Lucene search
This script is Copyright (C) 2019-2024 and is owned by Tenable, Inc. or an Affiliate thereof.AL2_ALAS-2019-1280.NASLHistorySep 20, 2019 - 12:00 a.m.
Amazon Linux 2 : kernel (ALAS-2019-1280)
2019-09-2000:00:00
This script is Copyright (C) 2019-2024 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
21
7.2 High
CVSS2
Attack Vector
LOCAL
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:L/AC:L/Au:N/C:C/I:C/A:C
8.4 High
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
7.1 High
AI Score
Confidence
High
0.002 Low
EPSS
Percentile
55.3%
A buffer overflow due to a singed-unsigned comparsion was found in hidp_process_report() in the net/bluetooth/hidp/core.c in the Linux kernel. The buffer length is an unsigned int but gets cast to a signed int which in certain conditions can lead to a system panic and a denial-of-service. (CVE-2018-9363)
It was found that paravirt_patch_call/jump() functions in the arch/x86/kernel/paravirt.c in the Linux kernel mishandles certain indirect calls, which makes it easier for attackers to conduct Spectre-v2 attacks against paravirtualized guests. (CVE-2018-15594)
#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were
# extracted from Amazon Linux 2 Security Advisory ALAS-2019-1280.
#
include('compat.inc');
if (description)
{
script_id(129065);
script_version("1.3");
script_set_attribute(attribute:"plugin_modification_date", value:"2024/04/24");
script_cve_id("CVE-2018-15594", "CVE-2018-9363");
script_xref(name:"ALAS", value:"2019-1280");
script_name(english:"Amazon Linux 2 : kernel (ALAS-2019-1280)");
script_set_attribute(attribute:"synopsis", value:
"The remote Amazon Linux 2 host is missing a security update.");
script_set_attribute(attribute:"description", value:
"A buffer overflow due to a singed-unsigned comparsion was found in
hidp_process_report() in the net/bluetooth/hidp/core.c in the Linux
kernel. The buffer length is an unsigned int but gets cast to a signed
int which in certain conditions can lead to a system panic and a
denial-of-service. (CVE-2018-9363)
It was found that paravirt_patch_call/jump() functions in the
arch/x86/kernel/paravirt.c in the Linux kernel mishandles certain
indirect calls, which makes it easier for attackers to conduct
Spectre-v2 attacks against paravirtualized guests. (CVE-2018-15594)");
script_set_attribute(attribute:"see_also", value:"https://alas.aws.amazon.com/AL2/ALAS-2019-1280.html");
script_set_attribute(attribute:"solution", value:
"Run 'yum update kernel' to update your system.");
script_set_cvss_base_vector("CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C");
script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
script_set_cvss3_base_vector("CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H");
script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
script_set_attribute(attribute:"cvss_score_source", value:"CVE-2018-9363");
script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
script_set_attribute(attribute:"exploit_available", value:"false");
script_set_attribute(attribute:"vuln_publication_date", value:"2018/08/20");
script_set_attribute(attribute:"patch_publication_date", value:"2019/09/19");
script_set_attribute(attribute:"plugin_publication_date", value:"2019/09/20");
