Lucene search
K

Alibaba Cloud Linux 3 : 0093: edk2 (ALINUX3-SA-2024:0093)

🗓️ 14 May 2025 00:00:00Reported by TenableType 
nessus
 nessus
🔗 www.tenable.com👁 9 Views

Alibaba Cloud Linux 3 has vulnerabilities in EDK2 and OpenSSL, updates are available to fix issues.

Related
Refs
Code
ReporterTitlePublishedViews
Family
IBM Security Bulletins
Security Bulletin: IBM MQ Operator and Queue manager container images are vulnerable to multiple vulnerabilities from go-yaml, OpenSSL, GnuTLS , OpenTelemetry-Go, go-toolset and urllib3
30 Jan 202408:15
ibm
IBM Security Bulletins
Security Bulletin: Multiple Security Vulnerabilities were identified in IBM Security Verify Access.
17 Jan 202415:16
ibm
IBM Security Bulletins
Security Bulletin: IBM Rational Build Forge 8.0.0.25 addresses multiple vulnerabilities
24 Nov 202313:49
ibm
IBM Security Bulletins
Security Bulletin: Multiple Vulnerabilities in Open Source affect Cloud Pak System
28 Oct 202417:07
ibm
IBM Security Bulletins
Security Bulletin: Multiple vulnerabilities have been identified with the DS8900F and DS8A00 Hardware Management Console (HMC)
27 May 202523:25
ibm
IBM Security Bulletins
Security Bulletin: IBM App Connect Enterprise is vulnerable to a denial of service due to OpenSSL. (CVE-2023-3446)
12 Dec 202309:08
ibm
IBM Security Bulletins
Security Bulletin: Multiple vulnerabilities in OpenSSL affects IBM Rational ClearCase
13 Mar 202414:31
ibm
IBM Security Bulletins
Security Bulletin: IBM Watson Speech Services Cartridge for IBM Cloud Pak for Data v5.0.3 is vulnerable to multiple Base OS issues
15 Apr 202503:20
ibm
IBM Security Bulletins
Security Bulletin: Vulnerability in OpenSSL affects IBM Integrated Analytics System [ CVE-2023-3446]
12 Nov 202410:30
ibm
IBM Security Bulletins
Security Bulletin: Vulnerability in cryptography affects IBM Cloud Pak for Data System 2.0 (CPDS 2.0) [CVE-2023-2650, CVE-2023-4807, CVE-2023-3446 ]
22 Jun 202512:20
ibm
Rows per page
#%NASL_MIN_LEVEL 80900
##
# (C) Tenable, Inc.
#
# The package checks in this plugin were extracted from
# Alibaba Cloud Linux Security Advisory ALINUX3-SA-2024:0093.
##

include('compat.inc');

if (description)
{
  script_id(236197);
  script_version("1.1");
  script_set_attribute(attribute:"plugin_modification_date", value:"2025/05/14");

  script_cve_id(
    "CVE-2022-36763",
    "CVE-2022-36764",
    "CVE-2022-36765",
    "CVE-2023-3446",
    "CVE-2023-45229",
    "CVE-2023-45230",
    "CVE-2023-45231",
    "CVE-2023-45232",
    "CVE-2023-45233",
    "CVE-2023-45234",
    "CVE-2023-45235"
  );

  script_name(english:"Alibaba Cloud Linux 3 : 0093: edk2 (ALINUX3-SA-2024:0093)");

  script_set_attribute(attribute:"synopsis", value:
"The remote Alibaba Cloud Linux host is missing one or more security updates.");
  script_set_attribute(attribute:"description", value:
"The remote Alibaba Cloud Linux 3 host has packages installed that are affected by multiple vulnerabilities as referenced
in the ALINUX3-SA-2024:0093 advisory.

    Package updates are available for Alibaba Cloud Linux 3 that fix the following vulnerabilities:

    CVE-2022-36763:
    EDK2 is susceptible to a vulnerability in the Tcg2MeasureGptTable() function, allowing a user to trigger a
    heap buffer overflow via a local network. Successful exploitation of this vulnerability may result in a
    compromise of confidentiality, integrity, and/or availability.

    CVE-2022-36764:
    EDK2 is susceptible to a vulnerability in the Tcg2MeasurePeImage() function, allowing a user to trigger a
    heap buffer overflow via a local network. Successful exploitation of this vulnerability may result in a
    compromise of confidentiality, integrity, and/or availability.

    CVE-2022-36765:
    EDK2 is susceptible to a vulnerability in the CreateHob() function, allowing a user to trigger a integer
    overflow to buffer overflow via a local network. Successful exploitation of this vulnerability may result
    in a compromise of confidentiality, integrity, and/or availability.

