Lucene search
Amazon Linux AMI : kernel (ALAS-2021-1477)
🗓️ 26 Jan 2021 00:00:00Reported by This script is Copyright (C) 2021-2024 and is owned by Tenable, Inc. or an Affiliate thereof.Type 
nessus🔗 www.tenable.com👁 59 Views
Amazon Linux AMI kernel prior to 4.14.214-118.339 vulnerabilities(ALAS-2021-1477
Show more
| Reporter | Title | Published | Views | Family All 199 |
|---|---|---|---|---|
 | Important: kernel | 26 Jan 202100:11 | – | amazon |
| Important: kernel | 25 Jan 202123:09 | – | amazon |
| Amazon Linux 2 : kernel (ALAS-2021-1588) | 26 Jan 202100:00 | – | nessus |
| Ubuntu 16.04 LTS : Linux kernel vulnerabilities (USN-4748-1) | 23 Mar 202100:00 | – | nessus |
| Amazon Linux 2 : kernel (ALASKERNEL-5.4-2022-019) | 2 May 202200:00 | – | nessus |
| Photon OS 2.0: Linux PHSA-2020-2.0-0287 | 30 Sep 202000:00 | – | nessus |
| Ubuntu 16.04 LTS / 18.04 LTS : Linux kernel vulnerabilities (USN-4749-1) | 23 Mar 202100:00 | – | nessus |
| Fedora 33 : kernel (2020-b732958765) | 17 Dec 202000:00 | – | nessus |
| Photon OS 1.0: Linux PHSA-2020-1.0-0350 | 22 Dec 202000:00 | – | nessus |
| Fedora 32 : kernel (2020-bc0cc81a7a) | 17 Dec 202000:00 | – | nessus |
10
10
##
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were
# extracted from Amazon Linux AMI Security Advisory ALAS-2021-1477.
##
include('compat.inc');
if (description)
{
script_id(145458);
script_version("1.5");
script_set_attribute(attribute:"plugin_modification_date", value:"2024/12/11");
script_cve_id(
"CVE-2019-19813",
"CVE-2019-19816",
"CVE-2020-27815",
"CVE-2020-29568",
"CVE-2020-29569",
"CVE-2020-29660",
"CVE-2020-29661"
);
script_xref(name:"ALAS", value:"2021-1477");
script_name(english:"Amazon Linux AMI : kernel (ALAS-2021-1477)");
script_set_attribute(attribute:"synopsis", value:
"The remote Amazon Linux AMI host is missing a security update.");
script_set_attribute(attribute:"description", value:
"The version of kernel installed on the remote host is prior to 4.14.214-118.339. It is, therefore, affected by multiple
vulnerabilities as referenced in the ALAS-2021-1477 advisory.
In the Linux kernel 5.0.21, mounting a crafted btrfs filesystem image, performing some operations, and
then making a syncfs system call can lead to a use-after-free in __mutex_lock in kernel/locking/mutex.c.
This is related to mutex_can_spin_on_owner in kernel/locking/mutex.c, __btrfs_qgroup_free_meta in
fs/btrfs/qgroup.c, and btrfs_insert_delayed_items in fs/btrfs/delayed-inode.c. (CVE-2019-19813)
A flaw was found in the implementation of the BTRFS file system code in the Linux kernel. An attacker, who
is able to mount a crafted BTRFS filesystem and perform common filesystem operations, can possibly cause
an out-of-bounds write to memory. This could lead to memory corruption or privilege escalation.
(CVE-2019-19816)
Array index out of bounds access when setting extended attributes on journaling filesystems.
(CVE-2020-27815)
An issue was discovered in Xen through 4.14.x. Some OSes (such as Linux, FreeBSD, and NetBSD) are
processing watch events using a single thread. If the events are received faster than the thread is able
to handle, they will get queued. As the queue is unbounded, a guest may be able to trigger an OOM in the
backend. All systems with a FreeBSD, Linux, or NetBSD (any version) dom0 are vulnerable. (CVE-2020-29568)
An issue was discovered in the Linux kernel through 5.10.1, as used with Xen through 4.14.x. The Linux
kernel PV block backend expects the kernel thread handler to reset ring->xenblkd to NULL when stopped.
However, the handler may not have time to run if the frontend quickly toggles between the states connect
and disconnect. As a consequence, the block backend may re-use a pointer after it was freed. A misbehaving
guest can trigger a dom0 crash by continuously connecting / disconnecting a block frontend. Privilege
escalation and information leaks cannot be ruled out. This only affects systems with a Linux blkback.
(CVE-2020-29569)
A locking inconsistency issue was discovered in the tty subsystem of the Linux kernel through 5.9.13.
drivers/tty/tty_io.c and drivers/tty/tty_jobctrl.c may allow a read-after-free attack against TIOCGSID,
aka CID-c8bcd9c5be24. (CVE-2020-29660)
A locking vulnerability was found in the tty subsystem of the Linux kernel in drivers/tty/tty_jobctrl.c.
