The remote Fedora 36 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2023-dad0295b25 advisory.
- When SMT is enabled, certain AMD processors may speculatively execute instructions using a target from the sibling thread after an SMT mode switch potentially resulting in information disclosure. (CVE-2022-27672)
Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.
{"id": "FEDORA_2023-DAD0295B25.NASL", "vendorId": null, "type": "nessus", "bulletinFamily": "scanner", "title": "Fedora 36 : xen (2023-dad0295b25)", "description": "The remote Fedora 36 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2023-dad0295b25 advisory.\n\n - When SMT is enabled, certain AMD processors may speculatively execute instructions using a target from the sibling thread after an SMT mode switch potentially resulting in information disclosure. (CVE-2022-27672)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "published": "2023-03-06T00:00:00", "modified": "2023-03-10T00:00:00", "cvss": {"score": 0.0, "vector": "NONE"}, "cvss2": {}, "cvss3": {"cvssV3": {"version": "3.1", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N", "attackVector": "LOCAL", "attackComplexity": "HIGH", "privilegesRequired": "LOW", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "availabilityImpact": "NONE", "baseScore": 4.7, "baseSeverity": "MEDIUM"}, "exploitabilityScore": 1.0, "impactScore": 3.6}, "href": "https://www.tenable.com/plugins/nessus/172112", "reporter": "This script is Copyright (C) 2023 and is owned by Tenable, Inc. or an Affiliate thereof.", "references": ["https://bodhi.fedoraproject.org/updates/FEDORA-2023-dad0295b25", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-27672"], "cvelist": ["CVE-2022-27672"], "immutableFields": [], "lastseen": "2023-03-15T06:40:13", "viewCount": 2, "enchantments": {"dependencies": {"references": [{"type": "amd", "idList": ["AMD-SB-1045"]}, {"type": "cve", "idList": ["CVE-2022-27672"]}, {"type": "debiancve", "idList": ["DEBIANCVE:CVE-2022-27672"]}, {"type": "fedora", "idList": ["FEDORA:08664304CB8B", "FEDORA:82921304C6F7"]}, {"type": "mageia", "idList": ["MGASA-2023-0087", "MGASA-2023-0088"]}, {"type": "nessus", "idList": ["FEDORA_2023-C69A2A8F8B.NASL", "SUSE_SU-2023-0692-1.NASL"]}, {"type": "redhatcve", "idList": ["RH:CVE-2022-27672"]}, {"type": "ubuntucve", "idList": ["UB:CVE-2022-27672"]}, {"type": "veracode", "idList": ["VERACODE:39398"]}, {"type": "xen", "idList": ["XSA-426"]}]}, "score": {"value": 0.2, "vector": "NONE"}, "epss": [{"cve": "CVE-2022-27672", "epss": "0.000430000", "percentile": "0.069220000", "modified": "2023-03-20"}], "vulnersScore": 0.2}, "_state": {"dependencies": 1678862440, "score": 1678862465, "epss": 1679361349}, "_internal": {"score_hash": "af8d0470c3228fabdcf038812cdb71fe"}, "pluginID": "172112", "sourceData": "#%NASL_MIN_LEVEL 80900\n##\n# (C) Tenable, Inc.\n##\n# The descriptive text and package checks in this plugin were\n# extracted from Fedora Security Advisory FEDORA-2023-dad0295b25\n#\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(172112);\n script_version(\"1.1\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/03/10\");\n\n script_cve_id(\"CVE-2022-27672\");\n script_xref(name:\"FEDORA\", value:\"2023-dad0295b25\");\n\n script_name(english:\"Fedora 36 : xen (2023-dad0295b25)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Fedora host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Fedora 36 host has a package installed that is affected by a vulnerability as referenced in the\nFEDORA-2023-dad0295b25 advisory.\n\n - When SMT is enabled, certain AMD processors may speculatively execute instructions using a target from the\n sibling thread after an SMT mode switch potentially resulting in information disclosure. (CVE-2022-27672)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bodhi.fedoraproject.org/updates/FEDORA-2023-dad0295b25\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected xen package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:H/Au:S/C:C/I:N/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2022-27672\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2023/02/15\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2023/02/18\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2023/03/06\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:36\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:xen\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Fedora Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude('rpm.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar os_release = get_kb_item('Host/RedHat/release');\nif (isnull(os_release) || 'Fedora' >!< os_release) audit(AUDIT_OS_NOT, 'Fedora');\nvar os_ver = pregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:os_release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'Fedora');\nos_ver = os_ver[1];\nif (! preg(pattern:\"^36([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, 'Fedora 36', 'Fedora ' + os_ver);\n\nif (!get_kb_item('Host/RedHat/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Fedora', cpu);\n\nvar pkgs = [\n {'reference':'xen-4.16.3-3.fc36', 'release':'FC36', 'rpm_spec_vers_cmp':TRUE}\n];\n\nvar flag = 0;\nforeach package_array ( pkgs ) {\n var reference = NULL;\n var _release = NULL;\n var sp = NULL;\n var _cpu = NULL;\n var el_string = NULL;\n var rpm_spec_vers_cmp = NULL;\n var epoch = NULL;\n var allowmaj = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) _release = package_array['release'];\n if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) _cpu = package_array['cpu'];\n if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (!empty_or_null(package_array['epoch'])) epoch = package_array['epoch'];\n if (!empty_or_null(package_array['allowmaj'])) allowmaj = package_array['allowmaj'];\n if (reference && _release) {\n if (rpm_check(release:_release, sp:sp, cpu:_cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_NOTE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'xen');\n}\n", "naslFamily": "Fedora Local Security Checks", "cpe": ["p-cpe:2.3:a:fedoraproject:fedora:xen:*:*:*:*:*:*:*", "cpe:2.3:o:fedoraproject:fedora:36:*:*:*:*:*:*:*"], "solution": "Update the affected xen package.", "nessusSeverity": "Low", "cvssScoreSource": "CVE-2022-27672", "vendor_cvss2": {"score": 3.8, "vector": "CVSS2#AV:L/AC:H/Au:S/C:C/I:N/A:N"}, "vendor_cvss3": {"score": 4.7, "vector": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N"}, "vpr": {"risk factor": "Medium", "score": "4.4"}, "exploitAvailable": false, "exploitEase": "No known exploits are available", "patchPublicationDate": "2023-02-18T00:00:00", "vulnerabilityPublicationDate": "2023-02-15T00:00:00", "exploitableWith": []}
{"amd": [{"lastseen": "2023-03-17T18:24:54", "description": "### Summary \n\nAMD internally discovered a potential vulnerability where certain AMD processors may speculatively execute instructions at an incorrect return site after an SMT mode switch that may potentially lead to information disclosure. AMD believes that due to existing mitigations applied to address other speculation-based issues, theoretical avenues for potential exploit of CVE-2022-27672** **may be limited only to select virtualization environments where a virtual machine is given special privileges. As of this notice, AMD is not aware of any actual real-world exploits based on this behavior.\n\nCVE-2022-27672\n\nWhen SMT is enabled, certain AMD processors may speculatively execute instructions using a target from the sibling thread after an SMT mode switch potentially resulting in information disclosure.\n\n### Affected Products \n\n_Desktop_\n\nAMD Athlon\u2122 X4 Processor\n\nAMD Ryzen\u2122 Threadripper\u2122 PRO Processor\n\n2nd Gen AMD Ryzen\u2122 Threadripper\u2122 Processors\n\n3rd Gen AMD Ryzen\u2122 Threadripper\u2122 Processors\n\n7th Generation AMD A-Series APUs\n\nAMD Ryzen\u2122 2000 Series Desktop Processors\n\nAMD Ryzen\u2122 3000 Series Desktop Processors\n\nAMD Ryzen\u2122 4000 Series Desktop Processors with Radeon\u2122 Graphics\n\n_Mobile_\n\nAMD Ryzen\u2122 2000 Series Mobile Processor \n\nAMD Athlon\u2122 3000 Series Mobile Processors with Radeon\u2122 Graphics \n\nAMD Ryzen\u2122 3000 Series Mobile Processors or 2nd Gen AMD Ryzen\u2122 Mobile processors with Radeon\u2122 Graphics\n\nAMD Ryzen\u2122 4000 Series Mobile processors with Radeon\u2122 Graphics\n\nAMD Ryzen\u2122 5000 Series Mobile Processors with Radeon\u2122 Graphics\n\n_Chromebook_\n\nAMD Athlon\u2122 Mobile Processors with Radeon\u2122 Graphics \n\n_Server_\n\n1st Gen AMD EPYC\u2122 Processors\n\n2nd Gen AMD EPYC\u2122 Processors\n\n### Mitigation\n\nMitigations may be specific to a respective OS/Hypervisor solution. Not all Hypervisor or OS vendors may be impacted. If applicable, an OS update to address this CVE may be available. AMD recommends that you contact your OS partners for details.\n\nAMD recommends OS/Hypervisor developers review code paths that can result in a processor entering an idle state (e.g., HLT/MWAIT/IO C-state). If required, AMD recommends developers to consider the following mitigations:\n\n 1. Fill the RAP prior to entering the idle state\n\nBefore entering the idle processor state, software can execute a sequence of 32 CALL instructions with non-0 displacement to fill the RAP with \u2018safe\u2019 speculation targets. \n\n 2. Prevent unprivileged transitions to idle state\n\nHVs can prevent guest VMs from directly entering processor idle states by intercepting the HLT, MWAIT, and IN instructions. See APM Volume 2 [1] appendix B for details.\n\n[Refer to Glossary for explanation of terms](<https://www.amd.com/system/files/documents/glossary-of-terms.pdf>)\n", "cvss3": {"exploitabilityScore": 1.0, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "baseScore": 4.7, "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2023-02-14T00:00:00", "type": "amd", "title": "Cross-Thread Return Address Predictions", "bulletinFamily": "info", "cvss2": {}, "cvelist": ["CVE-2022-27672"], "modified": "2023-02-14T00:00:00", "id": "AMD-SB-1045", "href": "https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1045", "cvss": {"score": 0.0, "vector": "NONE"}}], "veracode": [{"lastseen": "2023-03-12T06:39:34", "description": "xen is vulnerable to Information Disclosure. AMD processors may speculatively execute instruction from a sibling thread after a SMT mode switch leading to information disclosure.\n", "cvss3": {"exploitabilityScore": 1.0, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "baseScore": 4.7, "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2023-02-24T07:35:49", "type": "veracode", "title": "Information Disclosure", "bulletinFamily": "software", "cvss2": {}, "cvelist": ["CVE-2022-27672"], "modified": "2023-03-10T06:44:39", "id": "VERACODE:39398", "href": "https://sca.analysiscenter.veracode.com/vulnerability-database/security/1/1/sid-39398/summary", "cvss": {"score": 0.0, "vector": "NONE"}}], "nessus": [{"lastseen": "2023-03-15T04:39:54", "description": "The remote SUSE Linux SLED15 / SLES15 / openSUSE 15 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2023:0692-1 advisory.\n\n - When SMT is enabled, certain AMD processors may speculatively execute instructions using a target from the sibling thread after an SMT mode switch potentially resulting in information disclosure. (CVE-2022-27672)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {"exploitabilityScore": 1.0, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "baseScore": 4.7, "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2023-03-10T00:00:00", "type": "nessus", "title": "SUSE SLED15 / SLES15 / openSUSE 15 Security Update : xen (SUSE-SU-2023:0692-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2022-27672"], "modified": "2023-03-10T00:00:00", "cpe": ["cpe:2.3:o:novell:suse_linux:15:*:*:*:*:*:*:*", "p-cpe:2.3:a:novell:suse_linux:xen:*:*:*:*:*:*:*", "p-cpe:2.3:a:novell:suse_linux:xen-libs:*:*:*:*:*:*:*", "p-cpe:2.3:a:novell:suse_linux:xen-tools:*:*:*:*:*:*:*", "p-cpe:2.3:a:novell:suse_linux:xen-tools-domu:*:*:*:*:*:*:*", "p-cpe:2.3:a:novell:suse_linux:xen-devel:*:*:*:*:*:*:*", "p-cpe:2.3:a:novell:suse_linux:xen-tools-xendomains-wait-disk:*:*:*:*:*:*:*"], "id": "SUSE_SU-2023-0692-1.NASL", "href": "https://www.tenable.com/plugins/nessus/172407", "sourceData": "#%NASL_MIN_LEVEL 80900\n##\n# (C) Tenable, Inc.\n#\n# The package checks in this plugin were extracted from\n# SUSE update advisory SUSE-SU-2023:0692-1. The text itself\n# is copyright (C) SUSE.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(172407);\n script_version(\"1.0\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/03/10\");\n\n script_cve_id(\"CVE-2022-27672\");\n script_xref(name:\"SuSE\", value:\"SUSE-SU-2023:0692-1\");\n\n script_name(english:\"SUSE SLED15 / SLES15 / openSUSE 15 Security Update : xen (SUSE-SU-2023:0692-1)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote SUSE host is missing a security update.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote SUSE Linux SLED15 / SLES15 / openSUSE 15 host has packages installed that are affected by a vulnerability as\nreferenced in the SUSE-SU-2023:0692-1 advisory.\n\n - When SMT is enabled, certain AMD processors may speculatively execute instructions using a target from the\n sibling thread after an SMT mode switch potentially resulting in information disclosure. (CVE-2022-27672)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1027519\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1205792\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1208286\");\n # https://lists.suse.com/pipermail/sle-security-updates/2023-March/014011.html\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?40ce2970\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-27672\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:H/Au:S/C:C/I:N/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2022-27672\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2023/02/15\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2023/03/09\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2023/03/10\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:xen\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:xen-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:xen-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:xen-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:xen-tools-domU\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:xen-tools-xendomains-wait-disk\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:15\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"SuSE Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude('rpm.