Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nessusUbuntu Security Notice (C) 2022-2023 Canonical, Inc. / NASL script (C) 2022-2023 and is owned by Tenable, Inc. or an Affiliate thereof.UBUNTU_USN-5759-1.NASL
HistoryDec 05, 2022 - 12:00 a.m.

Ubuntu 22.04 LTS : LibBPF vulnerabilities (USN-5759-1)

2022-12-0500:00:00
Ubuntu Security Notice (C) 2022-2023 Canonical, Inc. / NASL script (C) 2022-2023 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
41
JSON

The remote Ubuntu 22.04 LTS / 22.10 host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-5759-1 advisory.

  • libbpf 0.6.0 and 0.6.1 has a heap-based buffer overflow (4 bytes) in __bpf_object__open (called from bpf_object__open_mem and bpf-object-fuzzer.c). (CVE-2021-45940)

  • libbpf 0.6.0 and 0.6.1 has a heap-based buffer overflow (8 bytes) in __bpf_object__open (called from bpf_object__open_mem and bpf-object-fuzzer.c). (CVE-2021-45941)

  • A vulnerability was found in Linux Kernel. It has been rated as problematic. This issue affects the function parse_usdt_arg of the file tools/lib/bpf/usdt.c of the component BPF. The manipulation of the argument reg_name leads to memory leak. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-211031. (CVE-2022-3533)

  • A vulnerability classified as critical has been found in Linux Kernel. Affected is the function btf_dump_name_dups of the file tools/lib/bpf/btf_dump.c of the component libbpf. The manipulation leads to use after free. It is recommended to apply a patch to fix this issue. The identifier of this vulnerability is VDB-211032. (CVE-2022-3534)

  • A vulnerability was found in Linux Kernel. It has been classified as problematic. This affects the function find_prog_by_sec_insn of the file tools/lib/bpf/libbpf.c of the component BPF. The manipulation leads to null pointer dereference. It is recommended to apply a patch to fix this issue. The identifier VDB-211749 was assigned to this vulnerability. (CVE-2022-3606)

Note that Nessus has not tested for these issues but has instead relied only on the application’s self-reported version number.

#%NASL_MIN_LEVEL 80900
##
# (C) Tenable, Inc.
#
# The descriptive text and package checks in this plugin were
# extracted from Ubuntu Security Notice USN-5759-1. The text
# itself is copyright (C) Canonical, Inc. See
# <https://ubuntu.com/security/notices>. Ubuntu(R) is a registered
# trademark of Canonical, Inc.
##

include('compat.inc');

if (description)
{
  script_id(168391);
  script_version("1.5");
  script_set_attribute(attribute:"plugin_modification_date", value:"2023/10/20");

  script_cve_id(
    "CVE-2021-45940",
    "CVE-2021-45941",
    "CVE-2022-3533",
    "CVE-2022-3534",
    "CVE-2022-3606"
  );
  script_xref(name:"USN", value:"5759-1");

  script_name(english:"Ubuntu 22.04 LTS : LibBPF vulnerabilities (USN-5759-1)");

  script_set_attribute(attribute:"synopsis", value:
"The remote Ubuntu host is missing one or more security updates.");
  script_set_attribute(attribute:"description", value:
"The remote Ubuntu 22.04 LTS / 22.10 host has packages installed that are affected by multiple vulnerabilities as
referenced in the USN-5759-1 advisory.

  - libbpf 0.6.0 and 0.6.1 has a heap-based buffer overflow (4 bytes) in __bpf_object__open (called from
    bpf_object__open_mem and bpf-object-fuzzer.c). (CVE-2021-45940)

  - libbpf 0.6.0 and 0.6.1 has a heap-based buffer overflow (8 bytes) in __bpf_object__open (called from
    bpf_object__open_mem and bpf-object-fuzzer.c). (CVE-2021-45941)

  - A vulnerability was found in Linux Kernel. It has been rated as problematic. This issue affects the
    function parse_usdt_arg of the file tools/lib/bpf/usdt.c of the component BPF. The manipulation of the
    argument reg_name leads to memory leak. It is recommended to apply a patch to fix this issue. The
    associated identifier of this vulnerability is VDB-211031. (CVE-2022-3533)

  - A vulnerability classified as critical has been found in Linux Kernel. Affected is the function
    btf_dump_name_dups of the file tools/lib/bpf/btf_dump.c of the component libbpf. The manipulation leads to
    use after free. It is recommended to apply a patch to fix this issue. The identifier of this vulnerability
    is VDB-211032. (CVE-2022-3534)

