Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nessusThis script is Copyright (C) 2024 and is owned by Tenable, Inc. or an Affiliate thereof.ALMA_LINUX_ALSA-2024-0089.NASL
HistoryJan 12, 2024 - 12:00 a.m.

AlmaLinux 8 : kpatch-patch (ALSA-2024:0089)

2024-01-1200:00:00
This script is Copyright (C) 2024 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
8
almalinux 8
vulnerabilities
netfilter subsystem
alsa-2024:0089 advisory
linux kernel
local privilege escalation
use-after-free
cve-2023-42753
cve-2023-4622
nessus

7.3 High

AI Score

Confidence

High

JSON

The remote AlmaLinux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the ALSA-2024:0089 advisory.

  • An array indexing vulnerability was found in the netfilter subsystem of the Linux kernel. A missing macro could lead to a miscalculation of the h->nets array offset, providing attackers with the primitive to arbitrarily increment/decrement a memory buffer out-of-bound. This issue may allow a local user to crash the system or potentially escalate their privileges on the system. (CVE-2023-42753)

  • A use-after-free vulnerability in the Linux kernel’s af_unix component can be exploited to achieve local privilege escalation. The unix_stream_sendpage() function tries to add data to the last skb in the peer’s recv queue without locking the queue. Thus there is a race where unix_stream_sendpage() could access an skb locklessly that is being released by garbage collection, resulting in use-after-free. We recommend upgrading past commit 790c2f9d15b594350ae9bca7b236f2b1859de02c. (CVE-2023-4622)

Note that Nessus has not tested for these issues but has instead relied only on the application’s self-reported version number.

#%NASL_MIN_LEVEL 80900
##
# (C) Tenable, Inc.
#
# The package checks in this plugin were extracted from
# AlmaLinux Security Advisory ALSA-2024:0089.
##

include('compat.inc');

if (description)
{
  script_id(188015);
  script_version("1.0");
  script_set_attribute(attribute:"plugin_modification_date", value:"2024/01/12");

  script_cve_id("CVE-2023-4622", "CVE-2023-42753");
  script_xref(name:"ALSA", value:"2024:0089");

  script_name(english:"AlmaLinux 8 : kpatch-patch (ALSA-2024:0089)");

  script_set_attribute(attribute:"synopsis", value:
"The remote AlmaLinux host is missing one or more security updates.");
  script_set_attribute(attribute:"description", value:
"The remote AlmaLinux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the
ALSA-2024:0089 advisory.

  - An array indexing vulnerability was found in the netfilter subsystem of the Linux kernel. A missing macro
    could lead to a miscalculation of the `h->nets` array offset, providing attackers with the primitive to
    arbitrarily increment/decrement a memory buffer out-of-bound. This issue may allow a local user to crash
    the system or potentially escalate their privileges on the system. (CVE-2023-42753)

  - A use-after-free vulnerability in the Linux kernel's af_unix component can be exploited to achieve local
    privilege escalation. The unix_stream_sendpage() function tries to add data to the last skb in the peer's
    recv queue without locking the queue. Thus there is a race where unix_stream_sendpage() could access an
    skb locklessly that is being released by garbage collection, resulting in use-after-free. We recommend
    upgrading past commit 790c2f9d15b594350ae9bca7b236f2b1859de02c. (CVE-2023-4622)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version
number.");
  script_set_attribute(attribute:"see_also", value:"https://errata.almalinux.org/8/ALSA-2024-0089.html");
  script_set_attribute(attribute:"solution", value:
"Update the affected kernel package.");
  script_set_cvss_base_vector("CVSS2#AV:L/AC:L/Au:S/C:C/I:C/A:C");
  script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C");
  script_set_cvss3_base_vector("CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H");
  script_set_cvss3_temporal_vector("CVSS:3.0/E:P/RL:O/RC:C");
  script_set_attribute(attribute:"cvss_score_source", value:"CVE-2023-42753");

  script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"true");
  script_cwe_id(191, 416, 787);

  script_set_attribute(attribute:"vuln_publication_date", value:"2023/08/31");
  script_set_attribute(attribute:"patch_publication_date", value:"2024/01/09");
  script_set_attribute(attribute:"plugin_publication_date", value:"2024/01/12");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:alma:linux:kernel");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:alma:linux:8");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:alma:linux:8::appstream");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:alma:linux:8::baseos");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:alma:linux:8::highavailability");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:alma:linux:8::nfv");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:alma:linux:8::powertools");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:alma:linux:8::realtime");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:alma:linux:8::resilientstorage");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:alma:linux:8::sap");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:alma:linux:8::sap_hana");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:alma:linux:8::supplementary");
  script_set_attribute(attribute:"generated_plugin", value:"current");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"Alma Linux Local Security Checks");

