Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nessusUbuntu Security Notice (C) 2022-2023 Canonical, Inc. / NASL script (C) 2022-2023 and is owned by Tenable, Inc. or an Affiliate thereof.UBUNTU_KSMBD_CVE-2022-47939.NASL
HistoryJan 11, 2023 - 12:00 a.m.

Ubuntu 20.04 LTS / 22.04 LTS : Linux kernel kmsbd multiple vulnerabilities

2023-01-1100:00:00
Ubuntu Security Notice (C) 2022-2023 Canonical, Inc. / NASL script (C) 2022-2023 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
20
JSON

The remote Ubuntu 20.04 LTS / 22.04 LTS host is running a ksmbd server that is affected by multiple vulnerabilities:

  • An unauthenticated remote code execution vulnerability in the ksmbd component of the Linux kernel.
    (CVE-2022-47939)

  • An authenticated remote code execution vulnerability in the ksmbd component of the Linux kernel.
    (CVE-2022-47942)

  • An unauthenticated remote denial of service vulnerability in the ksmbd component of the Linux kernel. (CVE-2022-47941)

  • Authenticated denial of service vulnerabilities in the ksmbd component of the Linux kernel.
    (CVE-2022-47938, CVE-2022-47940)

Note that Nessus has not tested for these issues but has instead relied only on the application’s self-reported version number.

#%NASL_MIN_LEVEL 80900
##
# (C) Tenable, Inc.
#
# The package checks in this plugin were extracted from Ubuntu Security
# Notice for CVE-2022-47939. Ubuntu(R) is a registered  trademark of
# Canonical, Inc.
##

include('compat.inc');

if (description)
{
  script_id(169894);
  script_version("1.2");
  script_set_attribute(attribute:"plugin_modification_date", value:"2023/01/12");

  script_cve_id(
    "CVE-2022-47938",
    "CVE-2022-47939",
    "CVE-2022-47940",
    "CVE-2022-47941",
    "CVE-2022-47942"
  );
  script_xref(name:"CEA-ID", value:"CEA-2022-0043");

  script_name(english:"Ubuntu 20.04 LTS / 22.04 LTS : Linux kernel kmsbd multiple vulnerabilities");

  script_set_attribute(attribute:"synopsis", value:
"The remote Ubuntu host is missing one or more security updates.");
  script_set_attribute(attribute:"description", value:
"The remote Ubuntu 20.04 LTS / 22.04 LTS host is running a ksmbd server that is affected by multiple vulnerabilities:

  - An unauthenticated remote code execution vulnerability in the ksmbd component of the Linux kernel.
    (CVE-2022-47939)

  - An authenticated remote code execution vulnerability in the ksmbd component of the Linux kernel.
    (CVE-2022-47942)

  - An unauthenticated remote denial of service vulnerability in the ksmbd component of the Linux
    kernel. (CVE-2022-47941)

  - Authenticated denial of service vulnerabilities in the ksmbd component of the Linux kernel.
    (CVE-2022-47938, CVE-2022-47940)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version
number.");
  script_set_attribute(attribute:"see_also", value:"https://ubuntu.com/security/CVE-2022-47939");
  script_set_attribute(attribute:"see_also", value:"https://www.openwall.com/lists/oss-security/2022/12/23/10");
  script_set_attribute(attribute:"solution", value:
"Update the affected kernel package.");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C");
  script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
  script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H");
  script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
  script_set_attribute(attribute:"cvss_score_source", value:"CVE-2022-47939");

  script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");

  script_set_attribute(attribute:"vuln_publication_date", value:"2022/12/22");
  script_set_attribute(attribute:"patch_publication_date", value:"2022/11/17");
  script_set_attribute(attribute:"plugin_publication_date", value:"2023/01/11");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:20.04:-:lts");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:22.04:-:lts");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-image-5.15.0-1008-gkeop");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-image-5.15.0-1018-ibm");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-image-5.15.0-1020-gke");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-image-5.15.0-1021-kvm");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-image-5.15.0-1022-gcp");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-image-5.15.0-1022-oracle");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-image-5.15.0-1023-azure");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-image-5.15.0-53-generic");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-image-5.15.0-53-generic-64k");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-image-5.15.0-53-generic-lpae");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-image-5.15.0-53-lowlatency");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-image-5.15.0-53-lowlatency-64k");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-image-azure");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-image-gcp");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-image-generic");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-image-generic-64k");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-image-generic-lpae");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-image-gke");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-image-gkeop");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-image-ibm");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-image-kvm");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-image-lowlatency");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-image-lowlatency-64k");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-image-oracle");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"Ubuntu Local Security Checks");

  script_copyright(english:"Ubuntu Security Notice (C) 2022-2023 Canonical, Inc. / NASL script (C) 2022-2023 and is owned by Tenable, Inc. or an Affiliate thereof.");

