Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nessusUbuntu Security Notice (C) 2022-2024 Canonical, Inc. / NASL script (C) 2022-2024 and is owned by Tenable, Inc. or an Affiliate thereof.UBUNTU_USN-5383-1.NASL
HistoryApr 21, 2022 - 12:00 a.m.

Ubuntu 20.04 LTS : Linux kernel vulnerabilities (USN-5383-1)

2022-04-2100:00:00
Ubuntu Security Notice (C) 2022-2024 Canonical, Inc. / NASL script (C) 2022-2024 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
29

4.9 Medium

CVSS2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:N/I:N/A:C

6.6 Medium

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H

6.9 Medium

AI Score

Confidence

Low

0.001 Low

EPSS

Percentile

50.2%

JSON

The remote Ubuntu 20.04 LTS host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-5383-1 advisory.

  • In the Linux kernel through 5.15.2, mwifiex_usb_recv in drivers/net/wireless/marvell/mwifiex/usb.c allows an attacker (who can connect a crafted USB device) to cause a denial of service (skb_over_panic).
    (CVE-2021-43976)

  • In gc_data_segment in fs/f2fs/gc.c in the Linux kernel before 5.16.3, special files are not considered, leading to a move_data_page NULL pointer dereference. (CVE-2021-44879)

  • A flaw null pointer dereference in the Linux kernel UDF file system functionality was found in the way user triggers udf_file_write_iter function for the malicious UDF image. A local user could use this flaw to crash the system. Actual from Linux kernel 4.2-rc1 till 5.17-rc2. (CVE-2022-0617)

  • A flaw was found in the Linux kernel in linux/net/netfilter/nf_tables_api.c of the netfilter subsystem.
    This flaw allows a local user to cause an out-of-bounds write issue. (CVE-2022-1015)

  • A flaw was found in the Linux kernel in net/netfilter/nf_tables_core.c:nft_do_chain, which can cause a use-after-free. This issue needs to handle ‘return’ with proper preconditions, as it can lead to a kernel information leak problem caused by a local, unprivileged attacker. (CVE-2022-1016)

  • An issue was discovered in fs/nfs/dir.c in the Linux kernel before 5.16.5. If an application sets the O_DIRECTORY flag, and tries to open a regular file, nfs_atomic_open() performs a regular lookup. If a regular file is found, ENOTDIR should occur, but the server instead returns uninitialized data in the file descriptor. (CVE-2022-24448)

  • An issue was discovered in the Linux kernel before 5.16.5. There is a memory leak in yam_siocdevprivate in drivers/net/hamradio/yam.c. (CVE-2022-24959)

  • drivers/bluetooth/virtio_bt.c in the Linux kernel before 5.16.3 has a memory leak (socket buffers have memory allocated but not freed). (CVE-2022-26878)

Note that Nessus has not tested for these issues but has instead relied only on the application’s self-reported version number.

#%NASL_MIN_LEVEL 70300
##
# (C) Tenable, Inc.
#
# The descriptive text and package checks in this plugin were
# extracted from Ubuntu Security Notice USN-5383-1. The text
# itself is copyright (C) Canonical, Inc. See
# <https://ubuntu.com/security/notices>. Ubuntu(R) is a registered
# trademark of Canonical, Inc.
##

include('deprecated_nasl_level.inc');
include('compat.inc');

if (description)
{
  script_id(160027);
  script_version("1.7");
  script_set_attribute(attribute:"plugin_modification_date", value:"2024/01/09");

  script_cve_id(
    "CVE-2021-43976",
    "CVE-2021-44879",
    "CVE-2022-0617",
    "CVE-2022-1015",
    "CVE-2022-1016",
    "CVE-2022-24448",
    "CVE-2022-24959",
    "CVE-2022-26878"
  );
  script_xref(name:"USN", value:"5383-1");

  script_name(english:"Ubuntu 20.04 LTS : Linux kernel vulnerabilities (USN-5383-1)");

  script_set_attribute(attribute:"synopsis", value:
"The remote Ubuntu host is missing one or more security updates.");
  script_set_attribute(attribute:"description", value:
"The remote Ubuntu 20.04 LTS host has a package installed that is affected by multiple vulnerabilities as referenced in
the USN-5383-1 advisory.