This flaw allows a local attacker to possibly corrupt memory or escalate privileges. The highest threat
from this vulnerability is to confidentiality, integrity, as well as system availability. (CVE-2020-29661)
Tenable has extracted the preceding description block directly from the tested product security advisory.
Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version
number.");
script_set_attribute(attribute:"see_also", value:"https://alas.aws.amazon.com/ALAS-2021-1477.html");
script_set_attribute(attribute:"see_also", value:"https://access.redhat.com/security/cve/CVE-2019-19813");
script_set_attribute(attribute:"see_also", value:"https://access.redhat.com/security/cve/CVE-2019-19816");
script_set_attribute(attribute:"see_also", value:"https://access.redhat.com/security/cve/CVE-2020-27815");
script_set_attribute(attribute:"see_also", value:"https://access.redhat.com/security/cve/CVE-2020-29568");
script_set_attribute(attribute:"see_also", value:"https://access.redhat.com/security/cve/CVE-2020-29569");
script_set_attribute(attribute:"see_also", value:"https://access.redhat.com/security/cve/CVE-2020-29660");
script_set_attribute(attribute:"see_also", value:"https://access.redhat.com/security/cve/CVE-2020-29661");
script_set_attribute(attribute:"solution", value:
"Run 'yum update kernel' to update your system.");
script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C");
script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C");
script_set_cvss3_base_vector("CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H");
script_set_cvss3_temporal_vector("CVSS:3.0/E:P/RL:O/RC:C");
script_set_attribute(attribute:"cvss_score_source", value:"CVE-2019-19816");
script_set_attribute(attribute:"cvss3_score_source", value:"CVE-2020-29569");
script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
script_set_attribute(attribute:"exploit_available", value:"true");
script_set_attribute(attribute:"vuln_publication_date", value:"2019/12/17");
script_set_attribute(attribute:"patch_publication_date", value:"2021/01/26");
script_set_attribute(attribute:"plugin_publication_date", value:"2021/01/26");
script_set_attribute(attribute:"plugin_type", value:"local");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:kernel");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:kernel-debuginfo");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:kernel-debuginfo-common-i686");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:kernel-debuginfo-common-x86_64");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:kernel-devel");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:kernel-headers");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:kernel-tools");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:kernel-tools-debuginfo");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:kernel-tools-devel");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:perf");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:perf-debuginfo");
script_set_attribute(attribute:"cpe", value:"cpe:/o:amazon:linux");
script_set_attribute(attribute:"generated_plugin", value:"current");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_family(english:"Amazon Linux Local Security Checks");
script_copyright(english:"This script is Copyright (C) 2021-2024 and is owned by Tenable, Inc. or an Affiliate thereof.");
script_dependencies("kpatch.nasl", "ssh_get_info.nasl");
script_require_keys("Host/local_checks_enabled", "Host/AmazonLinux/release", "Host/AmazonLinux/rpm-list");
exit(0);
}
include("rpm.inc");
include("hotfixes.inc");
if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
var alas_release = get_kb_item("Host/AmazonLinux/release");
if (isnull(alas_release) || !strlen(alas_release)) audit(AUDIT_OS_NOT, "Amazon Linux");
var os_ver = pregmatch(pattern: "^AL(A|\d+|-\d+)", string:alas_release);
if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Amazon Linux");
os_ver = os_ver[1];
if (os_ver != "A")
{
if (os_ver == 'A') os_ver = 'AMI';
audit(AUDIT_OS_NOT, "Amazon Linux AMI", "Amazon Linux " + os_ver);
}
if (!get_kb_item("Host/AmazonLinux/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
if (get_one_kb_item("Host/kpatch/kernel-cves"))
{
set_hotfix_type("kpatch");
var cve_list = make_list("CVE-2019-19813", "CVE-2019-19816", "CVE-2020-27815", "CVE-2020-29568", "CVE-2020-29569", "CVE-2020-29660", "CVE-2020-29661");
