AlmaLinux 8: Multiple Kernel Vulnerabilitie
Reporter | Title | Published | Views | Family All 199 |
---|---|---|---|---|
OSV | Important: kernel security, bug fix, and enhancement update | 18 May 202105:33 | – | osv |
OSV | Red Hat Security Advisory: kernel security, bug fix, and enhancement update | 1 Oct 202418:20 | – | osv |
OSV | Red Hat Security Advisory: kernel-rt security and bug fix update | 1 Oct 202418:19 | – | osv |
OSV | Important: linux-firmware security, bug fix, and enhancement update | 18 May 202105:40 | – | osv |
OSV | Red Hat Security Advisory: linux-firmware security, bug fix, and enhancement update | 13 Sep 202422:14 | – | osv |
OSV | Red Hat Security Advisory: kernel-rt security and bug fix update | 13 Sep 202422:11 | – | osv |
OSV | Red Hat Security Advisory: kernel security and bug fix update | 13 Sep 202422:11 | – | osv |
OSV | Red Hat Security Advisory: kernel security and bug fix update | 13 Sep 202418:16 | – | osv |
OSV | Red Hat Security Advisory: kernel security and bug fix update | 13 Sep 202418:16 | – | osv |
OSV | Red Hat Security Advisory: kernel-rt security and bug fix update | 13 Sep 202418:19 | – | osv |
#%NASL_MIN_LEVEL 70300
##
# (C) Tenable Network Security, Inc.
#
# The package checks in this plugin were extracted from
# AlmaLinux Security Advisory ALSA-2021:1578.
##
include('deprecated_nasl_level.inc');
include('compat.inc');
if (description)
{
script_id(157595);
script_version("1.5");
script_set_attribute(attribute:"plugin_modification_date", value:"2023/11/10");
script_cve_id(
"CVE-2019-18811",
"CVE-2019-19523",
"CVE-2019-19528",
"CVE-2020-0431",
"CVE-2020-11608",
"CVE-2020-12114",
"CVE-2020-12362",
"CVE-2020-12363",
"CVE-2020-12364",
"CVE-2020-12464",
"CVE-2020-14314",
"CVE-2020-14356",
"CVE-2020-15437",
"CVE-2020-24394",
"CVE-2020-25212",
"CVE-2020-25284",
"CVE-2020-25285",
"CVE-2020-25643",
"CVE-2020-25704",
"CVE-2020-27786",
"CVE-2020-27835",
"CVE-2020-28974",
"CVE-2020-35508",
"CVE-2020-36322",
"CVE-2021-0342",
"CVE-2021-0605"
);
script_xref(name:"ALSA", value:"2021:1578");
script_name(english:"AlmaLinux 8 : kernel (ALSA-2021:1578)");
script_set_attribute(attribute:"synopsis", value:
"The remote AlmaLinux host is missing one or more security updates.");
script_set_attribute(attribute:"description", value:
"The remote AlmaLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the
ALSA-2021:1578 advisory.
- A memory leak in the sof_set_get_large_ctrl_data() function in sound/soc/sof/ipc.c in the Linux kernel
through 5.3.9 allows attackers to cause a denial of service (memory consumption) by triggering
sof_get_ctrl_copy_params() failures, aka CID-45c1380358b1. (CVE-2019-18811)
- In the Linux kernel before 5.3.7, there is a use-after-free bug that can be caused by a malicious USB
device in the drivers/usb/misc/adutux.c driver, aka CID-44efc269db79. (CVE-2019-19523)
- In the Linux kernel before 5.3.7, there is a use-after-free bug that can be caused by a malicious USB
device in the drivers/usb/misc/iowarrior.c driver, aka CID-edc4746f253d. (CVE-2019-19528)
- In kbd_keycode of keyboard.c, there is a possible out of bounds write due to a missing bounds check. This
could lead to local escalation of privilege with no additional execution privileges needed. User
interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-144161459
(CVE-2020-0431)
- An issue was discovered in the Linux kernel before 5.6.1. drivers/media/usb/gspca/ov519.c allows NULL
pointer dereferences in ov511_mode_init_regs and ov518_mode_init_regs when there are zero endpoints, aka
CID-998912346c0d. (CVE-2020-11608)
- A pivot_root race condition in fs/namespace.c in the Linux kernel 4.4.x before 4.4.221, 4.9.x before
4.9.221, 4.14.x before 4.14.178, 4.19.x before 4.19.119, and 5.x before 5.3 allows local users to cause a
denial of service (panic) by corrupting a mountpoint reference counter. (CVE-2020-12114)
- Integer overflow in the firmware for some Intel(R) Graphics Drivers for Windows * before version
26.20.100.7212 and before Linux kernel version 5.5 may allow a privileged user to potentially enable an