  script_dependencies("ssh_get_info.nasl", "linux_alt_patch_detect.nasl", "linux_smb3_kernel_server_ksmbd_linux_installed.nbin");
  script_require_keys("Host/cpu", "Host/Ubuntu", "Host/Ubuntu/release", "Host/Debian/dpkg-l", "installed_sw/Linux SMB3 Kernel Server (KSMBD)");

  exit(0);
}

include('debian_package.inc');
include('install_func.inc');

if ( ! get_kb_item('Host/local_checks_enabled') ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
var app_name = 'Linux SMB3 Kernel Server (KSMBD)';

var installs = get_installs(app_name:app_name, exit_if_not_found:TRUE);
if (installs[0] != IF_OK) audit(AUDIT_FN_FAIL, "get_installs()", installs[0]);

var os_release = get_kb_item('Host/Ubuntu/release');
if ( isnull(os_release) ) audit(AUDIT_OS_NOT, 'Ubuntu');
os_release = chomp(os_release);
if (! preg(pattern:"^(20\.04|22\.04)$", string:os_release)) audit(AUDIT_OS_NOT, 'Ubuntu 20.04 / 22.04', 'Ubuntu ' + os_release);
if ( ! get_kb_item('Host/Debian/dpkg-l') ) audit(AUDIT_PACKAGE_LIST_MISSING);

var cpu = get_kb_item('Host/cpu');
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if ('x86_64' >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Ubuntu', cpu);

var machine_kernel_release = get_kb_item_or_exit('Host/uname-r');
if (machine_kernel_release)
{
  if (! preg(pattern:"^(5.15.0-\d{2}-(generic|generic-64k|generic-lpae|lowlatency|lowlatency-64k|hwe|lowlatency-hwe)|5.15.0-\d{4}-(azure|gcp|gke|gkeop|ibm|kvm|oracle))$", string:machine_kernel_release)) audit(AUDIT_INST_VER_NOT_VULN, 'kernel ' + machine_kernel_release);
  var extra = '';
  var kernel_mappings = {
    "5.15.0-\d{2}-(generic|generic-64k|generic-lpae|lowlatency|lowlatency-64k|hwe|lowlatency-hwe)" : "5.15.0-53",
    "5.15.0-\d{4}-azure" : "5.15.0-1023",
    "5.15.0-\d{4}-gcp" : "5.15.0-1022",
    "5.15.0-\d{4}-gke" : "5.15.0-1020",
    "5.15.0-\d{4}-gkeop" : "5.15.0-1008",
    "5.15.0-\d{4}-ibm" : "5.15.0-1018",
    "5.15.0-\d{4}-kvm" : "5.15.0-1021",
    "5.15.0-\d{4}-oracle" : "5.15.0-1022"
  };
  var trimmed_kernel_release = ereg_replace(string:machine_kernel_release, pattern:"(-\D+)$", replace:'');
  foreach var kernel_regex (keys(kernel_mappings)) {
    if (preg(pattern:kernel_regex, string:machine_kernel_release)) {
      if (deb_ver_cmp(ver1:trimmed_kernel_release, ver2:kernel_mappings[kernel_regex]) < 0)
      {
        extra = extra + 'Running Kernel level of ' + trimmed_kernel_release + ' does not meet the minimum fixed level of ' + kernel_mappings[kernel_regex] + ' for this advisory.\n\n';
      }
      else
      {
        audit(AUDIT_PATCH_INSTALLED, 'Kernel package for CVE-2022-47939');
      }
    }
  }
}

if (extra) {
  extra += '\nFound the following user-space daemons for ksmbd\n';
  foreach var install (installs[1])
    extra += '  ' + install.path + '\n';
  security_report_v4(
    port       : 0,
    severity   : SECURITY_HOLE,
    extra      : extra
  );
  exit(0);
}
VendorProductVersionCPE
canonicalubuntu_linux20.04cpe:/o:canonical:ubuntu_linux:20.04:-:lts
canonicalubuntu_linux22.04cpe:/o:canonical:ubuntu_linux:22.04:-:lts
canonicalubuntu_linuxlinux-image-5.15.0-1008-gkeopp-cpe:/a:canonical:ubuntu_linux:linux-image-5.15.0-1008-gkeop
canonicalubuntu_linuxlinux-image-5.15.0-1018-ibmp-cpe:/a:canonical:ubuntu_linux:linux-image-5.15.0-1018-ibm
canonicalubuntu_linuxlinux-image-5.15.0-1020-gkep-cpe:/a:canonical:ubuntu_linux:linux-image-5.15.0-1020-gke
canonicalubuntu_linuxlinux-image-5.15.0-1021-kvmp-cpe:/a:canonical:ubuntu_linux:linux-image-5.15.0-1021-kvm
canonicalubuntu_linuxlinux-image-5.15.0-1022-gcpp-cpe:/a:canonical:ubuntu_linux:linux-image-5.15.0-1022-gcp
canonicalubuntu_linuxlinux-image-5.15.0-1022-oraclep-cpe:/a:canonical:ubuntu_linux:linux-image-5.15.0-1022-oracle
canonicalubuntu_linuxlinux-image-5.15.0-1023-azurep-cpe:/a:canonical:ubuntu_linux:linux-image-5.15.0-1023-azure
canonicalubuntu_linuxlinux-image-5.15.0-53-genericp-cpe:/a:canonical:ubuntu_linux:linux-image-5.15.0-53-generic
Rows per page:
1-10 of 261