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar os_release = get_kb_item(\"Host/SuSE/release\");\nif (isnull(os_release) || os_release !~ \"^(SLED|SLES|SUSE)\") audit(AUDIT_OS_NOT, \"SUSE / openSUSE\");\nvar os_ver = pregmatch(pattern: \"^(SLE(S|D)\\d+|SUSE([\\d.]+))\", string:os_release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'SUSE / openSUSE');\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLED15|SLES15|SUSE15\\.4)$\", string:os_ver)) audit(AUDIT_OS_NOT, 'SUSE SLED15 / SLES15 / openSUSE 15', 'SUSE / openSUSE (' + os_ver + ')');\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'SUSE / openSUSE (' + os_ver + ')', cpu);\n\nvar service_pack = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(service_pack)) service_pack = \"0\";\nif (os_ver == \"SLED15\" && (! preg(pattern:\"^(4)$\", string:service_pack))) audit(AUDIT_OS_NOT, \"SLED15 SP4\", os_ver + \" SP\" + service_pack);\nif (os_ver == \"SLES15\" && (! preg(pattern:\"^(4)$\", string:service_pack))) audit(AUDIT_OS_NOT, \"SLES15 SP4\", os_ver + \" SP\" + service_pack);\n\nvar pkgs = [\n {'reference':'xen-4.16.3_04-150400.4.22.1', 'sp':'4', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.4', 'SLE_HPC-release-15.4', 'sle-module-server-applications-release-15.4', 'sles-release-15.4']},\n {'reference':'xen-devel-4.16.3_04-150400.4.22.1', 'sp':'4', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.4', 'SLE_HPC-release-15.4', 'sle-module-server-applications-release-15.4', 'sles-release-15.4']},\n {'reference':'xen-libs-4.16.3_04-150400.4.22.1', 'sp':'4', 'cpu':'x86_64', 'release':'SLED15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.4', 'SLE_HPC-release-15.4', 'sle-module-basesystem-release-15.4', 'sled-release-15.4', 'sles-release-15.4']},\n {'reference':'xen-libs-4.16.3_04-150400.4.22.1', 'sp':'4', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.4', 'SLE_HPC-release-15.4', 'sle-module-basesystem-release-15.4', 'sled-release-15.4', 'sles-release-15.4']},\n {'reference':'xen-tools-4.16.3_04-150400.4.22.1', 'sp':'4', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.4', 'SLE_HPC-release-15.4', 'sle-module-server-applications-release-15.4', 'sles-release-15.4']},\n {'reference':'xen-tools-domU-4.16.3_04-150400.4.22.1', 'sp':'4', 'cpu':'x86_64', 'release':'SLED15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.4', 'SLE_HPC-release-15.4', 'sle-module-basesystem-release-15.4', 'sled-release-15.4', 'sles-release-15.4']},\n {'reference':'xen-tools-domU-4.16.3_04-150400.4.22.1', 'sp':'4', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.4', 'SLE_HPC-release-15.4', 'sle-module-basesystem-release-15.4', 'sled-release-15.4', 'sles-release-15.4']},\n {'reference':'xen-tools-xendomains-wait-disk-4.16.3_04-150400.4.22.1', 'sp':'4', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.4', 'SLE_HPC-release-15.4', 'sle-module-server-applications-release-15.4', 'sles-release-15.4']},\n {'reference':'xen-4.16.3_04-150400.4.22.1', 'cpu':'aarch64', 'release':'SUSE15.4', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['openSUSE-release-15.4']},\n {'reference':'xen-4.16.3_04-150400.4.22.1', 'cpu':'x86_64', 'release':'SUSE15.4', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['openSUSE-release-15.4']},\n {'reference':'xen-devel-4.16.3_04-150400.4.22.1', 'cpu':'aarch64', 'release':'SUSE15.4', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['openSUSE-release-15.4']},\n {'reference':'xen-devel-4.16.3_04-150400.4.22.1', 'cpu':'x86_64', 'release':'SUSE15.4', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['openSUSE-release-15.4']},\n {'reference':'xen-doc-html-4.16.3_04-150400.4.22.1', 'cpu':'aarch64', 'release':'SUSE15.4', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['openSUSE-release-15.4']},\n {'reference':'xen-doc-html-4.16.3_04-150400.4.22.1', 'cpu':'x86_64', 'release':'SUSE15.4', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['openSUSE-release-15.4']},\n {'reference':'xen-libs-32bit-4.16.3_04-150400.4.22.1', 'cpu':'x86_64', 'release':'SUSE15.4', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['openSUSE-release-15.4']},\n {'reference':'xen-libs-4.16.3_04-150400.4.22.1', 'cpu':'aarch64', 'release':'SUSE15.4', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['openSUSE-release-15.4']},\n {'reference':'xen-libs-4.16.3_04-150400.4.22.1', 'cpu':'x86_64', 'release':'SUSE15.4', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['openSUSE-release-15.4']},\n {'reference':'xen-tools-4.16.3_04-150400.4.22.1', 'cpu':'aarch64', 'release':'SUSE15.4', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['openSUSE-release-15.4']},\n {'reference':'xen-tools-4.16.3_04-150400.4.22.1', 'cpu':'x86_64', 'release':'SUSE15.4', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['openSUSE-release-15.4']},\n {'reference':'xen-tools-domU-4.16.3_04-150400.4.22.1', 'cpu':'aarch64', 'release':'SUSE15.4', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['openSUSE-release-15.4']},\n {'reference':'xen-tools-domU-4.16.3_04-150400.4.22.1', 'cpu':'x86_64', 'release':'SUSE15.4', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['openSUSE-release-15.4']},\n {'reference':'xen-tools-xendomains-wait-disk-4.16.3_04-150400.4.22.1', 'release':'SUSE15.4', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['openSUSE-release-15.4']}\n];\n\nvar ltss_caveat_required = FALSE;\nvar flag = 0;\nforeach var package_array ( pkgs ) {\n var reference = NULL;\n var _release = NULL;\n var sp = NULL;\n var _cpu = NULL;\n var exists_check = NULL;\n var rpm_spec_vers_cmp = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) _release = package_array['release'];\n if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) _cpu = package_array['cpu'];\n if (!empty_or_null(package_array['exists_check'])) exists_check = package_array['exists_check'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (reference && _release) {\n if (exists_check) {\n var check_flag = 0;\n foreach var check (exists_check) {\n if (!rpm_exists(release:_release, rpm:check)) continue;\n check_flag++;\n }\n if (!check_flag) continue;\n }\n if (rpm_check(release:_release, sp:sp, cpu:_cpu, reference:reference, rpm_spec_vers_cmp:rpm_spec_vers_cmp)) flag++;\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_NOTE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'xen / xen-devel / xen-doc-html / xen-libs / xen-libs-32bit / xen-tools / etc');\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-03-25T10:58:46", "description": "The remote Fedora 37 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2023-c69a2a8f8b advisory.\n\n - When SMT is enabled, certain AMD processors may speculatively execute instructions using a target from the sibling thread after an SMT mode switch potentially resulting in information disclosure. (CVE-2022-27672)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {"exploitabilityScore": 1.0, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "baseScore": 4.7, "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2023-02-20T00:00:00", "type": "nessus", "title": "Fedora 37 : xen (2023-c69a2a8f8b)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2022-27672"], "modified": "2023-03-21T00:00:00", "cpe": ["p-cpe:2.3:a:fedoraproject:fedora:xen:*:*:*:*:*:*:*", "cpe:2.3:o:fedoraproject:fedora:37:*:*:*:*:*:*:*"], "id": "FEDORA_2023-C69A2A8F8B.NASL", "href": "https://www.tenable.com/plugins/nessus/171639", "sourceData": "#%NASL_MIN_LEVEL 80900\n##\n# (C) Tenable, Inc.\n##\n# The descriptive text and package checks in this plugin were\n# extracted from Fedora Security Advisory FEDORA-2023-c69a2a8f8b\n#\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(171639);\n script_version(\"1.3\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/03/21\");\n\n script_cve_id(\"CVE-2022-27672\");\n script_xref(name:\"FEDORA\", value:\"2023-c69a2a8f8b\");\n\n script_name(english:\"Fedora 37 : xen (2023-c69a2a8f8b)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Fedora host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Fedora 37 host has a package installed that is affected by a vulnerability as referenced in the\nFEDORA-2023-c69a2a8f8b advisory.\n\n - When SMT is enabled, certain AMD processors may speculatively execute instructions using a target from the\n sibling thread after an SMT mode switch potentially resulting in information disclosure. (CVE-2022-27672)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bodhi.fedoraproject.org/updates/FEDORA-2023-c69a2a8f8b\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected xen package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:H/Au:S/C:C/I:N/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2022-27672\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2023/02/15\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2023/02/15\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2023/02/20\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:37\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:xen\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Fedora Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude('rpm.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar os_release = get_kb_item('Host/RedHat/release');\nif (isnull(os_release) || 'Fedora' >!< os_release) audit(AUDIT_OS_NOT, 'Fedora');\nvar os_ver = pregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:os_release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'Fedora');\nos_ver = os_ver[1];\nif (! preg(pattern:\"^37([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, 'Fedora 37', 'Fedora ' + os_ver);\n\nif (!get_kb_item('Host/RedHat/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Fedora', cpu);\n\nvar pkgs = [\n {'reference':'xen-4.16.3-2.fc37', 'release':'FC37', 'rpm_spec_vers_cmp':TRUE}\n];\n\nvar flag = 0;\nforeach package_array ( pkgs ) {\n var reference = NULL;\n var _release = NULL;\n var sp = NULL;\n var _cpu = NULL;\n var el_string = NULL;\n var rpm_spec_vers_cmp = NULL;\n var epoch = NULL;\n var allowmaj = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) _release = package_array['release'];\n if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) _cpu = package_array['cpu'];\n if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (!empty_or_null(package_array['epoch'])) epoch = package_array['epoch'];\n if (!empty_or_null(package_array['allowmaj'])) allowmaj = package_array['allowmaj'];\n if (reference && _release) {\n if (rpm_check(release:_release, sp:sp, cpu:_cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_NOTE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'xen');\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-03-25T08:23:22", "description": "It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2023-132 advisory.\n\n - When SMT is enabled, certain AMD processors may speculatively execute instructions using a target from the sibling thread after an SMT mode switch potentially resulting in information disclosure. (CVE-2022-27672)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {"exploitabilityScore": 1.0, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "baseScore": 4.7, "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2023-03-21T00:00:00", "type": "nessus", "title": "Amazon Linux 2023 : bpftool, kernel, kernel-devel (ALAS2023-2023-132)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2022-27672", "CVE-2023-1078"], "modified": "2023-03-21T00:00:00", "cpe": ["p-cpe:2.3:a:amazon:linux:kernel:*:*:*:*:*:*:*", "p-cpe:2.3:a:amazon:linux:kernel-debuginfo:*:*:*:*:*:*:*", "p-cpe:2.3:a:amazon:linux:kernel-debuginfo-common-x86_64:*:*:*:*:*:*:*", "p-cpe:2.3:a:amazon:linux:kernel-devel:*:*:*:*:*:*:*", "p-cpe:2.3:a:amazon:linux:kernel-headers:*:*:*:*:*:*:*", "p-cpe:2.3:a:amazon:linux:kernel-tools:*:*:*:*:*:*:*", "p-cpe:2.3:a:amazon:linux:kernel-tools-debuginfo:*:*:*:*:*:*:*", "p-cpe:2.3:a:amazon:linux:kernel-tools-devel:*:*:*:*:*:*:*", "p-cpe:2.3:a:amazon:linux:perf:*:*:*:*:*:*:*", "p-cpe:2.3:a:amazon:linux:perf-debuginfo:*:*:*:*:*:*:*", "p-cpe:2.3:a:amazon:linux:kernel-debuginfo-common-aarch64:*:*:*:*:*:*:*", "p-cpe:2.3:a:amazon:linux:bpftool:*:*:*:*:*:*:*", "p-cpe:2.3:a:amazon:linux:bpftool-debuginfo:*:*:*:*:*:*:*", "p-cpe:2.3:a:amazon:linux:python3-perf:*:*:*:*:*:*:*", "p-cpe:2.3:a:amazon:linux:python3-perf-debuginfo:*:*:*:*:*:*:*", "p-cpe:2.3:a:amazon:linux:kernel-libbpf:*:*:*:*:*:*:*", "p-cpe:2.3:a:amazon:linux:kernel-libbpf-devel:*:*:*:*:*:*:*", "p-cpe:2.3:a:amazon:linux:kernel-libbpf-static:*:*:*:*:*:*:*", "cpe:2.3:o:amazon:linux:2023:*:*:*:*:*:*:*", "p-cpe:2.3:a:amazon:linux:kernel-livepatch-6.1.12-17.42:*:*:*:*:*:*:*"], "id": "AL2023_ALAS2023-2023-132.NASL", "href": "https://www.tenable.com/plugins/nessus/173140", "sourceData": "#%NASL_MIN_LEVEL 80900\n##\n# (C) Tenable, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Amazon Linux 2023 Security Advisory ALAS2023-2023-132.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(173140);\n script_version(\"1.0\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/03/21\");\n\n script_cve_id(\"CVE-2022-27672\", \"CVE-2023-1078\");\n\n script_name(english:\"Amazon Linux 2023 : bpftool, kernel, kernel-devel (ALAS2023-2023-132)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Amazon Linux 2023 host is missing a security update.\");\n script_set_attribute(attribute:\"description\", value:\n\"It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2023-132 advisory.\n\n - When SMT is enabled, certain AMD processors may speculatively execute instructions using a target from the\n sibling thread after an SMT mode switch potentially resulting in information disclosure. (CVE-2022-27672)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://alas.aws.amazon.com/AL2023/ALAS-2023-132.