escalation of privilege via local access. (CVE-2020-12362)
- Improper input validation in some Intel(R) Graphics Drivers for Windows* before version 26.20.100.7212 and
before Linux kernel version 5.5 may allow a privileged user to potentially enable a denial of service via
local access. (CVE-2020-12363)
- Null pointer reference in some Intel(R) Graphics Drivers for Windows* before version 26.20.100.7212 and
before version Linux kernel version 5.5 may allow a privileged user to potentially enable a denial of
service via local access. (CVE-2020-12364)
- usb_sg_cancel in drivers/usb/core/message.c in the Linux kernel before 5.6.8 has a use-after-free because
a transfer occurs without a reference, aka CID-056ad39ee925. (CVE-2020-12464)
- A memory out-of-bounds read flaw was found in the Linux kernel before 5.9-rc2 with the ext3/ext4 file
system, in the way it accesses a directory with broken indexing. This flaw allows a local user to crash
the system if the directory exists. The highest threat from this vulnerability is to system availability.
(CVE-2020-14314)
- A flaw null pointer dereference in the Linux kernel cgroupv2 subsystem in versions before 5.7.10 was found
in the way when reboot the system. A local user could use this flaw to crash the system or escalate their
privileges on the system. (CVE-2020-14356)
- The Linux kernel before version 5.8 is vulnerable to a NULL pointer dereference in
drivers/tty/serial/8250/8250_core.c:serial8250_isa_init_ports() that allows local users to cause a denial
of service by using the p->serial_in pointer which uninitialized. (CVE-2020-15437)
- In the Linux kernel before 5.7.8, fs/nfsd/vfs.c (in the NFS server) can set incorrect permissions on new
filesystem objects when the filesystem lacks ACL support, aka CID-22cf8419f131. This occurs because the
current umask is not considered. (CVE-2020-24394)
- A TOCTOU mismatch in the NFS client code in the Linux kernel before 5.8.3 could be used by local attackers
to corrupt memory or possibly have unspecified other impact because a size check is in fs/nfs/nfs4proc.c
instead of fs/nfs/nfs4xdr.c, aka CID-b4487b935452. (CVE-2020-25212)
- The rbd block device driver in drivers/block/rbd.c in the Linux kernel through 5.8.9 used incomplete
permission checking for access to rbd devices, which could be leveraged by local attackers to map or unmap
rbd block devices, aka CID-f44d04e696fe. (CVE-2020-25284)
- A race condition between hugetlb sysctl handlers in mm/hugetlb.c in the Linux kernel before 5.8.8 could be
used by local attackers to corrupt memory, cause a NULL pointer dereference, or possibly have unspecified
other impact, aka CID-17743798d812. (CVE-2020-25285)
- A flaw was found in the HDLC_PPP module of the Linux kernel in versions before 5.9-rc7. Memory corruption
and a read overflow is caused by improper input validation in the ppp_cp_parse_cr function which can cause
the system to crash or cause a denial of service. The highest threat from this vulnerability is to data
confidentiality and integrity as well as system availability. (CVE-2020-25643)
- A flaw memory leak in the Linux kernel performance monitoring subsystem was found in the way if using
PERF_EVENT_IOC_SET_FILTER. A local user could use this flaw to starve the resources causing denial of
service. (CVE-2020-25704)
- A flaw was found in the Linux kernel's implementation of MIDI, where an attacker with a local account and
the permissions to issue ioctl commands to midi devices could trigger a use-after-free issue. A write to
this specific memory while freed and before use causes the flow of execution to change and possibly allow
for memory corruption or privilege escalation. The highest threat from this vulnerability is to
confidentiality, integrity, as well as system availability. (CVE-2020-27786)
- A use after free in the Linux kernel infiniband hfi1 driver in versions prior to 5.10-rc6 was found in the
way user calls Ioctl after open dev file and fork. A local user could use this flaw to crash the system.
