Amazon Linux 2 : kernel (ALASKERNEL-5.10-2022-015)

high Nessus Plugin ID 163313

Language:

Synopsis

The remote Amazon Linux 2 host is missing a security update.

Description

The version of kernel installed on the remote host is prior to 5.10.126-117.518. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2KERNEL-5.10-2022-015 advisory.

In the Linux kernel, the following vulnerability has been resolved:

drm/plane: Move range check for format_count earlier (CVE-2021-47659)

Due to the small table perturb size, a memory leak flaw was found in the Linux kernel's TCP source port generation algorithm in the net/ipv4/tcp.c function. This flaw allows an attacker to leak information and may cause a denial of service. (CVE-2022-1012)

A use-after-free flaw was found in fs/ext4/namei.c:dx_insert_block() in the Linux kernel's filesystem sub- component. This flaw allows a local attacker with a user privilege to cause a denial of service.
(CVE-2022-1184)

With shadow paging enabled, the INVPCID instruction results in a call to kvm_mmu_invpcid_gva. If INVPCID is executed with CR0.PG=0, the invlpg callback is not set and the result is a NULL pointer dereference.
(CVE-2022-1789)

A NULL pointer dereference flaw was found in the Linux kernel's KVM module, which can lead to a denial of service in the x86_emulate_insn in arch/x86/kvm/emulate.c. This flaw occurs while executing an illegal instruction in guest in the Intel CPU. (CVE-2022-1852)

A use-after-free vulnerability was found in the Linux kernel's Netfilter subsystem in net/netfilter/nf_tables_api.c. This flaw allows a local attacker with user access to cause a privilege escalation issue. (CVE-2022-1966)

No description is available for this CVE. (CVE-2022-1972)

A vulnerability was found in the Linux kernel's nft_set_desc_concat_parse() function .This flaw allows an attacker to trigger a buffer overflow via nft_set_desc_concat_parse() , causing a denial of service and possibly to run code. (CVE-2022-2078)

A flaw was found in hw. Incomplete cleanup of multi-core shared buffers for some Intel(r) Processors may allow an authenticated user to enable information disclosure via local access. (CVE-2022-21123)

A flaw was found in hw. Incomplete cleanup of microarchitectural fill buffers on some Intel(r) Processors may allow an authenticated user to enable information disclosure via local access. (CVE-2022-21125)

A flaw was found in hw. Incomplete cleanup in specific special register write operations for some Intel Processors may allow an authenticated user to enable information disclosure via local access.
(CVE-2022-21166)

KGDB and KDB allow read and write access to kernel memory, and thus should be restricted during lockdown.
An attacker with access to a serial port could trigger the debugger so it is important that the debugger respect the lockdown mode when/if it is triggered. CVSS 3.1 Base Score 6.5 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H). (CVE-2022-21499)

net/netfilter/nf_tables_api.c in the Linux kernel through 5.18.1 allows a local user (able to create user/net namespaces) to escalate privileges to root because an incorrect NFT_STATEFUL_EXPR check leads to a use-after-free. (CVE-2022-32250)

The Linux kernel before 5.17.9 allows TCP servers to identify clients by observing what source ports are used. (CVE-2022-32296)

An issue was discovered in the Linux kernel through 5.18.3 on powerpc 32-bit platforms. There is a buffer overflow in ptrace PEEKUSER and POKEUSER (aka PEEKUSR and POKEUSR) when accessing floating point registers. (CVE-2022-32981)

In the Linux kernel, the following vulnerability has been resolved:

drm/radeon: fix a possible null pointer dereference (CVE-2022-48710)

In the Linux kernel, the following vulnerability has been resolved:

nbd: fix io hung while disconnecting device (CVE-2022-49297)

In the Linux kernel, the following vulnerability has been resolved:

nbd: fix race between nbd_alloc_config() and module removal (CVE-2022-49300)

In the Linux kernel, the following vulnerability has been resolved:

tty: synclink_gt: Fix null-pointer-dereference in slgt_clean() (CVE-2022-49307)

In the Linux kernel, the following vulnerability has been resolved:

extcon: Modify extcon device to be created after driver data is set (CVE-2022-49308)

In the Linux kernel, the following vulnerability has been resolved:

NFSv4: Don't hold the layoutget locks across multiple RPC calls (CVE-2022-49316)

In the Linux kernel, the following vulnerability has been resolved:

iommu/arm-smmu-v3: check return value after calling platform_get_resource() (CVE-2022-49319)

In the Linux kernel, the following vulnerability has been resolved:

xprtrdma: treat all calls not a bcall when bc_serv is NULL (CVE-2022-49321)

In the Linux kernel, the following vulnerability has been resolved:

tracing: Fix sleeping function called from invalid context on RT kernel (CVE-2022-49322)

