Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nessusThis script is Copyright (C) 2024 and is owned by Tenable, Inc. or an Affiliate thereof.FEDORA_2024-ACA9ED1EB1.NASL
HistoryMar 13, 2024 - 12:00 a.m.

Fedora 39 : xen (2024-aca9ed1eb1)

2024-03-1300:00:00
This script is Copyright (C) 2024 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
5
fedora 39
security updates
vulnerabilities
xen
cve-2023-46841
fedora project
nessus
tenable
x86
remote host
update
advisory
package
vulnerable
cve

6.7 Medium

AI Score

Confidence

High

JSON

The remote Fedora 39 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2024-aca9ed1eb1 advisory.

  • Recent x86 CPUs offer functionality named Control-flow Enforcement Technology (CET). A sub-feature of this are Shadow Stacks (CET-SS). CET-SS is a hardware feature designed to protect against Return Oriented Programming attacks. When enabled, traditional stacks holding both data and return addresses are accompanied by so called shadow stacks, holding little more than return addresses. Shadow stacks aren’t writable by normal instructions, and upon function returns their contents are used to check for possible manipulation of a return address coming from the traditional stack. In particular certain memory accesses need intercepting by Xen. In various cases the necessary emulation involves kind of replaying of the instruction. Such replaying typically involves filling and then invoking of a stub. Such a replayed instruction may raise an exceptions, which is expected and dealt with accordingly. Unfortunately the interaction of both of the above wasn’t right: Recovery involves removal of a call frame from the (traditional) stack. The counterpart of this operation for the shadow stack was missing. (CVE-2023-46841)

Note that Nessus has not tested for these issues but has instead relied only on the application’s self-reported version number.

#%NASL_MIN_LEVEL 80900
##
# (C) Tenable, Inc.
##
# The descriptive text and package checks in this plugin were
# extracted from Fedora Security Advisory FEDORA-2024-aca9ed1eb1
#

include('compat.inc');

if (description)
{
  script_id(192051);
  script_version("1.1");
  script_set_attribute(attribute:"plugin_modification_date", value:"2024/04/29");

  script_cve_id("CVE-2023-46841");
  script_xref(name:"IAVB", value:"2023-B-0090");
  script_xref(name:"FEDORA", value:"2024-aca9ed1eb1");

  script_name(english:"Fedora 39 : xen (2024-aca9ed1eb1)");

  script_set_attribute(attribute:"synopsis", value:
"The remote Fedora host is missing one or more security updates.");
  script_set_attribute(attribute:"description", value:
"The remote Fedora 39 host has a package installed that is affected by multiple vulnerabilities as referenced in the
FEDORA-2024-aca9ed1eb1 advisory.

  - Recent x86 CPUs offer functionality named Control-flow Enforcement Technology (CET). A sub-feature of this
    are Shadow Stacks (CET-SS). CET-SS is a hardware feature designed to protect against Return Oriented
    Programming attacks. When enabled, traditional stacks holding both data and return addresses are
    accompanied by so called shadow stacks, holding little more than return addresses. Shadow stacks aren't
    writable by normal instructions, and upon function returns their contents are used to check for possible
    manipulation of a return address coming from the traditional stack. In particular certain memory accesses
    need intercepting by Xen. In various cases the necessary emulation involves kind of replaying of the
    instruction. Such replaying typically involves filling and then invoking of a stub. Such a replayed
    instruction may raise an exceptions, which is expected and dealt with accordingly. Unfortunately the
    interaction of both of the above wasn't right: Recovery involves removal of a call frame from the
    (traditional) stack. The counterpart of this operation for the shadow stack was missing. (CVE-2023-46841)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version
number.");
  script_set_attribute(attribute:"see_also", value:"https://bodhi.fedoraproject.org/updates/FEDORA-2024-aca9ed1eb1");
  script_set_attribute(attribute:"solution", value:
"Update the affected xen package.");
  script_set_cvss_base_vector("CVSS2#AV:L/AC:L/Au:S/C:N/I:N/A:C");
  script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
  script_set_cvss3_base_vector("CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H");
  script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
  script_set_attribute(attribute:"cvss_score_source", value:"CVE-2023-46841");

  script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"false");

  script_set_attribute(attribute:"vuln_publication_date", value:"2024/02/27");
  script_set_attribute(attribute:"patch_publication_date", value:"2024/02/27");
  script_set_attribute(attribute:"plugin_publication_date", value:"2024/03/13");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:fedoraproject:fedora:39");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:xen");
  script_set_attribute(attribute:"generated_plugin", value:"current");
  script_set_attribute(attribute:"stig_severity", value:"I");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"Fedora Local Security Checks");