(CVE-2020-27835)
- A slab-out-of-bounds read in fbcon in the Linux kernel before 5.9.7 could be used by local attackers to
read privileged information or potentially crash the kernel, aka CID-3c4e0dff2095. This occurs because
KD_FONT_OP_COPY in drivers/tty/vt/vt.c can be used for manipulations such as font height. (CVE-2020-28974)
- A flaw possibility of race condition and incorrect initialization of the process id was found in the Linux
kernel child/parent process identification handling while filtering signal handlers. A local attacker is
able to abuse this flaw to bypass checks to send any signal to a privileged process. (CVE-2020-35508)
- An issue was discovered in the FUSE filesystem implementation in the Linux kernel before 5.10.6, aka
CID-5d069dbe8aaf. fuse_do_getattr() calls make_bad_inode() in inappropriate situations, causing a system
crash. NOTE: the original fix for this vulnerability was incomplete, and its incompleteness is tracked as
CVE-2021-28950. (CVE-2020-36322)
- In tun_get_user of tun.c, there is possible memory corruption due to a use after free. This could lead to
local escalation of privilege with System execution privileges required. User interaction is not required
for exploitation. Product: Android; Versions: Android kernel; Android ID: A-146554327. (CVE-2021-0342)
- In pfkey_dump of af_key.c, there is a possible out-of-bounds read due to a missing bounds check. This
could lead to local information disclosure in the kernel with System execution privileges needed. User
interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-110373476
(CVE-2021-0605)
Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version
number.");
script_set_attribute(attribute:"see_also", value:"https://errata.almalinux.org/8/ALSA-2021-1578.html");
script_set_attribute(attribute:"solution", value:
"Update the affected packages.");
script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:S/C:P/I:P/A:C");
script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C");
script_set_cvss3_base_vector("CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H");
script_set_cvss3_temporal_vector("CVSS:3.0/E:P/RL:O/RC:C");
script_set_attribute(attribute:"cvss_score_source", value:"CVE-2020-25643");
script_set_attribute(attribute:"cvss3_score_source", value:"CVE-2020-27786");
script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
script_set_attribute(attribute:"exploit_available", value:"true");
script_set_attribute(attribute:"vuln_publication_date", value:"2019/11/07");
script_set_attribute(attribute:"patch_publication_date", value:"2021/05/18");
script_set_attribute(attribute:"plugin_publication_date", value:"2022/02/09");
script_set_attribute(attribute:"plugin_type", value:"local");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:alma:linux:bpftool");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:alma:linux:kernel");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:alma:linux:kernel-abi-stablelists");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:alma:linux:kernel-core");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:alma:linux:kernel-cross-headers");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:alma:linux:kernel-debug");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:alma:linux:kernel-debug-core");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:alma:linux:kernel-debug-devel");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:alma:linux:kernel-debug-modules");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:alma:linux:kernel-debug-modules-extra");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:alma:linux:kernel-devel");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:alma:linux:kernel-headers");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:alma:linux:kernel-modules");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:alma:linux:kernel-modules-extra");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:alma:linux:kernel-tools");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:alma:linux:kernel-tools-libs");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:alma:linux:kernel-tools-libs-devel");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:alma:linux:perf");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:alma:linux:python3-perf");
script_set_attribute(attribute:"cpe", value:"cpe:/o:alma:linux:8");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_family(english:"Alma Linux Local Security Checks");
script_copyright(english:"This script is Copyright (C) 2022-2023 and is owned by Tenable, Inc. or an Affiliate thereof.");
script_dependencies("ssh_get_info.nasl", "linux_alt_patch_detect.nasl");
script_require_keys("Host/local_checks_enabled", "Host/AlmaLinux/release", "Host/AlmaLinux/rpm-list", "Host/cpu");
exit(0);
}
include('audit.inc');
include('global_settings.inc');
include('misc_func.inc');
include('rpm.inc');
include('ksplice.inc');
