7.2 High
CVSS2
Attack Vector
LOCAL
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:L/AC:L/Au:N/C:C/I:C/A:C
7.8 High
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
7.5 High
AI Score
Confidence
High
0.003 Low
EPSS
Percentile
68.1%
The remote Ubuntu 16.04 ESM / 18.04 LTS host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-5515-1 advisory.
An unprivileged write to the file handler flaw in the Linux kernel’s control groups and namespaces subsystem was found in the way users have access to some less privileged process that are controlled by cgroups and have higher privileged parent process. It is actually both for cgroup2 and cgroup1 versions of control groups. A local user could use this flaw to crash the system or escalate their privileges on the system. (CVE-2021-4197)
A use-after-free flaw was found in the Linux kernel’s FUSE filesystem in the way a user triggers write().
This flaw allows a local user to gain unauthorized access to data from the FUSE filesystem, resulting in privilege escalation. (CVE-2022-1011)
A use-after-free vulnerabilitity was discovered in drivers/net/hamradio/6pack.c of linux that allows an attacker to crash linux kernel by simulating ax25 device using 6pack driver from user space.
(CVE-2022-1198)
A flaw was found in the Linux kernel. This flaw allows an attacker to crash the Linux kernel by simulating amateur radio from the user space, resulting in a null-ptr-deref vulnerability and a use-after-free vulnerability. (CVE-2022-1199)
A use-after-free flaw was found in the Linux kernel’s Amateur Radio AX.25 protocol functionality in the way a user connects with the protocol. This flaw allows a local user to crash the system. (CVE-2022-1204)
A NULL pointer dereference flaw was found in the Linux kernel’s Amateur Radio AX.25 protocol functionality in the way a user connects with the protocol. This flaw allows a local user to crash the system.
(CVE-2022-1205)
A vulnerability was found in the pfkey_register function in net/key/af_key.c in the Linux kernel. This flaw allows a local, unprivileged user to gain access to kernel memory, leading to a system crash or a leak of internal kernel information. (CVE-2022-1353)
A NULL pointer dereference flaw was found in the Linux kernel’s X.25 set of standardized network protocols functionality in the way a user terminates their session using a simulated Ethernet card and continued usage of this connection. This flaw allows a local user to crash the system. (CVE-2022-1516)
The Linux kernel was found vulnerable out of bounds memory access in the drivers/video/fbdev/sm712fb.c:smtcfb_read() function. The vulnerability could result in local attackers being able to crash the kernel. (CVE-2022-2380)
mcba_usb_start_xmit in drivers/net/can/usb/mcba_usb.c in the Linux kernel through 5.17.1 has a double free. (CVE-2022-28389)
Note that Nessus has not tested for these issues but has instead relied only on the application’s self-reported version number.
##
# (C) Tenable, Inc.
#
# The descriptive text and package checks in this plugin were
# extracted from Ubuntu Security Notice USN-5515-1. The text
# itself is copyright (C) Canonical, Inc. See
# <https://ubuntu.com/security/notices>. Ubuntu(R) is a registered
# trademark of Canonical, Inc.
##
include('compat.inc');
if (description)
{
script_id(163111);
script_version("1.8");
script_set_attribute(attribute:"plugin_modification_date", value:"2024/01/09");
script_cve_id(
"CVE-2021-4197",
"CVE-2022-1011",
"CVE-2022-1198",
"CVE-2022-1199",
"CVE-2022-1204",
"CVE-2022-1205",
"CVE-2022-1353",
"CVE-2022-1516",
"CVE-2022-2380",
"CVE-2022-28389"
);
script_xref(name:"USN", value:"5515-1");
script_name(english:"Ubuntu 16.04 ESM / 18.04 LTS : Linux kernel vulnerabilities (USN-5515-1)");
script_set_attribute(attribute:"synopsis", value:
"The remote Ubuntu host is missing one or more security updates.");
script_set_attribute(attribute:"description", value:
"The remote Ubuntu 16.04 ESM / 18.04 LTS host has a package installed that is affected by multiple vulnerabilities as
referenced in the USN-5515-1 advisory.
- An unprivileged write to the file handler flaw in the Linux kernel's control groups and namespaces
subsystem was found in the way users have access to some less privileged process that are controlled by
cgroups and have higher privileged parent process. It is actually both for cgroup2 and cgroup1 versions of
control groups. A local user could use this flaw to crash the system or escalate their privileges on the
system. (CVE-2021-4197)
- A use-after-free flaw was found in the Linux kernel's FUSE filesystem in the way a user triggers write().
This flaw allows a local user to gain unauthorized access to data from the FUSE filesystem, resulting in
privilege escalation. (CVE-2022-1011)
- A use-after-free vulnerabilitity was discovered in drivers/net/hamradio/6pack.c of linux that allows an
attacker to crash linux kernel by simulating ax25 device using 6pack driver from user space.