  - In the Linux kernel through 5.15.2, mwifiex_usb_recv in drivers/net/wireless/marvell/mwifiex/usb.c allows
    an attacker (who can connect a crafted USB device) to cause a denial of service (skb_over_panic).
    (CVE-2021-43976)

  - In gc_data_segment in fs/f2fs/gc.c in the Linux kernel before 5.16.3, special files are not considered,
    leading to a move_data_page NULL pointer dereference. (CVE-2021-44879)

  - A flaw null pointer dereference in the Linux kernel UDF file system functionality was found in the way
    user triggers udf_file_write_iter function for the malicious UDF image. A local user could use this flaw
    to crash the system. Actual from Linux kernel 4.2-rc1 till 5.17-rc2. (CVE-2022-0617)

  - A flaw was found in the Linux kernel in linux/net/netfilter/nf_tables_api.c of the netfilter subsystem.
    This flaw allows a local user to cause an out-of-bounds write issue. (CVE-2022-1015)

  - A flaw was found in the Linux kernel in net/netfilter/nf_tables_core.c:nft_do_chain, which can cause a
    use-after-free. This issue needs to handle 'return' with proper preconditions, as it can lead to a kernel
    information leak problem caused by a local, unprivileged attacker. (CVE-2022-1016)

  - An issue was discovered in fs/nfs/dir.c in the Linux kernel before 5.16.5. If an application sets the
    O_DIRECTORY flag, and tries to open a regular file, nfs_atomic_open() performs a regular lookup. If a
    regular file is found, ENOTDIR should occur, but the server instead returns uninitialized data in the file
    descriptor. (CVE-2022-24448)

  - An issue was discovered in the Linux kernel before 5.16.5. There is a memory leak in yam_siocdevprivate in
    drivers/net/hamradio/yam.c. (CVE-2022-24959)

  - drivers/bluetooth/virtio_bt.c in the Linux kernel before 5.16.3 has a memory leak (socket buffers have
    memory allocated but not freed). (CVE-2022-26878)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version
number.");
  script_set_attribute(attribute:"see_also", value:"https://ubuntu.com/security/notices/USN-5383-1");
  script_set_attribute(attribute:"solution", value:
"Update the affected kernel package.");
  script_set_cvss_base_vector("CVSS2#AV:L/AC:L/Au:N/C:P/I:P/A:P");
  script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C");
  script_set_cvss3_base_vector("CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H");
  script_set_cvss3_temporal_vector("CVSS:3.0/E:P/RL:O/RC:C");
  script_set_attribute(attribute:"cvss_score_source", value:"CVE-2022-1015");

  script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"true");

  script_set_attribute(attribute:"vuln_publication_date", value:"2021/11/17");
  script_set_attribute(attribute:"patch_publication_date", value:"2022/04/20");
  script_set_attribute(attribute:"plugin_publication_date", value:"2022/04/21");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:20.04:-:lts");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-image-5.13.0-1011-intel");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-image-5.13.0-1022-azure");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-image-5.13.0-1024-gcp");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-image-5.13.0-1027-oracle");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-image-5.13.0-40-generic");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-image-5.13.0-40-generic-64k");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-image-5.13.0-40-generic-lpae");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-image-5.13.0-40-lowlatency");
  script_set_attribute(attribute:"generated_plugin", value:"current");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"Ubuntu Local Security Checks");

  script_copyright(english:"Ubuntu Security Notice (C) 2022-2024 Canonical, Inc. / NASL script (C) 2022-2024 and is owned by Tenable, Inc. or an Affiliate thereof.");

