Lucene search
This script is Copyright (C) 2024 and is owned by Tenable, Inc. or an Affiliate thereof.MARINER_CVE-2024-26583.NASLHistoryJul 03, 2024 - 12:00 a.m.
CBL Mariner 2.0 Security Update: hyperv-daemons / kernel (CVE-2024-26583)
2024-07-0300:00:00
This script is Copyright (C) 2024 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
cbl mariner 2.0
security update
hyperv-daemons
kernel
cve-2024-26583
linux kernel
vulnerability
async notify
socket close
nessus scanner
4.7 Medium
CVSS3
Attack Vector
LOCAL
Attack Complexity
HIGH
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H
7 High
AI Score
Confidence
Low
The version of hyperv-daemons / kernel installed on the remote CBL Mariner 2.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2024-26583 advisory.
- In the Linux kernel, the following vulnerability has been resolved: tls: fix race between async notify and socket close The submitting thread (one which called recvmsg/sendmsg) May exit as soon as the async crypto handler calls complete() so any code past that point risks touching already freed data. Try to avoid the locking and extra flags altogether. Have the main thread hold an extra reference, this way we can depend solely on the atomic ref counter for synchronization. Don’t futz with reiniting the completion, either, we are now tightly controlling when completion fires. (CVE-2024-26583)
Note that Nessus has not tested for this issue but has instead relied only on the application’s self-reported version number.
#%NASL_MIN_LEVEL 80900
##
# (C) Tenable, Inc.
##
include('compat.inc');
if (description)
{
script_id(201605);
script_version("1.1");
script_set_attribute(attribute:"plugin_modification_date", value:"2024/07/03");
script_cve_id("CVE-2024-26583");
script_name(english:"CBL Mariner 2.0 Security Update: hyperv-daemons / kernel (CVE-2024-26583)");
script_set_attribute(attribute:"synopsis", value:
"The remote CBL Mariner host is missing one or more security updates.");
script_set_attribute(attribute:"description", value:
"The version of hyperv-daemons / kernel installed on the remote CBL Mariner 2.0 host is prior to tested version. It is,
therefore, affected by a vulnerability as referenced in the CVE-2024-26583 advisory.
- In the Linux kernel, the following vulnerability has been resolved: tls: fix race between async notify and
socket close The submitting thread (one which called recvmsg/sendmsg) May exit as soon as the async crypto
handler calls complete() so any code past that point risks touching already freed data. Try to avoid the
locking and extra flags altogether. Have the main thread hold an extra reference, this way we can depend
solely on the atomic ref counter for synchronization. Don't futz with reiniting the completion, either, we
are now tightly controlling when completion fires. (CVE-2024-26583)
Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version
number.");
script_set_attribute(attribute:"see_also", value:"https://nvd.nist.gov/vuln/detail/CVE-2024-26583");
script_set_attribute(attribute:"solution", value:
"Update the affected packages.");
script_set_cvss_base_vector("CVSS2#AV:L/AC:H/Au:S/C:N/I:N/A:C");
script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
script_set_cvss3_base_vector("CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H");
script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
script_set_attribute(attribute:"cvss_score_source", value:"CVE-2024-26583");
script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
script_set_attribute(attribute:"exploit_available", value:"false");
script_set_attribute(attribute:"vuln_publication_date", value:"2024/02/21");
script_set_attribute(attribute:"patch_publication_date", value:"2024/07/01");
script_set_attribute(attribute:"plugin_publication_date", value:"2024/07/03");
script_set_attribute(attribute:"plugin_type", value:"local");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:microsoft:cbl-mariner:bpftool");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:microsoft:cbl-mariner:kernel");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:microsoft:cbl-mariner:kernel-debuginfo");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:microsoft:cbl-mariner:kernel-devel");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:microsoft:cbl-mariner:kernel-docs");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:microsoft:cbl-mariner:kernel-drivers-accessibility");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:microsoft:cbl-mariner:kernel-drivers-gpu");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:microsoft:cbl-mariner:kernel-drivers-sound");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:microsoft:cbl-mariner:kernel-dtb");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:microsoft:cbl-mariner:kernel-tools");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:microsoft:cbl-mariner:python3-perf");