(CVE-2022-1198)
- A flaw was found in the Linux kernel. This flaw allows an attacker to crash the Linux kernel by simulating
amateur radio from the user space, resulting in a null-ptr-deref vulnerability and a use-after-free
vulnerability. (CVE-2022-1199)
- A use-after-free flaw was found in the Linux kernel's Amateur Radio AX.25 protocol functionality in the
way a user connects with the protocol. This flaw allows a local user to crash the system. (CVE-2022-1204)
- A NULL pointer dereference flaw was found in the Linux kernel's Amateur Radio AX.25 protocol functionality
in the way a user connects with the protocol. This flaw allows a local user to crash the system.
(CVE-2022-1205)
- A vulnerability was found in the pfkey_register function in net/key/af_key.c in the Linux kernel. This
flaw allows a local, unprivileged user to gain access to kernel memory, leading to a system crash or a
leak of internal kernel information. (CVE-2022-1353)
- A NULL pointer dereference flaw was found in the Linux kernel's X.25 set of standardized network protocols
functionality in the way a user terminates their session using a simulated Ethernet card and continued
usage of this connection. This flaw allows a local user to crash the system. (CVE-2022-1516)
- The Linux kernel was found vulnerable out of bounds memory access in the
drivers/video/fbdev/sm712fb.c:smtcfb_read() function. The vulnerability could result in local attackers
being able to crash the kernel. (CVE-2022-2380)
- mcba_usb_start_xmit in drivers/net/can/usb/mcba_usb.c in the Linux kernel through 5.17.1 has a double
free. (CVE-2022-28389)
Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version
number.");
script_set_attribute(attribute:"see_also", value:"https://ubuntu.com/security/notices/USN-5515-1");
script_set_attribute(attribute:"solution", value:
"Update the affected kernel package.");
script_set_cvss_base_vector("CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C");
script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C");
script_set_cvss3_base_vector("CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H");
script_set_cvss3_temporal_vector("CVSS:3.0/E:P/RL:O/RC:C");
script_set_attribute(attribute:"cvss_score_source", value:"CVE-2021-4197");
script_set_attribute(attribute:"cvss3_score_source", value:"CVE-2022-1011");
script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
script_set_attribute(attribute:"exploit_available", value:"true");
script_set_attribute(attribute:"vuln_publication_date", value:"2022/03/07");
script_set_attribute(attribute:"patch_publication_date", value:"2022/07/13");
script_set_attribute(attribute:"plugin_publication_date", value:"2022/07/14");
script_set_attribute(attribute:"plugin_type", value:"local");
script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:16.04:-:esm");
script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:18.04:-:lts");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-image-4.15.0-1049-dell300x");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-image-4.15.0-1102-oracle");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-image-4.15.0-1115-raspi2");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-image-4.15.0-1123-kvm");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-image-4.15.0-1131-gcp");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-image-4.15.0-1133-snapdragon");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-image-4.15.0-1137-aws");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-image-4.15.0-1137-aws-hwe");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-image-4.15.0-1146-azure");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-image-4.15.0-189-generic");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-image-4.15.0-189-generic-lpae");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-image-4.15.0-189-lowlatency");
script_set_attribute(attribute:"generated_plugin", value:"current");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_family(english:"Ubuntu Local Security Checks");
script_copyright(english:"Ubuntu Security Notice (C) 2022-2024 Canonical, Inc. / NASL script (C) 2022-2024 and is owned by Tenable, Inc. or an Affiliate thereof.");
script_dependencies("ssh_get_info.nasl", "linux_alt_patch_detect.nasl");
script_require_keys("Host/cpu", "Host/Ubuntu", "Host/Ubuntu/release", "Host/Debian/dpkg-l");
exit(0);
}
include('debian_package.inc');
include('ksplice.inc');
if ( ! get_kb_item('Host/local_checks_enabled') ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