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://alas.aws.amazon.com/cve/html/CVE-2022-27672.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://alas.aws.amazon.com/cve/html/CVE-2023-1078.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://alas.aws.amazon.com/faqs.html\");\n script_set_attribute(attribute:\"solution\", value:\n\"Run 'dnf update kernel --releasever=2023.0.20230315' to update your system.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:H/Au:S/C:C/I:N/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2022-27672\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2023/02/15\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2023/03/11\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2023/03/21\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:bpftool\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:bpftool-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:kernel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:kernel-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:kernel-debuginfo-common-aarch64\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:kernel-debuginfo-common-x86_64\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:kernel-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:kernel-headers\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:kernel-libbpf\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:kernel-libbpf-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:kernel-libbpf-static\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:kernel-livepatch-6.1.12-17.42\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:kernel-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:kernel-tools-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:kernel-tools-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:perf\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:perf-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:python3-perf\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:python3-perf-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:amazon:linux:2023\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Amazon Linux Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"kpatch.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/AmazonLinux/release\", \"Host/AmazonLinux/rpm-list\");\n\n exit(0);\n}\n\ninclude(\"rpm.inc\");\ninclude(\"hotfixes.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nvar alas_release = get_kb_item(\"Host/AmazonLinux/release\");\nif (isnull(alas_release) || !strlen(alas_release)) audit(AUDIT_OS_NOT, \"Amazon Linux\");\nvar os_ver = pregmatch(pattern: \"^AL(A|\\d+|-\\d+)\", string:alas_release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Amazon Linux\");\nos_ver = os_ver[1];\nif (os_ver != \"-2023\")\n{\n if (os_ver == 'A') os_ver = 'AMI';\n audit(AUDIT_OS_NOT, \"Amazon Linux 2023\", \"Amazon Linux \" + os_ver);\n}\n\nif (!get_kb_item(\"Host/AmazonLinux/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nif (get_one_kb_item(\"Host/kpatch/kernel-cves\"))\n{\n set_hotfix_type(\"kpatch\");\n var cve_list = make_list(\"CVE-2022-27672\", \"CVE-2023-1078\");\n if (hotfix_cves_check(cve_list))\n {\n audit(AUDIT_PATCH_INSTALLED, \"kpatch hotfix for ALAS2023-2023-132\");\n }\n else\n {\n __rpm_report = hotfix_reporting_text();\n }\n}\nvar pkgs = [\n {'reference':'bpftool-6.1.12-17.42.amzn2023', 'cpu':'aarch64', 'release':'AL-2023', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'bpftool-6.1.12-17.42.amzn2023', 'cpu':'x86_64', 'release':'AL-2023', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'bpftool-debuginfo-6.1.12-17.42.amzn2023', 'cpu':'aarch64', 'release':'AL-2023', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'bpftool-debuginfo-6.1.12-17.42.amzn2023', 'cpu':'x86_64', 'release':'AL-2023', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-6.1.12-17.42.amzn2023', 'cpu':'aarch64', 'release':'AL-2023', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-6.1.12-17.42.amzn2023', 'cpu':'x86_64', 'release':'AL-2023', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-debuginfo-6.1.12-17.42.amzn2023', 'cpu':'aarch64', 'release':'AL-2023', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-debuginfo-6.1.12-17.42.amzn2023', 'cpu':'x86_64', 'release':'AL-2023', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-debuginfo-common-aarch64-6.1.12-17.42.amzn2023', 'cpu':'aarch64', 'release':'AL-2023', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-debuginfo-common-x86_64-6.1.12-17.42.amzn2023', 'cpu':'x86_64', 'release':'AL-2023', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-devel-6.1.12-17.42.amzn2023', 'cpu':'aarch64', 'release':'AL-2023', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-devel-6.1.12-17.42.amzn2023', 'cpu':'x86_64', 'release':'AL-2023', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-headers-6.1.12-17.42.amzn2023', 'cpu':'aarch64', 'release':'AL-2023', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-headers-6.1.12-17.42.amzn2023', 'cpu':'i686', 'release':'AL-2023', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-headers-6.1.12-17.42.amzn2023', 'cpu':'x86_64', 'release':'AL-2023', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-libbpf-6.1.12-17.42.amzn2023', 'cpu':'aarch64', 'release':'AL-2023', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-libbpf-6.1.12-17.42.amzn2023', 'cpu':'x86_64', 'release':'AL-2023', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-libbpf-devel-6.1.12-17.42.amzn2023', 'cpu':'aarch64', 'release':'AL-2023', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-libbpf-devel-6.1.12-17.42.amzn2023', 'cpu':'x86_64', 'release':'AL-2023', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-libbpf-static-6.1.12-17.42.amzn2023', 'cpu':'aarch64', 'release':'AL-2023', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-libbpf-static-6.1.12-17.42.amzn2023', 'cpu':'x86_64', 'release':'AL-2023', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-livepatch-6.1.12-17.42-1.0-0.amzn2023', 'cpu':'aarch64', 'release':'AL-2023', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-livepatch-6.1.12-17.42-1.0-0.amzn2023', 'cpu':'x86_64', 'release':'AL-2023', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-tools-6.1.12-17.42.amzn2023', 'cpu':'aarch64', 'release':'AL-2023', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-tools-6.1.12-17.42.amzn2023', 'cpu':'x86_64', 'release':'AL-2023', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-tools-debuginfo-6.1.12-17.42.amzn2023', 'cpu':'aarch64', 'release':'AL-2023', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-tools-debuginfo-6.1.12-17.42.amzn2023', 'cpu':'x86_64', 'release':'AL-2023', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-tools-devel-6.1.12-17.42.amzn2023', 'cpu':'aarch64', 'release':'AL-2023', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-tools-devel-6.1.12-17.42.amzn2023', 'cpu':'x86_64', 'release':'AL-2023', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'perf-6.1.12-17.42.amzn2023', 'cpu':'aarch64', 'release':'AL-2023', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'perf-6.1.12-17.42.amzn2023', 'cpu':'x86_64', 'release':'AL-2023', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'perf-debuginfo-6.1.12-17.42.amzn2023', 'cpu':'aarch64', 'release':'AL-2023', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'perf-debuginfo-6.1.12-17.42.amzn2023', 'cpu':'x86_64', 'release':'AL-2023', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'python3-perf-6.1.12-17.42.amzn2023', 'cpu':'aarch64', 'release':'AL-2023', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'python3-perf-6.1.12-17.42.amzn2023', 'cpu':'x86_64', 'release':'AL-2023', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'python3-perf-debuginfo-6.1.12-17.42.amzn2023', 'cpu':'aarch64', 'release':'AL-2023', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'python3-perf-debuginfo-6.1.12-17.42.amzn2023', 'cpu':'x86_64', 'release':'AL-2023', 'rpm_spec_vers_cmp':TRUE}\n];\n\nvar flag = 0;\nforeach var package_array ( pkgs ) {\n var reference = NULL;\n var _release = NULL;\n var sp = NULL;\n var _cpu = NULL;\n var el_string = NULL;\n var rpm_spec_vers_cmp = NULL;\n var epoch = NULL;\n var allowmaj = NULL;\n var exists_check = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) _release = package_array['release'];\n if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) _cpu = package_array['cpu'];\n if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (!empty_or_null(package_array['epoch'])) epoch = package_array['epoch'];\n if (!empty_or_null(package_array['allowmaj'])) allowmaj = package_array['allowmaj'];\n if (!empty_or_null(package_array['exists_check'])) exists_check = package_array['exists_check'];\n if (reference && _release && (!exists_check || rpm_exists(release:_release, rpm:exists_check))) {\n if (rpm_check(release:_release, sp:sp, cpu:_cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_NOTE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"bpftool / bpftool-debuginfo / kernel / etc\");\n}", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-03-25T03:08:52", "description": "The version of kernel installed on the remote host is prior to 5.15.102-61.139. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2KERNEL-5.15-2023-015 advisory.\n\n - A regression exists in the Linux Kernel within KVM: nVMX that allowed for speculative execution attacks.\n L2 can carry out Spectre v2 attacks on L1 due to L1 thinking it doesn't need retpolines or IBPB after running L2 due to KVM (L0) advertising eIBRS support to L1. An attacker at L2 with code execution can execute code on an indirect branch on the host machine. We recommend upgrading to Kernel 6.2 or past commit 2e7eab81425a (CVE-2022-2196)\n\n - When SMT is enabled, certain AMD processors may speculatively execute instructions using a target from the sibling thread after an SMT mode switch potentially resulting in information disclosure. (CVE-2022-27672)\n\n - In the Linux kernel before 6.1.13, there is a double free in net/mpls/af_mpls.c upon an allocation failure (for registering the sysctl table under a new location) during the renaming of a device. (CVE-2023-26545)\n\n - A regression exists in the Linux Kernel within KVM: nVMX that allowed for speculative execution attacks.\n L2 can carry out Spectre v2 attacks on L1 due to L1 thinking it doesn't need retpolines or IBPB after running L2 due to KVM (L0) advertising eIBRS support to L1. An attacker at L2 with code execution can execute code on an indirect branch on the host machine. We recommend upgrading to Kernel 6.2 or past commit 2e7eab81425a (CVE-2022-2196) (CVE-2023-1078)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {"exploitabilityScore": 2.0, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 6.0}, "published": "2023-03-22T00:00:00", "type": "nessus", "title": "Amazon Linux 2 : kernel (ALASKERNEL-5.15-2023-015)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2022-2196", "CVE-2022-27672", "CVE-2023-1077", "CVE-2023-1078", "CVE-2023-26545"], "modified": "2023-03-22T00:00:00", "cpe": ["p-cpe:/a:amazon:linux:bpftool", "p-cpe:/a:amazon:linux:bpftool-debuginfo", "p-cpe:/a:amazon:linux:kernel", "p-cpe:/a:amazon:linux:kernel-debuginfo", "p-cpe:/a:amazon:linux:kernel-debuginfo-common-aarch64", "p-cpe:/a:amazon:linux:kernel-debuginfo-common-x86_64", "p-cpe:/a:amazon:linux:kernel-devel", "p-cpe:/a:amazon:linux:kernel-headers", "p-cpe:/a:amazon:linux:kernel-livepatch-5.15.102-61.139", "p-cpe:/a:amazon:linux:kernel-tools", "p-cpe:/a:amazon:linux:kernel-tools-debuginfo", "p-cpe:/a:amazon:linux:kernel-tools-devel", "p-cpe:/a:amazon:linux:perf", "p-cpe:/a:amazon:linux:perf-debuginfo", "p-cpe:/a:amazon:linux:python-perf", "p-cpe:/a:amazon:linux:python-perf-debuginfo", "cpe:/o:amazon:linux:2"], "id": "AL2_ALASKERNEL-5_15-2023-015.NASL", "href": "https://www.tenable.com/plugins/nessus/173235", "sourceData": "#%NASL_MIN_LEVEL 80900\n##\n# (C) Tenable, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Amazon Linux 2 Security Advisory ALASKERNEL-5.15-2023-015.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(173235);\n script_version(\"1.0\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/03/22\");\n\n script_cve_id(\n \"CVE-2022-2196\",\n \"CVE-2022-27672\",\n \"CVE-2023-1077\",\n \"CVE-2023-1078\",\n \"CVE-2023-26545\"\n );\n\n script_name(english:\"Amazon Linux 2 : kernel (ALASKERNEL-5.15-2023-015)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Amazon Linux 2 host is missing a security update.\");\n script_set_attribute(attribute:\"description\", value:\n\"The version of kernel installed on the remote host is prior to 5.15.102-61.139. It is, therefore, affected by multiple\nvulnerabilities as referenced in the ALAS2KERNEL-5.15-2023-015 advisory.\n\n - A regression exists in the Linux Kernel within KVM: nVMX that allowed for speculative execution attacks.\n L2 can carry out Spectre v2 attacks on L1 due to L1 thinking it doesn't need retpolines or IBPB after\n running L2 due to KVM (L0) advertising eIBRS support to L1. An attacker at L2 with code execution can\n execute code on an indirect branch on the host machine. We recommend upgrading to Kernel 6.2 or past\n commit 2e7eab81425a (CVE-2022-2196)\n\n - When SMT is enabled, certain AMD processors may speculatively execute instructions using a target from the\n sibling thread after an SMT mode switch potentially resulting in information disclosure. (CVE-2022-27672)\n\n - In the Linux kernel before 6.1.13, there is a double free in net/mpls/af_mpls.c upon an allocation failure\n (for registering the sysctl table under a new location) during the renaming of a device. (CVE-2023-26545)\n\n - A regression exists in the Linux Kernel within KVM: nVMX that allowed for speculative execution attacks.