Amazon Linux AMI : kernel (ALAS-2021-1539)

high Nessus Plugin ID 153860

Synopsis

The remote Amazon Linux AMI host is missing a security update.

Description

The version of kernel installed on the remote host is prior to 4.14.248-129.473. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS-2021-1539 advisory.

- Use-after-free vulnerability in the Linux kernel exploitable by a local attacker due to reuse of a DCCP socket with an attached dccps_hc_tx_ccid object as a listener after being released. Fixed in Ubuntu Linux kernel 5.4.0-51.56, 5.3.0-68.63, 4.15.0-121.123, 4.4.0-193.224, 3.13.0.182.191 and 3.2.0-149.196.
(CVE-2020-16119)

- An issue was discovered in Linux: KVM through Improper handling of VM_IO|VM_PFNMAP vmas in KVM can bypass RO checks and can lead to pages being freed while still accessible by the VMM and guest. This allows users with the ability to start and control a VM to read/write random pages of memory and can result in local privilege escalation. (CVE-2021-22543)

- A vulnerability was found in the Linux kernel in versions prior to v5.14-rc1. Missing size validations on inbound SCTP packets may allow the kernel to read uninitialized memory. (CVE-2021-3655)

- A lack of CPU resource in the Linux kernel tracing module functionality in versions prior to 5.14-rc3 was found in the way user uses trace ring buffer in a specific way. Only privileged local users (with CAP_SYS_ADMIN capability) could use this flaw to starve the resources causing denial of service.
(CVE-2021-3679)

- arch/powerpc/kvm/book3s_rtas.c in the Linux kernel through 5.13.5 on the powerpc platform allows KVM guest OS users to cause host OS memory corruption via rtas_args.nargs, aka CID-f62f3c20647e. (CVE-2021-37576)

- arch/x86/kvm/mmu/paging_tmpl.h in the Linux kernel before 5.12.11 incorrectly computes the access permissions of a shadow page, leading to a missing guest protection page fault. (CVE-2021-38198)

- drivers/usb/host/max3421-hcd.c in the Linux kernel before 5.13.6 allows physically proximate attackers to cause a denial of service (use-after-free and panic) by removing a MAX-3421 USB device in certain situations. (CVE-2021-38204)

- drivers/net/ethernet/xilinx/xilinx_emaclite.c in the Linux kernel before 5.13.3 makes it easier for attackers to defeat an ASLR protection mechanism because it prints a kernel pointer (i.e., the real IOMEM pointer). (CVE-2021-38205)

- A race condition was discovered in ext4_write_inline_data_end in fs/ext4/inline.c in the ext4 subsystem in the Linux kernel through 5.13.13. (CVE-2021-40490)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

Solution

Run 'yum update kernel' to update your system.

See Also

https://alas.aws.amazon.com/ALAS-2021-1539.html

https://access.redhat.com/security/cve/CVE-2020-16119

https://access.redhat.com/security/cve/CVE-2021-22543

https://access.redhat.com/security/cve/CVE-2021-3609

https://access.redhat.com/security/cve/CVE-2021-3655

https://access.redhat.com/security/cve/CVE-2021-3679

https://access.redhat.com/security/cve/CVE-2021-3732

https://access.redhat.com/security/cve/CVE-2021-3753

https://access.redhat.com/security/cve/CVE-2021-37576

https://access.redhat.com/security/cve/CVE-2021-38198

https://access.redhat.com/security/cve/CVE-2021-38204

https://access.redhat.com/security/cve/CVE-2021-38205

https://access.redhat.com/security/cve/CVE-2021-40490

Plugin Details

Severity: High

ID: 153860

File Name: ala_ALAS-2021-1539.nasl

Version: 1.2

Type: local

Agent: unix

Published: 10/4/2021

Updated: 10/4/2021

Supported Sensors: Frictionless Assessment Agent, Frictionless Assessment AWS, Nessus Agent

Risk Information

CVSS Score Source: CVE-2021-37576

VPR

Risk Factor: High

Score: 7.4

CVSS v2

Risk Factor: High

Base Score: 7.2

Temporal Score: 5.3

Vector: AV:L/AC:L/Au:N/C:C/I:C/A:C

Temporal Vector: E:U/RL:OF/RC:C

CVSS v3

Risk Factor: High

Base Score: 7.8

Temporal Score: 6.8

Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Temporal Vector: E:U/RL:O/RC:C

Vulnerability Information

CPE: p-cpe:/a:amazon:linux:kernel, p-cpe:/a:amazon:linux:kernel-debuginfo, p-cpe:/a:amazon:linux:kernel-debuginfo-common-i686, p-cpe:/a:amazon:linux:kernel-debuginfo-common-x86_64, p-cpe:/a:amazon:linux:kernel-devel, p-cpe:/a:amazon:linux:kernel-headers, p-cpe:/a:amazon:linux:kernel-tools, p-cpe:/a:amazon:linux:kernel-tools-debuginfo, p-cpe:/a:amazon:linux:kernel-tools-devel, p-cpe:/a:amazon:linux:perf, p-cpe:/a:amazon:linux:perf-debuginfo, cpe:/o:amazon:linux

Required KB Items: Host/local_checks_enabled, Host/AmazonLinux/release, Host/AmazonLinux/rpm-list

Exploit Ease: No known exploits are available

Patch Publication Date: 9/30/2021

Vulnerability Publication Date: 10/15/2020

Reference Information

CVE: CVE-2020-16119, CVE-2021-3609, CVE-2021-3655, CVE-2021-3679, CVE-2021-3732, CVE-2021-3753, CVE-2021-22543, CVE-2021-37576, CVE-2021-38198, CVE-2021-38204, CVE-2021-38205, CVE-2021-40490

ALAS: 2021-1539