  script_dependencies("linux_alt_patch_detect.nasl", "ssh_get_info.nasl");
  script_require_keys("Host/cpu", "Host/Ubuntu", "Host/Ubuntu/release", "Host/Debian/dpkg-l");

  exit(0);
}

include('debian_package.inc');
include('ksplice.inc');

if ( ! get_kb_item('Host/local_checks_enabled') ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
var os_release = get_kb_item('Host/Ubuntu/release');
if ( isnull(os_release) ) audit(AUDIT_OS_NOT, 'Ubuntu');
os_release = chomp(os_release);
if (! ('20.04' >< os_release)) audit(AUDIT_OS_NOT, 'Ubuntu 20.04', 'Ubuntu ' + os_release);
if ( ! get_kb_item('Host/Debian/dpkg-l') ) audit(AUDIT_PACKAGE_LIST_MISSING);

var cpu = get_kb_item('Host/cpu');
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if ('x86_64' >!< cpu && cpu !~ "^i[3-6]86$" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Ubuntu', cpu);

var kernel_mappings = {
  '20.04': {
    '5.13.0': {
      'generic': '5.13.0-40',
      'generic-64k': '5.13.0-40',
      'generic-lpae': '5.13.0-40',
      'lowlatency': '5.13.0-40',
      'intel': '5.13.0-1011',
      'azure': '5.13.0-1022',
      'gcp': '5.13.0-1024',
      'oracle': '5.13.0-1027'
    }
  }
};

var host_kernel_release = get_kb_item('Host/uptrack-uname-r');
if (empty_or_null(host_kernel_release)) host_kernel_release = get_kb_item_or_exit('Host/uname-r');
var host_kernel_base_version = get_kb_item_or_exit('Host/Debian/kernel-base-version');
var host_kernel_type = get_kb_item_or_exit('Host/Debian/kernel-type');
if(empty_or_null(kernel_mappings[os_release][host_kernel_base_version][host_kernel_type])) audit(AUDIT_INST_VER_NOT_VULN, 'kernel ' + host_kernel_release);

var extra = '';
var kernel_fixed_version = kernel_mappings[os_release][host_kernel_base_version][host_kernel_type] + "-" + host_kernel_type;
if (deb_ver_cmp(ver1:host_kernel_release, ver2:kernel_fixed_version) < 0)
{
  extra = extra + 'Running Kernel level of ' + host_kernel_release + ' does not meet the minimum fixed level of ' + kernel_fixed_version + ' for this advisory.\n\n';
}
  else
{
  audit(AUDIT_PATCH_INSTALLED, 'Kernel package for USN-5383-1');
}

if (get_one_kb_item('Host/ksplice/kernel-cves'))
{
  var cve_list = make_list('CVE-2021-43976', 'CVE-2021-44879', 'CVE-2022-0617', 'CVE-2022-1015', 'CVE-2022-1016', 'CVE-2022-24448', 'CVE-2022-24959', 'CVE-2022-26878');
  if (ksplice_cves_check(cve_list))
  {
    audit(AUDIT_PATCH_INSTALLED, 'KSplice hotfix for USN-5383-1');
  }
  else
  {
    extra = extra + ksplice_reporting_text();
  }
}
if (extra) {
  security_report_v4(
    port       : 0,
    severity   : SECURITY_WARNING,
    extra      : extra
  );
  exit(0);
}
VendorProductVersionCPE
canonicalubuntu_linux20.04cpe:/o:canonical:ubuntu_linux:20.04:-:lts
canonicalubuntu_linuxlinux-image-5.13.0-1011-intelp-cpe:/a:canonical:ubuntu_linux:linux-image-5.13.0-1011-intel
canonicalubuntu_linuxlinux-image-5.13.0-1022-azurep-cpe:/a:canonical:ubuntu_linux:linux-image-5.13.0-1022-azure
canonicalubuntu_linuxlinux-image-5.13.0-1024-gcpp-cpe:/a:canonical:ubuntu_linux:linux-image-5.13.0-1024-gcp
canonicalubuntu_linuxlinux-image-5.13.0-1027-oraclep-cpe:/a:canonical:ubuntu_linux:linux-image-5.13.0-1027-oracle
canonicalubuntu_linuxlinux-image-5.13.0-40-genericp-cpe:/a:canonical:ubuntu_linux:linux-image-5.13.0-40-generic
canonicalubuntu_linuxlinux-image-5.13.0-40-generic-64kp-cpe:/a:canonical:ubuntu_linux:linux-image-5.13.0-40-generic-64k
canonicalubuntu_linuxlinux-image-5.13.0-40-generic-lpaep-cpe:/a:canonical:ubuntu_linux:linux-image-5.13.0-40-generic-lpae
canonicalubuntu_linuxlinux-image-5.13.0-40-lowlatencyp-cpe:/a:canonical:ubuntu_linux:linux-image-5.13.0-40-lowlatency

