Amazon Linux AMI update for kernel



Published: 2022-03-11 | Updated: 2023-07-10
Risk High
Patch available YES
Number of vulnerabilities 11
CVE-ID CVE-2018-25020
CVE-2020-36322
CVE-2021-38199
CVE-2021-4197
CVE-2022-0001
CVE-2022-0002
CVE-2022-0330
CVE-2022-0435
CVE-2022-0617
CVE-2022-0847
CVE-2022-24448
CWE-ID CWE-119
CWE-404
CWE-362
CWE-264
CWE-200
CWE-121
CWE-476
CWE-908
CWE-909
Exploitation vector Network
Public exploit Vulnerability #10 is being exploited in the wild.
Vulnerable software
Subscribe 		Amazon Linux AMI
Operating systems & Components / Operating system

Vendor Amazon Web Services

Security Bulletin

This security bulletin contains information about 11 vulnerabilities.

1) Buffer overflow

EUVDB-ID: #VU61205

Risk: Low

CVSSv3.1: 6.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2018-25020

CWE-ID: CWE-119 - Memory corruption

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a boundary error within the BPF subsystem in the Linux kernel in ernel/bpf/core.c and net/core/filter.c. The kernel mishandles situations with a long jump over an instruction sequence where inner instructions require substantial expansions into multiple BPF instructions. A local user can run a specially crafted program to trigger memory corruption and execute arbitrary code with elevated privileges.

Mitigation

Update the affected packages:

i686:
    perf-4.14.268-139.500.amzn1.i686
    kernel-debuginfo-4.14.268-139.500.amzn1.i686
    kernel-devel-4.14.268-139.500.amzn1.i686
    kernel-debuginfo-common-i686-4.14.268-139.500.amzn1.i686
    kernel-4.14.268-139.500.amzn1.i686
    kernel-tools-debuginfo-4.14.268-139.500.amzn1.i686
    kernel-headers-4.14.268-139.500.amzn1.i686
    perf-debuginfo-4.14.268-139.500.amzn1.i686
    kernel-tools-4.14.268-139.500.amzn1.i686
    kernel-tools-devel-4.14.268-139.500.amzn1.i686

src:
    kernel-4.14.268-139.500.amzn1.src

x86_64:
    kernel-tools-4.14.268-139.500.amzn1.x86_64
    kernel-headers-4.14.268-139.500.amzn1.x86_64
    kernel-debuginfo-4.14.268-139.500.amzn1.x86_64
    perf-debuginfo-4.14.268-139.500.amzn1.x86_64
    kernel-4.14.268-139.500.amzn1.x86_64
    kernel-tools-debuginfo-4.14.268-139.500.amzn1.x86_64
    kernel-tools-devel-4.14.268-139.500.amzn1.x86_64
    kernel-debuginfo-common-x86_64-4.14.268-139.500.amzn1.x86_64
    perf-4.14.268-139.500.amzn1.x86_64
    kernel-devel-4.14.268-139.500.amzn1.x86_64

Vulnerable software versions

Amazon Linux AMI: All versions

External links

http://alas.aws.amazon.com/ALAS-2022-1571.html


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

2) Improper Resource Shutdown or Release

EUVDB-ID: #VU59473

Risk: Low

CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2020-36322

CWE-ID: CWE-404 - Improper Resource Shutdown or Release

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists in the FUSE filesystem implementation in the Linux kernel due to fuse_do_getattr() calls make_bad_inode() in inappropriate situations. A local user can run a specially crafted program to trigger kernel crash.

Note, the vulnerability exists due to incomplete fix for #VU58207 (CVE-2021-28950).

