Ubuntu 16.04 ESM Linux kernel (AWS) vulnerabilitie
Reporter | Title | Published | Views | Family All 199 |
---|---|---|---|---|
Ubuntu | Linux kernel vulnerabilities | 6 Mar 202300:00 | – | ubuntu |
Ubuntu | Linux kernel (AWS) vulnerabilities | 23 Feb 202300:00 | – | ubuntu |
Ubuntu | Linux kernel (OEM) vulnerabilities | 3 Mar 202300:00 | – | ubuntu |
Ubuntu | Linux kernel vulnerabilities | 23 Mar 202300:00 | – | ubuntu |
Ubuntu | Linux kernel (HWE) vulnerabilities | 28 Mar 202300:00 | – | ubuntu |
Ubuntu | Linux kernel (Xilinx ZynqMP) vulnerabilities | 8 Jun 202300:00 | – | ubuntu |
OSV | linux-aws vulnerabilities | 23 Feb 202316:09 | – | osv |
OSV | linux, linux-aws, linux-kvm, linux-lts-xenial vulnerabilities | 6 Mar 202323:32 | – | osv |
OSV | CVE-2022-41858 | 17 Jan 202318:15 | – | osv |
OSV | Red Hat Security Advisory: kernel security update | 13 Sep 202417:33 | – | osv |
#%NASL_MIN_LEVEL 80900
##
# (C) Tenable, Inc.
#
# The descriptive text and package checks in this plugin were
# extracted from Ubuntu Security Notice USN-5884-1. The text
# itself is copyright (C) Canonical, Inc. See
# <https://ubuntu.com/security/notices>. Ubuntu(R) is a registered
# trademark of Canonical, Inc.
##
include('compat.inc');
if (description)
{
script_id(171867);
script_version("1.4");
script_set_attribute(attribute:"plugin_modification_date", value:"2024/01/09");
script_cve_id(
"CVE-2021-4155",
"CVE-2022-20566",
"CVE-2022-41858",
"CVE-2022-42895",
"CVE-2023-0045",
"CVE-2023-23559"
);
script_xref(name:"USN", value:"5884-1");
script_name(english:"Ubuntu 16.04 ESM : Linux kernel (AWS) vulnerabilities (USN-5884-1)");
script_set_attribute(attribute:"synopsis", value:
"The remote Ubuntu host is missing one or more security updates.");
script_set_attribute(attribute:"description", value:
"The remote Ubuntu 16.04 ESM host has a package installed that is affected by multiple vulnerabilities as referenced in
the USN-5884-1 advisory.
- A data leak flaw was found in the way XFS_IOC_ALLOCSP IOCTL in the XFS filesystem allowed for size
increase of files with unaligned size. A local attacker could use this flaw to leak data on the XFS
filesystem otherwise not accessible to them. (CVE-2021-4155)
- In l2cap_chan_put of l2cap_core, there is a possible use after free due to improper locking. This could
lead to local escalation of privilege with no additional execution privileges needed. User interaction is
not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-165329981References:
Upstream kernel (CVE-2022-20566)
- A flaw was found in the Linux kernel. A NULL pointer dereference may occur while a slip driver is in
progress to detach in sl_tx_timeout in drivers/net/slip/slip.c. This issue could allow an attacker to
crash the system or leak internal kernel information. (CVE-2022-41858)
- There is an infoleak vulnerability in the Linux kernel's net/bluetooth/l2cap_core.c's l2cap_parse_conf_req
function which can be used to leak kernel pointers remotely. We recommend upgrading past commit
https://github.com/torvalds/linux/commit/b1a2cd50c0357f243b7435a732b4e62ba3157a2e
https://www.google.com/url (CVE-2022-42895)
- The current implementation of the prctl syscall does not issue an IBPB immediately during the syscall. The
ib_prctl_set function updates the Thread Information Flags (TIFs) for the task and updates the SPEC_CTRL
MSR on the function __speculation_ctrl_update, but the IBPB is only issued on the next schedule, when the
TIF bits are checked. This leaves the victim vulnerable to values already injected on the BTB, prior to
the prctl syscall. The patch that added the support for the conditional mitigation via prctl
(ib_prctl_set) dates back to the kernel 4.9.176. We recommend upgrading past commit
a664ec9158eeddd75121d39c9a0758016097fa96 (CVE-2023-0045)
- In rndis_query_oid in drivers/net/wireless/rndis_wlan.c in the Linux kernel through 6.1.5, there is an
integer overflow in an addition. (CVE-2023-23559)
Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version
number.");
