Detections
Analytics

Ubuntu 18.04 ESM / 20.04 LTS : Linux kernel vulnerabilities (USN-6417-1)

medium Nessus Plugin ID 182578

Language:

Synopsis

The remote Ubuntu host is missing one or more security updates.

Description

The remote Ubuntu 18.04 ESM / 20.04 LTS host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-6417-1 advisory.

 - A race condition was found in the Linux kernel's ebpf verifier between bpf_map_update_elem and bpf_map_freeze due to a missing lock in kernel/bpf/syscall.c. In this flaw, a local user with a special privilege (cap_sys_admin or cap_bpf) can modify the frozen mapped address space. This flaw affects kernel versions prior to 5.16 rc2. (CVE-2021-4001)

 - A hash collision flaw was found in the IPv6 connection lookup table in the Linux kernel's IPv6 functionality when a user makes a new kind of SYN flood attack. A user located in the local network or with a high bandwidth connection can increase the CPU usage of the server that accepts IPV6 connections up to 95%. (CVE-2023-1206)

 - A NULL pointer dereference issue was found in the gfs2 file system in the Linux kernel. It occurs on corrupt gfs2 file systems when the evict code tries to reference the journal descriptor structure after it has been freed and set to NULL. A privileged local user could use this flaw to cause a kernel panic.
 (CVE-2023-3212)

 - A null pointer dereference flaw was found in the Linux kernel's DECnet networking protocol. This issue could allow a remote user to crash the system. (CVE-2023-3338)

 - A use-after-free flaw was found in nfc_llcp_find_local in net/nfc/llcp_core.c in NFC in the Linux kernel.
 This flaw allows a local user with special privileges to impact a kernel information leak issue.
 (CVE-2023-3863)

 - A flaw was found in the Linux kernel's TUN/TAP functionality. This issue could allow a local user to bypass network filters and gain unauthorized access to some resources. The original patches fixing CVE-2023-1076 are incorrect or incomplete. The problem is that the following upstream commits - a096ccca6e50 (tun: tun_chr_open(): correctly initialize socket uid), - 66b2c338adce (tap: tap_open():
 correctly initialize socket uid), pass inode->i_uid to sock_init_data_uid() as the last parameter and that turns out to not be accurate. (CVE-2023-4194)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

Solution

Update the affected kernel package.

See Also

https://ubuntu.com/security/notices/USN-6417-1

Plugin Details

Severity: Medium

ID: 182578

File Name: ubuntu_USN-6417-1.nasl

Version: 1.2

Type: local

Agent: unix

Published: 10/5/2023

Updated: 1/9/2024

Supported Sensors: Frictionless Assessment AWS, Frictionless Assessment Azure, Frictionless Assessment Agent, Nessus Agent, Agentless Assessment, Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 4.4

CVSS v2

Risk Factor: Medium

Base Score: 4.7

Temporal Score: 3.7

Vector: CVSS2#AV:L/AC:M/Au:N/C:N/I:C/A:N

CVSS Score Source: CVE-2021-4001

CVSS v3

Risk Factor: Medium

Base Score: 5.5

Temporal Score: 5

Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N

Temporal Vector: CVSS:3.0/E:P/RL:O/RC:C

CVSS Score Source: CVE-2023-4194

Vulnerability Information

CPE: p-cpe:/a:canonical:ubuntu_linux:linux-image-5.4.0-1095-raspi, p-cpe:/a:canonical:ubuntu_linux:linux-image-5.4.0-1023-iot, p-cpe:/a:canonical:ubuntu_linux:linux-image-5.4.0-1110-oracle, p-cpe:/a:canonical:ubuntu_linux:linux-image-5.4.0-1115-gcp, p-cpe:/a:canonical:ubuntu_linux:linux-image-5.4.0-164-generic-lpae, p-cpe:/a:canonical:ubuntu_linux:linux-image-5.4.0-1117-azure, p-cpe:/a:canonical:ubuntu_linux:linux-image-5.4.0-164-generic, p-cpe:/a:canonical:ubuntu_linux:linux-image-5.4.0-1078-gkeop, p-cpe:/a:canonical:ubuntu_linux:linux-image-5.4.0-1031-xilinx-zynqmp, p-cpe:/a:canonical:ubuntu_linux:linux-image-5.4.0-1058-ibm, p-cpe:/a:canonical:ubuntu_linux:linux-image-5.4.0-1072-bluefield, p-cpe:/a:canonical:ubuntu_linux:linux-image-5.4.0-1111-aws, p-cpe:/a:canonical:ubuntu_linux:linux-image-5.4.0-164-lowlatency, cpe:/o:canonical:ubuntu_linux:18.04:-:esm, cpe:/o:canonical:ubuntu_linux:20.04:-:lts, p-cpe:/a:canonical:ubuntu_linux:linux-image-5.4.0-1100-kvm

Required KB Items: Host/cpu, Host/Debian/dpkg-l, Host/Ubuntu, Host/Ubuntu/release

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 10/4/2023

Vulnerability Publication Date: 1/21/2022

Reference Information

CVE: CVE-2021-4001, CVE-2023-1206, CVE-2023-3212, CVE-2023-3338, CVE-2023-3863, CVE-2023-4194

USN: 6417-1