if (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
var release = get_kb_item('Host/AlmaLinux/release');
if (isnull(release) || 'AlmaLinux' >!< release) audit(AUDIT_OS_NOT, 'AlmaLinux');
var os_ver = pregmatch(pattern: "AlmaLinux release ([0-9]+(\.[0-9]+)?)", string:release);
if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'AlmaLinux');
var os_ver = os_ver[1];
if (! preg(pattern:"^8([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, 'AlmaLinux 8.x', 'AlmaLinux ' + os_ver);
if (!get_kb_item('Host/AlmaLinux/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);
var cpu = get_kb_item('Host/cpu');
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if ('x86_64' >!< cpu && cpu !~ "^i[3-6]86$" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'AlmaLinux', cpu);
if (get_one_kb_item('Host/ksplice/kernel-cves'))
{
rm_kb_item(name:'Host/uptrack-uname-r');
var cve_list = make_list('CVE-2019-18811', 'CVE-2019-19523', 'CVE-2019-19528', 'CVE-2020-0431', 'CVE-2020-11608', 'CVE-2020-12114', 'CVE-2020-12362', 'CVE-2020-12363', 'CVE-2020-12364', 'CVE-2020-12464', 'CVE-2020-14314', 'CVE-2020-14356', 'CVE-2020-15437', 'CVE-2020-24394', 'CVE-2020-25212', 'CVE-2020-25284', 'CVE-2020-25285', 'CVE-2020-25643', 'CVE-2020-25704', 'CVE-2020-27786', 'CVE-2020-27835', 'CVE-2020-28974', 'CVE-2020-35508', 'CVE-2020-36322', 'CVE-2021-0342', 'CVE-2021-0605');
if (ksplice_cves_check(cve_list))
{
audit(AUDIT_PATCH_INSTALLED, 'KSplice hotfix for ALSA-2021:1578');
}
else
{
__rpm_report = ksplice_reporting_text();
}
}
var pkgs = [
{'reference':'bpftool-4.18.0-305.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},
{'reference':'kernel-4.18.0-305.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},
{'reference':'kernel-abi-stablelists-4.18.0-305.el8', 'release':'8', 'rpm_spec_vers_cmp':TRUE},
{'reference':'kernel-core-4.18.0-305.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},
{'reference':'kernel-cross-headers-4.18.0-305.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},
{'reference':'kernel-debug-4.18.0-305.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},
{'reference':'kernel-debug-core-4.18.0-305.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},
{'reference':'kernel-debug-devel-4.18.0-305.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},
{'reference':'kernel-debug-modules-4.18.0-305.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},
{'reference':'kernel-debug-modules-extra-4.18.0-305.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},
{'reference':'kernel-devel-4.18.0-305.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},
{'reference':'kernel-headers-4.18.0-305.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},
{'reference':'kernel-modules-4.18.0-305.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},
{'reference':'kernel-modules-extra-4.18.0-305.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},
{'reference':'kernel-tools-4.18.0-305.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},
{'reference':'kernel-tools-libs-4.18.0-305.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},
{'reference':'kernel-tools-libs-devel-4.18.0-305.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},
{'reference':'perf-4.18.0-305.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},
{'reference':'python3-perf-4.18.0-305.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE}
];
var flag = 0;
foreach var package_array ( pkgs ) {
var reference = NULL;
var release = NULL;
var sp = NULL;
var cpu = NULL;
var el_string = NULL;
var rpm_spec_vers_cmp = NULL;
var epoch = NULL;
var allowmaj = NULL;
var exists_check = NULL;
if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];
if (!empty_or_null(package_array['release'])) release = 'Alma-' + package_array['release'];
if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];
if (!empty_or_null(package_array['cpu'])) cpu = package_array['cpu'];
if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string'];
if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];
if (!empty_or_null(package_array['epoch'])) epoch = package_array['epoch'];
if (!empty_or_null(package_array['allowmaj'])) allowmaj = package_array['allowmaj'];
if (!empty_or_null(package_array['exists_check'])) exists_check = package_array['exists_check'];
if (reference && release && (!exists_check || rpm_exists(release:release, rpm:exists_check))) {
if (rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;
}
}
if (flag)
{
security_report_v4(
port : 0,
severity : SECURITY_HOLE,
extra : rpm_report_get()
);
exit(0);
}
else
{
var tested = pkg_tests_get();
if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'bpftool / kernel / kernel-abi-stablelists / kernel-core / etc');
}
Transform Your Security Services
Elevate your offerings with Vulners' advanced Vulnerability Intelligence. Contact us for a demo and discover the difference comprehensive, actionable intelligence can make in your security strategy.
Book a live demo