Related

ubuntu 6
openvas 30
osv 7
nessus 43
redhatcve 8
amazon 3
suse 2
photon 3
githubexploit 8
prion 8
cvelist 8
nvd 8
ubuntucve 8
cve 8
debiancve 8
cnvd 5
veracode 5
cbl_mariner 16
debian 1
broadcom 1
virtuozzo 1
oraclelinux 6
fedora 6
ubuntu
ubuntu
Linux kernel vulnerabilities
2022-04-20 00:00:00
Linux kernel vulnerabilities
2022-04-20 00:00:00
Linux kernel (OEM) vulnerabilities
2022-02-22 00:00:00
openvas
openvas
Ubuntu: Security Advisory (USN-5383-1)
2022-04-21 00:00:00
Ubuntu: Security Advisory (USN-5384-1)
2022-04-21 00:00:00
Ubuntu: Security Advisory (USN-5302-1)
2022-02-23 00:00:00
osv
osv
linux, linux-aws, linux-aws-5.13, linux-azure, linux-azure-5.13, linux-gcp, linux-gcp-5.13, linux-hwe-5.13, linux-kvm, linux-oracle, linux-oracle-5.13, linux-raspi vulnerabilities
2022-04-20 23:48:40
linux, linux-aws, linux-aws-5.4, linux-azure, linux-azure-5.4, linux-azure-fde, linux-gcp, linux-gcp-5.4, linux-gke, linux-gke-5.4, linux-gkeop, linux-gkeop-5.4, linux-hwe-5.4, linux-ibm, linux-ibm-5.4, linux-kvm, linux-oracle, linux-oracle-5.4, linux-raspi, linux-raspi-5.4 vulnerabilities
2022-04-20 23:51:42
linux-oem-5.14 vulnerabilities
2022-02-22 22:45:56
nessus
nessus
Ubuntu 18.04 LTS / 20.04 LTS : Linux kernel vulnerabilities (USN-5384-1)
2022-04-21 00:00:00
Ubuntu 20.04 LTS : Linux kernel (OEM) vulnerabilities (USN-5302-1)
2022-02-23 00:00:00
Ubuntu 16.04 ESM / 18.04 LTS : Linux kernel vulnerabilities (USN-5385-1)
2022-04-21 00:00:00
redhatcve
redhatcve
CVE-2022-1016
2022-03-29 03:50:29
CVE-2022-24959
2022-02-11 14:23:43
CVE-2021-43976
2021-11-19 17:24:30
amazon
amazon
Important: kernel
2022-04-04 23:21:00
Important: kernel
2022-04-04 23:46:00
Important: kernel
2022-04-04 23:21:00
suse
suse
Security update for the Linux Kernel (important)
2022-03-08 00:00:00
Security update for the Linux Kernel (important)
2022-03-30 00:00:00
photon
photon
Moderate Photon OS Security Update - PHSA-2022-0459
2022-04-01 00:00:00
Important Photon OS Security Update - PHSA-2022-3.0-0362
2022-02-17 00:00:00
Important Photon OS Security Update - PHSA-2022-0376
2022-04-01 00:00:00
githubexploit
githubexploit
Exploit for CVE-2022-1015
2022-04-02 22:49:40
Exploit for Out-of-bounds Write in Linux Linux Kernel
2022-08-06 12:34:22
Exploit for Out-of-bounds Write in Linux Linux Kernel
2022-10-23 10:57:43
prion
prion
Memory corruption
2022-02-11 06:15:00
Null pointer dereference
2022-02-14 12:15:00
Memory corruption
2022-03-11 07:15:00
cvelist
cvelist
