The version of kernel installed on the remote host is prior to 5.10.126-117.518. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2KERNEL-5.10-2022-015 advisory.

  - A memory leak problem was found in the TCP source port generation algorithm in net/ipv4/tcp.c due to the     small table perturb size. This flaw may allow an attacker to information leak and may cause a denial of     service problem. (CVE-2022-1012)

  - A use-after-free flaw was found in fs/ext4/namei.c:dx_insert_block() in the Linux kernel's filesystem sub-     component. This flaw allows a local attacker with a user privilege to cause a denial of service.
    (CVE-2022-1184)

  - With shadow paging enabled, the INVPCID instruction results in a call to kvm_mmu_invpcid_gva. If INVPCID     is executed with CR0.PG=0, the invlpg callback is not set and the result is a NULL pointer dereference.
    (CVE-2022-1789)

  - A NULL pointer dereference flaw was found in the Linux kernel's KVM module, which can lead to a denial of     service in the x86_emulate_insn in arch/x86/kvm/emulate.c. This flaw occurs while executing an illegal     instruction in guest in the Intel CPU. (CVE-2022-1852)

  - Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2022-32250. Reason: This candidate is a     duplicate of CVE-2022-32250. Notes: All CVE users should reference CVE-2022-32250 instead of this     candidate. All references and descriptions in this candidate have been removed to prevent accidental     usage. (CVE-2022-1966)

  - Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2022-2078. Reason: This candidate is a     reservation duplicate of CVE-2022-2078. Notes: All CVE users should reference CVE-2022-2078 instead of     this candidate. All references and descriptions in this candidate have been removed to prevent accidental     usage (CVE-2022-1972)

  - A vulnerability was found in the Linux kernel's nft_set_desc_concat_parse() function .This flaw allows an     attacker to trigger a buffer overflow via nft_set_desc_concat_parse() , causing a denial of service and     possibly to run code. (CVE-2022-2078)

  - Incomplete cleanup of multi-core shared buffers for some Intel(R) Processors may allow an authenticated     user to potentially enable information disclosure via local access. (CVE-2022-21123)

  - Incomplete cleanup of microarchitectural fill buffers on some Intel(R) Processors may allow an     authenticated user to potentially enable information disclosure via local access. (CVE-2022-21125)

  - Incomplete cleanup in specific special register write operations for some Intel(R) Processors may allow an     authenticated user to potentially enable information disclosure via local access. (CVE-2022-21166)

  - KGDB and KDB allow read and write access to kernel memory, and thus should be restricted during lockdown.
    An attacker with access to a serial port could trigger the debugger so it is important that the debugger     respect the lockdown mode when/if it is triggered. (CVE-2022-21499)

  - net/netfilter/nf_tables_api.c in the Linux kernel through 5.18.1 allows a local user (able to create     user/net namespaces) to escalate privileges to root because an incorrect NFT_STATEFUL_EXPR check leads to     a use-after-free. (CVE-2022-32250)

  - The Linux kernel before 5.17.9 allows TCP servers to identify clients by observing what source ports are     used. This occurs because of use of Algorithm 4 (Double-Hash Port Selection Algorithm) of RFC 6056.
    (CVE-2022-32296)

  - An issue was discovered in the Linux kernel through 5.18.3 on powerpc 32-bit platforms. There is a buffer     overflow in ptrace PEEKUSER and POKEUSER (aka PEEKUSR and POKEUSR) when accessing floating point     registers. (CVE-2022-32981)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

Detections

Analytics

Amazon Linux 2 : kernel (ALASKERNEL-5.10-2022-015)

high Nessus Plugin ID 163313

Version 1.10

Version 1.8

Version 1.7

Version 1.7

Version 1.6

Version 1.5

Version 1.10 Apr 11, 2024, 4:12 PM Exploit attributes ("Exploitability ease" changed from "No known exploits are available" to "Exploits are available") Exploit attributes ("Exploited by malware" set to "True") Plugin Feed: 202404111612
Version 1.8 Jan 16, 2024, 5:39 PM CVE (Removed rejected CVE) Plugin Feed: 202401161739
Version 1.7 Sep 5, 2023, 10:10 PM Plugin requirements Detection Plugin Feed: 202309052210
Version 1.7 Jan 16, 2024, 3:43 PM CVE (Removed rejected CVE) Plugin Feed: 202401161543
Version 1.6 Dec 26, 2022, 1:55 PM Exploit attributes ("Exploited by malware" set to "True") CVSS temporal metrics ("CVSSv2 temporal vector" set to "CVSS2#E:H/RL:OF/RC:C") CVSS temporal metrics ("CVSSv3 temporal vector" set to "CVSS:3.0/E:H/RL:O/RC:C") Exploit attributes ("Exploit available" set to "True") Exploit attributes ("Exploitability ease" changed from "No known exploits are available" to "Exploits are available") Plugin Feed: 202212261355
Version 1.5 Oct 3, 2022, 3:58 PM CVSS metrics Plugin Feed: 202210031558