  script_copyright(english:"This script is Copyright (C) 2024 and is owned by Tenable, Inc. or an Affiliate thereof.");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list");

  exit(0);
}


include('rpm.inc');

if (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
var os_release = get_kb_item('Host/RedHat/release');
if (isnull(os_release) || 'Fedora' >!< os_release) audit(AUDIT_OS_NOT, 'Fedora');
var os_ver = pregmatch(pattern: "Fedora.*release ([0-9]+)", string:os_release);
if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'Fedora');
os_ver = os_ver[1];
if (! preg(pattern:"^39([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, 'Fedora 39', 'Fedora ' + os_ver);

if (!get_kb_item('Host/RedHat/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);

var cpu = get_kb_item('Host/cpu');
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if ('x86_64' >!< cpu && cpu !~ "^i[3-6]86$" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Fedora', cpu);

var pkgs = [
    {'reference':'xen-4.17.2-7.fc39', 'release':'FC39', 'rpm_spec_vers_cmp':TRUE}
];

var flag = 0;
foreach package_array ( pkgs ) {
  var reference = NULL;
  var _release = NULL;
  var sp = NULL;
  var _cpu = NULL;
  var el_string = NULL;
  var rpm_spec_vers_cmp = NULL;
  var epoch = NULL;
  var allowmaj = NULL;
  if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];
  if (!empty_or_null(package_array['release'])) _release = package_array['release'];
  if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];
  if (!empty_or_null(package_array['cpu'])) _cpu = package_array['cpu'];
  if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string'];
  if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];
  if (!empty_or_null(package_array['epoch'])) epoch = package_array['epoch'];
  if (!empty_or_null(package_array['allowmaj'])) allowmaj = package_array['allowmaj'];
  if (reference && _release) {
    if (rpm_check(release:_release, sp:sp, cpu:_cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;
  }
}

if (flag)
{
  security_report_v4(
      port       : 0,
      severity   : SECURITY_WARNING,
      extra      : rpm_report_get()
  );
  exit(0);
}
else
{
  var tested = pkg_tests_get();
  if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
  else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'xen');
}
VendorProductVersionCPE
fedoraprojectfedora39cpe:/o:fedoraproject:fedora:39
fedoraprojectfedoraxenp-cpe:/a:fedoraproject:fedora:xen

Related

debiancve 1
fedora 3
openvas 5
ubuntucve 1
cvelist 1
osv 1
cve 1
nessus 4
xen 1
mageia 1
debiancve
debiancve
CVE-2023-46841
2024-03-20 11:15:08
fedora
fedora
[SECURITY] Fedora 38 Update: xen-4.17.2-7.fc38
2024-03-14 01:39:32
[SECURITY] Fedora 39 Update: xen-4.17.2-7.fc39
2024-03-14 01:08:11
[SECURITY] Fedora 40 Update: xen-4.18.1-1.fc40
2024-03-23 00:54:07
openvas
openvas
Fedora: Security Advisory for xen (FEDORA-2024-0da80aa623)
2024-03-25 00:00:00
Fedora: Security Advisory for xen (FEDORA-2024-aca9ed1eb1)
2024-03-25 00:00:00
Mageia: Security Advisory (MGASA-2024-0115)
2024-04-11 00:00:00
ubuntucve
ubuntucve
CVE-2023-46841
2024-03-20 00:00:00
cvelist
cvelist
CVE-2023-46841 x86: shadow stack vs exceptions from emulation stubs
2024-03-20 10:40:36
osv
osv
CVE-2023-46841
2024-03-20 11:15:08
cve
cve
CVE-2023-46841
2024-03-20 11:15:08
nessus
nessus
Fedora 38 : xen (2024-0da80aa623)
2024-03-13 00:00:00
Fedora 40 : xen (2024-3a36322c4b)
2024-04-29 00:00:00
SUSE SLED15 / SLES15 / openSUSE 15 Security Update : xen (SUSE-SU-2024:0830-1)
2024-03-12 00:00:00
xen
xen
x86: shadow stack vs exceptions from emulation stubs
2024-02-27 10:38:00
mageia
mageia
Updated xen packages fix security vulnerabilities
2024-04-10 07:03:52

6.7 Medium

AI Score

Confidence

High

JSON
Related for FEDORA_2024-ACA9ED1EB1.NASL
debiancve1fedora3openvas5ubuntucve1cvelist1osv1cve1nessus4xen1mageia1