\n L2 can carry out Spectre v2 attacks on L1 due to L1 thinking it doesn't need retpolines or IBPB after\n running L2 due to KVM (L0) advertising eIBRS support to L1. An attacker at L2 with code execution can\n execute code on an indirect branch on the host machine. We recommend upgrading to Kernel 6.2 or past\n commit 2e7eab81425a (CVE-2022-2196) (CVE-2023-1078)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://alas.aws.amazon.com/AL2/ALASKERNEL-5.15-2023-015.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://alas.aws.amazon.com/cve/html/CVE-2022-2196.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://alas.aws.amazon.com/cve/html/CVE-2022-27672.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://alas.aws.amazon.com/cve/html/CVE-2023-1077.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://alas.aws.amazon.com/cve/html/CVE-2023-1078.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://alas.aws.amazon.com/cve/html/CVE-2023-26545.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://alas.aws.amazon.com/faqs.html\");\n script_set_attribute(attribute:\"solution\", value:\n\"Run 'yum update kernel' to update your system.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:S/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2023-26545\");\n script_set_attribute(attribute:\"cvss3_score_source\", value:\"CVE-2022-2196\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2023/01/09\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2023/03/17\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2023/03/22\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:bpftool\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:bpftool-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:kernel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:kernel-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:kernel-debuginfo-common-aarch64\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:kernel-debuginfo-common-x86_64\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:kernel-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:kernel-headers\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:kernel-livepatch-5.15.102-61.139\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:kernel-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:kernel-tools-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:kernel-tools-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:perf\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:perf-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:python-perf\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:python-perf-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:amazon:linux:2\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Amazon Linux Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"kpatch.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/AmazonLinux/release\", \"Host/AmazonLinux/rpm-list\");\n\n exit(0);\n}\n\ninclude(\"rpm.inc\");\ninclude(\"hotfixes.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nvar alas_release = get_kb_item(\"Host/AmazonLinux/release\");\nif (isnull(alas_release) || !strlen(alas_release)) audit(AUDIT_OS_NOT, \"Amazon Linux\");\nvar os_ver = pregmatch(pattern: \"^AL(A|\\d+|-\\d+)\", string:alas_release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Amazon Linux\");\nos_ver = os_ver[1];\nif (os_ver != \"2\")\n{\n if (os_ver == 'A') os_ver = 'AMI';\n audit(AUDIT_OS_NOT, \"Amazon Linux 2\", \"Amazon Linux \" + os_ver);\n}\n\nif (!get_kb_item(\"Host/AmazonLinux/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nif (get_one_kb_item(\"Host/kpatch/kernel-cves\"))\n{\n set_hotfix_type(\"kpatch\");\n var cve_list = make_list(\"CVE-2022-2196\", \"CVE-2022-27672\", \"CVE-2023-1077\", \"CVE-2023-1078\", \"CVE-2023-26545\");\n if (hotfix_cves_check(cve_list))\n {\n audit(AUDIT_PATCH_INSTALLED, \"kpatch hotfix for ALASKERNEL-5.15-2023-015\");\n }\n else\n {\n __rpm_report = hotfix_reporting_text();\n }\n}\nvar pkgs = [\n {'reference':'bpftool-5.15.102-61.139.amzn2', 'cpu':'aarch64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-5.15'},\n {'reference':'bpftool-5.15.102-61.139.amzn2', 'cpu':'x86_64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-5.15'},\n {'reference':'bpftool-debuginfo-5.15.102-61.139.amzn2', 'cpu':'aarch64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-5.15'},\n {'reference':'bpftool-debuginfo-5.15.102-61.139.amzn2', 'cpu':'x86_64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-5.15'},\n {'reference':'kernel-5.15.102-61.139.amzn2', 'cpu':'aarch64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-5.15'},\n {'reference':'kernel-5.15.102-61.139.amzn2', 'cpu':'x86_64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-5.15'},\n {'reference':'kernel-debuginfo-5.15.102-61.139.amzn2', 'cpu':'aarch64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-5.15'},\n {'reference':'kernel-debuginfo-5.15.102-61.139.amzn2', 'cpu':'x86_64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-5.15'},\n {'reference':'kernel-debuginfo-common-aarch64-5.15.102-61.139.amzn2', 'cpu':'aarch64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-5.15'},\n {'reference':'kernel-debuginfo-common-x86_64-5.15.102-61.139.amzn2', 'cpu':'x86_64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-5.15'},\n {'reference':'kernel-devel-5.15.102-61.139.amzn2', 'cpu':'aarch64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-5.15'},\n {'reference':'kernel-devel-5.15.102-61.139.amzn2', 'cpu':'x86_64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-5.15'},\n {'reference':'kernel-headers-5.15.102-61.139.amzn2', 'cpu':'aarch64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-5.15'},\n {'reference':'kernel-headers-5.15.102-61.139.amzn2', 'cpu':'i686', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-5.15'},\n {'reference':'kernel-headers-5.15.102-61.139.amzn2', 'cpu':'x86_64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-5.15'},\n {'reference':'kernel-livepatch-5.15.102-61.139-1.0-0.amzn2', 'cpu':'aarch64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-5.15'},\n {'reference':'kernel-livepatch-5.15.102-61.139-1.0-0.amzn2', 'cpu':'x86_64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-5.15'},\n {'reference':'kernel-tools-5.15.102-61.139.amzn2', 'cpu':'aarch64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-5.15'},\n {'reference':'kernel-tools-5.15.102-61.139.amzn2', 'cpu':'x86_64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-5.15'},\n {'reference':'kernel-tools-debuginfo-5.15.102-61.139.amzn2', 'cpu':'aarch64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-5.15'},\n {'reference':'kernel-tools-debuginfo-5.15.102-61.139.amzn2', 'cpu':'x86_64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-5.15'},\n {'reference':'kernel-tools-devel-5.15.102-61.139.amzn2', 'cpu':'aarch64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-5.15'},\n {'reference':'kernel-tools-devel-5.15.102-61.139.amzn2', 'cpu':'x86_64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-5.15'},\n {'reference':'perf-5.15.102-61.139.amzn2', 'cpu':'aarch64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-5.15'},\n {'reference':'perf-5.15.102-61.139.amzn2', 'cpu':'x86_64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-5.15'},\n {'reference':'perf-debuginfo-5.15.102-61.139.amzn2', 'cpu':'aarch64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-5.15'},\n {'reference':'perf-debuginfo-5.15.102-61.139.amzn2', 'cpu':'x86_64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-5.15'},\n {'reference':'python-perf-5.15.102-61.139.amzn2', 'cpu':'aarch64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-5.15'},\n {'reference':'python-perf-5.15.102-61.139.amzn2', 'cpu':'x86_64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-5.15'},\n {'reference':'python-perf-debuginfo-5.15.102-61.139.amzn2', 'cpu':'aarch64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-5.15'},\n {'reference':'python-perf-debuginfo-5.15.102-61.139.amzn2', 'cpu':'x86_64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-5.15'}\n];\n\nvar flag = 0;\nforeach var package_array ( pkgs ) {\n var reference = NULL;\n var _release = NULL;\n var sp = NULL;\n var _cpu = NULL;\n var el_string = NULL;\n var rpm_spec_vers_cmp = NULL;\n var epoch = NULL;\n var allowmaj = NULL;\n var exists_check = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) _release = package_array['release'];\n if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) _cpu = package_array['cpu'];\n if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (!empty_or_null(package_array['epoch'])) epoch = package_array['epoch'];\n if (!empty_or_null(package_array['allowmaj'])) allowmaj = package_array['allowmaj'];\n if (!empty_or_null(package_array['exists_check'])) exists_check = package_array['exists_check'];\n if (reference && _release && (!exists_check || rpm_exists(release:_release, rpm:exists_check))) {\n if (rpm_check(release:_release, sp:sp, cpu:_cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"bpftool / bpftool-debuginfo / kernel / etc\");\n}", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-03-26T07:00:06", "description": "The version of kernel installed on the remote host is prior to 5.4.235-144.344. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2KERNEL-5.4-2023-043 advisory.\n\n - A regression exists in the Linux Kernel within KVM: nVMX that allowed for speculative execution attacks.\n L2 can carry out Spectre v2 attacks on L1 due to L1 thinking it doesn't need retpolines or IBPB after running L2 due to KVM (L0) advertising eIBRS support to L1. An attacker at L2 with code execution can execute code on an indirect branch on the host machine. We recommend upgrading to Kernel 6.2 or past commit 2e7eab81425a (CVE-2022-2196)\n\n - When SMT is enabled, certain AMD processors may speculatively execute instructions using a target from the sibling thread after an SMT mode switch potentially resulting in information disclosure. (CVE-2022-27672)\n\n - In the Linux kernel before 6.1.13, there is a double free in net/mpls/af_mpls.c upon an allocation failure (for registering the sysctl table under a new location) during the renaming of a device. (CVE-2023-26545)\n\n - A regression exists in the Linux Kernel within KVM: nVMX that allowed for speculative execution attacks.\n L2 can carry out Spectre v2 attacks on L1 due to L1 thinking it doesn't need retpolines or IBPB after running L2 due to KVM (L0) advertising eIBRS support to L1. An attacker at L2 with code execution can execute code on an indirect branch on the host machine. We recommend upgrading to Kernel 6.2 or past commit 2e7eab81425a (CVE-2022-2196) (CVE-2023-1078)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {"exploitabilityScore": 2.0, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 6.0}, "published": "2023-03-22T00:00:00", "type": "nessus", "title": "Amazon Linux 2 : kernel (ALASKERNEL-5.4-2023-043)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2022-2196", "CVE-2022-27672", "CVE-2023-1077", "CVE-2023-1078", "CVE-2023-26545"], "modified": "2023-03-22T00:00:00", "cpe": ["p-cpe:/a:amazon:linux:bpftool", "p-cpe:/a:amazon:linux:bpftool-debuginfo", "p-cpe:/a:amazon:linux:kernel", "p-cpe:/a:amazon:linux:kernel-debuginfo", "p-cpe:/a:amazon:linux:kernel-debuginfo-common-aarch64", "p-cpe:/a:amazon:linux:kernel-debuginfo-common-x86_64", "p-cpe:/a:amazon:linux:kernel-devel", "p-cpe:/a:amazon:linux:kernel-headers", "p-cpe:/a:amazon:linux:kernel-tools", "p-cpe:/a:amazon:linux:kernel-tools-debuginfo", "p-cpe:/a:amazon:linux:kernel-tools-devel", "p-cpe:/a:amazon:linux:perf", "p-cpe:/a:amazon:linux:perf-debuginfo", "p-cpe:/a:amazon:linux:python-perf", "p-cpe:/a:amazon:linux:python-perf-debuginfo", "cpe:/o:amazon:linux:2"], "id": "AL2_ALASKERNEL-5_4-2023-043.NASL", "href": "https://www.tenable.com/plugins/nessus/173230", "sourceData": "#%NASL_MIN_LEVEL 80900\n##\n# (C) Tenable, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Amazon Linux 2 Security Advisory ALASKERNEL-5.4-2023-043.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(173230);\n script_version(\"1.0\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/03/22\");\n\n script_cve_id(\n \"CVE-2022-2196\",\n \"CVE-2022-27672\",\n \"CVE-2023-1077\",\n \"CVE-2023-1078\",\n \"CVE-2023-26545\"\n );\n\n script_name(english:\"Amazon Linux 2 : kernel (ALASKERNEL-5.4-2023-043)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Amazon Linux 2 host is missing a security update.\");\n script_set_attribute(attribute:\"description\", value:\n\"The version of kernel installed on the remote host is prior to 5.4.235-144.344. It is, therefore, affected by multiple\nvulnerabilities as referenced in the ALAS2KERNEL-5.4-2023-043 advisory.\n\n - A regression exists in the Linux Kernel within KVM: nVMX that allowed for speculative execution attacks.\n L2 can carry out Spectre v2 attacks on L1 due to L1 thinking it doesn't need retpolines or IBPB after\n running L2 due to KVM (L0) advertising eIBRS support to L1. An attacker at L2 with code execution can\n execute code on an indirect branch on the host machine. We recommend upgrading to Kernel 6.2 or past\n commit 2e7eab81425a (CVE-2022-2196)\n\n - When SMT is enabled, certain AMD processors may speculatively execute instructions using a target from the\n sibling thread after an SMT mode switch potentially resulting in information disclosure. (CVE-2022-27672)\n\n - In the Linux kernel before 6.1.13, there is a double free in net/mpls/af_mpls.c upon an allocation failure\n (for registering the sysctl table under a new location) during the renaming of a device. (CVE-2023-26545)\n\n - A regression exists in the Linux Kernel within KVM: nVMX that allowed for speculative execution attacks.\n L2 can carry out Spectre v2 attacks on L1 due to L1 thinking it doesn't need retpolines or IBPB after\n running L2 due to KVM (L0) advertising eIBRS support to L1. An attacker at L2 with code execution can\n execute code on an indirect branch on the host machine. We recommend upgrading to Kernel 6.2 or past\n commit 2e7eab81425a (CVE-2022-2196) (CVE-2023-1078)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://alas.aws.amazon.com/AL2/ALASKERNEL-5.4-2023-043.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://alas.aws.amazon.com/cve/html/CVE-2022-2196.