel® Processor Machine Check Error Advisory
2021-05-11 00:00:00
openvas
openvas
Missing Linux Kernel mitigations for 'iTLB multihit' hardware vulnerabilities
2020-06-02 00:00:00
SUSE: Security Advisory (SUSE-SU-2019:3340-1)
2021-04-19 00:00:00
SUSE: Security Advisory (SUSE-SU-2019:3348-1)
2021-06-09 00:00:00
mscve
mscve
Windows Denial of Service Vulnerability
2019-11-12 08:00:00
vmware
vmware
VMware ESXi, Workstation, and Fusion patches provide Hypervisor-Specific Mitigations for Speculative-Execution Vulnerabilities (CVE-2018-12207, CVE-2019-11135)
2019-11-12 00:00:00
redhat
redhat
(RHSA-2019:3843) Important: kernel security update
2019-11-12 20:16:37
(RHSA-2020:0026) Important: kpatch-patch security update
2020-01-06 13:40:28
(RHSA-2019:3842) Important: kernel security update
2019-11-12 20:16:23
suse
suse
Security update for spectre-meltdown-checker (moderate)
2019-12-31 00:00:00
Security update for qemu (important)
2019-11-14 00:00:00
Security update for xen (important)
2019-11-14 00:00:00
citrix
citrix
Citrix Hypervisor Security Update
2019-11-12 05:00:00
oraclelinux
oraclelinux
gcc security and bug fix update
2020-05-05 00:00:00
Unbreakable Enterprise kernel security update
2019-11-12 00:00:00
microcode_ctl security update
2019-12-04 00:00:00
mskb
mskb
November 12, 2019—KB4525245 (OS Build 15063.2172)
2019-11-12 00:00:00
mageia
mageia
Updated kernel packages fix security vulnerabilities
2019-11-20 00:16:53
Updated microcode packages fix security vulnerabilities
2019-12-26 01:57:53
Updated microcode packages fix security vulnerabilities
2019-11-20 00:16:53
centos
centos
bpftool, kernel, perf, python security update
2019-11-14 19:41:10
kernel, perf, python security update
2019-11-14 01:19:32
fedora
fedora
[SECURITY] Fedora 30 Update: kernel-tools-5.3.11-200.fc30
2019-11-13 06:28:06
[SECURITY] Fedora 30 Update: kernel-headers-5.3.11-200.fc30
2019-11-13 06:28:06
[SECURITY] Fedora 30 Update: microcode_ctl-2.1-33.fc30
2019-11-13 06:28:06
virtuozzo
virtuozzo
Important kernel security update: New kernel 2.6.32-042stab141.3 for Virtuozzo Containers for Linux 4.7, Server Bare Metal 5.0
2019-11-21 00:00:00
Important kernel security update: New kernel 2.6.32-042stab141.3; Virtuozzo 6.0 Update 12 Hotfix 48 (6.0.12-3753)
2019-11-21 00:00:00
ubuntu
ubuntu
Linux kernel (Azure) vulnerabilities
2019-11-13 00:00:00
Linux kernel vulnerability
2019-11-13 00:00:00
Linux kernel vulnerabilities
2019-11-13 00:00:00
debian
debian
[SECURITY] [DSA 4564-1] linux security update
2019-11-12 19:17:26
[SECURITY] [DLA 1990-1] linux-4.9 security update
2019-11-13 22:51:44
[SECURITY] [DSA 4564-1] linux security update
2019-11-12 19:17:26
photon
photon
Critical Photon OS Security Update - PHSA-2019-3.0-0041
2019-11-19 00:00:00

7 High

AI Score

Confidence

High

JSON
Related for ALA_ALAS-2019-1322.NASL
nessus65xen1cve3symantec1osv3prion3ubuntucve2debiancve1f51veracode1amazon2freebsd1freebsd_advisory1redhatcve2intel1openvas43mscve1vmware1redhat20suse6citrix1oraclelinux11mskb1mageia4centos2fedora12virtuozzo2ubuntu3debian3photon1