script_set_attribute(attribute:"plugin_type", value:"local");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:kernel");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:kernel-debuginfo");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:kernel-debuginfo-common-x86_64");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:kernel-devel");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:kernel-headers");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:kernel-tools");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:kernel-tools-debuginfo");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:kernel-tools-devel");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:perf");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:perf-debuginfo");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:python-perf");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:python-perf-debuginfo");
script_set_attribute(attribute:"cpe", value:"cpe:/o:amazon:linux:2");
script_set_attribute(attribute:"generated_plugin", value:"current");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_family(english:"Amazon Linux Local Security Checks");
script_copyright(english:"This script is Copyright (C) 2019-2024 and is owned by Tenable, Inc. or an Affiliate thereof.");
script_dependencies("ssh_get_info.nasl");
script_require_keys("Host/local_checks_enabled", "Host/AmazonLinux/release", "Host/AmazonLinux/rpm-list");
exit(0);
}
include("audit.inc");
include("global_settings.inc");
include("rpm.inc");
if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
release = get_kb_item("Host/AmazonLinux/release");
if (isnull(release) || !strlen(release)) audit(AUDIT_OS_NOT, "Amazon Linux");
os_ver = pregmatch(pattern: "^AL(A|\d)", string:release);
if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Amazon Linux");
os_ver = os_ver[1];
if (os_ver != "2")
{
if (os_ver == 'A') os_ver = 'AMI';
audit(AUDIT_OS_NOT, "Amazon Linux 2", "Amazon Linux " + os_ver);
}
if (!get_kb_item("Host/AmazonLinux/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
flag = 0;
if (rpm_check(release:"AL2", cpu:"x86_64", reference:"kernel-4.14.67-71.56.amzn2")) flag++;
if (rpm_check(release:"AL2", cpu:"x86_64", reference:"kernel-debuginfo-4.14.67-71.56.amzn2")) flag++;
if (rpm_check(release:"AL2", cpu:"x86_64", reference:"kernel-debuginfo-common-x86_64-4.14.67-71.56.amzn2")) flag++;
if (rpm_check(release:"AL2", cpu:"x86_64", reference:"kernel-devel-4.14.67-71.56.amzn2")) flag++;
if (rpm_check(release:"AL2", reference:"kernel-headers-4.14.67-71.56.amzn2")) flag++;
if (rpm_check(release:"AL2", cpu:"x86_64", reference:"kernel-tools-4.14.67-71.56.amzn2")) flag++;
if (rpm_check(release:"AL2", cpu:"x86_64", reference:"kernel-tools-debuginfo-4.14.67-71.56.amzn2")) flag++;
if (rpm_check(release:"AL2", cpu:"x86_64", reference:"kernel-tools-devel-4.14.67-71.56.amzn2")) flag++;
if (rpm_check(release:"AL2", cpu:"x86_64", reference:"perf-4.14.67-71.56.amzn2")) flag++;
if (rpm_check(release:"AL2", cpu:"x86_64", reference:"perf-debuginfo-4.14.67-71.56.amzn2")) flag++;
if (rpm_check(release:"AL2", cpu:"x86_64", reference:"python-perf-4.14.67-71.56.amzn2")) flag++;
if (rpm_check(release:"AL2", cpu:"x86_64", reference:"python-perf-debuginfo-4.14.67-71.56.amzn2")) flag++;
if (flag)
{
if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());
else security_hole(0);
exit(0);
}
else
{
tested = pkg_tests_get();
if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
else audit(AUDIT_PACKAGE_NOT_INSTALLED, "kernel / kernel-debuginfo / kernel-debuginfo-common-x86_64 / etc");
}
| Vendor | Product | Version | CPE |
|---|---|---|---|
| amazon | linux | kernel | p-cpe:/a:amazon:linux:kernel |
| amazon | linux | kernel-debuginfo | p-cpe:/a:amazon:linux:kernel-debuginfo |
| amazon | linux | kernel-debuginfo-common-x86_64 | p-cpe:/a:amazon:linux:kernel-debuginfo-common-x86_64 |
| amazon | linux | kernel-devel | p-cpe:/a:amazon:linux:kernel-devel |
| amazon | linux | kernel-headers | p-cpe:/a:amazon:linux:kernel-headers |
| amazon | linux | kernel-tools | p-cpe:/a:amazon:linux:kernel-tools |