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://alas.aws.amazon.com/cve/html/CVE-2022-27672.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://alas.aws.amazon.com/cve/html/CVE-2023-1077.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://alas.aws.amazon.com/cve/html/CVE-2023-1078.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://alas.aws.amazon.com/cve/html/CVE-2023-26545.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://alas.aws.amazon.com/faqs.html\");\n script_set_attribute(attribute:\"solution\", value:\n\"Run 'yum update kernel' to update your system.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:S/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2023-26545\");\n script_set_attribute(attribute:\"cvss3_score_source\", value:\"CVE-2022-2196\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2023/01/09\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2023/03/17\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2023/03/22\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:bpftool\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:bpftool-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:kernel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:kernel-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:kernel-debuginfo-common-aarch64\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:kernel-debuginfo-common-x86_64\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:kernel-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:kernel-headers\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:kernel-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:kernel-tools-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:kernel-tools-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:perf\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:perf-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:python-perf\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:python-perf-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:amazon:linux:2\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Amazon Linux Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"kpatch.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/AmazonLinux/release\", \"Host/AmazonLinux/rpm-list\");\n\n exit(0);\n}\n\ninclude(\"rpm.inc\");\ninclude(\"hotfixes.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nvar alas_release = get_kb_item(\"Host/AmazonLinux/release\");\nif (isnull(alas_release) || !strlen(alas_release)) audit(AUDIT_OS_NOT, \"Amazon Linux\");\nvar os_ver = pregmatch(pattern: \"^AL(A|\\d+|-\\d+)\", string:alas_release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Amazon Linux\");\nos_ver = os_ver[1];\nif (os_ver != \"2\")\n{\n if (os_ver == 'A') os_ver = 'AMI';\n audit(AUDIT_OS_NOT, \"Amazon Linux 2\", \"Amazon Linux \" + os_ver);\n}\n\nif (!get_kb_item(\"Host/AmazonLinux/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nif (get_one_kb_item(\"Host/kpatch/kernel-cves\"))\n{\n set_hotfix_type(\"kpatch\");\n var cve_list = make_list(\"CVE-2022-2196\", \"CVE-2022-27672\", \"CVE-2023-1077\", \"CVE-2023-1078\", \"CVE-2023-26545\");\n if (hotfix_cves_check(cve_list))\n {\n audit(AUDIT_PATCH_INSTALLED, \"kpatch hotfix for ALASKERNEL-5.4-2023-043\");\n }\n else\n {\n __rpm_report = hotfix_reporting_text();\n }\n}\nvar pkgs = [\n {'reference':'bpftool-5.4.235-144.344.amzn2', 'cpu':'aarch64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-5.4'},\n {'reference':'bpftool-5.4.235-144.344.amzn2', 'cpu':'x86_64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-5.4'},\n {'reference':'bpftool-debuginfo-5.4.235-144.344.amzn2', 'cpu':'aarch64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-5.4'},\n {'reference':'bpftool-debuginfo-5.4.235-144.344.amzn2', 'cpu':'x86_64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-5.4'},\n {'reference':'kernel-5.4.235-144.344.amzn2', 'cpu':'aarch64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-5.4'},\n {'reference':'kernel-5.4.235-144.344.amzn2', 'cpu':'x86_64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-5.4'},\n {'reference':'kernel-debuginfo-5.4.235-144.344.amzn2', 'cpu':'aarch64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-5.4'},\n {'reference':'kernel-debuginfo-5.4.235-144.344.amzn2', 'cpu':'x86_64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-5.4'},\n {'reference':'kernel-debuginfo-common-aarch64-5.4.235-144.344.amzn2', 'cpu':'aarch64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-5.4'},\n {'reference':'kernel-debuginfo-common-x86_64-5.4.235-144.344.amzn2', 'cpu':'x86_64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-5.4'},\n {'reference':'kernel-devel-5.4.235-144.344.amzn2', 'cpu':'aarch64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-5.4'},\n {'reference':'kernel-devel-5.4.235-144.344.amzn2', 'cpu':'x86_64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-5.4'},\n {'reference':'kernel-headers-5.4.235-144.344.amzn2', 'cpu':'aarch64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-5.4'},\n {'reference':'kernel-headers-5.4.235-144.344.amzn2', 'cpu':'i686', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-5.4'},\n {'reference':'kernel-headers-5.4.235-144.344.amzn2', 'cpu':'x86_64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-5.4'},\n {'reference':'kernel-tools-5.4.235-144.344.amzn2', 'cpu':'aarch64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-5.4'},\n {'reference':'kernel-tools-5.4.235-144.344.amzn2', 'cpu':'x86_64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-5.4'},\n {'reference':'kernel-tools-debuginfo-5.4.235-144.344.amzn2', 'cpu':'aarch64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-5.4'},\n {'reference':'kernel-tools-debuginfo-5.4.235-144.344.amzn2', 'cpu':'x86_64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-5.4'},\n {'reference':'kernel-tools-devel-5.4.235-144.344.amzn2', 'cpu':'aarch64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-5.4'},\n {'reference':'kernel-tools-devel-5.4.235-144.344.amzn2', 'cpu':'x86_64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-5.4'},\n {'reference':'perf-5.4.235-144.344.amzn2', 'cpu':'aarch64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-5.4'},\n {'reference':'perf-5.4.235-144.344.amzn2', 'cpu':'x86_64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-5.4'},\n {'reference':'perf-debuginfo-5.4.235-144.344.amzn2', 'cpu':'aarch64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-5.4'},\n {'reference':'perf-debuginfo-5.4.235-144.344.amzn2', 'cpu':'x86_64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-5.4'},\n {'reference':'python-perf-5.4.235-144.344.amzn2', 'cpu':'aarch64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-5.4'},\n {'reference':'python-perf-5.4.235-144.344.amzn2', 'cpu':'x86_64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-5.4'},\n {'reference':'python-perf-debuginfo-5.4.235-144.344.amzn2', 'cpu':'aarch64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-5.4'},\n {'reference':'python-perf-debuginfo-5.4.235-144.344.amzn2', 'cpu':'x86_64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-5.4'}\n];\n\nvar flag = 0;\nforeach var package_array ( pkgs ) {\n var reference = NULL;\n var _release = NULL;\n var sp = NULL;\n var _cpu = NULL;\n var el_string = NULL;\n var rpm_spec_vers_cmp = NULL;\n var epoch = NULL;\n var allowmaj = NULL;\n var exists_check = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) _release = package_array['release'];\n if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) _cpu = package_array['cpu'];\n if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (!empty_or_null(package_array['epoch'])) epoch = package_array['epoch'];\n if (!empty_or_null(package_array['allowmaj'])) allowmaj = package_array['allowmaj'];\n if (!empty_or_null(package_array['exists_check'])) exists_check = package_array['exists_check'];\n if (reference && _release && (!exists_check || rpm_exists(release:_release, rpm:exists_check))) {\n if (rpm_check(release:_release, sp:sp, cpu:_cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"bpftool / bpftool-debuginfo / kernel / etc\");\n}", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-03-25T08:23:39", "description": "The version of kernel installed on the remote host is prior to 5.10.173-154.642. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2KERNEL-5.10-2023-028 advisory.\n\n - A regression exists in the Linux Kernel within KVM: nVMX that allowed for speculative execution attacks.\n L2 can carry out Spectre v2 attacks on L1 due to L1 thinking it doesn't need retpolines or IBPB after running L2 due to KVM (L0) advertising eIBRS support to L1. An attacker at L2 with code execution can execute code on an indirect branch on the host machine. We recommend upgrading to Kernel 6.2 or past commit 2e7eab81425a (CVE-2022-2196)\n\n - When SMT is enabled, certain AMD processors may speculatively execute instructions using a target from the sibling thread after an SMT mode switch potentially resulting in information disclosure. (CVE-2022-27672)\n\n - In the Linux kernel before 6.0.3, drivers/gpu/drm/virtio/virtgpu_object.c misinterprets the drm_gem_shmem_get_sg_table return value (expects it to be NULL in the error case, whereas it is actually an error pointer). (CVE-2023-22998)\n\n - In the Linux kernel before 6.1.13, there is a double free in net/mpls/af_mpls.c upon an allocation failure (for registering the sysctl table under a new location) during the renaming of a device. (CVE-2023-26545)\n\n - A regression exists in the Linux Kernel within KVM: nVMX that allowed for speculative execution attacks.\n L2 can carry out Spectre v2 attacks on L1 due to L1 thinking it doesn't need retpolines or IBPB after running L2 due to KVM (L0) advertising eIBRS support to L1. An attacker at L2 with code execution can execute code on an indirect branch on the host machine. We recommend upgrading to Kernel 6.2 or past commit 2e7eab81425a (CVE-2022-2196) (CVE-2023-1078)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {"exploitabilityScore": 2.0, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 6.0}, "published": "2023-03-22T00:00:00", "type": "nessus", "title": "Amazon Linux 2 : kernel (ALASKERNEL-5.10-2023-028)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2022-2196", "CVE-2022-27672", "CVE-2023-1077", "CVE-2023-1078", "CVE-2023-22998", "CVE-2023-26545"], "modified": "2023-03-22T00:00:00", "cpe": ["cpe:2.3:o:amazon:linux:2:*:*:*:*:*:*:*", "p-cpe:2.3:a:amazon:linux:kernel:*:*:*:*:*:*:*", "p-cpe:2.3:a:amazon:linux:kernel-debuginfo:*:*:*:*:*:*:*", "p-cpe:2.3:a:amazon:linux:kernel-debuginfo-common-x86_64:*:*:*:*:*:*:*", "p-cpe:2.3:a:amazon:linux:kernel-devel:*:*:*:*:*:*:*", "p-cpe:2.3:a:amazon:linux:kernel-headers:*:*:*:*:*:*:*", "p-cpe:2.3:a:amazon:linux:kernel-tools:*:*:*:*:*:*:*", "p-cpe:2.3:a:amazon:linux:kernel-tools-debuginfo:*:*:*:*:*:*:*", "p-cpe:2.3:a:amazon:linux:kernel-tools-devel:*:*:*:*:*:*:*", "p-cpe:2.3:a:amazon:linux:perf:*:*:*:*:*:*:*", "p-cpe:2.3:a:amazon:linux:perf-debuginfo:*:*:*:*:*:*:*", "p-cpe:2.3:a:amazon:linux:python-perf:*:*:*:*:*:*:*", "p-cpe:2.3:a:amazon:linux:python-perf-debuginfo:*:*:*:*:*:*:*", "p-cpe:2.3:a:amazon:linux:kernel-debuginfo-common-aarch64:*:*:*:*:*:*:*", "p-cpe:2.3:a:amazon:linux:bpftool:*:*:*:*:*:*:*", "p-cpe:2.3:a:amazon:linux:bpftool-debuginfo:*:*:*:*:*:*:*", "p-cpe:2.3:a:amazon:linux:kernel-livepatch-5.10.173-154.642:*:*:*:*:*:*:*"], "id": "AL2_ALASKERNEL-5_10-2023-028.NASL", "href": "https://www.tenable.com/plugins/nessus/173228", "sourceData": "#%NASL_MIN_LEVEL 80900\n##\n# (C) Tenable, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Amazon Linux 2 Security Advisory ALASKERNEL-5.10-2023-028.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(173228);\n script_version(\"1.0\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/03/22\");\n\n script_cve_id(\n \"CVE-2022-2196\",\n \"CVE-2022-27672\",\n \"CVE-2023-1077\",\n \"CVE-2023-1078\",\n \"CVE-2023-22998\",\n \"CVE-2023-26545\"\n );\n\n script_name(english:\"Amazon Linux 2 : kernel (ALASKERNEL-5.10-2023-028)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Amazon Linux 2 host is missing a security update.\");\n script_set_attribute(attribute:\"description\", value:\n\"The version of kernel installed on the remote host is prior to 5.10.173-154.642. It is, therefore, affected by multiple\nvulnerabilities as referenced in the ALAS2KERNEL-5.10-2023-028 advisory.\n\n - A regression exists in the Linux Kernel within KVM: nVMX that allowed for speculative execution attacks.\n L2 can carry out Spectre v2 attacks on L1 due to L1 thinking it doesn't need retpolines or IBPB after\n running L2 due to KVM (L0) advertising eIBRS support to L1. An attacker at L2 with code execution can\n execute code on an indirect branch on the host machine. We recommend upgrading to Kernel 6.2 or past\n commit 2e7eab81425a (CVE-2022-2196)\n\n - When SMT is enabled, certain AMD processors may speculatively execute instructions using a target from the\n sibling thread after an SMT mode switch potentially resulting in information disclosure. (CVE-2022-27672)\n\n - In the Linux kernel before 6.0.3, drivers/gpu/drm/virtio/virtgpu_object.c misinterprets the\n drm_gem_shmem_get_sg_table return value (expects it to be NULL in the error case, whereas it is actually\n an error pointer). (CVE-2023-22998)\n\n - In the Linux kernel before 6.1.13, there is a double free in net/mpls/af_mpls.c upon an allocation failure\n (for registering the sysctl table under a new location) during the renaming of a device. (CVE-2023-26545)\n\n - A regression exists in the Linux Kernel within KVM: nVMX that allowed for speculative execution attacks.\n L2 can carry out Spectre v2 attacks on L1 due to L1 thinking it doesn't need retpolines or IBPB after\n running L2 due to KVM (L0) advertising eIBRS support to L1. An attacker at L2 with code execution can\n execute code on an indirect branch on the host machine. We recommend upgrading to Kernel 6.2 or past\n commit 2e7eab81425a (CVE-2022-2196) (CVE-2023-1078)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://alas.aws.amazon.com/AL2/ALASKERNEL-5.10-2023-028.