Amazon Linux 2 : kernel (ALAS-2019-1212)
High Nessus Plugin ID 125291
SynopsisThe remote Amazon Linux 2 host is missing a security update.
DescriptionA flaw was found in the Linux kernel's implementation of RDS over TCP.
A system that has the rds_tcp kernel module loaded (either through autoload via local process running listen(), or manual loading) could possibly cause a use after free (UAF) in which an attacker who is able to manipulate socket state while a network namespace is being torn down. This can lead to possible memory corruption and privilege escalation.(CVE-2019-11815)
SolutionRun 'yum update kernel' to update your system.