    CVE-2023-3446:
    Issue summary: Checking excessively long DH keys or parameters may be very slow.
    Impact summary: Applications that use the functions DH_check(), DH_check_ex()
    or EVP_PKEY_param_check() to check a DH key or DH parameters may experience long
    delays. Where the key or parameters that are being checked have been obtained
    from an untrusted source this may lead to a Denial of Service.
    The function DH_check() performs various checks on DH parameters. One of those
    checks confirms that the modulus ('p' parameter) is not too large. Trying to use
    a very large modulus is slow and OpenSSL will not normally use a modulus which
    is over 10,000 bits in length.
    However the DH_check() function checks numerous aspects of the key or parameters
    that have been supplied. Some of those checks use the supplied modulus value
    even if it has already been found to be too large.
    An application that calls DH_check() and supplies a key or parameters obtained
    from an untrusted source could be vulernable to a Denial of Service attack.
    The function DH_check() is itself called by a number of other OpenSSL functions.
    An application calling any of those other functions may similarly be affected.
    The other functions affected by this are DH_check_ex() and
    EVP_PKEY_param_check().
    Also vulnerable are the OpenSSL dhparam and pkeyparam command line applications
    when using the '-check' option.
    The OpenSSL SSL/TLS implementation is not affected by this issue.
    The OpenSSL 3.0 and 3.1 FIPS providers are not affected by this issue.

    CVE-2023-45229:
    EDK2's Network Package is susceptible to an out-of-bounds read
    vulnerability when processing the IA_NA or IA_TA option in a DHCPv6 Advertise message. This
    vulnerability can be exploited by an attacker to gain unauthorized
    access and potentially lead to a loss of Confidentiality.

    CVE-2023-45230:
    EDK2's Network Package is susceptible to a buffer overflow vulnerability via a long server ID option in
    DHCPv6 client. This
    vulnerability can be exploited by an attacker to gain unauthorized
    access and potentially lead to a loss of Confidentiality, Integrity and/or Availability.

    CVE-2023-45231:
    EDK2's Network Package is susceptible to an out-of-bounds read
    vulnerability when processing Neighbor Discovery Redirect message. This
    vulnerability can be exploited by an attacker to gain unauthorized
    access and potentially lead to a loss of Confidentiality.

    CVE-2023-45232:
    EDK2's Network Package is susceptible to an infinite loop vulnerability when parsing unknown options in
    the Destination Options header of IPv6. This
    vulnerability can be exploited by an attacker to gain unauthorized
    access and potentially lead to a loss of Availability.

    CVE-2023-45233:
    EDK2's Network Package is susceptible to an infinite lop vulnerability when parsing a PadN option in the
    Destination Options header of IPv6. This
    vulnerability can be exploited by an attacker to gain unauthorized
    access and potentially lead to a loss of Availability.

    CVE-2023-45234:
    EDK2's Network Package is susceptible to a buffer overflow vulnerability when processing DNS Servers
    option from a DHCPv6 Advertise message. This
    vulnerability can be exploited by an attacker to gain unauthorized
    access and potentially lead to a loss of Confidentiality, Integrity and/or Availability.

    CVE-2023-45235:
    EDK2's Network Package is susceptible to a buffer overflow vulnerability when
    handling Server ID option
    from a DHCPv6 proxy Advertise message. This
    vulnerability can be exploited by an attacker to gain unauthorized
    access and potentially lead to a loss of Confidentiality, Integrity and/or Availability.

Tenable has extracted the preceding description block directly from the Alibaba Cloud Linux security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version
number.");
  script_set_attribute(attribute:"see_also", value:"http://mirrors.aliyun.com/alinux/3/cve/alinux3-sa-20240093.xml");
  script_set_attribute(attribute:"solution", value:
"Update the affected packages.");
  script_set_cvss_base_vector("CVSS2#AV:A/AC:L/Au:N/C:C/I:C/A:C");
  script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C");
  script_set_cvss3_base_vector("CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H");
  script_set_cvss3_temporal_vector("CVSS:3.0/E:P/RL:O/RC:C");
  script_set_attribute(attribute:"cvss4_vector", value:"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N");
  script_set_attribute(attribute:"cvss4_threat_vector", value:"CVSS:4.0/E:P");
  script_set_attribute(attribute:"cvss_score_source", value:"CVE-2023-45235");
  script_set_attribute(attribute:"cvss4_score_source", value:"CVE-2023-3446");

  script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"true");

  script_set_attribute(attribute:"vuln_publication_date", value:"2023/06/13");
  script_set_attribute(attribute:"patch_publication_date", value:"2024/05/31");
  script_set_attribute(attribute:"plugin_publication_date", value:"2025/05/14");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:alibabacloud:alibaba_cloud_linux_3:edk2-aarch64");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:alibabacloud:alibaba_cloud_linux_3:edk2-debugsource");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:alibabacloud:alibaba_cloud_linux_3:edk2-ovmf");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:alibabacloud:alibaba_cloud_linux_3:edk2-tools");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:alibabacloud:alibaba_cloud_linux_3:edk2-tools-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:alibabacloud:alibaba_cloud_linux_3:edk2-tools-doc");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:alibabacloud:alibaba_cloud_linux_3");
  script_set_attribute(attribute:"generated_plugin", value:"current");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"Alibaba Cloud Linux Local Security Checks");

