Detections
Analytics

Alibaba Cloud Linux 3 : 0029: cloud-kernel bugfix, enhancement and (ALINUX3-SA-2022:0029)

high Nessus Plugin ID 236676

Synopsis

The remote Alibaba Cloud Linux host is missing one or more security updates.

Description

The remote Alibaba Cloud Linux 3 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALINUX3-SA-2022:0029 advisory.

 Package updates are available for Alibaba Cloud Linux 3 that fix the following vulnerabilities:

 CVE-2022-0330:
 A random memory access flaw was found in the Linux kernel's GPU i915 kernel driver functionality in the way a user may run malicious code on the GPU. This flaw allows a local user to crash the system or escalate their privileges on the system.

 CVE-2022-22942:
 ** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.

 CVE-2021-4197:
 An unprivileged write to the file handler flaw in the Linux kernel's control groups and namespaces subsystem was found in the way users have access to some less privileged process that are controlled by cgroups and have higher privileged parent process. It is actually both for cgroup2 and cgroup1 versions of control groups. A local user could use this flaw to crash the system or escalate their privileges on the system.

 CVE-2022-0185:
 A heap-based buffer overflow flaw was found in the way the legacy_parse_param function in the Filesystem Context functionality of the Linux kernel verified the supplied parameters length. An unprivileged (in case of unprivileged user namespaces enabled, otherwise needs namespaced CAP_SYS_ADMIN privilege) local user able to open a filesystem that does not support the Filesystem Context API (and thus fallbacks to legacy handling) could use this flaw to escalate their privileges on the system.

 CVE-2022-0492:
 A vulnerability was found in the Linux kernels cgroup_release_agent_write in the kernel/cgroup/cgroup-v1.c function. This flaw, under certain circumstances, allows the use of the cgroups v1 release_agent feature to escalate privileges and bypass the namespace isolation unexpectedly.

 CVE-2022-1011:
 CVE-2022-1011 kernel: FUSE allows UAF reads of write() buffers, allowing theft of (partial) /etc/shadow hashes

 CVE-2022-1016:
 CVE-2022-1016 kernel: uninitialized registers on stack in nft_do_chain can cause kernel pointer leakage to UM

 CVE-2022-0995:
 CVE-2022-0995 kernel: kernel bug in the watch_queue subsystem

 CVE-2021-22600:
 CVE-2021-22600 kernel: double free in packet_set_ring() in net/packet/af_packet.c

 CVE-2022-27666:
 CVE-2022-27666 kernel: buffer overflow in IPsec ESP transformation code

 CVE-2022-25636:
 CVE-2022-25636 kernel: heap out of bounds write in nf_dup_netdev.c

 CVE-2020-36516:
 CVE-2020-36516 kernel: an off-path attacker may inject data or terminate a victim's TCP session

 CVE-2021-44879:
 CVE-2021-44879 kernel: NULL pointer dereference in folio_mark_dirty() via a crafted f2fs image

 CVE-2021-45402:
 CVE-2021-45402 kernel: pointer leak in check_alu_op() of kernel/bpf/verifier.c

 CVE-2022-24448:
 CVE-2022-24448 kernel: nfs_atomic_open() returns uninitialized data instead of ENOTDIR

 CVE-2021-4204:
 CVE-2021-4204 kernel: improper input validation may lead to privilege escalation

 CVE-2022-23222:
 CVE-2022-23222 kernel: local privileges escalation in kernel/bpf/verifier.c

 CVE-2021-4135:
 CVE-2021-4135 kernel: Heap information leak in map_lookup_elem function

Tenable has extracted the preceding description block directly from the Alibaba Cloud Linux security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

Solution

Update the affected packages.

