Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nessusThis script is Copyright (C) 2021-2024 and is owned by Tenable, Inc. or an Affiliate thereof.ALA_ALAS-2021-1480.NASL
HistoryFeb 18, 2021 - 12:00 a.m.

Amazon Linux AMI : kernel (ALAS-2021-1480)

2021-02-1800:00:00
This script is Copyright (C) 2021-2024 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
84

7.8 High

AI Score

Confidence

High

JSON

The version of kernel installed on the remote host is prior to 4.14.219-119.340. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS-2021-1480 advisory.

  • A use-after-free flaw was found in kernel/trace/ring_buffer.c in Linux kernel (before 5.10-rc1). There was a race problem in trace_open and resize of cpu buffer running parallely on different cpus, may cause a denial of service problem (DOS). This flaw could even allow a local attacker with special user privilege to a kernel information leak threat. (CVE-2020-27825)

  • In drivers/target/target_core_xcopy.c in the Linux kernel before 5.10.7, insufficient identifier checking in the LIO SCSI target code can be used by remote attackers to read or write files via directory traversal in an XCOPY request, aka CID-2896c93811e3. For example, an attack can occur over a network if the attacker has access to one iSCSI LUN. The attacker gains control over file access because I/O operations are proxied via an attacker-selected backstore. (CVE-2020-28374)

  • DISPUTED fs/nfsd/nfs3xdr.c in the Linux kernel through 5.10.8, when there is an NFS export of a subdirectory of a filesystem, allows remote attackers to traverse to other parts of the filesystem via READDIRPLUS. NOTE: some parties argue that such a subdirectory export is not intended to prevent this attack; see also the exports(5) no_subtree_check default behavior. (CVE-2021-3178)

  • An issue was discovered in the Linux kernel through 5.10.11. PI futexes have a kernel stack use-after-free during fault handling, allowing local users to execute code in the kernel, aka CID-34b1a1ce1458.
    (CVE-2021-3347)

  • nbd_add_socket in drivers/block/nbd.c in the Linux kernel through 5.10.12 has an ndb_queue_rq use-after- free that could be triggered by local attackers (with access to the nbd device) via an I/O request at a certain point during device setup, aka CID-b98e762e3d71. (CVE-2021-3348)

Note that Nessus has not tested for this issue but has instead relied only on the application’s self-reported version number.

##
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were
# extracted from Amazon Linux AMI Security Advisory ALAS-2021-1480.
##

include('compat.inc');

if (description)
{
  script_id(146569);
  script_version("1.5");
  script_set_attribute(attribute:"plugin_modification_date", value:"2024/01/22");

  script_cve_id(
    "CVE-2020-27825",
    "CVE-2020-28374",
    "CVE-2021-3178",
    "CVE-2021-3347",
    "CVE-2021-3348",
    "CVE-2021-39648"
  );
  script_xref(name:"ALAS", value:"2021-1480");

  script_name(english:"Amazon Linux AMI : kernel (ALAS-2021-1480)");

  script_set_attribute(attribute:"synopsis", value:
"The remote Amazon Linux AMI host is missing a security update.");
  script_set_attribute(attribute:"description", value:
"The version of kernel installed on the remote host is prior to 4.14.219-119.340. It is, therefore, affected by multiple
vulnerabilities as referenced in the ALAS-2021-1480 advisory.

  - A use-after-free flaw was found in kernel/trace/ring_buffer.c in Linux kernel (before 5.10-rc1). There was
    a race problem in trace_open and resize of cpu buffer running parallely on different cpus, may cause a
    denial of service problem (DOS). This flaw could even allow a local attacker with special user privilege
    to a kernel information leak threat. (CVE-2020-27825)

  - In drivers/target/target_core_xcopy.c in the Linux kernel before 5.10.7, insufficient identifier checking
    in the LIO SCSI target code can be used by remote attackers to read or write files via directory traversal
    in an XCOPY request, aka CID-2896c93811e3. For example, an attack can occur over a network if the attacker
    has access to one iSCSI LUN. The attacker gains control over file access because I/O operations are
    proxied via an attacker-selected backstore. (CVE-2020-28374)

