Amazon Linux 2 : kernel (ALAS-2019-1145)
Medium Nessus Plugin ID 121054
SynopsisThe remote Amazon Linux 2 host is missing a security update.
DescriptionThe USB subsystem mishandles size checks during the reading of an
extra descriptor, related to __usb_get_extra_descriptor in
A flaw was found where an attacker may be able to have an uncontrolled
read to kernel-memory from within a vm guest. A race condition between
connect() and close() function may allow an attacker using the
AF_VSOCK protocol to gather a 4 byte information leak or possibly
impersonate AF_VSOCK messages destined to other clients or leak kernel
SolutionRun 'yum update kernel' to update your system.