Amazon Linux 2023 : bpftool, kernel, kernel-devel (ALAS2023-2023-138)

high Nessus Plugin ID 173340

Language:

Synopsis

The remote Amazon Linux 2023 host is missing a security update.

Description

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2023-138 advisory.

A double-free vulnerability was found in the handling of IORING_OP_SOCKET operation with io_uring on the Linux kernel. (CVE-2023-1032)

Due to a type confusion during initializations, the tun and tap sockets in the Linux Kernel have their socket UID hardcoded to 0, i.e. root. While it will be often correct, as TUN/TAP devices require CAP_NET_ADMIN, it may not always be the case. The socket UID may be used for network filtering and routing, thus TUN/TAP sockets may be incorrectly managed, potentially bypassing network filters based on UID. (CVE-2023-1076)

kernel: Type confusion in pick_next_rt_entity(), which can result in memory corruption. (CVE-2023-1077)

A flaw use after free in the Linux kernel integrated infrared receiver/transceiver driver was found in the way user detaching rc device. A local user could use this flaw to crash the system or potentially escalate their privileges on the system. (CVE-2023-1118)

A use-after-free vulnerability in the Linux Kernel traffic control index filter (tcindex) can be exploited to achieve local privilege escalation. The tcindex_delete function which does not properly deactivate filters in case of a perfect hashes while deleting the underlying structure which can later lead to double freeing the structure. A local attacker user can use this vulnerability to elevate its privileges to root.We recommend upgrading past commit 8c710f75256bb3cf05ac7b1672c82b92c43f3d28. (CVE-2023-1829)

When plain IBRS is enabled (not enhanced IBRS), the logic in spectre_v2_user_select_mitigation() determines that STIBP is not needed. The IBRS bit implicitly protects against cross-thread branch targetinjection. However, with legacy IBRS, the IBRS bit is cleared on returning to userspace for performance reasons which leaves userspace threads vulnerable to cross-thread branch target injection against which STIBP protects. (CVE-2023-1998)

A use-after-free flaw was found in hfsplus_put_super in fs/hfsplus/super.c in the Linux Kernel. This flaw could allow a local user to cause a denial of service. (CVE-2023-2985)

An issue was discovered in lib/kobject.c in the Linux kernel before 6.2.3. With root access, an attacker can trigger a race condition that results in a fill_kobj_path out-of-bounds write. (CVE-2023-45863)

In the Linux kernel, the following vulnerability has been resolved:

vfio/type1: prevent underflow of locked_vm via exec() (CVE-2023-53171)

In the Linux kernel, the following vulnerability has been resolved:

USB: uhci: fix memory leak with using debugfs_lookup() (CVE-2023-53197)

In the Linux kernel, the following vulnerability has been resolved:

netfilter: x_tables: fix percpu counter block leak on error path when creating new netns (CVE-2023-53200)

In the Linux kernel, the following vulnerability has been resolved:

PM: domains: fix memory leak with using debugfs_lookup() (CVE-2023-53202)

In the Linux kernel, the following vulnerability has been resolved:

driver core: location: Free struct acpi_pld_info *pld before return false (CVE-2023-53211)

In the Linux kernel, the following vulnerability has been resolved:

arm64: efi: Make efi_rt_lock a raw_spinlock (CVE-2023-53216)

In the Linux kernel, the following vulnerability has been resolved:

watchdog: Fix kmemleak in watchdog_cdev_register (CVE-2023-53234)

In the Linux kernel, the following vulnerability has been resolved:

xsk: check IFF_UP earlier in Tx path (CVE-2023-53240)

In the Linux kernel, the following vulnerability has been resolved:

firmware: dmi-sysfs: Fix null-ptr-deref in dmi_sysfs_register_handle (CVE-2023-53250)

In the Linux kernel, the following vulnerability has been resolved:

cacheinfo: Fix shared_cpu_map to handle shared caches at different levels (CVE-2023-53254)

In the Linux kernel, the following vulnerability has been resolved:

VMCI: check context->notify_page after call to get_user_pages_fast() to avoid GPF (CVE-2023-53259)

In the Linux kernel, the following vulnerability has been resolved:

misc: vmw_balloon: fix memory leak with using debugfs_lookup() (CVE-2023-53279)

In the Linux kernel, the following vulnerability has been resolved:

udf: Do not update file length for failed writes to inline files (CVE-2023-53295)

In the Linux kernel, the following vulnerability has been resolved:

rbd: avoid use-after-free in do_rbd_add() when rbd_dev_create() fails (CVE-2023-53307)

In the Linux kernel, the following vulnerability has been resolved:

genirq/ipi: Fix NULL pointer deref in irq_data_get_affinity_mask() (CVE-2023-53332)

In the Linux kernel, the following vulnerability has been resolved:

USB: fix memory leak with using debugfs_lookup() (CVE-2023-53359)

In the Linux kernel, the following vulnerability has been resolved:

block: be a bit more careful in checking for NULL bdev while polling (CVE-2023-53366)

In the Linux kernel, the following vulnerability has been resolved:

crypto: seqiv - Handle EBUSY correctly (CVE-2023-53373)