  - ** DISPUTED ** fs/nfsd/nfs3xdr.c in the Linux kernel through 5.10.8, when there is an NFS export of a
    subdirectory of a filesystem, allows remote attackers to traverse to other parts of the filesystem via
    READDIRPLUS. NOTE: some parties argue that such a subdirectory export is not intended to prevent this
    attack; see also the exports(5) no_subtree_check default behavior. (CVE-2021-3178)

  - An issue was discovered in the Linux kernel through 5.10.11. PI futexes have a kernel stack use-after-free
    during fault handling, allowing local users to execute code in the kernel, aka CID-34b1a1ce1458.
    (CVE-2021-3347)

  - nbd_add_socket in drivers/block/nbd.c in the Linux kernel through 5.10.12 has an ndb_queue_rq use-after-
    free that could be triggered by local attackers (with access to the nbd device) via an I/O request at a
    certain point during device setup, aka CID-b98e762e3d71. (CVE-2021-3348)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version
number.");
  script_set_attribute(attribute:"see_also", value:"https://alas.aws.amazon.com/ALAS-2021-1480.html");
  script_set_attribute(attribute:"see_also", value:"https://access.redhat.com/security/cve/CVE-2020-27825");
  script_set_attribute(attribute:"see_also", value:"https://access.redhat.com/security/cve/CVE-2020-28374");
  script_set_attribute(attribute:"see_also", value:"https://access.redhat.com/security/cve/CVE-2021-3178");
  script_set_attribute(attribute:"see_also", value:"https://access.redhat.com/security/cve/CVE-2021-3347");
  script_set_attribute(attribute:"see_also", value:"https://access.redhat.com/security/cve/CVE-2021-3348");
  script_set_attribute(attribute:"solution", value:
"Run 'yum update kernel' to update your system.");
  script_set_cvss_base_vector("CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C");
  script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C");
  script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N");
  script_set_cvss3_temporal_vector("CVSS:3.0/E:P/RL:O/RC:C");
  script_set_attribute(attribute:"cvss_score_source", value:"CVE-2021-3347");
  script_set_attribute(attribute:"cvss3_score_source", value:"CVE-2020-28374");

  script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"true");

  script_set_attribute(attribute:"vuln_publication_date", value:"2020/12/11");
  script_set_attribute(attribute:"patch_publication_date", value:"2021/02/16");
  script_set_attribute(attribute:"plugin_publication_date", value:"2021/02/18");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:kernel");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:kernel-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:kernel-debuginfo-common-i686");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:kernel-debuginfo-common-x86_64");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:kernel-devel");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:kernel-headers");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:kernel-tools");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:kernel-tools-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:kernel-tools-devel");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:perf");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:perf-debuginfo");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:amazon:linux");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"Amazon Linux Local Security Checks");

  script_copyright(english:"This script is Copyright (C) 2021-2024 and is owned by Tenable, Inc. or an Affiliate thereof.");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/AmazonLinux/release", "Host/AmazonLinux/rpm-list");

  exit(0);
}

include("audit.inc");
include("global_settings.inc");
include("rpm.inc");
include("hotfixes.inc");

if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);

release = get_kb_item("Host/AmazonLinux/release");
if (isnull(release) || !strlen(release)) audit(AUDIT_OS_NOT, "Amazon Linux");
os_ver = pregmatch(pattern: "^AL(A|\d)", string:release);
if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Amazon Linux");
os_ver = os_ver[1];
if (os_ver != "A")
{
  if (os_ver == 'A') os_ver = 'AMI';
  audit(AUDIT_OS_NOT, "Amazon Linux AMI", "Amazon Linux " + os_ver);
}

if (!get_kb_item("Host/AmazonLinux/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);