if (hotfix_cves_check(cve_list))
{
audit(AUDIT_PATCH_INSTALLED, "kpatch hotfix for ALAS-2021-1477");
}
else
{
__rpm_report = hotfix_reporting_text();
}
}
var pkgs = [
{'reference':'kernel-4.14.214-118.339.amzn1', 'cpu':'i686', 'release':'ALA', 'rpm_spec_vers_cmp':TRUE},
{'reference':'kernel-4.14.214-118.339.amzn1', 'cpu':'x86_64', 'release':'ALA', 'rpm_spec_vers_cmp':TRUE},
{'reference':'kernel-debuginfo-4.14.214-118.339.amzn1', 'cpu':'i686', 'release':'ALA', 'rpm_spec_vers_cmp':TRUE},
{'reference':'kernel-debuginfo-4.14.214-118.339.amzn1', 'cpu':'x86_64', 'release':'ALA', 'rpm_spec_vers_cmp':TRUE},
{'reference':'kernel-debuginfo-common-i686-4.14.214-118.339.amzn1', 'cpu':'i686', 'release':'ALA', 'rpm_spec_vers_cmp':TRUE},
{'reference':'kernel-debuginfo-common-x86_64-4.14.214-118.339.amzn1', 'cpu':'x86_64', 'release':'ALA', 'rpm_spec_vers_cmp':TRUE},
{'reference':'kernel-devel-4.14.214-118.339.amzn1', 'cpu':'i686', 'release':'ALA', 'rpm_spec_vers_cmp':TRUE},
{'reference':'kernel-devel-4.14.214-118.339.amzn1', 'cpu':'x86_64', 'release':'ALA', 'rpm_spec_vers_cmp':TRUE},
{'reference':'kernel-headers-4.14.214-118.339.amzn1', 'cpu':'i686', 'release':'ALA', 'rpm_spec_vers_cmp':TRUE},
{'reference':'kernel-headers-4.14.214-118.339.amzn1', 'cpu':'x86_64', 'release':'ALA', 'rpm_spec_vers_cmp':TRUE},
{'reference':'kernel-tools-4.14.214-118.339.amzn1', 'cpu':'i686', 'release':'ALA', 'rpm_spec_vers_cmp':TRUE},
{'reference':'kernel-tools-4.14.214-118.339.amzn1', 'cpu':'x86_64', 'release':'ALA', 'rpm_spec_vers_cmp':TRUE},
{'reference':'kernel-tools-debuginfo-4.14.214-118.339.amzn1', 'cpu':'i686', 'release':'ALA', 'rpm_spec_vers_cmp':TRUE},
{'reference':'kernel-tools-debuginfo-4.14.214-118.339.amzn1', 'cpu':'x86_64', 'release':'ALA', 'rpm_spec_vers_cmp':TRUE},
{'reference':'kernel-tools-devel-4.14.214-118.339.amzn1', 'cpu':'i686', 'release':'ALA', 'rpm_spec_vers_cmp':TRUE},
{'reference':'kernel-tools-devel-4.14.214-118.339.amzn1', 'cpu':'x86_64', 'release':'ALA', 'rpm_spec_vers_cmp':TRUE},
{'reference':'perf-4.14.214-118.339.amzn1', 'cpu':'i686', 'release':'ALA', 'rpm_spec_vers_cmp':TRUE},
{'reference':'perf-4.14.214-118.339.amzn1', 'cpu':'x86_64', 'release':'ALA', 'rpm_spec_vers_cmp':TRUE},
{'reference':'perf-debuginfo-4.14.214-118.339.amzn1', 'cpu':'i686', 'release':'ALA', 'rpm_spec_vers_cmp':TRUE},
{'reference':'perf-debuginfo-4.14.214-118.339.amzn1', 'cpu':'x86_64', 'release':'ALA', 'rpm_spec_vers_cmp':TRUE}
];
var flag = 0;
foreach var package_array ( pkgs ) {
var reference = NULL;
var _release = NULL;
var sp = NULL;
var _cpu = NULL;
var el_string = NULL;
var rpm_spec_vers_cmp = NULL;
var epoch = NULL;
var allowmaj = NULL;
var exists_check = NULL;
var cves = NULL;
if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];
if (!empty_or_null(package_array['release'])) _release = package_array['release'];
if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];
if (!empty_or_null(package_array['cpu'])) _cpu = package_array['cpu'];
if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string'];
if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];
if (!empty_or_null(package_array['epoch'])) epoch = package_array['epoch'];
if (!empty_or_null(package_array['allowmaj'])) allowmaj = package_array['allowmaj'];
if (!empty_or_null(package_array['exists_check'])) exists_check = package_array['exists_check'];
if (!empty_or_null(package_array['cves'])) cves = package_array['cves'];
if (reference && _release && (!exists_check || rpm_exists(release:_release, rpm:exists_check))) {
if (rpm_check(release:_release, sp:sp, cpu:_cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj, cves:cves)) flag++;
}
}
if (flag)
{
security_report_v4(
port : 0,
severity : SECURITY_HOLE,
extra : rpm_report_get()
);
exit(0);
}
else
{
var tested = pkg_tests_get();
if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
else audit(AUDIT_PACKAGE_NOT_INSTALLED, "kernel / kernel-debuginfo / kernel-debuginfo-common-x86_64 / etc");
}
Transform Your Security Services
Elevate your offerings with Vulners' advanced Vulnerability Intelligence. Contact us for a demo and discover the difference comprehensive, actionable intelligence can make in your security strategy.
Book a live demo26 Jan 2021 00:00Current
8.3High risk
Vulners AI Score8.3
CVSS27.2
CVSS38.8
EPSS0.00211