The Ubuntu 22.04 LTS has multiple Linux kernel vulnerabilitie
Reporter | Title | Published | Views | Family All 199 |
---|---|---|---|---|
![]() | linux, linux-aws, linux-azure, linux-gcp, linux-hwe-5.19, linux-kvm, linux-lowlatency, linux-oracle, linux-raspi vulnerabilities | 19 Apr 202301:17 | – | osv |
![]() | linux-oem-6.0 vulnerabilities | 27 Mar 202322:38 | – | osv |
![]() | linux-snapdragon vulnerabilities | 19 Apr 202314:15 | – | osv |
![]() | linux-aws-hwe, linux-hwe, linux-oracle vulnerabilities | 28 Mar 202319:44 | – | osv |
![]() | linux-gcp-4.15 vulnerabilities | 31 Mar 202312:58 | – | osv |
![]() | linux, linux-aws, linux-dell300x, linux-kvm, linux-oracle, linux-raspi2 vulnerabilities | 29 Mar 202316:44 | – | osv |
![]() | linux-gcp vulnerabilities | 11 Apr 202322:55 | – | osv |
![]() | CVE-2023-26606 | 26 Feb 202323:15 | – | osv |
![]() | kernel-devel-5.19.12-1.1 on GA media | 15 Jun 202400:00 | – | osv |
![]() | linux, linux-aws, linux-aws-hwe, linux-azure, linux-azure-4.15, linux-dell300x, linux-gcp, linux-gcp-4.15, linux-hwe, linux-kvm, linux-oracle, linux-raspi2 vulnerabilities | 19 Apr 202314:06 | – | osv |
#%NASL_MIN_LEVEL 80900
##
# (C) Tenable, Inc.
#
# The descriptive text and package checks in this plugin were
# extracted from Ubuntu Security Notice USN-6024-1. The text
# itself is copyright (C) Canonical, Inc. See
# <https://ubuntu.com/security/notices>. Ubuntu(R) is a registered
# trademark of Canonical, Inc.
##
include('compat.inc');
if (description)
{
script_id(174449);
script_version("1.3");
script_set_attribute(attribute:"plugin_modification_date", value:"2024/08/27");
script_cve_id(
"CVE-2022-3424",
"CVE-2022-41218",
"CVE-2022-47929",
"CVE-2023-0468",
"CVE-2023-1032",
"CVE-2023-1281",
"CVE-2023-22997",
"CVE-2023-26545",
"CVE-2023-26606",
"CVE-2023-28328"
);
script_xref(name:"USN", value:"6024-1");
script_name(english:"Ubuntu 22.04 LTS : Linux kernel vulnerabilities (USN-6024-1)");
script_set_attribute(attribute:"synopsis", value:
"The remote Ubuntu host is missing one or more security updates.");
script_set_attribute(attribute:"description", value:
"The remote Ubuntu 22.04 LTS host has a package installed that is affected by multiple vulnerabilities as referenced in
the USN-6024-1 advisory.
It was discovered that the Traffic-Control Index (TCINDEX) implementation in the Linux kernel contained a
use-after-free vulnerability. A local attacker could use this to cause a denial of service (system crash)
or possibly execute arbitrary code. (CVE-2023-1281)
Lin Ma discovered a race condition in the io_uring subsystem in the Linux kernel, leading to a null
pointer dereference vulnerability. A local attacker could use this to cause a denial of service (system
crash). (CVE-2023-0468)
It was discovered that a use-after-free vulnerability existed in the SGI GRU driver in the Linux kernel. A
local attacker could possibly use this to cause a denial of service (system crash) or possibly execute
arbitrary code. (CVE-2022-3424)
Hyunwoo Kim discovered that the DVB Core driver in the Linux kernel did not properly perform reference
counting in some situations, leading to a use- after-free vulnerability. A local attacker could use this
to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2022-41218)
It was discovered that the network queuing discipline implementation in the Linux kernel contained a null
pointer dereference in some situations. A local attacker could use this to cause a denial of service
(system crash). (CVE-2022-47929)
Thadeu Cascardo discovered that the io_uring subsystem contained a double- free vulnerability in certain
memory allocation error conditions. A local attacker could possibly use this to cause a denial of service
(system crash). (CVE-2023-1032)
It was discovered that the module decompression implementation in the Linux kernel did not properly handle
return values in certain error conditions. A local attacker could use this to cause a denial of service
(system crash). (CVE-2023-22997)
Lianhui Tang discovered that the MPLS implementation in the Linux kernel did not properly handle certain
sysctl allocation failure conditions, leading to a double-free vulnerability. An attacker could use this
to cause a denial of service or possibly execute arbitrary code. (CVE-2023-26545)
It was discovered that the NTFS file system implementation in the Linux kernel did not properly handle a
loop termination condition, leading to an out-of-bounds read vulnerability. A local attacker could use
this to cause a denial of service (system crash) or possibly expose sensitive information.
