Amazon Linux AMI - Kernel Flaw (ALAS-2019-1322) Intel CPU inconsistency issue causing severe Do
Reporter | Title | Published | Views | Family All 199 |
---|---|---|---|---|
![]() | CVE-2018-12207 | 14 Nov 201920:15 | – | cve |
![]() | CVE-2019-1391 | 12 Nov 201919:15 | – | cve |
![]() | CVE-2019-19339 | 17 Jan 202019:15 | – | cve |
![]() | Amazon Linux 2 : kernel (ALAS-2019-1366) | 25 Nov 201900:00 | – | nessus |
![]() | OracleVM 3.4 : xen (OVMSA-2019-0054) | 20 Nov 201900:00 | – | nessus |
![]() | F5 Networks BIG-IP : Intel MCE vulnerability (K17269881) | 9 Jul 202000:00 | – | nessus |
![]() | FreeBSD : FreeBSD -- Machine Check Exception on Page Size Change (edc0bf7e-05a1-11ea-9dfa-f8b156ac3ff9) | 26 Nov 201900:00 | – | nessus |
![]() | Xen Denial of Service vulnerability (XSA-304) | 2 Mar 202000:00 | – | nessus |
![]() | Oracle Linux 8 : gcc (ELSA-2021-4386) | 17 Nov 202100:00 | – | nessus |
![]() | RHEL 6 : kernel (RHSA-2019:3842) | 13 Nov 201900:00 | – | nessus |
#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were
# extracted from Amazon Linux AMI Security Advisory ALAS-2019-1322.
#
include('compat.inc');
if (description)
{
script_id(131242);
script_version("1.3");
script_set_attribute(attribute:"plugin_modification_date", value:"2024/04/10");
script_cve_id("CVE-2018-12207");
script_xref(name:"ALAS", value:"2019-1322");
script_name(english:"Amazon Linux AMI : kernel (ALAS-2019-1322)");
script_set_attribute(attribute:"synopsis", value:
"The remote Amazon Linux AMI host is missing a security update.");
script_set_attribute(attribute:"description", value:
"A flaw was found in the way Intel CPUs handle inconsistency between,
virtual to physical memory address translations in CPU's local cache
and system software's Paging structure entries. A privileged guest
user may use this flaw to induce a hardware Machine Check Error on the
host processor, resulting in a severe DoS scenario by halting the
processor.
System software like OS OR Virtual Machine Monitor (VMM) use virtual
memory system for storing program instructions and data in memory.
Virtual Memory system uses Paging structures like Page Tables and Page
Directories to manage system memory. The processor's Memory Management
Unit (MMU) uses Paging structure entries to translate program's
virtual memory addresses to physical memory addresses. The processor
stores these address translations into its local cache buffer called -
Translation Lookaside Buffer (TLB). TLB has two parts, one for
instructions and other for data addresses.
System software can modify its Paging structure entries to change
address mappings OR certain attributes like page size etc. Upon such
Paging structure alterations in memory, system software must
invalidate the corresponding address translations in the processor's
TLB cache. But before this TLB invalidation takes place, a privileged
guest user may trigger an instruction fetch operation, which could use
an already cached, but now invalid, virtual to physical address
translation from Instruction TLB (ITLB). Thus accessing an invalid
physical memory address and resulting in halting the processor due to
the Machine Check Error (MCE) on Page Size Change. (CVE-2018-12207)");
script_set_attribute(attribute:"see_also", value:"https://alas.aws.amazon.com/ALAS-2019-1322.html");
script_set_attribute(attribute:"solution", value:
"Run 'yum update kernel' to update your system.");
script_set_cvss_base_vector("CVSS2#AV:L/AC:L/Au:N/C:N/I:N/A:C");
script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
script_set_cvss3_base_vector("CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H");
script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
script_set_attribute(attribute:"cvss_score_source", value:"CVE-2018-12207");
script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
script_set_attribute(attribute:"exploit_available", value:"false");
script_set_attribute(attribute:"vuln_publication_date", value:"2019/11/14");
script_set_attribute(attribute:"patch_publication_date", value:"2019/11/22");
script_set_attribute(attribute:"plugin_publication_date", value:"2019/11/25");
script_set_attribute(attribute:"plugin_type", value:"local");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:kernel");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:kernel-debuginfo");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:kernel-debuginfo-common-i686");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:kernel-debuginfo-common-x86_64");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:kernel-devel");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:kernel-headers");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:kernel-tools");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:kernel-tools-debuginfo");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:kernel-tools-devel");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:perf");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:perf-debuginfo");
script_set_attribute(attribute:"cpe", value:"cpe:/o:amazon:linux");
script_set_attribute(attribute:"generated_plugin", value:"current");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_family(english:"Amazon Linux Local Security Checks");
script_copyright(english:"This script is Copyright (C) 2019-2024 and is owned by Tenable, Inc. or an Affiliate thereof.");
script_dependencies("ssh_get_info.nasl");
script_require_keys("Host/local_checks_enabled", "Host/AmazonLinux/release", "Host/AmazonLinux/rpm-list");
exit(0);
}
include("audit.inc");
include("global_settings.inc");
include("rpm.inc");
if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
release = get_kb_item("Host/AmazonLinux/release");
if (isnull(release) || !strlen(release)) audit(AUDIT_OS_NOT, "Amazon Linux");
os_ver = pregmatch(pattern: "^AL(A|\d)", string:release);
if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Amazon Linux");
os_ver = os_ver[1];
if (os_ver != "A")
{
if (os_ver == 'A') os_ver = 'AMI';
audit(AUDIT_OS_NOT, "Amazon Linux AMI", "Amazon Linux " + os_ver);
}
if (!get_kb_item("Host/AmazonLinux/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
flag = 0;
if (rpm_check(release:"ALA", reference:"kernel-4.14.154-99.181.amzn1")) flag++;
if (rpm_check(release:"ALA", reference:"kernel-debuginfo-4.14.154-99.181.amzn1")) flag++;
if (rpm_check(release:"ALA", cpu:"i686", reference:"kernel-debuginfo-common-i686-4.14.154-99.181.amzn1")) flag++;
if (rpm_check(release:"ALA", cpu:"x86_64", reference:"kernel-debuginfo-common-x86_64-4.14.154-99.181.amzn1")) flag++;
if (rpm_check(release:"ALA", reference:"kernel-devel-4.14.154-99.181.amzn1")) flag++;
if (rpm_check(release:"ALA", reference:"kernel-headers-4.14.154-99.181.amzn1")) flag++;
if (rpm_check(release:"ALA", reference:"kernel-tools-4.14.154-99.181.amzn1")) flag++;
if (rpm_check(release:"ALA", reference:"kernel-tools-debuginfo-4.14.154-99.181.amzn1")) flag++;
if (rpm_check(release:"ALA", reference:"kernel-tools-devel-4.14.154-99.181.amzn1")) flag++;
if (rpm_check(release:"ALA", reference:"perf-4.14.154-99.181.amzn1")) flag++;
if (rpm_check(release:"ALA", reference:"perf-debuginfo-4.14.154-99.181.amzn1")) flag++;
if (flag)
{
if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());
else security_warning(0);
exit(0);
}
else
{
tested = pkg_tests_get();
if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
else audit(AUDIT_PACKAGE_NOT_INSTALLED, "kernel / kernel-debuginfo / kernel-debuginfo-common-i686 / etc");
}
Transform Your Security Services
Elevate your offerings with Vulners' advanced Vulnerability Intelligence. Contact us for a demo and discover the difference comprehensive, actionable intelligence can make in your security strategy.
Book a live demo