The remote Ubuntu 16.04 ESM host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-5650-1 advisory.

  - When sending malicous data to kernel by ioctl cmd FBIOPUT_VSCREENINFO,kernel will write memory out of     bounds. (CVE-2021-33655)

  - When setting font with malicous data by ioctl cmd PIO_FONT,kernel will write memory out of bounds.
    (CVE-2021-33656)

  - A vulnerability was found in the fs/inode.c:inode_init_owner() function logic of the LInux kernel that     allows local users to create files for the XFS file-system with an unintended group ownership and with     group execution and SGID permission bits set, in a scenario where a directory is SGID and belongs to a     certain group and is writable by a user who is not a member of this group. This can lead to excessive     permissions granted in case when they should not. This vulnerability is similar to the previous     CVE-2018-13405 and adds the missed fix for the XFS. (CVE-2021-4037)

  - A vulnerability was found in linux kernel, where an information leak occurs via ext4_extent_header to     userspace. (CVE-2022-0850)

  - A flaw was found in the Linux kernel. This flaw allows an attacker to crash the Linux kernel by simulating     amateur radio from the user space, resulting in a null-ptr-deref vulnerability and a use-after-free     vulnerability. (CVE-2022-1199)

  - A use-after-free flaw was found in the Linux kernel's Amateur Radio AX.25 protocol functionality in the     way a user connects with the protocol. This flaw allows a local user to crash the system. (CVE-2022-1204)

  - A race condition was found the Linux kernel in perf_event_open() which can be exploited by an unprivileged     user to gain root privileges. The bug allows to build several exploit primitives such as kernel address     information leak, arbitrary execution, etc. (CVE-2022-1729)

  - Product: AndroidVersions: Android kernelAndroid ID: A-224546354References: Upstream kernel     (CVE-2022-20368)

  - An integer coercion error was found in the openvswitch kernel module. Given a sufficiently large number of     actions, while copying and reserving memory for a new action of a new flow, the reserve_sfa_size()     function does not return -EMSGSIZE as expected, potentially leading to an out-of-bounds write access. This     flaw allows a local user to crash or potentially escalate their privileges on the system. (CVE-2022-2639)

  - A flaw was found in the Linux kernel's driver for the ASIX AX88179_178A-based USB 2.0/3.0 Gigabit Ethernet     Devices. The vulnerability contains multiple out-of-bounds reads and possible out-of-bounds writes.
    (CVE-2022-2964)

  - A flaw use after free in the Linux kernel NILFS file system was found in the way user triggers function     security_inode_alloc to fail with following call to function nilfs_mdt_destroy. A local user could use     this flaw to crash the system or potentially escalate their privileges on the system. (CVE-2022-2978)

  - A race condition was found in the Linux kernel's IP framework for transforming packets (XFRM subsystem)     when multiple calls to xfrm_probe_algs occurred simultaneously. This flaw could allow a local attacker to     potentially trigger an out-of-bounds write or leak kernel heap memory by performing an out-of-bounds read     and copying it into a socket. (CVE-2022-3028)

  - A NULL pointer dereference flaw in diFree in fs/jfs/inode.c in Journaled File System (JFS)in the Linux     kernel. This could allow a local attacker to crash the system or leak kernel internal information.
    (CVE-2022-3202)

  - nfqnl_mangle in net/netfilter/nfnetlink_queue.c in the Linux kernel through 5.18.14 allows remote     attackers to cause a denial of service (panic) because, in the case of an nf_queue verdict with a one-byte     nfta_payload attribute, an skb_pull can encounter a negative skb->len. (CVE-2022-36946)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

Detections

Analytics

Ubuntu 16.04 ESM : Linux kernel vulnerabilities (USN-5650-1)

high Nessus Plugin ID 165602

Version 1.7

Version 1.6

Version 1.6

Version 1.5

Version 1.4

Version 1.3

Version 1.7 Jan 10, 2024, 8:45 AM Detection (updated detection logic) Plugin metadata Plugin Feed: 202401100845
Version 1.6 Jan 9, 2024, 6:56 PM Detection (updated detection logic) Plugin metadata Plugin Feed: 202401091856
Version 1.6 Oct 23, 2023, 6:27 PM Plugin metadata Detection Plugin Feed: 202310231827
Version 1.5 Jan 18, 2023, 9:01 AM Logic Changes (Added support for s390x) Plugin Feed: 202301180901
Version 1.4 Dec 13, 2022, 2:03 PM CVSS temporal metrics ("CVSSv2 temporal vector" set to "CVSS2#E:H/RL:OF/RC:C") CVSS temporal metrics ("CVSSv3 temporal vector" set to "CVSS:3.0/E:H/RL:O/RC:C") Exploit attributes ("Exploit available" set to "True") Exploit attributes ("Exploitability ease" changed from "No known exploits are available" to "Exploits are available") Exploit attributes ("Exploited by malware" set to "True") Plugin Feed: 202212131403
Version 1.3 Dec 2, 2022, 4:16 PM CVSS metrics ("CVSSv2 score" changed from "6.2" to "7.2") CVSS metrics ("CVSSv2 vector" changed from "CVSS2#AV:L/AC:H/Au:N/C:C/I:C/A:C" to "CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C") CVSSv2 score source (changed from "CVE-2022-0850" to "CVE-2021-33656") CVSSv2 severity (based on CVE-2021-33656, severity increased from "Medium" to "High") Plugin Feed: 202212021616