Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nessusThis script is Copyright (C) 2023 and is owned by Tenable, Inc. or an Affiliate thereof.MARINER_KERNEL_CVE-2022-1055.NASL
HistoryMar 20, 2023 - 12:00 a.m.

CBL Mariner 2.0 Security Update: kernel (CVE-2022-1055)

2023-03-2000:00:00
This script is Copyright (C) 2023 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
10
JSON

The version of kernel installed on the remote CBL Mariner 2.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2022-1055 advisory.

  • A use-after-free exists in the Linux Kernel in tc_new_tfilter that could allow a local attacker to gain privilege escalation. The exploit requires unprivileged user namespaces. We recommend upgrading past commit 04c2a47ffb13c29778e2a14e414ad4cb5a5db4b5 (CVE-2022-1055)

Note that Nessus has not tested for this issue but has instead relied only on the application’s self-reported version number.

#%NASL_MIN_LEVEL 80900
##
# (C) Tenable, Inc.
##

include('deprecated_nasl_level.inc');
include('compat.inc');

if (description)
{
  script_id(172824);
  script_version("1.1");
  script_set_attribute(attribute:"plugin_modification_date", value:"2023/08/30");

  script_cve_id("CVE-2022-1055");

  script_name(english:"CBL Mariner 2.0 Security Update: kernel (CVE-2022-1055)");

  script_set_attribute(attribute:"synopsis", value:
"The remote CBL Mariner host is missing one or more security updates.");
  script_set_attribute(attribute:"description", value:
"The version of kernel installed on the remote CBL Mariner 2.0 host is prior to tested version. It is, therefore,
affected by a vulnerability as referenced in the CVE-2022-1055 advisory.

  - A use-after-free exists in the Linux Kernel in tc_new_tfilter that could allow a local attacker to gain
    privilege escalation. The exploit requires unprivileged user namespaces. We recommend upgrading past
    commit 04c2a47ffb13c29778e2a14e414ad4cb5a5db4b5 (CVE-2022-1055)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version
number.");
  script_set_attribute(attribute:"see_also", value:"https://nvd.nist.gov/vuln/detail/CVE-2022-1055");
  script_set_attribute(attribute:"solution", value:
"Update the affected packages.");
  script_set_cvss_base_vector("CVSS2#AV:L/AC:L/Au:N/C:P/I:P/A:P");
  script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C");
  script_set_cvss3_base_vector("CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H");
  script_set_cvss3_temporal_vector("CVSS:3.0/E:P/RL:O/RC:C");
  script_set_attribute(attribute:"cvss_score_source", value:"CVE-2022-1055");

  script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"true");

  script_set_attribute(attribute:"vuln_publication_date", value:"2022/03/07");
  script_set_attribute(attribute:"patch_publication_date", value:"2022/04/12");
  script_set_attribute(attribute:"plugin_publication_date", value:"2023/03/20");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:microsoft:cbl-mariner:bpftool");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:microsoft:cbl-mariner:kernel");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:microsoft:cbl-mariner:kernel-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:microsoft:cbl-mariner:kernel-devel");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:microsoft:cbl-mariner:kernel-docs");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:microsoft:cbl-mariner:kernel-drivers-accessibility");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:microsoft:cbl-mariner:kernel-drivers-sound");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:microsoft:cbl-mariner:kernel-dtb");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:microsoft:cbl-mariner:kernel-oprofile");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:microsoft:cbl-mariner:kernel-tools");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:microsoft:cbl-mariner:python3-perf");
  script_set_attribute(attribute:"cpe", value:"x-cpe:/o:microsoft:cbl-mariner");
  script_set_attribute(attribute:"generated_plugin", value:"current");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"MarinerOS Local Security Checks");

  script_copyright(english:"This script is Copyright (C) 2023 and is owned by Tenable, Inc. or an Affiliate thereof.");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/CBLMariner/release", "Host/CBLMariner/rpm-list", "Host/cpu");

  exit(0);
}
include('rpm.inc');