In the Linux kernel, the following vulnerability has been resolved:

iommu/arm-smmu: fix possible null-ptr-deref in arm_smmu_device_probe() (CVE-2022-49323)

In the Linux kernel, the following vulnerability has been resolved:

bcache: avoid journal no-space deadlock by reserving 1 journal bucket (CVE-2022-49327)

In the Linux kernel, the following vulnerability has been resolved:

tcp: fix tcp_mtup_probe_success vs wrong snd_cwnd (CVE-2022-49330)

In the Linux kernel, the following vulnerability has been resolved:

net: ipv6: unexport __init-annotated seg6_hmac_init() (CVE-2022-49339)

In the Linux kernel, the following vulnerability has been resolved:

ip_gre: test csum_start instead of transport header (CVE-2022-49340)

In the Linux kernel, the following vulnerability has been resolved:

bpf, arm64: Clear prog->jited_len along prog->jited (CVE-2022-49341)

In the Linux kernel, the following vulnerability has been resolved:

ext4: avoid cycles in directory h-tree (CVE-2022-49343)

In the Linux kernel, the following vulnerability has been resolved:

af_unix: Fix a data-race in unix_dgram_peer_wake_me(). (CVE-2022-49344)

In the Linux kernel, the following vulnerability has been resolved:

net: xfrm: unexport __init-annotated xfrm4_protocol_init() (CVE-2022-49345)

In the Linux kernel, the following vulnerability has been resolved:

ext4: fix bug_on in ext4_writepages (CVE-2022-49347)

In the Linux kernel, the following vulnerability has been resolved:

ext4: filter out EXT4_FC_REPLAY from on-disk superblock field s_state (CVE-2022-49348)

In the Linux kernel, the following vulnerability has been resolved:

ext4: fix use-after-free in ext4_rename_dir_prepare (CVE-2022-49349)

In the Linux kernel, the following vulnerability has been resolved:

net: mdio: unexport __init-annotated mdio_bus_init() (CVE-2022-49350)

In the Linux kernel, the following vulnerability has been resolved:

ext4: fix warning in ext4_handle_inode_extension (CVE-2022-49352)

In the Linux kernel, the following vulnerability has been resolved:

netfilter: nf_tables: memleak flow rule from commit path (CVE-2022-49358)

In the Linux kernel, the following vulnerability has been resolved:

firmware: dmi-sysfs: Fix memory leak in dmi_sysfs_register_handle (CVE-2022-49370)

In the Linux kernel, the following vulnerability has been resolved:

driver core: fix deadlock in __device_attach (CVE-2022-49371)

In the Linux kernel, the following vulnerability has been resolved:

tcp: tcp_rtx_synack() can be called from process context (CVE-2022-49372)

In the Linux kernel, the following vulnerability has been resolved:

tipc: check attribute length for bearer name (CVE-2022-49374)

In the Linux kernel, the following vulnerability has been resolved:

scsi: sd: Fix potential NULL pointer dereference (CVE-2022-49376)

In the Linux kernel, the following vulnerability has been resolved:

driver core: Fix wait_for_device_probe() & deferred_probe_timeout interaction (CVE-2022-49379)

In the Linux kernel, the following vulnerability has been resolved:

driver: base: fix UAF when driver_attach failed (CVE-2022-49385)

In the Linux kernel, the following vulnerability has been resolved:

ubi: ubi_create_volume: Fix use-after-free when volume creation failed (CVE-2022-49388)

In the Linux kernel, the following vulnerability has been resolved:

usb: usbip: fix a refcount leak in stub_probe() (CVE-2022-49389)

In the Linux kernel, the following vulnerability has been resolved:

ftrace: Clean up hash direct_functions on register failures (CVE-2022-49402)

In the Linux kernel, the following vulnerability has been resolved:

dlm: fix plock invalid read (CVE-2022-49407)

In the Linux kernel, the following vulnerability has been resolved:

ext4: fix bug_on in __es_tree_search (CVE-2022-49409)

In the Linux kernel, the following vulnerability has been resolved:

tracing: Fix potential double free in create_var_ref() (CVE-2022-49410)

In the Linux kernel, the following vulnerability has been resolved:

bfq: Make sure bfqg for which we are queueing requests is online (CVE-2022-49411)

In the Linux kernel, the following vulnerability has been resolved:

bfq: Update cgroup information before merging bio (CVE-2022-49413)

In the Linux kernel, the following vulnerability has been resolved:

PCI: Avoid pci_dev_lock() AB/BA deadlock with sriov_numvfs_store() (CVE-2022-49434)

In the Linux kernel, the following vulnerability has been resolved:

tty: fix deadlock caused by calling printk() under tty_port->lock (CVE-2022-49441)

In the Linux kernel, the following vulnerability has been resolved:

drivers/base/node.c: fix compaction sysfs file leak (CVE-2022-49442)