script_set_attribute(attribute:"cpe", value:"x-cpe:/o:microsoft:cbl-mariner");
script_set_attribute(attribute:"generated_plugin", value:"current");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_family(english:"MarinerOS Local Security Checks");
script_copyright(english:"This script is Copyright (C) 2024 and is owned by Tenable, Inc. or an Affiliate thereof.");
script_dependencies("ssh_get_info.nasl");
script_require_keys("Host/local_checks_enabled", "Host/CBLMariner/release", "Host/CBLMariner/rpm-list", "Host/cpu");
exit(0);
}
include('rpm.inc');
if (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
var release = get_kb_item('Host/CBLMariner/release');
if (isnull(release) || 'CBL-Mariner' >!< release) audit(AUDIT_OS_NOT, 'CBL-Mariner');
var os_ver = pregmatch(pattern: "CBL-Mariner ([0-9]+(\.[0-9]+)?)", string:release);
if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'CBL-Mariner');
os_ver = os_ver[1];
if (! preg(pattern:"^2([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, 'CBL-Mariner 2.0', 'CBL-Mariner ' + os_ver);
if (!get_kb_item('Host/CBLMariner/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);
var cpu = get_kb_item('Host/cpu');
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if ('x86_64' >!< cpu && cpu !~ "^i[3-6]86$" && 'aarch64' >!< cpu)
audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'CBL-Mariner', cpu);
var pkgs = [
{'reference':'bpftool-5.15.158.2-1.cm2', 'cpu':'x86_64', 'release':'2.0', 'rpm_spec_vers_cmp':TRUE},
{'reference':'bpftool-5.15.158.2-1.cm2', 'cpu':'aarch64', 'release':'2.0', 'rpm_spec_vers_cmp':TRUE},
{'reference':'kernel-5.15.158.2-1.cm2', 'cpu':'x86_64', 'release':'2.0', 'rpm_spec_vers_cmp':TRUE},
{'reference':'kernel-5.15.158.2-1.cm2', 'cpu':'aarch64', 'release':'2.0', 'rpm_spec_vers_cmp':TRUE},
{'reference':'kernel-debuginfo-5.15.158.2-1.cm2', 'cpu':'x86_64', 'release':'2.0', 'rpm_spec_vers_cmp':TRUE},
{'reference':'kernel-debuginfo-5.15.158.2-1.cm2', 'cpu':'aarch64', 'release':'2.0', 'rpm_spec_vers_cmp':TRUE},
{'reference':'kernel-devel-5.15.158.2-1.cm2', 'cpu':'x86_64', 'release':'2.0', 'rpm_spec_vers_cmp':TRUE},
{'reference':'kernel-devel-5.15.158.2-1.cm2', 'cpu':'aarch64', 'release':'2.0', 'rpm_spec_vers_cmp':TRUE},
{'reference':'kernel-docs-5.15.158.2-1.cm2', 'cpu':'x86_64', 'release':'2.0', 'rpm_spec_vers_cmp':TRUE},
{'reference':'kernel-docs-5.15.158.2-1.cm2', 'cpu':'aarch64', 'release':'2.0', 'rpm_spec_vers_cmp':TRUE},
{'reference':'kernel-drivers-accessibility-5.15.158.2-1.cm2', 'cpu':'x86_64', 'release':'2.0', 'rpm_spec_vers_cmp':TRUE},
{'reference':'kernel-drivers-accessibility-5.15.158.2-1.cm2', 'cpu':'aarch64', 'release':'2.0', 'rpm_spec_vers_cmp':TRUE},
{'reference':'kernel-drivers-gpu-5.15.158.2-1.cm2', 'cpu':'x86_64', 'release':'2.0', 'rpm_spec_vers_cmp':TRUE},
{'reference':'kernel-drivers-gpu-5.15.158.2-1.cm2', 'cpu':'aarch64', 'release':'2.0', 'rpm_spec_vers_cmp':TRUE},
{'reference':'kernel-drivers-sound-5.15.158.2-1.cm2', 'cpu':'x86_64', 'release':'2.0', 'rpm_spec_vers_cmp':TRUE},
{'reference':'kernel-drivers-sound-5.15.158.2-1.cm2', 'cpu':'aarch64', 'release':'2.0', 'rpm_spec_vers_cmp':TRUE},
{'reference':'kernel-dtb-5.15.158.2-1.cm2', 'cpu':'aarch64', 'release':'2.0', 'rpm_spec_vers_cmp':TRUE},
{'reference':'kernel-tools-5.15.158.2-1.cm2', 'cpu':'x86_64', 'release':'2.0', 'rpm_spec_vers_cmp':TRUE},
{'reference':'kernel-tools-5.15.158.2-1.cm2', 'cpu':'aarch64', 'release':'2.0', 'rpm_spec_vers_cmp':TRUE},
{'reference':'python3-perf-5.15.158.2-1.cm2', 'cpu':'x86_64', 'release':'2.0', 'rpm_spec_vers_cmp':TRUE},
{'reference':'python3-perf-5.15.158.2-1.cm2', 'cpu':'aarch64', 'release':'2.0', 'rpm_spec_vers_cmp':TRUE}
];
var flag = 0;
foreach var package_array ( pkgs ) {
var reference = NULL;
var _release = NULL;
var sp = NULL;
var _cpu = NULL;
var el_string = NULL;
var rpm_spec_vers_cmp = NULL;
var epoch = NULL;
var allowmaj = NULL;