(CVE-2023-26606)
Wei Chen discovered that the DVB USB AZ6027 driver in the Linux kernel contained a null pointer
dereference when handling certain messages from user space. A local attacker could use this to cause a
denial of service (system crash). (CVE-2023-28328)
Tenable has extracted the preceding description block directly from the Ubuntu security advisory.
Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version
number.");
script_set_attribute(attribute:"see_also", value:"https://ubuntu.com/security/notices/USN-6024-1");
script_set_attribute(attribute:"solution", value:
"Update the affected kernel package.");
script_set_cvss_base_vector("CVSS2#AV:L/AC:L/Au:S/C:C/I:C/A:C");
script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C");
script_set_cvss3_base_vector("CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H");
script_set_cvss3_temporal_vector("CVSS:3.0/E:P/RL:O/RC:C");
script_set_attribute(attribute:"cvss_score_source", value:"CVE-2023-26606");
script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
script_set_attribute(attribute:"exploit_available", value:"true");
script_set_attribute(attribute:"vuln_publication_date", value:"2022/09/21");
script_set_attribute(attribute:"patch_publication_date", value:"2023/04/19");
script_set_attribute(attribute:"plugin_publication_date", value:"2023/04/19");
script_set_attribute(attribute:"plugin_type", value:"local");
script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:22.04:-:lts");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-image-5.19.0-40-generic");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-image-5.19.0-40-generic-64k");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-image-5.19.0-40-generic-lpae");
script_set_attribute(attribute:"generated_plugin", value:"current");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_family(english:"Ubuntu Local Security Checks");
script_copyright(english:"Ubuntu Security Notice (C) 2023-2024 Canonical, Inc. / NASL script (C) 2023-2024 and is owned by Tenable, Inc. or an Affiliate thereof.");
script_dependencies("ssh_get_info.nasl", "linux_alt_patch_detect.nasl");
script_require_keys("Host/cpu", "Host/Ubuntu", "Host/Ubuntu/release", "Host/Debian/dpkg-l");
exit(0);
}
include('debian_package.inc');
include('ksplice.inc');
if ( ! get_kb_item('Host/local_checks_enabled') ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
var os_release = get_kb_item('Host/Ubuntu/release');
if ( isnull(os_release) ) audit(AUDIT_OS_NOT, 'Ubuntu');
os_release = chomp(os_release);
if (! ('22.04' >< os_release)) audit(AUDIT_OS_NOT, 'Ubuntu 22.04', 'Ubuntu ' + os_release);
if ( ! get_kb_item('Host/Debian/dpkg-l') ) audit(AUDIT_PACKAGE_LIST_MISSING);
var cpu = get_kb_item('Host/cpu');
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if ('x86_64' >!< cpu && cpu !~ "^i[3-6]86$" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Ubuntu', cpu);
var kernel_mappings = {
'22.04': {
'5.19.0': {
'generic': '5.19.0-40',
'generic-64k': '5.19.0-40',
'generic-lpae': '5.19.0-40'
}
}
};
var host_kernel_release = get_kb_item('Host/uptrack-uname-r');
if (empty_or_null(host_kernel_release)) host_kernel_release = get_kb_item_or_exit('Host/uname-r');
var host_kernel_base_version = get_kb_item_or_exit('Host/Debian/kernel-base-version');
var host_kernel_type = get_kb_item_or_exit('Host/Debian/kernel-type');
if(empty_or_null(kernel_mappings[os_release][host_kernel_base_version][host_kernel_type])) audit(AUDIT_INST_VER_NOT_VULN, 'kernel ' + host_kernel_release);
var extra = '';
var kernel_fixed_version = kernel_mappings[os_release][host_kernel_base_version][host_kernel_type] + "-" + host_kernel_type;
if (deb_ver_cmp(ver1:host_kernel_release, ver2:kernel_fixed_version) < 0)
{
extra += 'Running Kernel level of ' + host_kernel_release + ' does not meet the minimum fixed level of ' + kernel_fixed_version + ' for this advisory.\n\n';
}
else
{
audit(AUDIT_PATCH_INSTALLED, 'Kernel package for USN-6024-1');
}
if (get_one_kb_item('Host/ksplice/kernel-cves'))
{
var cve_list = make_list('CVE-2022-3424', 'CVE-2022-41218', 'CVE-2022-47929', 'CVE-2023-0468', 'CVE-2023-1032', 'CVE-2023-1281', 'CVE-2023-22997', 'CVE-2023-26545', 'CVE-2023-26606', 'CVE-2023-28328');
if (ksplice_cves_check(cve_list))
{
audit(AUDIT_PATCH_INSTALLED, 'KSplice hotfix for USN-6024-1');
}
else
{
extra = extra + ksplice_reporting_text();
}
}
if (extra) {
security_report_v4(
port : 0,
severity : SECURITY_WARNING,
extra : extra
);
exit(0);
}
Transform Your Security Services
Elevate your offerings with Vulners' advanced Vulnerability Intelligence. Contact us for a demo and discover the difference comprehensive, actionable intelligence can make in your security strategy.
Book a live demo