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://alas.aws.amazon.com/cve/html/CVE-2022-2196.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://alas.aws.amazon.com/cve/html/CVE-2022-27672.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://alas.aws.amazon.com/cve/html/CVE-2023-1077.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://alas.aws.amazon.com/cve/html/CVE-2023-1078.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://alas.aws.amazon.com/cve/html/CVE-2023-22998.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://alas.aws.amazon.com/cve/html/CVE-2023-26545.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://alas.aws.amazon.com/faqs.html\");\n script_set_attribute(attribute:\"solution\", value:\n\"Run 'yum update kernel' to update your system.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:S/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2023-26545\");\n script_set_attribute(attribute:\"cvss3_score_source\", value:\"CVE-2022-2196\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2023/01/09\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2023/03/17\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2023/03/22\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:bpftool\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:bpftool-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:kernel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:kernel-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:kernel-debuginfo-common-aarch64\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:kernel-debuginfo-common-x86_64\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:kernel-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:kernel-headers\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:kernel-livepatch-5.10.173-154.642\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:kernel-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:kernel-tools-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:kernel-tools-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:perf\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:perf-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:python-perf\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:python-perf-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:amazon:linux:2\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Amazon Linux Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"kpatch.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/AmazonLinux/release\", \"Host/AmazonLinux/rpm-list\");\n\n exit(0);\n}\n\ninclude(\"rpm.inc\");\ninclude(\"hotfixes.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nvar alas_release = get_kb_item(\"Host/AmazonLinux/release\");\nif (isnull(alas_release) || !strlen(alas_release)) audit(AUDIT_OS_NOT, \"Amazon Linux\");\nvar os_ver = pregmatch(pattern: \"^AL(A|\\d+|-\\d+)\", string:alas_release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Amazon Linux\");\nos_ver = os_ver[1];\nif (os_ver != \"2\")\n{\n if (os_ver == 'A') os_ver = 'AMI';\n audit(AUDIT_OS_NOT, \"Amazon Linux 2\", \"Amazon Linux \" + os_ver);\n}\n\nif (!get_kb_item(\"Host/AmazonLinux/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nif (get_one_kb_item(\"Host/kpatch/kernel-cves\"))\n{\n set_hotfix_type(\"kpatch\");\n var cve_list = make_list(\"CVE-2022-2196\", \"CVE-2022-27672\", \"CVE-2023-1077\", \"CVE-2023-1078\", \"CVE-2023-22998\", \"CVE-2023-26545\");\n if (hotfix_cves_check(cve_list))\n {\n audit(AUDIT_PATCH_INSTALLED, \"kpatch hotfix for ALASKERNEL-5.10-2023-028\");\n }\n else\n {\n __rpm_report = hotfix_reporting_text();\n }\n}\nvar pkgs = [\n {'reference':'bpftool-5.10.173-154.642.amzn2', 'cpu':'aarch64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-5.10'},\n {'reference':'bpftool-5.10.173-154.642.amzn2', 'cpu':'x86_64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-5.10'},\n {'reference':'bpftool-debuginfo-5.10.173-154.642.amzn2', 'cpu':'aarch64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-5.10'},\n {'reference':'bpftool-debuginfo-5.10.173-154.642.amzn2', 'cpu':'x86_64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-5.10'},\n {'reference':'kernel-5.10.173-154.642.amzn2', 'cpu':'aarch64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-5.10'},\n {'reference':'kernel-5.10.173-154.642.amzn2', 'cpu':'x86_64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-5.10'},\n {'reference':'kernel-debuginfo-5.10.173-154.642.amzn2', 'cpu':'aarch64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-5.10'},\n {'reference':'kernel-debuginfo-5.10.173-154.642.amzn2', 'cpu':'x86_64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-5.10'},\n {'reference':'kernel-debuginfo-common-aarch64-5.10.173-154.642.amzn2', 'cpu':'aarch64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-5.10'},\n {'reference':'kernel-debuginfo-common-x86_64-5.10.173-154.642.amzn2', 'cpu':'x86_64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-5.10'},\n {'reference':'kernel-devel-5.10.173-154.642.amzn2', 'cpu':'aarch64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-5.10'},\n {'reference':'kernel-devel-5.10.173-154.642.amzn2', 'cpu':'x86_64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-5.10'},\n {'reference':'kernel-headers-5.10.173-154.642.amzn2', 'cpu':'aarch64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-5.10'},\n {'reference':'kernel-headers-5.10.173-154.642.amzn2', 'cpu':'i686', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-5.10'},\n {'reference':'kernel-headers-5.10.173-154.642.amzn2', 'cpu':'x86_64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-5.10'},\n {'reference':'kernel-livepatch-5.10.173-154.642-1.0-0.amzn2', 'cpu':'aarch64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-5.10'},\n {'reference':'kernel-livepatch-5.10.173-154.642-1.0-0.amzn2', 'cpu':'x86_64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-5.10'},\n {'reference':'kernel-tools-5.10.173-154.642.amzn2', 'cpu':'aarch64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-5.10'},\n {'reference':'kernel-tools-5.10.173-154.642.amzn2', 'cpu':'x86_64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-5.10'},\n {'reference':'kernel-tools-debuginfo-5.10.173-154.642.amzn2', 'cpu':'aarch64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-5.10'},\n {'reference':'kernel-tools-debuginfo-5.10.173-154.642.amzn2', 'cpu':'x86_64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-5.10'},\n {'reference':'kernel-tools-devel-5.10.173-154.642.amzn2', 'cpu':'aarch64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-5.10'},\n {'reference':'kernel-tools-devel-5.10.173-154.642.amzn2', 'cpu':'x86_64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-5.10'},\n {'reference':'perf-5.10.173-154.642.amzn2', 'cpu':'aarch64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-5.10'},\n {'reference':'perf-5.10.173-154.642.amzn2', 'cpu':'x86_64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-5.10'},\n {'reference':'perf-debuginfo-5.10.173-154.642.amzn2', 'cpu':'aarch64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-5.10'},\n {'reference':'perf-debuginfo-5.10.173-154.642.amzn2', 'cpu':'x86_64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-5.10'},\n {'reference':'python-perf-5.10.173-154.642.amzn2', 'cpu':'aarch64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-5.10'},\n {'reference':'python-perf-5.10.173-154.642.amzn2', 'cpu':'x86_64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-5.10'},\n {'reference':'python-perf-debuginfo-5.10.173-154.642.amzn2', 'cpu':'aarch64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-5.10'},\n {'reference':'python-perf-debuginfo-5.10.173-154.642.amzn2', 'cpu':'x86_64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-5.10'}\n];\n\nvar flag = 0;\nforeach var package_array ( pkgs ) {\n var reference = NULL;\n var _release = NULL;\n var sp = NULL;\n var _cpu = NULL;\n var el_string = NULL;\n var rpm_spec_vers_cmp = NULL;\n var epoch = NULL;\n var allowmaj = NULL;\n var exists_check = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) _release = package_array['release'];\n if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) _cpu = package_array['cpu'];\n if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (!empty_or_null(package_array['epoch'])) epoch = package_array['epoch'];\n if (!empty_or_null(package_array['allowmaj'])) allowmaj = package_array['allowmaj'];\n if (!empty_or_null(package_array['exists_check'])) exists_check = package_array['exists_check'];\n if (reference && _release && (!exists_check || rpm_exists(release:_release, rpm:exists_check))) {\n if (rpm_check(release:_release, sp:sp, cpu:_cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"bpftool / bpftool-debuginfo / kernel / etc\");\n}", "cvss": {"score": 0.0, "vector": "NONE"}}], "ubuntucve": [{"lastseen": "2023-03-17T13:10:13", "description": "When SMT is enabled, certain AMD processors may speculatively execute\ninstructions using a target from the sibling thread after an SMT mode\nswitch potentially resulting in information disclosure.\n\n#### Notes\n\nAuthor| Note \n---|--- \n[mdeslaur](<https://launchpad.net/~mdeslaur>) | hypervisor packages are in universe. For issues in the hypervisor, add appropriate tags to each section, ex: Tags_xen: universe-binary\n", "cvss3": {"exploitabilityScore": 1.0, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "baseScore": 4.7, "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2023-03-01T00:00:00", "type": "ubuntucve", "title": "CVE-2022-27672", "bulletinFamily": "info", "cvss2": {}, "cvelist": ["CVE-2022-27672"], "modified": "2023-03-01T00:00:00", "id": "UB:CVE-2022-27672", "href": "https://ubuntu.com/security/CVE-2022-27672", "cvss": {"score": 0.0, "vector": "NONE"}}], "fedora": [{"lastseen": "2023-03-10T10:34:05", "description": "This package contains the XenD daemon and xm command line tools, needed to manage virtual machines running under the Xen hypervisor ", "cvss3": {"exploitabilityScore": 1.0, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "baseScore": 4.7, "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2023-02-20T01:20:05", "type": "fedora", "title": "[SECURITY] Fedora 37 Update: xen-4.16.3-2.fc37", "bulletinFamily": "unix", "cvss2": {}, "cvelist": ["CVE-2022-27672"], "modified": "2023-02-20T01:20:05", "id": "FEDORA:08664304CB8B", "href": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/MGOIZDZWAGH6T5VV67ZKQN4KZPS2H2PS/", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-03-10T10:34:05", "description": "This package contains the XenD daemon and xm command line tools, needed to manage virtual machines running under the Xen hypervisor ", "cvss3": {"exploitabilityScore": 1.0, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "baseScore": 4.7, "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2023-03-06T00:54:34", "type": "fedora", "title": "[SECURITY] Fedora 36 Update: xen-4.16.3-3.fc36", "bulletinFamily": "unix", "cvss2": {}, "cvelist": ["CVE-2022-27672"], "modified": "2023-03-06T00:54:34", "id": "FEDORA:82921304C6F7", "href": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/BEVTCEVSKET2DJXJ6H3EDI46KTE3DP5Z/", "cvss": {"score": 0.0, "vector": "NONE"}}], "xen": [{"lastseen": "2023-03-10T08:20:25", "description": "#### ISSUE DESCRIPTION\nIt has been discovered that on some AMD CPUs, the RAS (Return Address Stack, also called RAP - Return Address Predictor - in some AMD documentation, and RSB - Return Stack Buffer - in Intel terminology) is dynamically partitioned between non-idle threads. This allows an attacker to control speculative execution on the adjacent thread.\nFor more details, see: <a href=\"https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1045\">https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1045</a>\n#### IMPACT\nAn attacker might be able to infer the contents of arbitrary host memory, including memory assigned to other guests.\n#### VULNERABLE SYSTEMS\nOnly AMD CPUs are known to be potentially vulnerable. CPUs from other hardware vendors are not believed to be impacted.\nOnly the Zen1 and Zen2 microarchitectures are believed to be potentially vulnerable. Other microarchitectures are not believed to be vulnerable.\nOnly configurations with SMT activate are potentially vulnerable. If SMT is disabled by the firmware, or at runtime with `smt=0` on Xen's command line, then the platform is not vulnerable.\nXen 4.16 and later contains an optimisation, specifically:\n c/s afab477fba3b (\"x86/spec-ctrl: Skip RSB overwriting when safe to do so\")\nwhich in combination with disabling 32bit PV guests (either at compile time with CONFIG_PV32=n, or at runtime with `pv=no-32` on the command line) renders Xen vulnerable to attack from PV guests.\nNote: multiple downstreams are known to have backported this optimisation to older versions of Xen. Consult your software vendor documentation.\n", "cvss3": {"exploitabilityScore": 1.0, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "baseScore": 4.7, "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2023-02-14T18:02:00", "type": "xen", "title": "x86: Cross-Thread Return Address Predictions", "bulletinFamily": "software", "cvss2": {}, "cvelist": ["CVE-2022-27672"], "modified": "2023-02-16T17:42:00", "id": "XSA-426", "href": "http://xenbits.xen.org/xsa/advisory-426.html", "cvss": {"score": 0.0, "vector": "NONE"}}], "debiancve": [{"lastseen": "2023-03-19T22:09:59", "description": "When SMT is enabled, certain AMD processors may speculatively execute instructions using a target from the sibling thread after an SMT mode switch potentially resulting in information disclosure.", "cvss3": {"exploitabilityScore": 1.0, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "baseScore": 4.7, "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2023-03-01T08:15:00", "type": "debiancve", "title": "CVE-2022-27672", "bulletinFamily": "info", "cvss2": {}, "cvelist": ["CVE-2022-27672"], "modified": "2023-03-01T08:15:00", "id": "DEBIANCVE:CVE-2022-27672", "href": "https://security-tracker.debian.org/tracker/CVE-2022-27672", "cvss": {"score": 0.0, "vector": "NONE"}}], "redhatcve": [{"lastseen": "2023-03-24T20:11:57", "description": "A flaw was found in HW. When SMT is enabled, certain AMD processors may speculatively execute instructions using a target from the sibling thread after an SMT mode switch, potentially resulting in information disclosure.