Mitigation

Update the affected packages:

i686:
    perf-4.14.268-139.500.amzn1.i686
    kernel-debuginfo-4.14.268-139.500.amzn1.i686
    kernel-devel-4.14.268-139.500.amzn1.i686
    kernel-debuginfo-common-i686-4.14.268-139.500.amzn1.i686
    kernel-4.14.268-139.500.amzn1.i686
    kernel-tools-debuginfo-4.14.268-139.500.amzn1.i686
    kernel-headers-4.14.268-139.500.amzn1.i686
    perf-debuginfo-4.14.268-139.500.amzn1.i686
    kernel-tools-4.14.268-139.500.amzn1.i686
    kernel-tools-devel-4.14.268-139.500.amzn1.i686

src:
    kernel-4.14.268-139.500.amzn1.src

x86_64:
    kernel-tools-4.14.268-139.500.amzn1.x86_64
    kernel-headers-4.14.268-139.500.amzn1.x86_64
    kernel-debuginfo-4.14.268-139.500.amzn1.x86_64
    perf-debuginfo-4.14.268-139.500.amzn1.x86_64
    kernel-4.14.268-139.500.amzn1.x86_64
    kernel-tools-debuginfo-4.14.268-139.500.amzn1.x86_64
    kernel-tools-devel-4.14.268-139.500.amzn1.x86_64
    kernel-debuginfo-common-x86_64-4.14.268-139.500.amzn1.x86_64
    perf-4.14.268-139.500.amzn1.x86_64
    kernel-devel-4.14.268-139.500.amzn1.x86_64

Vulnerable software versions

Amazon Linux AMI: All versions

External links

http://alas.aws.amazon.com/ALAS-2022-1571.html


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

3) Race condition

EUVDB-ID: #VU61208

Risk: Low

CVSSv3.1: 3.8 [CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L/E:U/RL:O/RC:C]

CVE-ID: CVE-2021-38199

CWE-ID: CWE-362 - Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')

Exploit availability: No

Description

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to fs/nfs/nfs4client.c in the Linux kernel has incorrect connection-setup ordering. A remote attacker with access to a remote NFSv4 server can perform a denial of service (DoS) attack by arranging the server to be unreachable during trunking detection.

Mitigation

Update the affected packages:

i686:
    perf-4.14.268-139.500.amzn1.i686
    kernel-debuginfo-4.14.268-139.500.amzn1.i686
    kernel-devel-4.14.268-139.500.amzn1.i686
    kernel-debuginfo-common-i686-4.14.268-139.500.amzn1.i686
    kernel-4.14.268-139.500.amzn1.i686
    kernel-tools-debuginfo-4.14.268-139.500.amzn1.i686
    kernel-headers-4.14.268-139.500.amzn1.i686
    perf-debuginfo-4.14.268-139.500.amzn1.i686
    kernel-tools-4.14.268-139.500.amzn1.i686
    kernel-tools-devel-4.14.268-139.500.amzn1.i686

src:
    kernel-4.14.268-139.500.amzn1.src

x86_64:
    kernel-tools-4.14.268-139.500.amzn1.x86_64
    kernel-headers-4.14.268-139.500.amzn1.x86_64
    kernel-debuginfo-4.14.268-139.500.amzn1.x86_64
    perf-debuginfo-4.14.268-139.500.amzn1.x86_64
    kernel-4.14.268-139.500.amzn1.x86_64
    kernel-tools-debuginfo-4.14.268-139.500.amzn1.x86_64
    kernel-tools-devel-4.14.268-139.500.amzn1.x86_64
    kernel-debuginfo-common-x86_64-4.14.268-139.500.amzn1.x86_64
    perf-4.14.268-139.500.amzn1.x86_64
    kernel-devel-4.14.268-139.500.amzn1.x86_64

Vulnerable software versions

Amazon Linux AMI: All versions

External links

http://alas.aws.amazon.com/ALAS-2022-1571.html


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the local network (LAN).

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

4) Security restrictions bypass

EUVDB-ID: #VU61258

Risk: Low

CVSSv3.1: 6.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2021-4197

CWE-ID: CWE-264 - Permissions, Privileges, and Access Controls

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to missing permissions checks within the cgroups (control groups) functionality of Linux Kernel when writing into a file descriptor. A local low privileged process can trick a higher privileged parent process into writing arbitrary data into files, which can result in denial of service or privileges escalation.