var exists_check = NULL;
if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];
if (!empty_or_null(package_array['release'])) _release = 'CBLMariner-' + package_array['release'];
if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];
if (!empty_or_null(package_array['cpu'])) _cpu = package_array['cpu'];
if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string'];
if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];
if (!empty_or_null(package_array['epoch'])) epoch = package_array['epoch'];
if (!empty_or_null(package_array['allowmaj'])) allowmaj = package_array['allowmaj'];
if (!empty_or_null(package_array['exists_check'])) exists_check = package_array['exists_check'];
if (reference && _release && (!exists_check || rpm_exists(release:_release, rpm:exists_check))) {
if (rpm_check(release:_release, sp:sp, cpu:_cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;
}
}
if (flag)
{
security_report_v4(
port : 0,
severity : SECURITY_NOTE,
extra : rpm_report_get()
);
exit(0);
}
else
{
var tested = pkg_tests_get();
if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'bpftool / kernel / kernel-debuginfo / kernel-devel / kernel-docs / etc');
}
| Vendor | Product | Version | CPE |
|---|---|---|---|
| microsoft | cbl-mariner | python3-perf | p-cpe:/a:microsoft:cbl-mariner:python3-perf |
| microsoft | cbl-mariner | kernel-devel | p-cpe:/a:microsoft:cbl-mariner:kernel-devel |
| microsoft | cbl-mariner | kernel-tools | p-cpe:/a:microsoft:cbl-mariner:kernel-tools |
| microsoft | cbl-mariner | kernel-drivers-accessibility | p-cpe:/a:microsoft:cbl-mariner:kernel-drivers-accessibility |
| microsoft | cbl-mariner | kernel-drivers-gpu | p-cpe:/a:microsoft:cbl-mariner:kernel-drivers-gpu |
| microsoft | cbl-mariner | x-cpe:/o:microsoft:cbl-mariner | |
| microsoft | cbl-mariner | kernel | p-cpe:/a:microsoft:cbl-mariner:kernel |
| microsoft | cbl-mariner | kernel-debuginfo | p-cpe:/a:microsoft:cbl-mariner:kernel-debuginfo |
| microsoft | cbl-mariner | kernel-dtb | p-cpe:/a:microsoft:cbl-mariner:kernel-dtb |
| microsoft | cbl-mariner | bpftool | p-cpe:/a:microsoft:cbl-mariner:bpftool |
Related
cbl_mariner
cbl_mariner
ubuntucve
ubuntucve
CVE-2024-26583
2024-02-21 00:00:00
prion
prion
Spoofing
2024-02-21 15:15:00
nvd
nvd
CVE-2024-26583
2024-02-21 15:15:09
redhatcve
redhatcve
CVE-2024-26583
2024-02-22 15:02:03
debiancve
debiancve
CVE-2024-26583
2024-02-21 15:15:09
cvelist
cvelist
CVE-2024-26583 tls: fix race between async notify and socket close
2024-02-21 14:59:11
vulnrichment
vulnrichment
CVE-2024-26583 tls: fix race between async notify and socket close
2024-02-21 14:59:11
cve
cve
CVE-2024-26583
2024-02-21 15:15:09
nessus
nessus
Amazon Linux 2 : kernel (ALASKERNEL-5.15-2024-043)
2024-05-20 00:00:00
Amazon Linux 2 : kernel (ALASKERNEL-5.10-2024-057)
2024-05-20 00:00:00
Amazon Linux 2 : kernel (ALASKERNEL-5.4-2024-065)
2024-05-20 00:00:00
openvas
openvas
Fedora: Security Advisory for kernel (FEDORA-2024-71f0f16533)
2024-02-28 00:00:00
Fedora: Security Advisory for kernel (FEDORA-2024-d16d94b00d)
2024-02-28 00:00:00
Huawei EulerOS: Security Advisory for kernel (EulerOS-SA-2024-1735)
2024-05-30 00:00:00
fedora
fedora
[SECURITY] Fedora 38 Update: kernel-6.7.6-100.fc38
2024-02-28 01:41:53
[SECURITY] Fedora 39 Update: kernel-6.7.6-200.fc39
2024-02-28 01:11:21
photon
photon
Important Photon OS Security Update - PHSA-2024-4.0-0586
2024-03-29 00:00:00
oraclelinux
oraclelinux
kernel security and bug fix update
2024-07-02 00:00:00
kernel security, bug fix, and enhancement update
2024-05-02 00:00:00
osv
osv
Important: kernel security and bug fix update
2024-07-02 00:00:00
linux-oem-6.5 vulnerabilities
2024-05-07 15:22:10
linux-gkeop, linux-gkeop-5.15, linux-kvm vulnerabilities
2024-06-10 17:13:01
redhat
redhat
(RHSA-2024:2394) Important: kernel security, bug fix, and enhancement update
2024-04-30 06:15:35
(RHSA-2024:2932) Important: logging for Red Hat OpenShift security update
2024-05-23 07:05:57
ubuntu
ubuntu
Linux kernel (OEM) vulnerabilities
2024-05-07 00:00:00
Linux kernel (Azure) vulnerabilities
2024-06-14 00:00:00
Linux kernel (ARM laptop) vulnerabilities
2024-06-10 00:00:00
debian
debian
[SECURITY] [DSA 5658-1] linux security update
2024-04-13 06:38:27
4.7 Medium
CVSS3
Attack Vector
LOCAL
Attack Complexity
HIGH
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H
7 High
AI Score
Confidence
Low
Related for MARINER_CVE-2024-26583.NASL