In the Linux kernel, the following vulnerability has been resolved:

nvdimm: Fix firmware activation deadlock scenarios (CVE-2022-49446)

In the Linux kernel, the following vulnerability has been resolved:

rxrpc: Fix listen() setting the bar too high for the prealloc rings (CVE-2022-49450)

In the Linux kernel, the following vulnerability has been resolved:

thermal/core: Fix memory leak in __thermal_cooling_device_register() (CVE-2022-49468)

In the Linux kernel, the following vulnerability has been resolved:

net: phy: micrel: Allow probing without .driver_data (CVE-2022-49472)

In the Linux kernel, the following vulnerability has been resolved:

nvme-pci: fix a NULL pointer dereference in nvme_alloc_admin_tags (CVE-2022-49492)

In the Linux kernel, the following vulnerability has been resolved:

net: remove two BUG() from skb_checksum_help() (CVE-2022-49497)

In the Linux kernel, the following vulnerability has been resolved:

ALSA: pcm: Check for null pointer of pointer substream before dereferencing it (CVE-2022-49498)

In the Linux kernel, the following vulnerability has been resolved:

HID: elan: Fix potential double free in elan_input_configured (CVE-2022-49508)

In the Linux kernel, the following vulnerability has been resolved:

arm64: compat: Do not treat syscall number as ESR_ELx for a bad syscall (CVE-2022-49520)

In the Linux kernel, the following vulnerability has been resolved:

scsi: lpfc: Fix resource leak in lpfc_sli4_send_seq_to_ulp() (CVE-2022-49521)

In the Linux kernel, the following vulnerability has been resolved:

md/bitmap: don't set sb values if can't pass sanity check (CVE-2022-49526)

In the Linux kernel, the following vulnerability has been resolved:

drm/virtio: fix NULL pointer dereference in virtio_gpu_conn_get_modes (CVE-2022-49532)

In the Linux kernel, the following vulnerability has been resolved:

rcu-tasks: Fix race in schedule and flush work (CVE-2022-49540)

In the Linux kernel, the following vulnerability has been resolved:

bpf: Fix potential array overflow in bpf_trampoline_get_progs() (CVE-2022-49548)

In the Linux kernel, the following vulnerability has been resolved:

x86/MCE/AMD: Fix memory leak when threshold_create_bank() fails (CVE-2022-49549)

In the Linux kernel, the following vulnerability has been resolved:

zsmalloc: fix races between asynchronous zspage free and page migration (CVE-2022-49554)

In the Linux kernel, the following vulnerability has been resolved:

KVM: SVM: Use kzalloc for sev ioctl interfaces to prevent kernel data leak (CVE-2022-49556)

In the Linux kernel, the following vulnerability has been resolved:

exfat: check if cluster num is valid (CVE-2022-49560)

In the Linux kernel, the following vulnerability has been resolved:

netfilter: conntrack: re-fetch conntrack after insertion (CVE-2022-49561)

In the Linux kernel, the following vulnerability has been resolved:

zonefs: fix zonefs_iomap_begin() for reads (CVE-2022-49706)

In the Linux kernel, the following vulnerability has been resolved:

ext4: add reserved GDT blocks check (CVE-2022-49707)

In the Linux kernel, the following vulnerability has been resolved:

ext4: fix bug_on ext4_mb_use_inode_pa (CVE-2022-49708)

In the Linux kernel, the following vulnerability has been resolved:

dm mirror log: round up region bitmap size to BITS_PER_LONG (CVE-2022-49710)

In the Linux kernel, the following vulnerability has been resolved:

irqchip/gic-v3: Fix refcount leak in gic_populate_ppi_partitions (CVE-2022-49715)

In the Linux kernel, the following vulnerability has been resolved:

irqchip/gic-v3: Fix error handling in gic_populate_ppi_partitions (CVE-2022-49716)

In the Linux kernel, the following vulnerability has been resolved:

block: Fix handling of offline queues in blk_mq_alloc_request_hctx() (CVE-2022-49720)

In the Linux kernel, the following vulnerability has been resolved:

arm64: ftrace: consistently handle PLTs. (CVE-2022-49721)

In the Linux kernel, the following vulnerability has been resolved:

drm/i915/reset: Fix error_state_read ptr + offset use (CVE-2022-49723)

In the Linux kernel, the following vulnerability has been resolved:

i40e: Fix call trace in setup_tx_descriptors (CVE-2022-49725)

In the Linux kernel, the following vulnerability has been resolved:

clocksource: hyper-v: unexport __init-annotated hv_init_clocksource() (CVE-2022-49726)

In the Linux kernel, the following vulnerability has been resolved:

ipv6: Fix signed integer overflow in l2tp_ip6_sendmsg (CVE-2022-49727)

In the Linux kernel, the following vulnerability has been resolved:

ata: libata-core: fix NULL pointer deref in ata_host_alloc_pinfo() (CVE-2022-49731)

Tenable has extracted the preceding description block directly from the tested product security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

Solution

Run 'yum update kernel' to update your system.