\n#### Mitigation\n\nThe current mitigations for spectre V4 should mitigate this flaw, no additional steps will need to be taken. \n\n", "cvss3": {"exploitabilityScore": 1.0, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "baseScore": 4.7, "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2023-03-02T12:29:59", "type": "redhatcve", "title": "CVE-2022-27672", "bulletinFamily": "info", "cvss2": {}, "cvelist": ["CVE-2022-27672"], "modified": "2023-03-24T18:06:10", "id": "RH:CVE-2022-27672", "href": "https://access.redhat.com/security/cve/cve-2022-27672", "cvss": {"score": 0.0, "vector": "NONE"}}], "cve": [{"lastseen": "2023-03-10T07:08:47", "description": "When SMT is enabled, certain AMD processors may speculatively execute instructions using a target from the sibling thread after an SMT mode switch potentially resulting in information disclosure.", "cvss3": {"exploitabilityScore": 1.0, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "baseScore": 4.7, "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2023-03-01T08:15:00", "type": "cve", "title": "CVE-2022-27672", "cwe": ["NVD-CWE-noinfo"], "bulletinFamily": "NVD", "cvss2": {}, "cvelist": ["CVE-2022-27672"], "modified": "2023-03-10T01:55:00", "cpe": ["cpe:/o:amd:ryzen_3_4300g_firmware:-", "cpe:/o:amd:epyc_7f72_firmware:-", "cpe:/o:amd:ryzen_9_4900h_firmware:-", "cpe:/o:amd:ryzen_5_pro_3500u_firmware:-", "cpe:/o:amd:ryzen_3_4300u_firmware:-", "cpe:/o:amd:ryzen_5_2500x_firmware:-", "cpe:/o:amd:ryzen_5_3600x_firmware:-", "cpe:/o:amd:epyc_embedded_3251_firmware:-", "cpe:/o:amd:a4-9120c_firmware:-", "cpe:/o:amd:ryzen_7_2700_firmware:-", "cpe:/o:amd:ryzen_7_pro_3700u_firmware:-", "cpe:/o:amd:epyc_7302p_firmware:-", "cpe:/o:amd:epyc_embedded_7401_firmware:-", "cpe:/o:amd:ryzen_7_3780u_firmware:-", "cpe:/o:amd:a6-9220_firmware:-", "cpe:/o:amd:ryzen_7_4800h_firmware:-", "cpe:/o:amd:ryzen_7_5800h_firmware:-", "cpe:/o:amd:epyc_7h12_firmware:-", "cpe:/o:amd:a9-9420_firmware:-", "cpe:/o:amd:epyc_7262_firmware:-", "cpe:/o:amd:ryzen_3_5300u_firmware:-", "cpe:/o:amd:ryzen_3_pro_3300u_firmware:-", "cpe:/o:amd:ryzen_5_5600hs_firmware:-", "cpe:/o:amd:ryzen_9_pro_3900_firmware:-", "cpe:/o:amd:ryzen_5_3600xt_firmware:-", "cpe:/o:amd:ryzen_7_5700u_firmware:-", "cpe:/o:amd:ryzen_5_3580u_firmware:-", "cpe:/o:amd:epyc_embedded_3451_firmware:-", "cpe:/o:amd:ryzen_3_4300ge_firmware:-", "cpe:/o:amd:athlon_silver_3050u_firmware:-", "cpe:/o:amd:a12-9700p_firmware:-", "cpe:/o:amd:athlon_x4_970_firmware:-", "cpe:/o:amd:ryzen_7_5800u_firmware:-", "cpe:/o:amd:ryzen_7_3800xt_firmware:-", "cpe:/o:amd:ryzen_7_3750h_firmware:-", "cpe:/o:amd:epyc_7702_firmware:-", "cpe:/o:amd:athlon_x4_750_firmware:-", "cpe:/o:amd:ryzen_7_4700u_firmware:-", "cpe:/o:amd:ryzen_5_5600h_firmware:-", "cpe:/o:amd:athlon_pro_3145b_firmware:-", "cpe:/o:amd:athlon_pro_3045b_firmware:-", "cpe:/o:amd:ryzen_5_5500u_firmware:-", "cpe:/o:amd:epyc_embedded_740p_firmware:-", "cpe:/o:amd:epyc_7402_firmware:-", "cpe:/o:amd:epyc_embedded_3101_firmware:-", "cpe:/o:amd:epyc_embedded_7601_firmware:-", "cpe:/o:amd:athlon_x4_830_firmware:-", "cpe:/o:amd:epyc_embedded_3255_firmware:-", "cpe:/o:amd:ryzen_7_5825u_firmware:-", "cpe:/o:amd:epyc_embedded_7451_firmware:-", "cpe:/o:amd:epyc_embedded_735p_firmware:-", "cpe:/o:amd:ryzen_threadripper_pro_5995wx_firmware:-", "cpe:/o:amd:epyc_embedded_7551_firmware:-", "cpe:/o:amd:athlon_x4_860k_firmware:-", "cpe:/o:amd:epyc_7352_firmware:-", "cpe:/o:amd:ryzen_5_3500_firmware:-", "cpe:/o:amd:ryzen_5_2500u_firmware:-", "cpe:/o:amd:epyc_7272_firmware:-", "cpe:/o:amd:ryzen_7_pro_5850u_firmware:-", "cpe:/o:amd:epyc_7452_firmware:-", "cpe:/o:amd:ryzen_threadripper_pro_5945wx_firmware:-", "cpe:/o:amd:ryzen_7_2800h_firmware:-", "cpe:/o:amd:ryzen_3_5425u_firmware:-", "cpe:/o:amd:epyc_embedded_7371_firmware:-", "cpe:/o:amd:epyc_7502p_firmware:-", "cpe:/o:amd:ryzen_7_2700e_firmware:-", "cpe:/o:amd:athlon_x4_845_firmware:-", "cpe:/o:amd:a6-9220c_firmware:-", "cpe:/o:amd:epyc_embedded_7301_firmware:-", "cpe:/o:amd:a4-9120_firmware:-", "cpe:/o:amd:ryzen_5_4600u_firmware:-", "cpe:/o:amd:ryzen_5_3600_firmware:-", "cpe:/o:amd:epyc_7552_firmware:-", "cpe:/o:amd:epyc_embedded_3201_firmware:-", "cpe:/o:amd:epyc_7702p_firmware:-", "cpe:/o:amd:ryzen_3_1200_firmware:-", "cpe:/o:amd:ryzen_threadripper_2990wx_firmware:-", "cpe:/o:amd:athlon_pro_300u_firmware:-", "cpe:/o:amd:epyc_7502_firmware:-", "cpe:/o:amd:ryzen_7_4800u_firmware:-", "cpe:/o:amd:epyc_7302_firmware:-", "cpe:/o:amd:epyc_7282_firmware:-", "cpe:/o:amd:ryzen_9_5980hx_firmware:-", "cpe:/o:amd:ryzen_7_3800x_firmware:-", "cpe:/o:amd:ryzen_7_4700ge_firmware:-", "cpe:/o:amd:epyc_7542_firmware:-", "cpe:/o:amd:athlon_silver_3050c_firmware:-", "cpe:/o:amd:epyc_7402p_firmware:-", "cpe:/o:amd:ryzen_7_3700x_firmware:-", "cpe:/o:amd:ryzen_5_1600_af_firmware:-", "cpe:/o:amd:a9-9410_firmware:-", "cpe:/o:amd:ryzen_9_3900x_firmware:-", "cpe:/o:amd:ryzen_5_4600h_firmware:-", "cpe:/o:amd:epyc_embedded_7501_firmware:-", "cpe:/o:amd:ryzen_3_3100_firmware:-", "cpe:/o:amd:ryzen_5_2600x_firmware:-", "cpe:/o:amd:ryzen_threadripper_pro_5975w_firmware:-", "cpe:/o:amd:ryzen_7_5800hs_firmware:-", "cpe:/o:amd:ryzen_3_3200u_firmware:-", "cpe:/o:amd:athlon_x4_940_firmware:-", "cpe:/o:amd:ryzen_5_2600h_firmware:-", "cpe:/o:amd:ryzen_threadripper_3960x_firmware:-", "cpe:/o:amd:ryzen_5_5625u_firmware:-", "cpe:/o:amd:epyc_7f52_firmware:-", "cpe:/o:amd:athlon_gold_7220u_firmware:-", "cpe:/o:amd:ryzen_threadripper_pro_5955wx_firmware:-", "cpe:/o:amd:epyc_7232p_firmware:-", "cpe:/o:amd:a12-9730p_firmware:-", "cpe:/o:amd:athlon_x4_760k_firmware:-", "cpe:/o:amd:epyc_7532_firmware:-", "cpe:/o:amd:epyc_7742_firmware:-", "cpe:/o:amd:ryzen_3_2300x_firmware:-", "cpe:/o:amd:ryzen_threadripper_pro_5965wx_firmware:-", "cpe:/o:amd:a10-9600p_firmware:-", "cpe:/o:amd:athlon_x4_880k_firmware:-", "cpe:/o:amd:ryzen_5_2600_firmware:-", "cpe:/o:amd:ryzen_3_3300x_firmware:-", "cpe:/o:amd:epyc_embedded_3151_firmware:-", "cpe:/o:amd:ryzen_3_3250u_firmware:-", "cpe:/o:amd:ryzen_9_5900hx_firmware:-", "cpe:/o:amd:ryzen_5_3500x_firmware:-", "cpe:/o:amd:epyc_embedded_7351_firmware:-", "cpe:/o:amd:ryzen_5_5600u_firmware:-", "cpe:/o:amd:ryzen_threadripper_2920x_firmware:-", "cpe:/o:amd:ryzen_5_4600g_firmware:-", "cpe:/o:amd:ryzen_7_3700u_firmware:-", "cpe:/o:amd:ryzen_threadripper_2970wx_firmware:-", "cpe:/o:amd:ryzen_9_5900hs_firmware:-", "cpe:/o:amd:ryzen_9_3900xt_firmware:-", "cpe:/o:amd:epyc_embedded_7251_firmware:-", "cpe:/o:amd:ryzen_3_2300u_firmware:-", "cpe:/o:amd:ryzen_threadripper_3990x_firmware:-", "cpe:/o:amd:ryzen_5_3500u_firmware:-", "cpe:/o:amd:ryzen_7_2700x_firmware:-", "cpe:/o:amd:a6-9210_firmware:-", "cpe:/o:amd:ryzen_9_5980hs_firmware:-", "cpe:/o:amd:athlon_x4_840_firmware:-", "cpe:/o:amd:ryzen_7_4700g_firmware:-", "cpe:/o:amd:epyc_7f32_firmware:-", "cpe:/o:amd:epyc_embedded_755p_firmware:-", "cpe:/o:amd:athlon_gold_3150u_firmware:-", "cpe:/o:amd:athlon_x4_835_firmware:-", "cpe:/o:amd:epyc_embedded_7281_firmware:-", "cpe:/o:amd:ryzen_threadripper_2950x_firmware:-", "cpe:/o:amd:ryzen_3_2200u_firmware:-", "cpe:/o:amd:ryzen_3_5400u_firmware:-", "cpe:/o:amd:athlon_x4_950_firmware:-", "cpe:/o:amd:ryzen_5_4600ge_firmware:-", "cpe:/o:amd:a10-9630p_firmware:-", "cpe:/o:amd:epyc_7252_firmware:-", "cpe:/o:amd:ryzen_threadripper_3970x_firmware:-", "cpe:/o:amd:epyc_7642_firmware:-", "cpe:/o:amd:athlon_silver_3050e_firmware:-", "cpe:/o:amd:athlon_gold_3150c_firmware:-", "cpe:/o:amd:epyc_7662_firmware:-", "cpe:/o:amd:ryzen_3_3300u_firmware:-", "cpe:/o:amd:ryzen_7_2700u_firmware:-", "cpe:/o:amd:ryzen_5_4500u_firmware:-", "cpe:/o:amd:ryzen_9_3900_firmware:-", "cpe:/o:amd:athlon_x4_870k_firmware:-", "cpe:/o:amd:athlon_silver_7120u_firmware:-", "cpe:/o:amd:epyc_embedded_3551_firmware:-", "cpe:/o:amd:ryzen_9_3950x_firmware:-", "cpe:/o:amd:epyc_embedded_7261_firmware:-", "cpe:/o:amd:ryzen_5_3550h_firmware:-"], "id": "CVE-2022-27672", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-27672", "cvss": {"score": 0.0, "vector": "NONE"}, "cpe23": ["cpe:2.3:o:amd:ryzen_5_2600_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:amd:epyc_embedded_3101_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:amd:ryzen_7_pro_5850u_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:amd:athlon_x4_880k_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:amd:ryzen_5_3500u_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:amd:a10-9630p_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:amd:ryzen_threadripper_2970wx_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:amd:ryzen_5_3600xt_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:amd:a6-9210_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:amd:a9-9410_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:amd:epyc_7272_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:amd:ryzen_7_5800u_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:amd:ryzen_9_3900x_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:amd:athlon_x4_950_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:amd:ryzen_3_1200_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:amd:ryzen_7_2700e_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:amd:ryzen_9_3900xt_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:amd:athlon_pro_3045b_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:amd:athlon_silver_3050c_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:amd:ryzen_9_5980hs_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:amd:epyc_7702p_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:amd:ryzen_threadripper_pro_5975w_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:amd:ryzen_7_2700_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:amd:ryzen_5_2500x_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:amd:epyc_embedded_3551_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:amd:athlon_x4_860k_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:amd:ryzen_threadripper_3970x_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:amd:ryzen_5_5600u_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:amd:ryzen_3_2200u_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:amd:epyc_embedded_3201_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:amd:epyc_embedded_3255_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:amd:ryzen_3_pro_3300u_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:amd:epyc_embedded_3151_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:amd:ryzen_5_4600g_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:amd:a9-9420_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:amd:ryzen_3_3200u_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:amd:epyc_embedded_7251_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:amd:epyc_embedded_740p_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:amd:a10-9600p_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:amd:ryzen_5_2600h_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:amd:ryzen_3_4300g_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:amd:ryzen_3_2300x_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:amd:ryzen_3_3300x_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:amd:ryzen_7_pro_3700u_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:amd:athlon_x4_835_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:amd:epyc_7642_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:amd:ryzen_7_3800xt_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:amd:ryzen_5_2500u_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:amd:ryzen_5_1600_af_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:amd:epyc_7402p_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:amd:epyc_7h12_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:amd:ryzen_5_3550h_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:amd:ryzen_5_4600u_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:amd:epyc_7742_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:amd:epyc_7502_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:amd:ryzen_7_4800u_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:amd:athlon_x4_830_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:amd:ryzen_5_5600h_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:amd:ryzen_threadripper_pro_5955wx_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:amd:ryzen_5_4600ge_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:amd:ryzen_5_3600x_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:amd:ryzen_3_3100_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:amd:ryzen_3_5425u_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:amd:ryzen_5_3600_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:amd:athlon_x4_750_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:amd:ryzen_threadripper_3960x_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:amd:epyc_embedded_7451_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:amd:epyc_7532_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:amd:ryzen_7_5825u_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:amd:epyc_7452_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:amd:epyc_embedded_7601_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:amd:epyc_7502p_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:amd:epyc_embedded_3451_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:amd:epyc_embedded_7261_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:amd:ryzen_threadripper_pro_5945wx_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:amd:ryzen_3_2300u_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:amd:athlon_x4_845_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:amd:epyc_embedded_7371_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:amd:ryzen_3_3250u_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:amd:ryzen_7_3700x_