See Also

http://mirrors.aliyun.com/alinux/3/cve/alinux3-sa-20220029.xml

Plugin Details

Severity: High

ID: 236676

File Name: alinux3_sa_2022-0029.nasl

Version: 1.1

Type: local

Published: 5/14/2025

Updated: 5/14/2025

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: Critical

Score: 9.4

CVSS v2

Risk Factor: High

Base Score: 7.2

Temporal Score: 6.3

Vector: CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C

CVSS Score Source: CVE-2022-23222

CVSS v3

Risk Factor: High

Base Score: 8.4

Temporal Score: 8

Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Temporal Vector: CVSS:3.0/E:H/RL:O/RC:C

CVSS Score Source: CVE-2022-0185

Vulnerability Information

CPE: p-cpe:/a:alibabacloud:alibaba_cloud_linux_3:kernel-debug-core, p-cpe:/a:alibabacloud:alibaba_cloud_linux_3:kernel-tools, p-cpe:/a:alibabacloud:alibaba_cloud_linux_3:kernel-debug-debuginfo, p-cpe:/a:alibabacloud:alibaba_cloud_linux_3:kernel-modules-extra, p-cpe:/a:alibabacloud:alibaba_cloud_linux_3:bpftool, p-cpe:/a:alibabacloud:alibaba_cloud_linux_3:perf-debuginfo, p-cpe:/a:alibabacloud:alibaba_cloud_linux_3:kernel-tools-libs, p-cpe:/a:alibabacloud:alibaba_cloud_linux_3:kernel-debug-modules, p-cpe:/a:alibabacloud:alibaba_cloud_linux_3:kernel-debuginfo, p-cpe:/a:alibabacloud:alibaba_cloud_linux_3:kernel-debuginfo-common-aarch64, p-cpe:/a:alibabacloud:alibaba_cloud_linux_3:kernel-devel, p-cpe:/a:alibabacloud:alibaba_cloud_linux_3:kernel-headers, p-cpe:/a:alibabacloud:alibaba_cloud_linux_3:kernel-debug-modules-internal, p-cpe:/a:alibabacloud:alibaba_cloud_linux_3:kernel-debuginfo-common-x86_64, p-cpe:/a:alibabacloud:alibaba_cloud_linux_3:bpftool-debuginfo, p-cpe:/a:alibabacloud:alibaba_cloud_linux_3:python3-perf, p-cpe:/a:alibabacloud:alibaba_cloud_linux_3:kernel-debug-devel, p-cpe:/a:alibabacloud:alibaba_cloud_linux_3:kernel-tools-libs-devel, p-cpe:/a:alibabacloud:alibaba_cloud_linux_3:kernel-debug, p-cpe:/a:alibabacloud:alibaba_cloud_linux_3:kernel-debug-modules-extra, cpe:/o:alibabacloud:alibaba_cloud_linux_3, p-cpe:/a:alibabacloud:alibaba_cloud_linux_3:kernel, p-cpe:/a:alibabacloud:alibaba_cloud_linux_3:perf, p-cpe:/a:alibabacloud:alibaba_cloud_linux_3:kernel-tools-debuginfo, p-cpe:/a:alibabacloud:alibaba_cloud_linux_3:kernel-modules, p-cpe:/a:alibabacloud:alibaba_cloud_linux_3:kernel-core, p-cpe:/a:alibabacloud:alibaba_cloud_linux_3:kernel-modules-internal, p-cpe:/a:alibabacloud:alibaba_cloud_linux_3:python3-perf-debuginfo

Required KB Items: Host/local_checks_enabled, Host/cpu, Host/Alibaba/release, Host/Alibaba/rpm-list

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 4/12/2022

Vulnerability Publication Date: 7/21/2021

CISA Known Exploited Vulnerability Due Dates: 5/2/2022, 9/11/2024

Reference Information

CVE: CVE-2020-36516, CVE-2021-22600, CVE-2021-4135, CVE-2021-4197, CVE-2021-4204, CVE-2021-44879, CVE-2021-45402, CVE-2022-0185, CVE-2022-0330, CVE-2022-0492, CVE-2022-0995, CVE-2022-1011, CVE-2022-1016, CVE-2022-22942, CVE-2022-23222, CVE-2022-24448, CVE-2022-25636, CVE-2022-27666