  script_copyright(english:"This script is Copyright (C) 2024 and is owned by Tenable, Inc. or an Affiliate thereof.");

  script_dependencies("ssh_get_info.nasl", "linux_alt_patch_detect.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/AlmaLinux/release", "Host/AlmaLinux/rpm-list", "Host/cpu");

  exit(0);
}


include('rpm.inc');
include('ksplice.inc');

if (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
var os_release = get_kb_item('Host/AlmaLinux/release');
if (isnull(os_release) || 'AlmaLinux' >!< os_release) audit(AUDIT_OS_NOT, 'AlmaLinux');
var os_ver = pregmatch(pattern: "AlmaLinux release ([0-9]+(\.[0-9]+)?)", string:os_release);
if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'AlmaLinux');
os_ver = os_ver[1];
if (! preg(pattern:"^8([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, 'AlmaLinux 8.x', 'AlmaLinux ' + os_ver);

if (!get_kb_item('Host/AlmaLinux/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);

var cpu = get_kb_item('Host/cpu');
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if ('x86_64' >!< cpu && cpu !~ "^i[3-6]86$" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'AlmaLinux', cpu);

if (get_one_kb_item('Host/ksplice/kernel-cves'))
{
  rm_kb_item(name:'Host/uptrack-uname-r');
  var cve_list = make_list('CVE-2023-4622', 'CVE-2023-42753');
  if (ksplice_cves_check(cve_list))
  {
    audit(AUDIT_PATCH_INSTALLED, 'KSplice hotfix for ALSA-2024:0089');
  }
  else
  {
    __rpm_report = ksplice_reporting_text();
  }
}
var pkgs = [
    {'reference':'kernel-4.18.0-513.5.1.el8_9', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE}
];

var flag = 0;
foreach var package_array ( pkgs ) {
  var reference = NULL;
  var _release = NULL;
  var sp = NULL;
  var _cpu = NULL;
  var el_string = NULL;
  var rpm_spec_vers_cmp = NULL;
  var epoch = NULL;
  var allowmaj = NULL;
  var exists_check = NULL;
  if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];
  if (!empty_or_null(package_array['release'])) _release = 'Alma-' + package_array['release'];
  if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];
  if (!empty_or_null(package_array['cpu'])) _cpu = package_array['cpu'];
  if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string'];
  if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];
  if (!empty_or_null(package_array['epoch'])) epoch = package_array['epoch'];
  if (!empty_or_null(package_array['allowmaj'])) allowmaj = package_array['allowmaj'];
  if (!empty_or_null(package_array['exists_check'])) exists_check = package_array['exists_check'];
  if (reference && _release && (!exists_check || rpm_exists(release:_release, rpm:exists_check))) {
    if (rpm_check(release:_release, sp:sp, cpu:_cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;
  }
}

if (flag)
{
  security_report_v4(
      port       : 0,
      severity   : SECURITY_WARNING,
      extra      : rpm_report_get()
  );
  exit(0);
}
else
{
  var tested = pkg_tests_get();
  if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
  else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'kernel');
}
VendorProductVersionCPE
almalinuxkernelp-cpe:/a:alma:linux:kernel
almalinux8cpe:/o:alma:linux:8
almalinux8cpe:/o:alma:linux:8::appstream
almalinux8cpe:/o:alma:linux:8::baseos
almalinux8cpe:/o:alma:linux:8::highavailability
almalinux8cpe:/o:alma:linux:8::nfv
almalinux8cpe:/o:alma:linux:8::powertools
almalinux8cpe:/o:alma:linux:8::realtime
almalinux8cpe:/o:alma:linux:8::resilientstorage
almalinux8cpe:/o:alma:linux:8::sap
Rows per page:
1-10 of 121