if (get_one_kb_item("Host/kpatch/kernel-cves"))
{
  set_hotfix_type("kpatch");
  cve_list = make_list("CVE-2020-27825", "CVE-2020-28374", "CVE-2021-3178", "CVE-2021-3347", "CVE-2021-3348");
  if (hotfix_cves_check(cve_list))
  {
    audit(AUDIT_PATCH_INSTALLED, "kpatch hotfix for ALAS-2021-1480");
  }
  else
  {
    __rpm_report = hotfix_reporting_text();
  }
}
pkgs = [
    {'reference':'kernel-4.14.219-119.340.amzn1', 'cpu':'i686', 'release':'ALA'},
    {'reference':'kernel-4.14.219-119.340.amzn1', 'cpu':'x86_64', 'release':'ALA'},
    {'reference':'kernel-debuginfo-4.14.219-119.340.amzn1', 'cpu':'i686', 'release':'ALA'},
    {'reference':'kernel-debuginfo-4.14.219-119.340.amzn1', 'cpu':'x86_64', 'release':'ALA'},
    {'reference':'kernel-debuginfo-common-i686-4.14.219-119.340.amzn1', 'cpu':'i686', 'release':'ALA'},
    {'reference':'kernel-debuginfo-common-x86_64-4.14.219-119.340.amzn1', 'cpu':'x86_64', 'release':'ALA'},
    {'reference':'kernel-devel-4.14.219-119.340.amzn1', 'cpu':'i686', 'release':'ALA'},
    {'reference':'kernel-devel-4.14.219-119.340.amzn1', 'cpu':'x86_64', 'release':'ALA'},
    {'reference':'kernel-headers-4.14.219-119.340.amzn1', 'cpu':'i686', 'release':'ALA'},
    {'reference':'kernel-headers-4.14.219-119.340.amzn1', 'cpu':'x86_64', 'release':'ALA'},
    {'reference':'kernel-tools-4.14.219-119.340.amzn1', 'cpu':'i686', 'release':'ALA'},
    {'reference':'kernel-tools-4.14.219-119.340.amzn1', 'cpu':'x86_64', 'release':'ALA'},
    {'reference':'kernel-tools-debuginfo-4.14.219-119.340.amzn1', 'cpu':'i686', 'release':'ALA'},
    {'reference':'kernel-tools-debuginfo-4.14.219-119.340.amzn1', 'cpu':'x86_64', 'release':'ALA'},
    {'reference':'kernel-tools-devel-4.14.219-119.340.amzn1', 'cpu':'i686', 'release':'ALA'},
    {'reference':'kernel-tools-devel-4.14.219-119.340.amzn1', 'cpu':'x86_64', 'release':'ALA'},
    {'reference':'perf-4.14.219-119.340.amzn1', 'cpu':'i686', 'release':'ALA'},
    {'reference':'perf-4.14.219-119.340.amzn1', 'cpu':'x86_64', 'release':'ALA'},
    {'reference':'perf-debuginfo-4.14.219-119.340.amzn1', 'cpu':'i686', 'release':'ALA'},
    {'reference':'perf-debuginfo-4.14.219-119.340.amzn1', 'cpu':'x86_64', 'release':'ALA'}
];

flag = 0;
foreach package_array ( pkgs ) {
  reference = NULL;
  release = NULL;
  cpu = NULL;
  el_string = NULL;
  rpm_spec_vers_cmp = NULL;
  allowmaj = NULL;
  if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];
  if (!empty_or_null(package_array['release'])) release = package_array['release'];
  if (!empty_or_null(package_array['cpu'])) cpu = package_array['cpu'];
  if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string'];
  if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];
  if (!empty_or_null(package_array['allowmaj'])) allowmaj = package_array['allowmaj'];
  if (reference && release) {
    if (rpm_check(release:release, cpu:cpu, reference:reference, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;
  }
}