| amazon | linux | kernel-tools-debuginfo | p-cpe:/a:amazon:linux:kernel-tools-debuginfo |
| amazon | linux | kernel-tools-devel | p-cpe:/a:amazon:linux:kernel-tools-devel |
| amazon | linux | perf | p-cpe:/a:amazon:linux:perf |
| amazon | linux | perf-debuginfo | p-cpe:/a:amazon:linux:perf-debuginfo |
Related
amazon
amazon
nessus
nessus
Amazon Linux 2 : kernel (ALAS-2019-1281)
2019-09-20 00:00:00
Amazon Linux AMI : kernel (ALAS-2019-1280)
2019-09-19 00:00:00
EulerOS Virtualization 2.5.2 : kernel (EulerOS-SA-2018-1372)
2018-11-21 00:00:00
cvelist
cvelist
CVE-2018-9363
2018-10-31 00:00:00
CVE-2018-15594
2018-08-20 08:00:00
debiancve
debiancve
CVE-2018-9363
2018-11-06 17:29:00
CVE-2018-15594
2018-08-20 08:29:00
ubuntucve
ubuntucve
CVE-2018-9363
2018-08-02 00:00:00
CVE-2018-15594
2018-08-20 00:00:00
f5
f5
K01821401 : Linux kernel vulnerability CVE-2018-9363
2022-07-21 00:00:00
K26301924 : Linux kernel vulnerability CVE-2018-15594
2019-02-15 00:00:00
cve
cve
CVE-2018-15594
2018-08-20 08:29:00
CVE-2018-9363
2018-11-06 17:29:00
veracode
veracode
Denial Of Service (DoS)
2019-08-08 00:07:18
Authorization Bypass
2019-08-08 00:07:16
redhatcve
redhatcve
CVE-2018-9363
2018-08-28 12:53:38
CVE-2018-15594
2020-04-05 16:51:01
prion
prion
Integer overflow
2018-11-06 17:29:00
Code injection
2018-08-20 08:29:00
nvd
nvd
CVE-2018-15594
2018-08-20 08:29:00
CVE-2018-9363
2018-11-06 17:29:00
altlinux
altlinux
openvas
openvas
Huawei EulerOS: Security Advisory for kernel (EulerOS-SA-2018-1372)
2020-01-23 00:00:00
Huawei EulerOS: Security Advisory for kernel (EulerOS-SA-2018-1433)
2020-01-23 00:00:00
Huawei EulerOS: Security Advisory for kernel (EulerOS-SA-2019-1181)
2020-01-23 00:00:00
cloudfoundry
cloudfoundry
USN-3820-2: Linux kernel (HWE) vulnerabilities | Cloud Foundry
2018-11-20 00:00:00
USN-3797-2: Linux kernel (Xenial HWE) vulnerabilities | Cloud Foundry
2018-10-25 00:00:00
USN-3777-2: Linux kernel (HWE) vulnerabilities | Cloud Foundry
2018-10-09 00:00:00
ubuntu
ubuntu
Linux kernel vulnerabilities
2018-10-23 00:00:00
Linux kernel (Xenial HWE) vulnerabilities
2018-10-23 00:00:00
Linux kernel vulnerabilities
2018-11-14 00:00:00
oraclelinux
oraclelinux
Unbreakable Enterprise kernel security update
2018-09-04 00:00:00
Unbreakable Enterprise kernel security update
2019-01-03 00:00:00
kernel security, bug fix, and enhancement update
2019-08-13 00:00:00
photon
photon
Critical Photon OS Security Update - PHSA-2018-0180
2018-08-28 00:00:00
debian
debian
[SECURITY] [DSA 4308-1] linux security update
2018-10-01 15:21:20
[SECURITY] [DLA 1531-1] linux-4.9 security update
2018-10-03 23:59:07
[SECURITY] [DSA 4308-1] linux security update
2018-10-01 15:21:20
osv
osv
linux - security update
2018-10-01 00:00:00
linux-4.9 - security update
2018-10-03 00:00:00
linux - security update
2018-10-03 00:00:00
redhat
redhat
(RHSA-2019:2043) Important: kernel-rt security and bug fix update
2019-08-06 07:54:29
(RHSA-2019:2029) Important: kernel security, bug fix, and enhancement update
2019-08-06 07:52:38
ibm
ibm
centos
centos
bpftool, kernel, perf, python security update
2019-09-10 16:26:50
suse
suse
Security update for the Linux Kernel (important)
2018-09-16 15:07:35
Security update for the Linux Kernel (important)
2019-05-20 00:00:00
Security update for the Linux Kernel (important)
2018-10-08 15:09:43
androidsecurity
androidsecurity
Android Security BulletinβJune 2018
2018-06-04 00:00:00
7.2 High
CVSS2
Attack Vector
LOCAL
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:L/AC:L/Au:N/C:C/I:C/A:C
8.4 High
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
7.1 High
AI Score
Confidence
High
0.002 Low
EPSS
Percentile
55.3%
Related for AL2_ALAS-2019-1280.NASL