Mitigation

Update the affected packages:

i686:
    perf-4.14.268-139.500.amzn1.i686
    kernel-debuginfo-4.14.268-139.500.amzn1.i686
    kernel-devel-4.14.268-139.500.amzn1.i686
    kernel-debuginfo-common-i686-4.14.268-139.500.amzn1.i686
    kernel-4.14.268-139.500.amzn1.i686
    kernel-tools-debuginfo-4.14.268-139.500.amzn1.i686
    kernel-headers-4.14.268-139.500.amzn1.i686
    perf-debuginfo-4.14.268-139.500.amzn1.i686
    kernel-tools-4.14.268-139.500.amzn1.i686
    kernel-tools-devel-4.14.268-139.500.amzn1.i686

src:
    kernel-4.14.268-139.500.amzn1.src

x86_64:
    kernel-tools-4.14.268-139.500.amzn1.x86_64
    kernel-headers-4.14.268-139.500.amzn1.x86_64
    kernel-debuginfo-4.14.268-139.500.amzn1.x86_64
    perf-debuginfo-4.14.268-139.500.amzn1.x86_64
    kernel-4.14.268-139.500.amzn1.x86_64
    kernel-tools-debuginfo-4.14.268-139.500.amzn1.x86_64
    kernel-tools-devel-4.14.268-139.500.amzn1.x86_64
    kernel-debuginfo-common-x86_64-4.14.268-139.500.amzn1.x86_64
    perf-4.14.268-139.500.amzn1.x86_64
    kernel-devel-4.14.268-139.500.amzn1.x86_64

Vulnerable software versions

Amazon Linux AMI: All versions

External links

http://alas.aws.amazon.com/ALAS-2022-1571.html


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

5) Information disclosure

EUVDB-ID: #VU61198

Risk: Low

CVSSv3.1: 4.1 [CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2022-0001

CWE-ID: CWE-200 - Information exposure

Exploit availability: No

Description

The vulnerability allows a local user to gain access to potentially sensitive information.

The vulnerability exists due to non-transparent sharing of branch predictor selectors between contexts. A local user can gain unauthorized access to sensitive information on the system.

Mitigation

Update the affected packages:

i686:
    perf-4.14.268-139.500.amzn1.i686
    kernel-debuginfo-4.14.268-139.500.amzn1.i686
    kernel-devel-4.14.268-139.500.amzn1.i686
    kernel-debuginfo-common-i686-4.14.268-139.500.amzn1.i686
    kernel-4.14.268-139.500.amzn1.i686
    kernel-tools-debuginfo-4.14.268-139.500.amzn1.i686
    kernel-headers-4.14.268-139.500.amzn1.i686
    perf-debuginfo-4.14.268-139.500.amzn1.i686
    kernel-tools-4.14.268-139.500.amzn1.i686
    kernel-tools-devel-4.14.268-139.500.amzn1.i686

src:
    kernel-4.14.268-139.500.amzn1.src

x86_64:
    kernel-tools-4.14.268-139.500.amzn1.x86_64
    kernel-headers-4.14.268-139.500.amzn1.x86_64
    kernel-debuginfo-4.14.268-139.500.amzn1.x86_64
    perf-debuginfo-4.14.268-139.500.amzn1.x86_64
    kernel-4.14.268-139.500.amzn1.x86_64
    kernel-tools-debuginfo-4.14.268-139.500.amzn1.x86_64
    kernel-tools-devel-4.14.268-139.500.amzn1.x86_64
    kernel-debuginfo-common-x86_64-4.14.268-139.500.amzn1.x86_64
    perf-4.14.268-139.500.amzn1.x86_64
    kernel-devel-4.14.268-139.500.amzn1.x86_64

Vulnerable software versions

Amazon Linux AMI: All versions

External links

http://alas.aws.amazon.com/ALAS-2022-1571.html


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

6) Information disclosure

EUVDB-ID: #VU61199

Risk: Low

CVSSv3.1: 4.1 [CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2022-0002

CWE-ID: CWE-200 - Information exposure

Exploit availability: No

Description

The vulnerability allows a local user to gain access to potentially sensitive information.

The vulnerability exists due to non-transparent sharing of branch predictor within a context. A local user can gain unauthorized access to sensitive information on the system.