  - A vulnerability was found in Linux Kernel. It has been classified as problematic. This affects the
    function find_prog_by_sec_insn of the file tools/lib/bpf/libbpf.c of the component BPF. The manipulation
    leads to null pointer dereference. It is recommended to apply a patch to fix this issue. The identifier
    VDB-211749 was assigned to this vulnerability. (CVE-2022-3606)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version
number.");
  script_set_attribute(attribute:"see_also", value:"https://ubuntu.com/security/notices/USN-5759-1");
  script_set_attribute(attribute:"solution", value:
"Update the affected libbpf-dev and / or libbpf0 packages.");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:N/I:N/A:P");
  script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C");
  script_set_cvss3_base_vector("CVSS:3.0/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H");
  script_set_cvss3_temporal_vector("CVSS:3.0/E:P/RL:O/RC:C");
  script_set_attribute(attribute:"cvss_score_source", value:"CVE-2021-45941");
  script_set_attribute(attribute:"cvss3_score_source", value:"CVE-2022-3534");

  script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"true");

  script_set_attribute(attribute:"vuln_publication_date", value:"2022/01/01");
  script_set_attribute(attribute:"patch_publication_date", value:"2022/12/05");
  script_set_attribute(attribute:"plugin_publication_date", value:"2022/12/05");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:22.04:-:lts");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:libbpf-dev");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:libbpf0");
  script_set_attribute(attribute:"generated_plugin", value:"current");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"Ubuntu Local Security Checks");

  script_copyright(english:"Ubuntu Security Notice (C) 2022-2023 Canonical, Inc. / NASL script (C) 2022-2023 and is owned by Tenable, Inc. or an Affiliate thereof.");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/cpu", "Host/Ubuntu", "Host/Ubuntu/release", "Host/Debian/dpkg-l");

  exit(0);
}

include('debian_package.inc');

if ( ! get_kb_item('Host/local_checks_enabled') ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
var os_release = get_kb_item('Host/Ubuntu/release');
if ( isnull(os_release) ) audit(AUDIT_OS_NOT, 'Ubuntu');
os_release = chomp(os_release);
if (! ('22.04' >< os_release)) audit(AUDIT_OS_NOT, 'Ubuntu 22.04', 'Ubuntu ' + os_release);
if ( ! get_kb_item('Host/Debian/dpkg-l') ) audit(AUDIT_PACKAGE_LIST_MISSING);

var cpu = get_kb_item('Host/cpu');
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if ('x86_64' >!< cpu && cpu !~ "^i[3-6]86$" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Ubuntu', cpu);

var pkgs = [
    {'osver': '22.04', 'pkgname': 'libbpf-dev', 'pkgver': '1:0.5.0-1ubuntu22.04.1'},
    {'osver': '22.04', 'pkgname': 'libbpf0', 'pkgver': '1:0.5.0-1ubuntu22.04.1'}
];

var flag = 0;
foreach package_array ( pkgs ) {
  var osver = NULL;
  var pkgname = NULL;
  var pkgver = NULL;
  if (!empty_or_null(package_array['osver'])) osver = package_array['osver'];
  if (!empty_or_null(package_array['pkgname'])) pkgname = package_array['pkgname'];
  if (!empty_or_null(package_array['pkgver'])) pkgver = package_array['pkgver'];
  if (osver && pkgname && pkgver) {
    if (ubuntu_check(osver:osver, pkgname:pkgname, pkgver:pkgver)) flag++;
  }
}

if (flag)
{
  security_report_v4(
    port       : 0,
    severity   : SECURITY_WARNING,
    extra      : ubuntu_report_get()
  );
  exit(0);
}
else
{
  var tested = ubuntu_pkg_tests_get();
  if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
  else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'libbpf-dev / libbpf0');
}
VendorProductVersionCPE
canonicalubuntu_linux22.04cpe:/o:canonical:ubuntu_linux:22.04:-:lts
canonicalubuntu_linuxlibbpf-devp-cpe:/a:canonical:ubuntu_linux:libbpf-dev
canonicalubuntu_linuxlibbpf0p-cpe:/a:canonical:ubuntu_linux:libbpf0