Plugin Details

Severity: High

ID: 163313

File Name: al2_ALASKERNEL-5_10-2022-015.nasl

Version: 1.22

Type: local

Agent: unix

Family: Amazon Linux Local Security Checks

Published: 7/21/2022

Updated: 5/23/2025

Supported Sensors: Frictionless Assessment AWS, Frictionless Assessment Agent, Nessus Agent, Agentless Assessment, Continuous Assessment, Nessus

Risk Information

VPR

Risk Factor: Critical

Score: 9.4

CVSS v2

Risk Factor: High

Base Score: 7.2

Temporal Score: 6.3

Vector: CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C

CVSS Score Source: CVE-2022-32250

CVSS v3

Risk Factor: High

Base Score: 8.2

Temporal Score: 7.8

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H

Temporal Vector: CVSS:3.0/E:H/RL:O/RC:C

CVSS Score Source: CVE-2022-1012

Vulnerability Information

CPE: p-cpe:/a:amazon:linux:perf, p-cpe:/a:amazon:linux:bpftool, p-cpe:/a:amazon:linux:perf-debuginfo, p-cpe:/a:amazon:linux:kernel-tools-debuginfo, p-cpe:/a:amazon:linux:kernel-debuginfo-common-aarch64, p-cpe:/a:amazon:linux:kernel-tools, p-cpe:/a:amazon:linux:kernel-devel, p-cpe:/a:amazon:linux:python-perf-debuginfo, p-cpe:/a:amazon:linux:kernel, p-cpe:/a:amazon:linux:kernel-debuginfo, p-cpe:/a:amazon:linux:kernel-headers, cpe:/o:amazon:linux:2, p-cpe:/a:amazon:linux:kernel-livepatch-5.10.126-117.518, p-cpe:/a:amazon:linux:bpftool-debuginfo, p-cpe:/a:amazon:linux:kernel-tools-devel, p-cpe:/a:amazon:linux:kernel-debuginfo-common-x86_64, p-cpe:/a:amazon:linux:python-perf

Required KB Items: Host/local_checks_enabled, Host/AmazonLinux/release, Host/AmazonLinux/rpm-list

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 6/30/2022

Vulnerability Publication Date: 6/2/2022

Reference Information

CVE: CVE-2021-47659, CVE-2022-1012, CVE-2022-1184, CVE-2022-1789, CVE-2022-1852, CVE-2022-1966, CVE-2022-1972, CVE-2022-2078, CVE-2022-21123, CVE-2022-21125, CVE-2022-21166, CVE-2022-21499, CVE-2022-32250, CVE-2022-32296, CVE-2022-32981, CVE-2022-48710, CVE-2022-49297, CVE-2022-49300, CVE-2022-49307, CVE-2022-49308, CVE-2022-49316, CVE-2022-49319, CVE-2022-49321, CVE-2022-49322, CVE-2022-49323, CVE-2022-49327, CVE-2022-49330, CVE-2022-49339, CVE-2022-49340, CVE-2022-49341, CVE-2022-49343, CVE-2022-49344, CVE-2022-49345, CVE-2022-49347, CVE-2022-49348, CVE-2022-49349, CVE-2022-49350, CVE-2022-49352, CVE-2022-49358, CVE-2022-49370, CVE-2022-49371, CVE-2022-49372, CVE-2022-49374, CVE-2022-49376, CVE-2022-49379, CVE-2022-49385, CVE-2022-49388, CVE-2022-49389, CVE-2022-49402, CVE-2022-49407, CVE-2022-49409, CVE-2022-49410, CVE-2022-49411, CVE-2022-49413, CVE-2022-49434, CVE-2022-49441, CVE-2022-49442, CVE-2022-49446, CVE-2022-49450, CVE-2022-49468, CVE-2022-49472, CVE-2022-49492, CVE-2022-49497, CVE-2022-49498, CVE-2022-49508, CVE-2022-49520, CVE-2022-49521, CVE-2022-49526, CVE-2022-49532, CVE-2022-49540, CVE-2022-49548, CVE-2022-49549, CVE-2022-49554, CVE-2022-49556, CVE-2022-49560, CVE-2022-49561, CVE-2022-49706, CVE-2022-49707, CVE-2022-49708, CVE-2022-49710, CVE-2022-49715, CVE-2022-49716, CVE-2022-49720, CVE-2022-49721, CVE-2022-49723, CVE-2022-49725, CVE-2022-49726, CVE-2022-49727, CVE-2022-49731

Detections

Analytics