Mitigation

Update the affected packages:

i686:
    perf-4.14.268-139.500.amzn1.i686
    kernel-debuginfo-4.14.268-139.500.amzn1.i686
    kernel-devel-4.14.268-139.500.amzn1.i686
    kernel-debuginfo-common-i686-4.14.268-139.500.amzn1.i686
    kernel-4.14.268-139.500.amzn1.i686
    kernel-tools-debuginfo-4.14.268-139.500.amzn1.i686
    kernel-headers-4.14.268-139.500.amzn1.i686
    perf-debuginfo-4.14.268-139.500.amzn1.i686
    kernel-tools-4.14.268-139.500.amzn1.i686
    kernel-tools-devel-4.14.268-139.500.amzn1.i686

src:
    kernel-4.14.268-139.500.amzn1.src

x86_64:
    kernel-tools-4.14.268-139.500.amzn1.x86_64
    kernel-headers-4.14.268-139.500.amzn1.x86_64
    kernel-debuginfo-4.14.268-139.500.amzn1.x86_64
    perf-debuginfo-4.14.268-139.500.amzn1.x86_64
    kernel-4.14.268-139.500.amzn1.x86_64
    kernel-tools-debuginfo-4.14.268-139.500.amzn1.x86_64
    kernel-tools-devel-4.14.268-139.500.amzn1.x86_64
    kernel-debuginfo-common-x86_64-4.14.268-139.500.amzn1.x86_64
    perf-4.14.268-139.500.amzn1.x86_64
    kernel-devel-4.14.268-139.500.amzn1.x86_64

Vulnerable software versions

Amazon Linux AMI: All versions

External links

http://alas.aws.amazon.com/ALAS-2022-1571.html


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

7) Buffer overflow

EUVDB-ID: #VU60988

Risk: Low

CVSSv3.1: 7.7 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2022-0330

CWE-ID: CWE-119 - Memory corruption

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a random memory access flaw caused by a missing TLB flush in Linux kernel GPU i915 kernel driver functionality. A local user can execute arbitrary code on the system with elevated privileges.

Mitigation

Update the affected packages:

i686:
    perf-4.14.268-139.500.amzn1.i686
    kernel-debuginfo-4.14.268-139.500.amzn1.i686
    kernel-devel-4.14.268-139.500.amzn1.i686
    kernel-debuginfo-common-i686-4.14.268-139.500.amzn1.i686
    kernel-4.14.268-139.500.amzn1.i686
    kernel-tools-debuginfo-4.14.268-139.500.amzn1.i686
    kernel-headers-4.14.268-139.500.amzn1.i686
    perf-debuginfo-4.14.268-139.500.amzn1.i686
    kernel-tools-4.14.268-139.500.amzn1.i686
    kernel-tools-devel-4.14.268-139.500.amzn1.i686

src:
    kernel-4.14.268-139.500.amzn1.src

x86_64:
    kernel-tools-4.14.268-139.500.amzn1.x86_64
    kernel-headers-4.14.268-139.500.amzn1.x86_64
    kernel-debuginfo-4.14.268-139.500.amzn1.x86_64
    perf-debuginfo-4.14.268-139.500.amzn1.x86_64
    kernel-4.14.268-139.500.amzn1.x86_64
    kernel-tools-debuginfo-4.14.268-139.500.amzn1.x86_64
    kernel-tools-devel-4.14.268-139.500.amzn1.x86_64
    kernel-debuginfo-common-x86_64-4.14.268-139.500.amzn1.x86_64
    perf-4.14.268-139.500.amzn1.x86_64
    kernel-devel-4.14.268-139.500.amzn1.x86_64

Vulnerable software versions

Amazon Linux AMI: All versions

External links

http://alas.aws.amazon.com/ALAS-2022-1571.html


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

8) Stack-based buffer overflow

EUVDB-ID: #VU61216

Risk: High

CVSSv3.1: 7.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2022-0435

CWE-ID: CWE-121 - Stack-based buffer overflow

Exploit availability: No

Description

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to a boundary error in the Linux kernel networking module for the Transparent Inter-Process Communication (TIPC) protocol. A remote unauthenticated attacker can send specially crafted traffic to the system, trigger a stack-based buffer overflow and execute arbitrary code on the target system.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system but requires that the TIPC bearer is set up.