CVE-2021-44879
2022-02-13 00:00:00
CVE-2022-24959
2022-02-11 04:21:16
CVE-2021-43976
2021-11-17 00:00:00
nvd
nvd
CVE-2021-44879
2022-02-14 12:15:15
CVE-2022-24959
2022-02-11 06:15:06
CVE-2021-43976
2021-11-17 17:15:08
ubuntucve
ubuntucve
CVE-2021-44879
2022-02-14 00:00:00
CVE-2022-24959
2022-02-11 00:00:00
CVE-2022-26878
2022-03-11 00:00:00
cve
cve
CVE-2021-44879
2022-02-14 12:15:15
CVE-2022-24959
2022-02-11 06:15:06
CVE-2021-43976
2021-11-17 17:15:08
debiancve
debiancve
CVE-2021-44879
2022-02-14 12:15:15
CVE-2021-43976
2021-11-17 17:15:08
CVE-2022-26878
2022-03-11 07:15:08
cnvd
cnvd
Linux kernel yam.c buffer overflow vulnerability
2022-02-15 00:00:00
Linux kernel denial-of-service vulnerability (CNVD-2021-93367)
2021-11-18 00:00:00
Linux Kernel VirtIO Bluetooth driver denial of service vulnerability
2022-03-15 00:00:00
veracode
veracode
Denial Of Service (DoS)
2022-04-27 18:59:20
Denial Of Service (DoS)
2022-03-26 18:26:57
Insecure File Lookup
2022-04-27 19:00:45
cbl_mariner
cbl_mariner
CVE-2021-43976 affecting package kernel 5.10.189.1-1
2022-01-26 22:54:05
CVE-2021-44879 affecting package kernel 5.10.109.1-2
2022-05-12 02:17:02
CVE-2021-44879 affecting package kernel for versions less than 5.15.26.1-1
2022-04-09 06:52:47
debian
debian
[SECURITY] [DSA 5092-1] linux security update
2022-03-07 12:54:12
broadcom
broadcom
nfs_atomic_open() performs a regular lookup
2023-08-01 00:00:00
virtuozzo
virtuozzo
[Important] [Security] Virtuozzo ReadyKernel Patch 160.0 for Virtuozzo Hybrid Server 7.5
2023-08-25 00:00:00
oraclelinux
oraclelinux
Unbreakable Enterprise kernel-container security update
2022-04-07 00:00:00
Unbreakable Enterprise kernel security update
2022-04-07 00:00:00
Unbreakable Enterprise kernel-container security update
2022-04-08 00:00:00
fedora
fedora
[SECURITY] Fedora 34 Update: kernel-tools-5.15.4-100.fc34
2021-11-27 01:17:15
[SECURITY] Fedora 35 Update: kernel-headers-5.15.4-200.fc35
2021-11-27 01:12:07
[SECURITY] Fedora 35 Update: kernel-5.15.4-201.fc35
2021-11-27 01:12:06

4.9 Medium

CVSS2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:N/I:N/A:C

6.6 Medium

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H

6.9 Medium

AI Score

Confidence

Low

0.001 Low

EPSS

Percentile

50.2%

JSON
Related for UBUNTU_USN-5383-1.NASL
ubuntu6openvas30osv7nessus43redhatcve8amazon3suse2photon3githubexploit8prion8cvelist8nvd8ubuntucve8cve8debiancve8cnvd5veracode5cbl_mariner16debian1broadcom1virtuozzo1oraclelinux6fedora6