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:amd:ryzen_7_5800hs_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:amd:ryzen_threadripper_2950x_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:amd:a6-9220_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:amd:ryzen_9_5900hx_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:amd:athlon_pro_300u_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:amd:a4-9120c_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:amd:a4-9120_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:amd:epyc_embedded_7301_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:amd:ryzen_threadripper_3990x_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:amd:ryzen_7_5800h_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:amd:athlon_x4_870k_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:amd:ryzen_3_5400u_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:amd:athlon_x4_970_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:amd:athlon_gold_3150c_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:amd:epyc_7f32_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:amd:epyc_7302p_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:amd:ryzen_threadripper_2990wx_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:amd:athlon_silver_7120u_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:amd:ryzen_5_3500_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:amd:ryzen_7_4700g_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:amd:epyc_7302_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:amd:ryzen_5_5625u_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:amd:ryzen_7_3750h_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:amd:ryzen_9_5900hs_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:amd:epyc_embedded_7501_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:amd:ryzen_7_3800x_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:amd:ryzen_7_4700ge_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:amd:epyc_7402_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:amd:epyc_7662_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:amd:epyc_embedded_3251_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:amd:a6-9220c_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:amd:epyc_7282_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:amd:epyc_7252_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:amd:athlon_x4_840_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:amd:ryzen_9_3900_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:amd:ryzen_5_5600hs_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:amd:epyc_embedded_7551_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:amd:ryzen_7_4700u_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:amd:ryzen_7_3700u_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:amd:ryzen_7_2700u_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:amd:epyc_7352_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:amd:ryzen_7_3780u_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:amd:ryzen_3_4300u_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:amd:ryzen_threadripper_2920x_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:amd:athlon_gold_7220u_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:amd:epyc_7702_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:amd:athlon_silver_3050e_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:amd:ryzen_7_2700x_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:amd:ryzen_3_5300u_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:amd:athlon_silver_3050u_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:amd:ryzen_9_pro_3900_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:amd:ryzen_7_5700u_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:amd:a12-9730p_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:amd:ryzen_5_3580u_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:amd:ryzen_9_5980hx_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:amd:athlon_gold_3150u_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:amd:epyc_7542_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:amd:ryzen_3_4300ge_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:amd:ryzen_5_4600h_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:amd:ryzen_5_4500u_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:amd:epyc_7f72_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:amd:ryzen_7_4800h_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:amd:epyc_7262_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:amd:athlon_pro_3145b_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:amd:epyc_embedded_7401_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:amd:epyc_embedded_755p_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:amd:ryzen_9_4900h_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:amd:epyc_7232p_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:amd:ryzen_7_2800h_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:amd:epyc_embedded_7351_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:amd:epyc_7f52_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:amd:ryzen_threadripper_pro_5995wx_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:amd:ryzen_5_2600x_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:amd:ryzen_5_pro_3500u_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:amd:epyc_7552_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:amd:ryzen_9_3950x_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:amd:ryzen_3_3300u_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:amd:ryzen_5_3500x_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:amd:epyc_embedded_7281_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:amd:athlon_x4_940_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:amd:ryzen_5_5500u_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:amd:athlon_x4_760k_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:amd:a12-9700p_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:amd:epyc_embedded_735p_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:amd:ryzen_threadripper_pro_5965wx_firmware:-:*:*:*:*:*:*:*"]}], "mageia": [{"lastseen": "2023-03-11T20:32:59", "description": "This kernel update is based on upstream 5.15.98 and fixes atleast the following security issues: A regression exists in the Linux Kernel within KVM: nVMX that allowed for speculative execution attacks. L2 can carry out Spectre v2 attacks on L1 due to L1 thinking it doesn't need retpolines or IBPB after running L2 due to KVM (L0) advertising eIBRS support to L1. An attacker at L2 with code execution can execute code on an indirect branch on the host machine (CVE-2022-2196). A double-free memory flaw was found in the Linux kernel. The Intel GVT-g graphics driver triggers VGA card system resource overload, causing a fail in the intel_gvt_dma_map_guest_page function. This issue could allow a local user to crash the system (CVE-2022-3707). A flaw was found in the Linux kernel's Layer 2 Tunneling Protocol (L2TP). A missing lock when clearing sk_user_data can lead to a race condition and NULL pointer dereference. A local user could use this flaw to potentially crash the system causing a denial of service (CVE-2022-4129). A use-after-free flaw caused by a race among the superblock operations in the gadgetfs Linux driver was found. It could be triggered by yanking out a device that is running the gadgetfs side (CVE-2022-4382). A flaw NULL Pointer Dereference in the Linux kernel NTFS3 driver function attr_punch_hole() was found. A local user could use this flaw to crash the system (CVE-2022-4842). When SMT is enabled, certain AMD processors may speculatively execute instructions using a target from the sibling thread after an SMT mode switch potentially resulting in information disclosure (CVE-2022-27672). A buffer overflow vulnerability was found in the Netfilter subsystem in the Linux Kernel. This issue could allow the leakage of both stack and heap addresses, and potentially allow Local Privilege Escalation to the root user via arbitrary code execution (CVE-2023-0179). A NULL pointer dereference flaw was found in rawv6_push_pending_frames in net/ipv6/raw.c in the network subcomponent in the Linux kernel. This flaw causes the system to crash (CVE-2023-0394). A memory corruption flaw was found in the Linux kernel\u2019s human interface device (HID) subsystem in how a user inserts a malicious USB device. This flaw allows a local user to crash or potentially escalate their privileges on the system (CVE-2023-1073). A memory leak flaw was found in the Linux kernel's Stream Control Transmission Protocol. This issue may occur when a user starts a malicious networking service and someone connects to this service. This could allow a local user to starve resources, causing a denial of service (CVE-2023-1074). rds: rds_rm_zerocopy_callback() use list_first_entry() (CVE-2023-1078). An integer overflow flaw was found in the Linux kernel\u2019s wireless RNDIS USB device driver in how a user installs a malicious USB device. This flaw allows a local user to crash or potentially escalate their privileges on the system (CVE-2023-23559). There is a double free in net/mpls/af_mpls.c upon an allocation failure (for registering the sysctl table under a new location) during the renaming of a device (CVE-2023-26545). For other upstream fixes in this update, see the referenced changelogs. \n", "cvss3": {"exploitabilityScore": 2.0, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 6.0}, "published": "2023-03-11T19:00:39", "type": "mageia", "title": "Updated kernel packages fix security vulnerabilities\n", "bulletinFamily": "unix", "cvss2": {}, "cvelist": ["CVE-2022-2196", "CVE-2022-27672", "CVE-2022-3707", "CVE-2022-4129", "CVE-2022-4382", "CVE-2022-4842", "CVE-2023-0179", "CVE-2023-0394", "CVE-2023-1073", "CVE-2023-1074", "CVE-2023-1078", "CVE-2023-23559", "CVE-2023-26545"], "modified": "2023-03-11T19:00:39", "id": "MGASA-2023-0087", "href": "https://advisories.mageia.org/MGASA-2023-0087.html", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-03-11T20:32:59", "description": "This kernel-linus update is based on upstream 5.15.98 and fixes atleast the following security issues: A regression exists in the Linux Kernel within KVM: nVMX that allowed for speculative execution attacks. L2 can carry out Spectre v2 attacks on L1 due to L1 thinking it doesn't need retpolines or IBPB after running L2 due to KVM (L0) advertising eIBRS support to L1. An attacker at L2 with code execution can execute code on an indirect branch on the host machine (CVE-2022-2196). A double-free memory flaw was found in the Linux kernel. The Intel GVT-g graphics driver triggers VGA card system resource overload, causing a fail in the intel_gvt_dma_map_guest_page function. This issue could allow a local user to crash the system (CVE-2022-3707). A flaw was found in the Linux kernel's Layer 2 Tunneling Protocol (L2TP). A missing lock when clearing sk_user_data can lead to a race condition and NULL pointer dereference. A local user could use this flaw to potentially crash the system causing a denial of service (CVE-2022-4129). A use-after-free flaw caused by a race among the superblock operations in the gadgetfs Linux driver was found. It could be triggered by yanking out a device that is running the gadgetfs side (CVE-2022-4382). A flaw NULL Pointer Dereference in the Linux kernel NTFS3 driver function attr_punch_hole() was found. A local user could use this flaw to crash the system (CVE-2022-4842). When SMT is enabled, certain AMD processors may speculatively execute instructions using a target from the sibling thread after an SMT mode switch potentially resulting in information disclosure (CVE-2022-27672). A buffer overflow vulnerability was found in the Netfilter subsystem in the Linux Kernel. This issue could allow the leakage of both stack and heap addresses, and potentially allow Local Privilege Escalation to the root user via arbitrary code execution (CVE-2023-0179). A NULL pointer dereference flaw was found in rawv6_push_pending_frames in net/ipv6/raw.c in the network subcomponent in the Linux kernel. This flaw causes the system to crash (CVE-2023-0394). A memory corruption flaw was found in the Linux kernel\u2019s human interface device (HID) subsystem in how a user inserts a malicious USB device. This flaw allows a local user to crash or potentially escalate their privileges on the system (CVE-2023-1073). A memory leak flaw was found in the Linux kernel's Stream Control Transmission Protocol. This issue may occur when a user starts a malicious networking service and someone connects to this service. This could allow a local user to starve resources, causing a denial of service (CVE-2023-1074). rds: rds_rm_zerocopy_callback() use list_first_entry() (CVE-2023-1078). An integer overflow flaw was found in the Linux kernel\u2019s wireless RNDIS USB device driver in how a user installs a malicious USB device. This flaw allows a local user to crash or potentially escalate their privileges on the system (CVE-2023-23559). There is a double free in net/mpls/af_mpls.c upon an allocation failure (for registering the sysctl table under a new location) during the renaming of a device (CVE-2023-26545). For other upstream fixes in this update, see the referenced changelogs. \n", "cvss3": {"exploitabilityScore": 2.0, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 6.0}, "published": "2023-03-11T19:00:39", "type": "mageia", "title": "Updated kernel-linus packages fix security vulnerabilities\n", "bulletinFamily": "unix", "cvss2": {}, "cvelist": ["CVE-2022-2196", "CVE-2022-27672", "CVE-2022-3707", "CVE-2022-4129", "CVE-2022-4382", "CVE-2022-4842", "CVE-2023-0179", "CVE-2023-0394", "CVE-2023-1073", "CVE-2023-1074", "CVE-2023-1078", "CVE-2023-23559", "CVE-2023-26545"], "modified": "2023-03-11T19:00:39", "id": "MGASA-2023-0088", "href": "https://advisories.mageia.org/MGASA-2023-0088.html", "cvss": {"score": 0.0, "vector": "NONE"}}]}
Fedora 36 : xen (2023-dad0295b25)