Related

redhat 17
nessus 87
oraclelinux 13
osv 18
openvas 22
cve 2
almalinux 1
ubuntucve 2
redhatcve 2
debiancve 2
rocky 1
centos 1
prion 2
cbl_mariner 4
cnvd 1
ibm 2
ubuntu 15
virtuozzo 2
photon 1
chrome 1
amazon 3
redhat
redhat
(RHSA-2024:0089) Important: kpatch-patch security update
2024-01-09 09:00:48
(RHSA-2024:0376) Important: kpatch-patch security update
2024-01-23 17:13:31
(RHSA-2024:0402) Important: kernel-rt security update
2024-01-24 14:40:12
nessus
nessus
RHEL 8 : kpatch-patch (RHSA-2024:0089)
2024-01-09 00:00:00
RHEL 8 : kpatch-patch (RHSA-2024:0376)
2024-01-25 00:00:00
Oracle Linux 8 : kernel (ELSA-2024-12069)
2024-01-11 00:00:00
oraclelinux
oraclelinux
kernel security update
2024-01-11 00:00:00
kernel security and bug fix update
2024-02-23 00:00:00
Unbreakable Enterprise kernel security update
2023-09-23 00:00:00
osv
osv
Important: kernel security update
2024-01-10 00:00:00
Important: kernel-rt security update
2024-01-12 19:57:11
Linux Kernel Race Condition leads to UAF in Unix Domain Socket and causes LPE in Android
2024-05-01 00:00:00
openvas
openvas
CentOS: Security Advisory for bpftool (CESA-2024:0346)
2024-03-05 00:00:00
Ubuntu: Security Advisory (USN-6415-1)
2023-10-05 00:00:00
Ubuntu: Security Advisory (USN-6441-2)
2023-10-24 00:00:00
cve
cve
CVE-2023-42753
2023-09-25 21:15:15
CVE-2023-4622
2023-09-06 14:15:12
almalinux
almalinux
Important: kernel security update
2024-01-10 00:00:00
ubuntucve
ubuntucve
CVE-2023-42753
2023-09-25 00:00:00
CVE-2023-4622
2023-09-06 00:00:00
redhatcve
redhatcve
CVE-2023-42753
2023-09-25 11:25:02
CVE-2023-4622
2023-09-06 18:35:41
debiancve
debiancve
CVE-2023-42753
2023-09-25 21:15:15
CVE-2023-4622
2023-09-06 14:15:12
rocky
rocky
kernel-rt security update
2024-01-12 19:57:11
centos
centos
bpftool, kernel, perf, python security update
2024-01-26 18:06:10
prion
prion
Buffer overflow
2023-09-25 21:15:00
Design/Logic Flaw
2023-09-06 14:15:00
cbl_mariner
cbl_mariner
CVE-2023-42753 affecting package hyperv-daemons for versions less than 5.15.133.1-1
2023-10-11 01:41:59
CVE-2023-42753 affecting package kernel for versions less than 5.15.135.1-2
2023-11-08 02:07:28
CVE-2023-4622 affecting package hyperv-daemons for versions less than 5.15.135.1-1
2023-11-08 02:07:28
cnvd
cnvd
Linux kernel elevation of privilege vulnerability (CNVD-2023-70080)
2023-09-11 00:00:00
ibm
ibm
Security Bulletin: Vulnerabilities in OpenSSL, Linux Kernel might affect IBM Storage Copy Data Management
2024-03-22 16:04:46
Security Bulletin: Multiple Linux Kernel vulnerabilities may affect IBM Storage Scale System
2024-04-04 11:02:32
ubuntu
ubuntu
Linux kernel (OEM) vulnerabilities
2023-10-04 00:00:00
Linux kernel vulnerabilities
2023-10-19 00:00:00
Linux kernel vulnerabilities
2023-10-30 00:00:00
virtuozzo
virtuozzo
[Important] [Security] Virtuozzo ReadyKernel Patch 162.0 for Virtuozzo Hybrid Server 7.5
2023-10-12 00:00:00
[Important] [Security] Virtuozzo ReadyKernel Patch 163.1 for Virtuozzo Hybrid Server 7.5
2023-11-07 00:00:00
photon
photon
Important Photon OS Security Update - PHSA-2023-3.0-0656
2023-09-27 00:00:00
chrome
chrome
Stable Channel Update for ChromeOS / ChromeOS Flex
2023-09-26 00:00:00
amazon
amazon
Important: kernel
2023-09-27 22:15:00
Important: kernel
2023-09-27 22:48:00
Important: kernel
2023-09-27 22:48:00

7.3 High

AI Score

Confidence

High

JSON
Related for ALMA_LINUX_ALSA-2024-0089.NASL
redhat17nessus87oraclelinux13osv18openvas22cve2almalinux1ubuntucve2redhatcve2debiancve2rocky1centos1prion2cbl_mariner4cnvd1ibm2ubuntu15virtuozzo2photon1chrome1amazon3