if (flag)
{
  security_report_v4(
      port       : 0,
      severity   : SECURITY_HOLE,
      extra      : rpm_report_get()
  );
  exit(0);
}
else
{
  tested = pkg_tests_get();
  if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
  else audit(AUDIT_PACKAGE_NOT_INSTALLED, "kernel / kernel-debuginfo / kernel-debuginfo-common-x86_64 / etc");
}
VendorProductVersionCPE
amazonlinuxkernelp-cpe:/a:amazon:linux:kernel
amazonlinuxkernel-debuginfop-cpe:/a:amazon:linux:kernel-debuginfo
amazonlinuxkernel-debuginfo-common-i686p-cpe:/a:amazon:linux:kernel-debuginfo-common-i686
amazonlinuxkernel-debuginfo-common-x86_64p-cpe:/a:amazon:linux:kernel-debuginfo-common-x86_64
amazonlinuxkernel-develp-cpe:/a:amazon:linux:kernel-devel
amazonlinuxkernel-headersp-cpe:/a:amazon:linux:kernel-headers
amazonlinuxkernel-toolsp-cpe:/a:amazon:linux:kernel-tools
amazonlinuxkernel-tools-debuginfop-cpe:/a:amazon:linux:kernel-tools-debuginfo
amazonlinuxkernel-tools-develp-cpe:/a:amazon:linux:kernel-tools-devel
amazonlinuxperfp-cpe:/a:amazon:linux:perf
Rows per page:
1-10 of 121

