The version of kernel installed on the remote host is prior to 4.14.318-166.529. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS-2023-1773 advisory.

    2024-02-01: CVE-2024-0775 was added to this advisory.

    A use-after-free flaw was found in nf_tables cross-table in the net/netfilter/nf_tables_api.c function in     the Linux kernel. This flaw allows a local, privileged attacker to cause a use-after-free problem at the     time of table deletion, possibly leading to local privilege escalation. (CVE-2022-2586)

    A heap buffer overflow flaw was found in the Linux kernel's Netfilter subsystem in the way a user provides     incorrect input of the NFT_DATA_VERDICT type. This flaw allows a local user to crash or potentially     escalate their privileges on the system. (CVE-2022-34918)

    A denial of service problem was found, due to a possible recursive locking scenario, resulting in a     deadlock in table_clear in drivers/md/dm-ioctl.c in the Linux Kernel Device Mapper-Multipathing sub-     component. (CVE-2023-2269)

    do_tls_getsockopt in net/tls/tls_main.c in the Linux kernel through 6.2.6 lacks a lock_sock call, leading     to a race condition (with a resultant use-after-free or NULL pointer dereference). (CVE-2023-28466)

    A use after free vulnerability was found in prepare_to_relocate in fs/btrfs/relocation.c in btrfs in the     Linux Kernel. This possible flaw can be triggered by calling btrfs_ioctl_balance() before calling     btrfs_ioctl_defrag(). (CVE-2023-3111)

    An issue was discovered in the Linux kernel before 6.3.3. There is an out-of-bounds read in crc16 in     lib/crc16.c when called from fs/ext4/super.c because ext4_group_desc_csum does not properly check an     offset. (CVE-2023-34256)

    A use-after-free flaw was found in the __ext4_remount in fs/ext4/super.c in ext4 in the Linux kernel. This     flaw allows a local user to cause an information leak problem while freeing the old quota file names     before a potential failure, leading to a use-after-free. (CVE-2024-0775)

Tenable has extracted the preceding description block directly from the tested product security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

Detections

Analytics

Amazon Linux AMI : kernel (ALAS-2023-1773)

high Nessus Plugin ID 177909

Version 1.1