Mitigation

Update the affected packages:

i686:
    perf-4.14.268-139.500.amzn1.i686
    kernel-debuginfo-4.14.268-139.500.amzn1.i686
    kernel-devel-4.14.268-139.500.amzn1.i686
    kernel-debuginfo-common-i686-4.14.268-139.500.amzn1.i686
    kernel-4.14.268-139.500.amzn1.i686
    kernel-tools-debuginfo-4.14.268-139.500.amzn1.i686
    kernel-headers-4.14.268-139.500.amzn1.i686
    perf-debuginfo-4.14.268-139.500.amzn1.i686
    kernel-tools-4.14.268-139.500.amzn1.i686
    kernel-tools-devel-4.14.268-139.500.amzn1.i686

src:
    kernel-4.14.268-139.500.amzn1.src

x86_64:
    kernel-tools-4.14.268-139.500.amzn1.x86_64
    kernel-headers-4.14.268-139.500.amzn1.x86_64
    kernel-debuginfo-4.14.268-139.500.amzn1.x86_64
    perf-debuginfo-4.14.268-139.500.amzn1.x86_64
    kernel-4.14.268-139.500.amzn1.x86_64
    kernel-tools-debuginfo-4.14.268-139.500.amzn1.x86_64
    kernel-tools-devel-4.14.268-139.500.amzn1.x86_64
    kernel-debuginfo-common-x86_64-4.14.268-139.500.amzn1.x86_64
    perf-4.14.268-139.500.amzn1.x86_64
    kernel-devel-4.14.268-139.500.amzn1.x86_64

Vulnerable software versions

Amazon Linux AMI: All versions

External links

http://alas.aws.amazon.com/ALAS-2022-1571.html


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

9) NULL pointer dereference

EUVDB-ID: #VU61210

Risk: Low

CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2022-0617

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to a NULL pointer dereference error in the Linux kernel UDF file system functionality. A local user can supply a malicious UDF image to the udf_file_write_iter() function and perform a denial of service (DoS) attack.

Mitigation

Update the affected packages:

i686:
    perf-4.14.268-139.500.amzn1.i686
    kernel-debuginfo-4.14.268-139.500.amzn1.i686
    kernel-devel-4.14.268-139.500.amzn1.i686
    kernel-debuginfo-common-i686-4.14.268-139.500.amzn1.i686
    kernel-4.14.268-139.500.amzn1.i686
    kernel-tools-debuginfo-4.14.268-139.500.amzn1.i686
    kernel-headers-4.14.268-139.500.amzn1.i686
    perf-debuginfo-4.14.268-139.500.amzn1.i686
    kernel-tools-4.14.268-139.500.amzn1.i686
    kernel-tools-devel-4.14.268-139.500.amzn1.i686

src:
    kernel-4.14.268-139.500.amzn1.src

x86_64:
    kernel-tools-4.14.268-139.500.amzn1.x86_64
    kernel-headers-4.14.268-139.500.amzn1.x86_64
    kernel-debuginfo-4.14.268-139.500.amzn1.x86_64
    perf-debuginfo-4.14.268-139.500.amzn1.x86_64
    kernel-4.14.268-139.500.amzn1.x86_64
    kernel-tools-debuginfo-4.14.268-139.500.amzn1.x86_64
    kernel-tools-devel-4.14.268-139.500.amzn1.x86_64
    kernel-debuginfo-common-x86_64-4.14.268-139.500.amzn1.x86_64
    perf-4.14.268-139.500.amzn1.x86_64
    kernel-devel-4.14.268-139.500.amzn1.x86_64

Vulnerable software versions

Amazon Linux AMI: All versions

External links

http://alas.aws.amazon.com/ALAS-2022-1571.html


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

10) Use of uninitialized resource

EUVDB-ID: #VU61110

Risk: Low

CVSSv3.1: 8.4 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:H/RL:O/RC:C]

CVE-ID: CVE-2022-0847

CWE-ID: CWE-908 - Use of Uninitialized Resource

Exploit availability: Yes

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to usage of an uninitialized resources. A local user can overwrite arbitrary file in the page cache, even if the file is read-only, and execute arbitrary code on the system with elevated privileges.