In the Linux kernel, the following vulnerability has been resolved:

NFSD: fix leaked reference count of nfsd4_ssc_umount_item (CVE-2023-53381)

In the Linux kernel, the following vulnerability has been resolved:

drivers: base: dd: fix memory leak with using debugfs_lookup() (CVE-2023-53390)

In the Linux kernel, the following vulnerability has been resolved:

trace/blktrace: fix memory leak with using debugfs_lookup() (CVE-2023-53408)

In the Linux kernel, the following vulnerability has been resolved:

drivers: base: component: fix memory leak with using debugfs_lookup() (CVE-2023-53409)

In the Linux kernel, the following vulnerability has been resolved:

objtool: Fix memory leak in create_static_call_sections() (CVE-2023-53423)

In the Linux kernel, the following vulnerability has been resolved:

cifs: Fix warning and UAF when destroy the MR list (CVE-2023-53427)

In the Linux kernel, the following vulnerability has been resolved:

ipv6: Add lwtunnel encap size of all siblings in nexthop calculation (CVE-2023-53477)

In the Linux kernel, the following vulnerability has been resolved:

crypto: xts - Handle EBUSY correctly (CVE-2023-53494)

In the Linux kernel, the following vulnerability has been resolved:

udf: Do not bother merging very long extents (CVE-2023-53506)

kernel: refcount leak in ctnetlink_create_conntrack() (CVE-2023-7192)

Tenable has extracted the preceding description block directly from the tested product security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

Solution

Run 'dnf update kernel --releasever 2023.0.20230322' or or 'dnf update --advisory ALAS2023-2023-138 --releasever 2023.0.20230322' to update your system.

Plugin Details

Severity: High

ID: 173340

File Name: al2023_ALAS2023-2023-138.nasl

Version: 1.17

Type: local

Agent: unix

Family: Amazon Linux Local Security Checks

Published: 3/23/2023

Updated: 10/14/2025

Supported Sensors: Frictionless Assessment AWS, Frictionless Assessment Agent, Nessus Agent, Agentless Assessment, Continuous Assessment, Nessus

Risk Information

VPR

Risk Factor: High

Score: 7.4

CVSS v2

Risk Factor: Medium

Base Score: 6.8

Temporal Score: 5.3

Vector: CVSS2#AV:L/AC:L/Au:S/C:C/I:C/A:C

CVSS Score Source: CVE-2023-1829

CVSS v3

Risk Factor: High

Base Score: 7.8

Temporal Score: 7

Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Temporal Vector: CVSS:3.0/E:P/RL:O/RC:C

Vulnerability Information

CPE: p-cpe:/a:amazon:linux:kernel, p-cpe:/a:amazon:linux:kernel-tools-debuginfo, p-cpe:/a:amazon:linux:kernel-tools-devel, p-cpe:/a:amazon:linux:perf-debuginfo, p-cpe:/a:amazon:linux:kernel-debuginfo-common-aarch64, p-cpe:/a:amazon:linux:bpftool-debuginfo, p-cpe:/a:amazon:linux:kernel-libbpf-devel, p-cpe:/a:amazon:linux:kernel-libbpf-static, cpe:/o:amazon:linux:2023, p-cpe:/a:amazon:linux:kernel-debuginfo, p-cpe:/a:amazon:linux:kernel-debuginfo-common-x86_64, p-cpe:/a:amazon:linux:kernel-devel, p-cpe:/a:amazon:linux:kernel-headers, p-cpe:/a:amazon:linux:kernel-tools, p-cpe:/a:amazon:linux:perf, p-cpe:/a:amazon:linux:bpftool, p-cpe:/a:amazon:linux:python3-perf, p-cpe:/a:amazon:linux:python3-perf-debuginfo, p-cpe:/a:amazon:linux:kernel-libbpf, p-cpe:/a:amazon:linux:kernel-livepatch-6.1.19-30.43

Required KB Items: Host/local_checks_enabled, Host/AmazonLinux/release, Host/AmazonLinux/rpm-list

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 3/20/2023

Vulnerability Publication Date: 3/2/2023

Reference Information

CVE: CVE-2023-1032, CVE-2023-1076, CVE-2023-1077, CVE-2023-1118, CVE-2023-1829, CVE-2023-1998, CVE-2023-2985, CVE-2023-45863, CVE-2023-53171, CVE-2023-53197, CVE-2023-53200, CVE-2023-53202, CVE-2023-53211, CVE-2023-53216, CVE-2023-53234, CVE-2023-53240, CVE-2023-53250, CVE-2023-53254, CVE-2023-53259, CVE-2023-53279, CVE-2023-53295, CVE-2023-53307, CVE-2023-53332, CVE-2023-53359, CVE-2023-53366, CVE-2023-53373, CVE-2023-53381, CVE-2023-53390, CVE-2023-53408, CVE-2023-53409, CVE-2023-53423, CVE-2023-53427, CVE-2023-53477, CVE-2023-53494, CVE-2023-53506, CVE-2023-7192

Detections

Analytics