if (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
var release = get_kb_item('Host/CBLMariner/release');
if (isnull(release) || 'CBL-Mariner' >!< release) audit(AUDIT_OS_NOT, 'CBL-Mariner');
var os_ver = pregmatch(pattern: "CBL-Mariner ([0-9]+(\.[0-9]+)?)", string:release);
if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'CBL-Mariner');
os_ver = os_ver[1];
if (! preg(pattern:"^2([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, 'CBL-Mariner 2.0', 'CBL-Mariner ' + os_ver);

if (!get_kb_item('Host/CBLMariner/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);

var cpu = get_kb_item('Host/cpu');
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if ('x86_64' >!< cpu && cpu !~ "^i[3-6]86$" && 'aarch64' >!< cpu)
  audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'CBL-Mariner', cpu);

var pkgs = [
    {'reference':'bpftool-5.15.32.1-3.cm2', 'cpu':'x86_64', 'release':'2.0', 'rpm_spec_vers_cmp':TRUE},
    {'reference':'bpftool-5.15.32.1-3.cm2', 'cpu':'aarch64', 'release':'2.0', 'rpm_spec_vers_cmp':TRUE},
    {'reference':'kernel-5.15.32.1-3.cm2', 'cpu':'x86_64', 'release':'2.0', 'rpm_spec_vers_cmp':TRUE},
    {'reference':'kernel-5.15.32.1-3.cm2', 'cpu':'aarch64', 'release':'2.0', 'rpm_spec_vers_cmp':TRUE},
    {'reference':'kernel-debuginfo-5.15.32.1-3.cm2', 'cpu':'x86_64', 'release':'2.0', 'rpm_spec_vers_cmp':TRUE},
    {'reference':'kernel-debuginfo-5.15.32.1-3.cm2', 'cpu':'aarch64', 'release':'2.0', 'rpm_spec_vers_cmp':TRUE},
    {'reference':'kernel-devel-5.15.32.1-3.cm2', 'cpu':'x86_64', 'release':'2.0', 'rpm_spec_vers_cmp':TRUE},
    {'reference':'kernel-devel-5.15.32.1-3.cm2', 'cpu':'aarch64', 'release':'2.0', 'rpm_spec_vers_cmp':TRUE},
    {'reference':'kernel-docs-5.15.32.1-3.cm2', 'cpu':'x86_64', 'release':'2.0', 'rpm_spec_vers_cmp':TRUE},
    {'reference':'kernel-docs-5.15.32.1-3.cm2', 'cpu':'aarch64', 'release':'2.0', 'rpm_spec_vers_cmp':TRUE},
    {'reference':'kernel-drivers-accessibility-5.15.32.1-3.cm2', 'cpu':'x86_64', 'release':'2.0', 'rpm_spec_vers_cmp':TRUE},
    {'reference':'kernel-drivers-accessibility-5.15.32.1-3.cm2', 'cpu':'aarch64', 'release':'2.0', 'rpm_spec_vers_cmp':TRUE},
    {'reference':'kernel-drivers-sound-5.15.32.1-3.cm2', 'cpu':'x86_64', 'release':'2.0', 'rpm_spec_vers_cmp':TRUE},
    {'reference':'kernel-drivers-sound-5.15.32.1-3.cm2', 'cpu':'aarch64', 'release':'2.0', 'rpm_spec_vers_cmp':TRUE},
    {'reference':'kernel-dtb-5.15.32.1-3.cm2', 'cpu':'aarch64', 'release':'2.0', 'rpm_spec_vers_cmp':TRUE},
    {'reference':'kernel-tools-5.15.32.1-3.cm2', 'cpu':'x86_64', 'release':'2.0', 'rpm_spec_vers_cmp':TRUE},
    {'reference':'kernel-tools-5.15.32.1-3.cm2', 'cpu':'aarch64', 'release':'2.0', 'rpm_spec_vers_cmp':TRUE},
    {'reference':'python3-perf-5.15.32.1-3.cm2', 'cpu':'x86_64', 'release':'2.0', 'rpm_spec_vers_cmp':TRUE},
    {'reference':'python3-perf-5.15.32.1-3.cm2', 'cpu':'aarch64', 'release':'2.0', 'rpm_spec_vers_cmp':TRUE}
];