The vulnerability was dubbed Dirty Pipe.

Mitigation

Update the affected packages:

i686:
    perf-4.14.268-139.500.amzn1.i686
    kernel-debuginfo-4.14.268-139.500.amzn1.i686
    kernel-devel-4.14.268-139.500.amzn1.i686
    kernel-debuginfo-common-i686-4.14.268-139.500.amzn1.i686
    kernel-4.14.268-139.500.amzn1.i686
    kernel-tools-debuginfo-4.14.268-139.500.amzn1.i686
    kernel-headers-4.14.268-139.500.amzn1.i686
    perf-debuginfo-4.14.268-139.500.amzn1.i686
    kernel-tools-4.14.268-139.500.amzn1.i686
    kernel-tools-devel-4.14.268-139.500.amzn1.i686

src:
    kernel-4.14.268-139.500.amzn1.src

x86_64:
    kernel-tools-4.14.268-139.500.amzn1.x86_64
    kernel-headers-4.14.268-139.500.amzn1.x86_64
    kernel-debuginfo-4.14.268-139.500.amzn1.x86_64
    perf-debuginfo-4.14.268-139.500.amzn1.x86_64
    kernel-4.14.268-139.500.amzn1.x86_64
    kernel-tools-debuginfo-4.14.268-139.500.amzn1.x86_64
    kernel-tools-devel-4.14.268-139.500.amzn1.x86_64
    kernel-debuginfo-common-x86_64-4.14.268-139.500.amzn1.x86_64
    perf-4.14.268-139.500.amzn1.x86_64
    kernel-devel-4.14.268-139.500.amzn1.x86_64

Vulnerable software versions

Amazon Linux AMI: All versions

External links

http://alas.aws.amazon.com/ALAS-2022-1571.html


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

Yes. This vulnerability is being exploited in the wild.

11) Missing initialization of resource

EUVDB-ID: #VU61211

Risk: Low

CVSSv3.1: 3.3 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2022-24448

CWE-ID: CWE-909 - Missing initialization of resource

Exploit availability: No

Description

The vulnerability allows a local user to gain access to sensitive information.

The vulnerability exists due to missing initialization of resource within the fs/nfs/dir.c in the Linux kernel. If an application sets the O_DIRECTORY flag, and tries to open a regular file, nfs_atomic_open() performs a regular lookup. If a regular file is found, ENOTDIR should occur, but the server instead returns uninitialized data in the file descriptor.

Mitigation

Update the affected packages:

i686:
    perf-4.14.268-139.500.amzn1.i686
    kernel-debuginfo-4.14.268-139.500.amzn1.i686
    kernel-devel-4.14.268-139.500.amzn1.i686
    kernel-debuginfo-common-i686-4.14.268-139.500.amzn1.i686
    kernel-4.14.268-139.500.amzn1.i686
    kernel-tools-debuginfo-4.14.268-139.500.amzn1.i686
    kernel-headers-4.14.268-139.500.amzn1.i686
    perf-debuginfo-4.14.268-139.500.amzn1.i686
    kernel-tools-4.14.268-139.500.amzn1.i686
    kernel-tools-devel-4.14.268-139.500.amzn1.i686

src:
    kernel-4.14.268-139.500.amzn1.src

x86_64:
    kernel-tools-4.14.268-139.500.amzn1.x86_64
    kernel-headers-4.14.268-139.500.amzn1.x86_64
    kernel-debuginfo-4.14.268-139.500.amzn1.x86_64
    perf-debuginfo-4.14.268-139.500.amzn1.x86_64
    kernel-4.14.268-139.500.amzn1.x86_64
    kernel-tools-debuginfo-4.14.268-139.500.amzn1.x86_64
    kernel-tools-devel-4.14.268-139.500.amzn1.x86_64
    kernel-debuginfo-common-x86_64-4.14.268-139.500.amzn1.x86_64
    perf-4.14.268-139.500.amzn1.x86_64
    kernel-devel-4.14.268-139.500.amzn1.x86_64

Vulnerable software versions

Amazon Linux AMI: All versions

External links

http://alas.aws.amazon.com/ALAS-2022-1571.html


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.



###SIDEBAR###