Related

nessus 69
amazon 3
mageia 5
photon 7
osv 16
ubuntu 10
redhat 10
oraclelinux 11
ubuntucve 7
redhatcve 6
debiancve 7
prion 7
cve 8
veracode 3
fedora 8
cloudfoundry 2
archlinux 5
cbl_mariner 4
f5 1
githubexploit 1
debian 4
ibm 2
suse 1
virtuozzo 1
almalinux 1
nessus
nessus
Amazon Linux 2 : kernel (ALAS-2021-1600)
2021-02-19 00:00:00
Amazon Linux 2 : kernel (ALASKERNEL-5.4-2022-020)
2022-05-02 00:00:00
Ubuntu 20.04 LTS : Linux kernel vulnerabilities (USN-4910-1)
2021-04-14 00:00:00
amazon
amazon
Important: kernel
2021-02-16 00:13:00
Important: kernel
2021-02-17 18:07:00
Important: kernel
2021-02-17 18:07:00
mageia
mageia
Updated kernel packages fix security vulnerabilities
2021-02-01 00:34:26
Updated kernel-linus packages fix security vulnerabilities
2021-01-29 22:05:33
Updated kernel packages fix security vulnerability
2021-01-21 01:45:57
photon
photon
Important Photon OS Security Update - PHSA-2021-0193
2021-02-12 00:00:00
Important Photon OS Security Update - PHSA-2021-3.0-0193
2021-02-12 00:00:00
Important Photon OS Security Update - PHSA-2021-0185
2021-01-22 00:00:00
osv
osv
linux, linux-aws, linux-azure, linux-gcp, linux-hwe-5.8, linux-kvm, linux-oracle, linux-raspi vulnerabilities
2021-04-13 20:41:12
linux-oem-5.10 vulnerabilities
2021-03-20 04:51:03
linux, linux-aws, linux-aws-hwe, linux-azure, linux-azure-4.15, linux-dell300x, linux-gcp, linux-gcp-4.15, linux-kvm, linux-oracle, linux-raspi2, linux-snapdragon vulnerabilities
2021-04-13 15:23:48
ubuntu
ubuntu
Linux kernel vulnerabilities
2021-04-13 00:00:00
Linux kernel vulnerabilities
2021-04-13 00:00:00
Linux kernel (OEM) vulnerabilities
2021-03-20 00:00:00
redhat
redhat
(RHSA-2021:2099) Important: kpatch-patch security update
2021-05-25 06:25:11
(RHSA-2021:2106) Important: kernel security and bug fix update
2021-05-25 14:42:01
(RHSA-2021:2732) Important: kernel security update
2021-07-20 13:28:05
oraclelinux
oraclelinux
Unbreakable Enterprise kernel-container security update
2021-03-09 00:00:00
Unbreakable Enterprise kernel security update
2021-03-12 00:00:00
Unbreakable Enterprise kernel-container security update
2021-03-09 00:00:00
ubuntucve
ubuntucve
CVE-2021-39648
2021-12-15 00:00:00
CVE-2020-27825
2020-12-11 00:00:00
CVE-2020-28374
2021-01-12 00:00:00
redhatcve
redhatcve
CVE-2020-27825
2020-12-11 07:57:31
CVE-2021-39648
2022-03-24 19:09:10
CVE-2020-28374
2021-01-13 12:46:45
debiancve
debiancve
CVE-2020-27825
2020-12-11 19:15:00
CVE-2021-39648
2021-12-15 19:15:00
CVE-2020-28374
2021-01-13 04:15:00
prion
prion
Design/Logic Flaw
2020-12-11 19:15:00
Race condition
2021-12-15 19:15:00
Directory traversal
2021-01-13 04:15:00
cve
cve
CVE-2020-27825
2020-12-11 19:15:00
CVE-2021-39648
2021-12-15 19:15:00
CVE-2021-3348
2021-02-01 04:15:00
veracode
veracode
Directory Traversal
2021-03-17 04:37:19
Use-after-free
2021-04-17 08:20:01
Use After Free
2021-04-17 00:38:00
fedora
fedora
[SECURITY] Fedora 33 Update: kernel-5.10.7-200.fc33
2021-01-16 01:35:11
[SECURITY] Fedora 33 Update: kernel-headers-5.10.7-200.fc33
2021-01-16 01:35:11
[SECURITY] Fedora 33 Update: tcmu-runner-1.5.2-7.fc33
2021-02-03 01:55:35
cloudfoundry
cloudfoundry
USN-4694-1: Linux kernel vulnerability | Cloud Foundry
2021-02-10 00:00:00
USN-4877-1: Linux kernel vulnerabilities | Cloud Foundry
2021-04-14 00:00:00
archlinux
archlinux
[ASA-202101-30] linux-lts: directory traversal
2021-01-20 00:00:00
[ASA-202101-33] linux: directory traversal
2021-01-20 00:00:00
[ASA-202101-31] linux-zen: directory traversal
2021-01-20 00:00:00
cbl_mariner
cbl_mariner
CVE-2020-28374 affecting package kernel 5.4.91-6
2021-01-29 07:40:05
CVE-2021-3348 affecting package kernel 5.4.91-6
2021-08-25 19:57:09
CVE-2021-3178 affecting package kernel 5.4.91-6
2021-08-25 19:57:09
f5
f5
K15747621 : Linux kernel vulnerability CVE-2020-28374
2021-11-05 00:00:00
githubexploit
githubexploit
Exploit for Use After Free in Linux Linux Kernel
2022-04-26 11:32:34
debian
debian
[SECURITY] [DSA 4843-1] linux security update
2021-02-01 14:39:40
[SECURITY] [DSA 4843-1] linux security update
2021-02-01 14:39:40
[SECURITY] [DLA 2557-1] linux-4.19 security update
2021-02-12 19:25:34
ibm
ibm
Security Bulletin: IBM Security Guardium is affected by a kernel vulnerability (CVE-2020-25705, CVE-2020-28374)
2021-11-04 15:59:03
Security Bulletin: There are multiple vulnerabilities in the Linux Kernel used in IBM Elastic Storage System
2021-07-30 05:04:04
suse
suse
Security update for the Linux Kernel (important)
2021-02-05 00:00:00
virtuozzo
virtuozzo
[Security] Virtuozzo ReadyKernel patch 124.0 for Virtuozzo Hybrid Server 7.0, 7.5, Virtuozzo Infrastructure Platform 3.0, and Virtuozzo Hybrid Infrastructure 3.5, 4.0
2021-03-12 00:00:00
almalinux
almalinux
Important: kernel security, bug fix, and enhancement update
2021-04-06 13:33:17

7.8 High

AI Score

Confidence

High

JSON
Related for ALA_ALAS-2021-1480.NASL
nessus69amazon3mageia5photon7osv16ubuntu10redhat10oraclelinux11ubuntucve7redhatcve6debiancve7prion7cve8veracode3fedora8cloudfoundry2archlinux5cbl_mariner4f51githubexploit1debian4ibm2suse1virtuozzo1almalinux1