The version of kernel installed on the remote host is prior to 5.4.58-27.104. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2KERNEL-5.4-2022-014 advisory.

    A flaw was found in the AMD Cryptographic Co-processor driver in the Linux kernel. An attacker, able to     send invalid SHA type commands, could cause the system to crash. The highest threat from this     vulnerability is to system availability. (CVE-2019-18808)

    A flaw was found in the Linux kernel. The CX23888 Integrated Consumer Infrared Controller probe code     handles resource cleanup low memory conditions. A local attacker able to induce low memory conditions     could use this flaw to crash the system. The highest threat from this vulnerability is to system     availability. (CVE-2019-19054)

    A flaw was found in the ZRAM kernel module, where a user with a local account and the ability to read the     /sys/class/zram-control/hot_add file can create ZRAM device nodes in the /dev/ directory. This read     allocates kernel memory and is not accounted for a user that triggers the creation of that ZRAM device.
    With this vulnerability, continually reading the device may consume a large amount of system memory and     cause the Out-of-Memory (OOM) killer to activate and terminate random userspace processes, possibly making     the system inoperable. (CVE-2020-10781)

    A flaw was found in the implementation of the Linux kernel's GSS mechanism registration functionality.
    During this period, memory allocation was not freed when the module was unloaded, leading to a memory     leak. This flaw allows an attacker with the ability to repeat loads and unloads, to cause the system to     run out of free memory and crash eventually. (CVE-2020-12656)

    In the Linux kernel 4.4 through 5.7.6, usbtest_disconnect in drivers/usb/misc/usbtest.c has a memory leak,     aka CID-28ebeb8db770. (CVE-2020-15393)

    A flaw was found in the Linux kernel. The generation of the device ID from the network RNG internal state     is predictable. The highest threat from this vulnerability is to data confidentiality. (CVE-2020-16166)

    In dma_buf_release of dma-buf.c, there is a possible memory corruption due to a use after free. This could     lead to local escalation of privilege with no additional execution privileges needed. User interaction is     not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-155756045References:
    Upstream kernel (CVE-2021-0707)

Tenable has extracted the preceding description block directly from the tested product security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

Detections

Analytics

Amazon Linux 2 : kernel (ALASKERNEL-5.4-2022-014)

high Nessus Plugin ID 160431

Version 1.6

Version 1.5

Version 1.4

Version 1.6 Apr 30, 2025, 2:20 AM CVE (set "CVE" coverage to "CVE-2019-18808,CVE-2019-19054,CVE-2020-10781,CVE-2020-12656,CVE-2020-15393,CVE-2020-16166,CVE-2021-0707") CVSS metrics ("CVSSv2 score" set to 7.2) CVSS metrics ("CVSSv2 vector" set to "CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C") CVSS metrics ("CVSSv3 score" set to 7.8) CVSS metrics ("CVSSv3 vector" set to "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H") CVSS metrics ("Cvssv4 score" set to 0.0) CVSSv2 score source (changed from "CVE-2020-16166" to "CVE-2021-0707") CVSSv2 severity (based on CVE-2021-0707, severity increased from "Medium" to "High") CVSSv2 severity (based on None, severity decreased from "High" to "Low") CVSSv3 severity (based on None, severity increased from "Low" to "High") Detection (updated detection logic) Plugin metadata Plugin Feed: 202504300220
Version 1.5 Dec 12, 2024, 9:55 AM CVSS metrics ("Cvssv4 score" set to 0.0) CVSSv2 severity (based on None, severity decreased from "High" to "Low") Detection (updated detection logic) Plugin metadata Plugin Feed: 202412120955
Version 1.4 Sep 5, 2023, 10:10 PM Detection Plugin requirements Plugin Feed: 202309052210