var flag = 0;
foreach var package_array ( pkgs ) {
  var reference = NULL;
  var _release = NULL;
  var sp = NULL;
  var _cpu = NULL;
  var el_string = NULL;
  var rpm_spec_vers_cmp = NULL;
  var epoch = NULL;
  var allowmaj = NULL;
  var exists_check = NULL;
  if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];
  if (!empty_or_null(package_array['release'])) _release = 'CBLMariner-' + package_array['release'];
  if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];
  if (!empty_or_null(package_array['cpu'])) _cpu = package_array['cpu'];
  if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string'];
  if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];
  if (!empty_or_null(package_array['epoch'])) epoch = package_array['epoch'];
  if (!empty_or_null(package_array['allowmaj'])) allowmaj = package_array['allowmaj'];
  if (!empty_or_null(package_array['exists_check'])) exists_check = package_array['exists_check'];
  if (reference && _release && (!exists_check || rpm_exists(release:_release, rpm:exists_check))) {
    if (rpm_check(release:_release, sp:sp, cpu:_cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;
  }
}

if (flag)
{
  security_report_v4(
      port       : 0,
      severity   : SECURITY_WARNING,
      extra      : rpm_report_get()
  );
  exit(0);
}
else
{
  var tested = pkg_tests_get();
  if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
  else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'bpftool / kernel / kernel-debuginfo / kernel-devel / kernel-docs / etc');
}
VendorProductVersionCPE
microsoftcbl-marinerbpftoolp-cpe:/a:microsoft:cbl-mariner:bpftool
microsoftcbl-marinerkernelp-cpe:/a:microsoft:cbl-mariner:kernel
microsoftcbl-marinerkernel-debuginfop-cpe:/a:microsoft:cbl-mariner:kernel-debuginfo
microsoftcbl-marinerkernel-develp-cpe:/a:microsoft:cbl-mariner:kernel-devel
microsoftcbl-marinerkernel-docsp-cpe:/a:microsoft:cbl-mariner:kernel-docs
microsoftcbl-marinerkernel-drivers-accessibilityp-cpe:/a:microsoft:cbl-mariner:kernel-drivers-accessibility
microsoftcbl-marinerkernel-drivers-soundp-cpe:/a:microsoft:cbl-mariner:kernel-drivers-sound
microsoftcbl-marinerkernel-dtbp-cpe:/a:microsoft:cbl-mariner:kernel-dtb
microsoftcbl-marinerkernel-oprofilep-cpe:/a:microsoft:cbl-mariner:kernel-oprofile
microsoftcbl-marinerkernel-toolsp-cpe:/a:microsoft:cbl-mariner:kernel-tools
Rows per page:
1-10 of 121