  script_copyright(english:"This script is Copyright (C) 2025 and is owned by Tenable, Inc. or an Affiliate thereof.");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/Alibaba/release", "Host/Alibaba/rpm-list", "Host/cpu");

  exit(0);
}


include('rpm.inc');

if (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
var os_release = get_kb_item('Host/Alibaba/release');
if (isnull(os_release) || 'Alibaba Cloud Linux' >!< os_release) audit(AUDIT_OS_NOT, 'Alibaba Cloud Linux');
var os_ver = pregmatch(pattern: "Alibaba Cloud Linux release ([0-9]+(\.[0-9]+)?)", string:os_release);
if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'Alibaba Cloud Linux');
os_ver = os_ver[1];
if (! preg(pattern:"^3([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, 'Alibaba Cloud Linux 3.x', 'Alibaba Cloud Linux ' + os_ver);

if (!get_kb_item('Host/Alibaba/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);

var cpu = get_kb_item('Host/cpu');
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if ('aarch64' >!< cpu && 'x86_64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Alibaba Cloud Linux', cpu);

var pkgs = [
    {'reference':'edk2-aarch64-20220126gitbb1bba3d77-13.0.1.al8', 'release':'3', 'rpm_spec_vers_cmp':TRUE, 'epoch':'0'},
    {'reference':'edk2-debugsource-20220126gitbb1bba3d77-13.0.1.al8', 'cpu':'aarch64', 'release':'3', 'rpm_spec_vers_cmp':TRUE, 'epoch':'0'},
    {'reference':'edk2-debugsource-20220126gitbb1bba3d77-13.0.1.al8', 'cpu':'x86_64', 'release':'3', 'rpm_spec_vers_cmp':TRUE, 'epoch':'0'},
    {'reference':'edk2-ovmf-20220126gitbb1bba3d77-13.0.1.al8', 'release':'3', 'rpm_spec_vers_cmp':TRUE, 'epoch':'0'},
    {'reference':'edk2-tools-20220126gitbb1bba3d77-13.0.1.al8', 'cpu':'aarch64', 'release':'3', 'rpm_spec_vers_cmp':TRUE, 'epoch':'0'},
    {'reference':'edk2-tools-20220126gitbb1bba3d77-13.0.1.al8', 'cpu':'x86_64', 'release':'3', 'rpm_spec_vers_cmp':TRUE, 'epoch':'0'},
    {'reference':'edk2-tools-debuginfo-20220126gitbb1bba3d77-13.0.1.al8', 'cpu':'aarch64', 'release':'3', 'rpm_spec_vers_cmp':TRUE, 'epoch':'0'},
    {'reference':'edk2-tools-debuginfo-20220126gitbb1bba3d77-13.0.1.al8', 'cpu':'x86_64', 'release':'3', 'rpm_spec_vers_cmp':TRUE, 'epoch':'0'},
    {'reference':'edk2-tools-doc-20220126gitbb1bba3d77-13.0.1.al8', 'release':'3', 'rpm_spec_vers_cmp':TRUE, 'epoch':'0'}
];

var flag = 0;
foreach var package_array ( pkgs ) {
  var reference = NULL;
  var _release = NULL;
  var sp = NULL;
  var _cpu = NULL;
  var el_string = NULL;
  var rpm_spec_vers_cmp = NULL;
  var epoch = NULL;
  var allowmaj = NULL;
  var exists_check = NULL;
  var cves = NULL;
  if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];
  if (!empty_or_null(package_array['release'])) _release = 'Alibaba Linux ' + package_array['release'];
  if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];
  if (!empty_or_null(package_array['cpu'])) _cpu = package_array['cpu'];
  if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string'];
  if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];
  if (!empty_or_null(package_array['epoch'])) epoch = package_array['epoch'];
  if (!empty_or_null(package_array['allowmaj'])) allowmaj = package_array['allowmaj'];
  if (!empty_or_null(package_array['exists_check'])) exists_check = package_array['exists_check'];
  if (!empty_or_null(package_array['cves'])) cves = package_array['cves'];
  if (reference && _release && (!exists_check || rpm_exists(release:_release, rpm:exists_check))) {
    if (rpm_check(release:_release, sp:sp, cpu:_cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj, cves:cves)) flag++;
  }
}

if (flag)
{
  security_report_v4(
      port       : 0,
      severity   : SECURITY_HOLE,
      extra      : rpm_report_get()
  );
  exit(0);
}
else
{
  var tested = pkg_tests_get();
  if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
  else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'edk2-aarch64 / edk2-debugsource / edk2-ovmf / edk2-tools / etc');
}

Data

Build on a solid foundation with Vulners data

We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data

Api

Power your application with Vulners API

The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access

App

Assess and manage vulnerabilities with Vulners tools

Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation

14 May 2025 00:00Current
7.5High risk
Vulners AI Score7.5
CVSS 3.18.3 - 8.8
EPSS0.05533
SSVC
9