var os_release = get_kb_item('Host/Ubuntu/release');
if ( isnull(os_release) ) audit(AUDIT_OS_NOT, 'Ubuntu');
os_release = chomp(os_release);
if (! ('16.04' >< os_release || '18.04' >< os_release)) audit(AUDIT_OS_NOT, 'Ubuntu 16.04 / 18.04', 'Ubuntu ' + os_release);
if ( ! get_kb_item('Host/Debian/dpkg-l') ) audit(AUDIT_PACKAGE_LIST_MISSING);
var cpu = get_kb_item('Host/cpu');
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if ('x86_64' >!< cpu && cpu !~ "^i[3-6]86$" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Ubuntu', cpu);
var kernel_mappings = {
'16.04': {
'4.15.0': {
'generic': '4.15.0-189',
'lowlatency': '4.15.0-189',
'oracle': '4.15.0-1102',
'gcp': '4.15.0-1131',
'aws': '4.15.0-1137',
'aws-hwe': '4.15.0-1137'
}
},
'18.04': {
'4.15.0': {
'generic': '4.15.0-189',
'generic-lpae': '4.15.0-189',
'lowlatency': '4.15.0-189',
'dell300x': '4.15.0-1049',
'oracle': '4.15.0-1102',
'raspi2': '4.15.0-1115',
'kvm': '4.15.0-1123',
'gcp': '4.15.0-1131',
'snapdragon': '4.15.0-1133',
'aws': '4.15.0-1137',
'azure': '4.15.0-1146'
}
}
};
var host_kernel_release = get_kb_item('Host/uptrack-uname-r');
if (empty_or_null(host_kernel_release)) host_kernel_release = get_kb_item_or_exit('Host/uname-r');
var host_kernel_base_version = get_kb_item_or_exit('Host/Debian/kernel-base-version');
var host_kernel_type = get_kb_item_or_exit('Host/Debian/kernel-type');
if(empty_or_null(kernel_mappings[os_release][host_kernel_base_version][host_kernel_type])) audit(AUDIT_INST_VER_NOT_VULN, 'kernel ' + host_kernel_release);
var extra = '';
var kernel_fixed_version = kernel_mappings[os_release][host_kernel_base_version][host_kernel_type] + "-" + host_kernel_type;
if (deb_ver_cmp(ver1:host_kernel_release, ver2:kernel_fixed_version) < 0)
{
extra = extra + 'Running Kernel level of ' + host_kernel_release + ' does not meet the minimum fixed level of ' + kernel_fixed_version + ' for this advisory.\n\n';
}
else
{
audit(AUDIT_PATCH_INSTALLED, 'Kernel package for USN-5515-1');
}
if (get_one_kb_item('Host/ksplice/kernel-cves'))
{
var cve_list = make_list('CVE-2021-4197', 'CVE-2022-1011', 'CVE-2022-1198', 'CVE-2022-1199', 'CVE-2022-1204', 'CVE-2022-1205', 'CVE-2022-1353', 'CVE-2022-1516', 'CVE-2022-2380', 'CVE-2022-28389');
if (ksplice_cves_check(cve_list))
{
audit(AUDIT_PATCH_INSTALLED, 'KSplice hotfix for USN-5515-1');
}
else
{
extra = extra + ksplice_reporting_text();
}
}
if (extra) {
security_report_v4(
port : 0,
severity : SECURITY_HOLE,
extra : extra
);
exit(0);
}
Vendor | Product | Version | CPE |
---|---|---|---|
canonical | ubuntu_linux | 16.04 | cpe:/o:canonical:ubuntu_linux:16.04:-:esm |
canonical | ubuntu_linux | 18.04 | cpe:/o:canonical:ubuntu_linux:18.04:-:lts |
canonical | ubuntu_linux | linux-image-4.15.0-1049-dell300x | p-cpe:/a:canonical:ubuntu_linux:linux-image-4.15.0-1049-dell300x |
canonical | ubuntu_linux | linux-image-4.15.0-1102-oracle | p-cpe:/a:canonical:ubuntu_linux:linux-image-4.15.0-1102-oracle |
canonical | ubuntu_linux | linux-image-4.15.0-1115-raspi2 | p-cpe:/a:canonical:ubuntu_linux:linux-image-4.15.0-1115-raspi2 |
canonical | ubuntu_linux | linux-image-4.15.0-1123-kvm | p-cpe:/a:canonical:ubuntu_linux:linux-image-4.15.0-1123-kvm |
canonical | ubuntu_linux | linux-image-4.15.0-1131-gcp | p-cpe:/a:canonical:ubuntu_linux:linux-image-4.15.0-1131-gcp |
canonical | ubuntu_linux | linux-image-4.15.0-1133-snapdragon | p-cpe:/a:canonical:ubuntu_linux:linux-image-4.15.0-1133-snapdragon |
canonical | ubuntu_linux | linux-image-4.15.0-1137-aws | p-cpe:/a:canonical:ubuntu_linux:linux-image-4.15.0-1137-aws |
canonical | ubuntu_linux | linux-image-4.15.0-1137-aws-hwe | p-cpe:/a:canonical:ubuntu_linux:linux-image-4.15.0-1137-aws-hwe |
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-4197
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1011
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1198
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1199
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1204
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1205
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1353
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1516
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2380
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-28389
ubuntu.com/security/notices/USN-5515-1
7.2 High
CVSS2
Attack Vector
LOCAL
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:L/AC:L/Au:N/C:C/I:C/A:C
7.8 High
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
7.5 High
AI Score
Confidence
High
0.003 Low
EPSS
Percentile
68.1%