script_set_attribute(attribute:"see_also", value:"https://ubuntu.com/security/notices/USN-5884-1");
script_set_attribute(attribute:"solution", value:
"Update the affected kernel package.");
script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:N/A:N");
script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C");
script_set_cvss3_base_vector("CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H");
script_set_cvss3_temporal_vector("CVSS:3.0/E:P/RL:O/RC:C");
script_set_attribute(attribute:"cvss_score_source", value:"CVE-2023-0045");
script_set_attribute(attribute:"cvss3_score_source", value:"CVE-2023-23559");
script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
script_set_attribute(attribute:"exploit_available", value:"true");
script_set_attribute(attribute:"vuln_publication_date", value:"2021/01/11");
script_set_attribute(attribute:"patch_publication_date", value:"2023/02/23");
script_set_attribute(attribute:"plugin_publication_date", value:"2023/02/23");
script_set_attribute(attribute:"plugin_type", value:"local");
script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:16.04:-:esm");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-image-4.4.0-1154-aws");
script_set_attribute(attribute:"generated_plugin", value:"current");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_family(english:"Ubuntu Local Security Checks");
script_copyright(english:"Ubuntu Security Notice (C) 2023-2024 Canonical, Inc. / NASL script (C) 2023-2024 and is owned by Tenable, Inc. or an Affiliate thereof.");
script_dependencies("ssh_get_info.nasl", "linux_alt_patch_detect.nasl");
script_require_keys("Host/cpu", "Host/Ubuntu", "Host/Ubuntu/release", "Host/Debian/dpkg-l");
exit(0);
}
include('debian_package.inc');
include('ksplice.inc');
if ( ! get_kb_item('Host/local_checks_enabled') ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
var os_release = get_kb_item('Host/Ubuntu/release');
if ( isnull(os_release) ) audit(AUDIT_OS_NOT, 'Ubuntu');
os_release = chomp(os_release);
if (! ('16.04' >< os_release)) audit(AUDIT_OS_NOT, 'Ubuntu 16.04', 'Ubuntu ' + os_release);
if ( ! get_kb_item('Host/Debian/dpkg-l') ) audit(AUDIT_PACKAGE_LIST_MISSING);
var cpu = get_kb_item('Host/cpu');
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if ('x86_64' >!< cpu && cpu !~ "^i[3-6]86$" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Ubuntu', cpu);
var kernel_mappings = {
'16.04': {
'4.4.0': {
'aws': '4.4.0-1154'
}
}
};
var host_kernel_release = get_kb_item('Host/uptrack-uname-r');
if (empty_or_null(host_kernel_release)) host_kernel_release = get_kb_item_or_exit('Host/uname-r');
var host_kernel_base_version = get_kb_item_or_exit('Host/Debian/kernel-base-version');
var host_kernel_type = get_kb_item_or_exit('Host/Debian/kernel-type');
if(empty_or_null(kernel_mappings[os_release][host_kernel_base_version][host_kernel_type])) audit(AUDIT_INST_VER_NOT_VULN, 'kernel ' + host_kernel_release);
var extra = '';
var kernel_fixed_version = kernel_mappings[os_release][host_kernel_base_version][host_kernel_type] + "-" + host_kernel_type;
if (deb_ver_cmp(ver1:host_kernel_release, ver2:kernel_fixed_version) < 0)
{
extra = extra + 'Running Kernel level of ' + host_kernel_release + ' does not meet the minimum fixed level of ' + kernel_fixed_version + ' for this advisory.\n\n';
}
else
{
audit(AUDIT_PATCH_INSTALLED, 'Kernel package for USN-5884-1');
}
if (get_one_kb_item('Host/ksplice/kernel-cves'))
{
var cve_list = make_list('CVE-2021-4155', 'CVE-2022-20566', 'CVE-2022-41858', 'CVE-2022-42895', 'CVE-2023-0045', 'CVE-2023-23559');
if (ksplice_cves_check(cve_list))
{
audit(AUDIT_PATCH_INSTALLED, 'KSplice hotfix for USN-5884-1');
}
else
{
extra = extra + ksplice_reporting_text();
}
}
if (extra) {
security_report_v4(
port : 0,
severity : SECURITY_HOLE,
extra : extra
);
exit(0);
}
Transform Your Security Services
Elevate your offerings with Vulners' advanced Vulnerability Intelligence. Contact us for a demo and discover the difference comprehensive, actionable intelligence can make in your security strategy.
Book a live demo