Related

prion 5
zdi 4
wizblog 1
nessus 9
debiancve 5
redhatcve 5
cbl_mariner 6
cve 5
ubuntucve 5
cnvd 1
rosalinux 1
ubuntu 4
openvas 4
osv 4
prion
prion
Design/Logic Flaw
2022-12-23 16:15:00
Memory corruption
2022-12-23 16:15:00
Double free
2022-12-23 16:15:00
zdi
zdi
Linux Kernel ksmbd Out-Of-Bounds Read Denial-of-Service Vulnerability
2022-12-22 00:00:00
Linux Kernel ksmbd Heap-based Buffer Overflow Remote Code Execution Vulnerability
2022-12-22 00:00:00
Linux Kernel ksmbd Use-After-Free Remote Code Execution Vulnerability
2022-12-22 00:00:00
wizblog
wizblog
CVE-2022-47939 critical vulnerability in Linux kernel `ksmbd` module: everything you need to know
2022-12-27 17:22:55
nessus
nessus
CBL Mariner 2.0 Security Update: kernel (CVE-2022-47942)
2023-03-20 00:00:00
CBL Mariner 2.0 Security Update: kernel (CVE-2022-47941)
2023-03-20 00:00:00
CBL Mariner 2.0 Security Update: kernel (CVE-2022-47939)
2023-03-20 00:00:00
debiancve
debiancve
CVE-2022-47941
2022-12-23 16:15:00
CVE-2022-47939
2022-12-23 16:15:00
CVE-2022-47942
2022-12-23 16:15:00
redhatcve
redhatcve
CVE-2022-47938
2022-12-23 17:34:52
CVE-2022-47939
2022-12-23 17:35:01
CVE-2022-47942
2022-12-23 17:35:31
cbl_mariner
cbl_mariner
CVE-2022-47941 affecting package kernel for versions less than 5.15.86.1-1
2023-01-17 16:47:16
CVE-2022-47940 affecting package hyperv-daemons for versions less than 5.15.92.1-1
2023-02-14 20:21:22
CVE-2022-47942 affecting package kernel for versions less than 5.15.86.1-1
2023-01-17 16:47:16
cve
cve
CVE-2022-47942
2022-12-23 16:15:00
CVE-2022-47939
2022-12-23 16:15:00
CVE-2022-47938
2022-12-23 16:15:00
ubuntucve
ubuntucve
CVE-2022-47939
2022-12-23 00:00:00
CVE-2022-47942
2022-12-23 00:00:00
CVE-2022-47938
2022-12-23 00:00:00
cnvd
cnvd
Linux kernel buffer overflow vulnerability (CNVD-2023-58993)
2023-01-04 00:00:00
rosalinux
rosalinux
Advisory ROSA-SA-2023-2189
2023-07-11 14:30:55
ubuntu
ubuntu
Linux kernel vulnerabilities
2023-02-09 00:00:00
Linux kernel vulnerabilities
2023-02-15 00:00:00
Linux kernel (GKE) vulnerabilities
2023-02-09 00:00:00
openvas
openvas
Ubuntu: Security Advisory (USN-5876-1)
2023-02-16 00:00:00
Ubuntu: Security Advisory (USN-5851-1)
2023-02-10 00:00:00
Ubuntu: Security Advisory (USN-5860-1)
2023-02-10 00:00:00
osv
osv
linux, linux-azure, linux-azure-5.15, linux-gkeop, linux-hwe-5.15, linux-ibm, linux-kvm, linux-lowlatency, linux-lowlatency-hwe-5.15, linux-oracle, linux-oracle-5.15, linux-raspi vulnerabilities
2023-02-09 15:20:34
linux-aws, linux-aws-5.15, linux-azure-fde, linux-gcp, linux-gcp-5.15, linux-intel-iotg vulnerabilities
2023-02-15 22:31:07
linux-gke vulnerabilities
2023-02-09 22:31:43
JSON
Related for UBUNTU_KSMBD_CVE-2022-47939.NASL
prion5zdi4wizblog1nessus9debiancve5redhatcve5cbl_mariner6cve5ubuntucve5cnvd1rosalinux1ubuntu4openvas4osv4