Related

cbl_mariner 2
redhatcve 1
debiancve 1
veracode 1
ubuntucve 1
cve 1
prion 1
almalinux 4
openvas 13
nessus 36
redhat 9
osv 10
ubuntu 5
oraclelinux 4
cloudfoundry 1
photon 3
redos 1
suse 2
ibm 2
rocky 2
cbl_mariner
cbl_mariner
CVE-2022-1055 affecting package kernel 5.15.32.1-2
2022-04-26 19:58:10
CVE-2022-1055 affecting package kernel 5.10.109.1-2
2022-05-12 02:17:02
redhatcve
redhatcve
CVE-2022-1055
2022-03-31 20:47:26
debiancve
debiancve
CVE-2022-1055
2022-03-29 15:15:00
veracode
veracode
Use After Free
2022-04-16 16:34:53
ubuntucve
ubuntucve
CVE-2022-1055
2022-03-29 00:00:00
cve
cve
CVE-2022-1055
2022-03-29 15:15:00
prion
prion
Design/Logic Flaw
2022-03-29 15:15:00
almalinux
almalinux
Moderate: kernel-rt security and bug fix update
2022-08-09 00:00:00
Moderate: kernel security, bug fix, and enhancement update
2022-08-09 00:00:00
Moderate: kernel-rt security and bug fix update
2022-11-08 00:00:00
openvas
openvas
Ubuntu: Security Advisory (USN-5358-1)
2022-04-01 00:00:00
Ubuntu: Security Advisory (USN-5358-2)
2022-04-02 00:00:00
SUSE: Security Advisory (SUSE-SU-2022:1183-1)
2022-04-14 00:00:00
nessus
nessus
AlmaLinux 9 : kernel-rt (ALSA-2022:6002)
2022-11-16 00:00:00
Ubuntu 18.04 LTS / 20.04 LTS : Linux kernel vulnerabilities (USN-5358-1)
2022-03-31 00:00:00
Ubuntu 18.04 LTS / 20.04 LTS : Linux kernel vulnerabilities (USN-5358-2)
2022-04-01 00:00:00
redhat
redhat
(RHSA-2022:6002) Moderate: kernel-rt security and bug fix update
2022-08-09 15:12:57
(RHSA-2022:6003) Moderate: kernel security, bug fix, and enhancement update
2022-08-09 15:13:33
(RHSA-2024:1188) Moderate: kernel security, bug fix, and enhancement update
2024-03-06 12:21:12
osv
osv
linux-aws-5.4, linux-aws-5.13, linux-azure, linux-azure-5.4, linux-azure-fde, linux-gcp, linux-gcp-5.13, linux-gcp-5.4, linux-gke, linux-gke-5.4, linux-gkeop, linux-gkeop-5.4, linux-ibm, linux-ibm-5.4, linux-raspi, linux-raspi-5.4 vulnerabilities
2022-03-31 22:55:37
Moderate: kernel-rt security and bug fix update
2022-08-09 00:00:00
Moderate: kernel security, bug fix, and enhancement update
2022-08-09 00:00:00
ubuntu
ubuntu
Linux kernel vulnerabilities
2022-03-31 00:00:00
Linux kernel vulnerabilities
2022-03-31 00:00:00
Kernel Live Patch Security Notice
2022-06-02 00:00:00
oraclelinux
oraclelinux
kernel security, bug fix, and enhancement update
2022-08-10 00:00:00
Unbreakable Enterprise kernel-container security update
2022-05-10 00:00:00
Unbreakable Enterprise kernel security update
2022-05-10 00:00:00
cloudfoundry
cloudfoundry
USN-5358-1: Linux kernel vulnerabilities | Cloud Foundry
2022-04-14 00:00:00
photon
photon
Important Photon OS Security Update - PHSA-2022-4.0-0160
2022-03-10 00:00:00
Important Photon OS Security Update - PHSA-2022-0393
2022-05-14 00:00:00
Important Photon OS Security Update - PHSA-2022-3.0-0393
2022-05-14 00:00:00
redos
redos
ROS-20220413-01
2022-04-13 00:00:00
suse
suse
Security update for the Linux Kernel (important)
2022-04-13 00:00:00
Security update for the Linux Kernel (important)
2022-04-12 00:00:00
ibm
ibm
Security Bulletin: Vulnerabilities in Linux Kernel and Golang Go might affect IBM Spectrum Copy Data Management
2023-01-17 16:48:39
Security Bulletin: Vulnerabilities in Linux Kernel may affect IBM Spectrum Protect Plus
2023-03-16 14:18:44
rocky
rocky
kernel-rt security and bug fix update
2022-11-08 06:19:55
kernel security, bug fix, and enhancement update
2022-11-08 06:26:19
JSON
Related for MARINER_KERNEL_CVE-2022-1055.NASL
cbl_mariner2redhatcve1debiancve1veracode1ubuntucve1cve1prion1almalinux4openvas13nessus36redhat9osv10ubuntu5oraclelinux4cloudfoundry1photon3redos1suse2ibm2rocky2