Related

openvas 11
ubuntu 3
osv 5
cloudfoundry 1
ubuntucve 5
nessus 15
altlinux 1
prion 5
veracode 2
cve 5
debiancve 5
redhatcve 5
amazon 2
cbl_mariner 4
cnvd 1
photon 2
mageia 2
slackware 1
redos 1
ics 1
avleonov 1
openvas
openvas
Ubuntu: Security Advisory (USN-5759-1)
2022-12-06 00:00:00
Ubuntu: Security Advisory (USN-5759-2)
2023-01-27 00:00:00
openSUSE: Security Advisory for libbpf (SUSE-SU-2023:0405-1)
2024-03-04 00:00:00
ubuntu
ubuntu
LibBPF vulnerabilities
2022-12-08 00:00:00
LibBPF vulnerabilities
2022-12-05 00:00:00
dwarves vulnerabilities
2023-07-11 00:00:00
osv
osv
libbpf vulnerabilities
2022-12-05 08:43:17
libbpf vulnerabilities
2022-12-08 09:40:00
dwarves-dfsg vulnerabilities
2023-07-11 06:36:47
cloudfoundry
cloudfoundry
USN-5759-1: LibBPF vulnerabilities | Cloud Foundry
2023-01-26 00:00:00
ubuntucve
ubuntucve
CVE-2021-45941
2022-01-01 00:00:00
CVE-2021-45940
2022-01-01 00:00:00
CVE-2022-3534
2022-10-17 00:00:00
nessus
nessus
SUSE SLED15 / SLES15 / openSUSE 15 Security Update : libbpf (SUSE-SU-2023:0405-1)
2023-02-15 00:00:00
Ubuntu 20.04 ESM : LibBPF vulnerabilities (USN-5759-2)
2023-10-20 00:00:00
Ubuntu 18.04 ESM / 20.04 LTS : dwarves vulnerabilities (USN-6215-1)
2023-07-12 00:00:00
altlinux
altlinux
Security fix for the ALT Linux 10 package libbpf version 0.8.1-alt2
2023-02-21 00:00:00
prion
prion
Heap overflow
2022-01-01 01:15:00
Heap overflow
2022-01-01 01:15:00
Design/Logic Flaw
2022-10-17 09:15:00
veracode
veracode
Heap-Based Buffer Overflow
2022-01-04 08:22:12
Denial Of Service (DoS)
2022-01-04 05:48:07
cve
cve
CVE-2021-45940
2022-01-01 01:15:00
CVE-2021-45941
2022-01-01 01:15:00
CVE-2022-3534
2022-10-17 09:15:00
debiancve
debiancve
CVE-2021-45940
2022-01-01 01:15:00
CVE-2021-45941
2022-01-01 01:15:00
CVE-2022-3533
2022-10-17 09:15:00
redhatcve
redhatcve
CVE-2021-45940
2022-01-21 07:46:18
CVE-2021-45941
2022-01-21 07:46:18
CVE-2022-3533
2023-01-30 16:08:06
amazon
amazon
Important: libbpf
2022-12-01 20:31:00
Medium: libbpf
2023-03-02 21:50:00
cbl_mariner
cbl_mariner
CVE-2022-3533 affecting package kernel 5.10.185.1-1
2023-08-15 16:37:27
CVE-2022-3533 affecting package kernel 5.15.118.1-1
2023-08-10 16:37:57
CVE-2022-3606 affecting package kernel 5.10.185.1-1
2023-08-15 16:37:27
cnvd
cnvd
Linux kernel denial-of-service vulnerability (CNVD-2022-74086)
2022-10-21 00:00:00
photon
photon
Important Photon OS Security Update - PHSA-2023-4.0-0377
2023-04-16 00:00:00
Critical Photon OS Security Update - PHSA-2022-4.0-0183
2022-05-14 00:00:00
mageia
mageia
Updated kernel-linus packages fix security vulnerabilities
2023-01-22 23:39:23
Updated kernel packages fix security vulnerabilities
2023-01-22 23:39:23
slackware
slackware
[slackware-security] Slackware 15.0 kernel
2023-02-18 02:15:39
redos
redos
ROS-20221220-01
2022-12-20 00:00:00
ics
ics
Siemens SIMATIC S7-1500 TM MFP Linux Kernel
2023-06-15 12:00:00
avleonov
avleonov
Scanvus now supports Vulners and Vulns.io VM Linux vulnerability detection APIs
2022-12-30 18:03:13
JSON
Related for UBUNTU_USN-5759-1.NASL
openvas11ubuntu3osv5cloudfoundry1ubuntucve5nessus15altlinux1prion5veracode2cve5debiancve5redhatcve5amazon2cbl_mariner4cnvd1photon2mageia2slackware1redos1ics1avleonov1