Amazon Linux AMI update for kernel
| Risk | High |
| Patch available | YES |
| Number of vulnerabilities | 11 |
| CVE-ID | CVE-2018-25020 CVE-2020-36322 CVE-2021-38199 CVE-2021-4197 CVE-2022-0001 CVE-2022-0002 CVE-2022-0330 CVE-2022-0435 CVE-2022-0617 CVE-2022-0847 CVE-2022-24448 |
| CWE-ID | CWE-119 CWE-404 CWE-362 CWE-264 CWE-200 CWE-121 CWE-476 CWE-908 CWE-909 |
| Exploitation vector | Network |
| Public exploit | Vulnerability #10 is being exploited in the wild. |
| Vulnerable software |
Amazon Linux AMI Operating systems & Components / Operating system |
| Vendor | Amazon Web Services |
Security Bulletin
This security bulletin contains information about 11 vulnerabilities.
1) Buffer overflow
EUVDB-ID: #VU61205
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2018-25020
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a boundary error within the BPF subsystem in the Linux kernel in ernel/bpf/core.c and net/core/filter.c. The kernel mishandles situations with a long jump over an instruction sequence
where inner instructions require substantial expansions into multiple
BPF instructions. A local user can run a specially crafted program to trigger memory corruption and execute arbitrary code with elevated privileges.
Update the affected packages:
i686:Vulnerable software versions
perf-4.14.268-139.500.amzn1.i686
kernel-debuginfo-4.14.268-139.500.amzn1.i686
kernel-devel-4.14.268-139.500.amzn1.i686
kernel-debuginfo-common-i686-4.14.268-139.500.amzn1.i686
kernel-4.14.268-139.500.amzn1.i686
kernel-tools-debuginfo-4.14.268-139.500.amzn1.i686
kernel-headers-4.14.268-139.500.amzn1.i686
perf-debuginfo-4.14.268-139.500.amzn1.i686
kernel-tools-4.14.268-139.500.amzn1.i686
kernel-tools-devel-4.14.268-139.500.amzn1.i686
src:
kernel-4.14.268-139.500.amzn1.src
x86_64:
kernel-tools-4.14.268-139.500.amzn1.x86_64
kernel-headers-4.14.268-139.500.amzn1.x86_64
kernel-debuginfo-4.14.268-139.500.amzn1.x86_64
perf-debuginfo-4.14.268-139.500.amzn1.x86_64
kernel-4.14.268-139.500.amzn1.x86_64
kernel-tools-debuginfo-4.14.268-139.500.amzn1.x86_64
kernel-tools-devel-4.14.268-139.500.amzn1.x86_64
kernel-debuginfo-common-x86_64-4.14.268-139.500.amzn1.x86_64
perf-4.14.268-139.500.amzn1.x86_64
kernel-devel-4.14.268-139.500.amzn1.x86_64
Amazon Linux AMI: All versions
CPE2.3 External linkshttps://alas.aws.amazon.com/ALAS-2022-1571.html
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
2) Improper Resource Shutdown or Release
EUVDB-ID: #VU59473
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2020-36322
CWE-ID:
CWE-404 - Improper Resource Shutdown or Release
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists in the FUSE filesystem implementation in the Linux kernel due to fuse_do_getattr() calls make_bad_inode() in inappropriate situations. A local user can run a specially crafted program to trigger kernel crash.
Note, the vulnerability exists due to incomplete fix for #VU58207 (CVE-2021-28950).
Update the affected packages:
i686:Vulnerable software versions
perf-4.14.268-139.500.amzn1.i686
kernel-debuginfo-4.14.268-139.500.amzn1.i686
kernel-devel-4.14.268-139.500.amzn1.i686
kernel-debuginfo-common-i686-4.14.268-139.500.amzn1.i686
kernel-4.14.268-139.500.amzn1.i686
kernel-tools-debuginfo-4.14.268-139.500.amzn1.i686
kernel-headers-4.14.268-139.500.amzn1.i686
perf-debuginfo-4.14.268-139.500.amzn1.i686
kernel-tools-4.14.268-139.500.amzn1.i686
kernel-tools-devel-4.14.268-139.500.amzn1.i686
src:
kernel-4.14.268-139.500.amzn1.src
x86_64:
kernel-tools-4.14.268-139.500.amzn1.x86_64
kernel-headers-4.14.268-139.500.amzn1.x86_64
kernel-debuginfo-4.14.268-139.500.amzn1.x86_64
perf-debuginfo-4.14.268-139.500.amzn1.x86_64
kernel-4.14.268-139.500.amzn1.x86_64
kernel-tools-debuginfo-4.14.268-139.500.amzn1.x86_64
kernel-tools-devel-4.14.268-139.500.amzn1.x86_64
kernel-debuginfo-common-x86_64-4.14.268-139.500.amzn1.x86_64
perf-4.14.268-139.500.amzn1.x86_64
kernel-devel-4.14.268-139.500.amzn1.x86_64
Amazon Linux AMI: All versions
CPE2.3 External linkshttps://alas.aws.amazon.com/ALAS-2022-1571.html
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
3) Race condition
EUVDB-ID: #VU61208
Risk: Low
CVSSv4.0: 1.3 [CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2021-38199
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to fs/nfs/nfs4client.c in the Linux kernel has incorrect connection-setup ordering. A remote attacker with access to a remote NFSv4 server can perform a denial of service (DoS) attack by arranging the server to be unreachable during trunking detection.
MitigationUpdate the affected packages:
i686:Vulnerable software versions
perf-4.14.268-139.500.amzn1.i686
kernel-debuginfo-4.14.268-139.500.amzn1.i686
kernel-devel-4.14.268-139.500.amzn1.i686
kernel-debuginfo-common-i686-4.14.268-139.500.amzn1.i686
kernel-4.14.268-139.500.amzn1.i686
kernel-tools-debuginfo-4.14.268-139.500.amzn1.i686
kernel-headers-4.14.268-139.500.amzn1.i686
perf-debuginfo-4.14.268-139.500.amzn1.i686
kernel-tools-4.14.268-139.500.amzn1.i686
kernel-tools-devel-4.14.268-139.500.amzn1.i686
src:
kernel-4.14.268-139.500.amzn1.src
x86_64:
kernel-tools-4.14.268-139.500.amzn1.x86_64
kernel-headers-4.14.268-139.500.amzn1.x86_64
kernel-debuginfo-4.14.268-139.500.amzn1.x86_64
perf-debuginfo-4.14.268-139.500.amzn1.x86_64
kernel-4.14.268-139.500.amzn1.x86_64
kernel-tools-debuginfo-4.14.268-139.500.amzn1.x86_64
kernel-tools-devel-4.14.268-139.500.amzn1.x86_64
kernel-debuginfo-common-x86_64-4.14.268-139.500.amzn1.x86_64
perf-4.14.268-139.500.amzn1.x86_64
kernel-devel-4.14.268-139.500.amzn1.x86_64
Amazon Linux AMI: All versions
CPE2.3 External linkshttps://alas.aws.amazon.com/ALAS-2022-1571.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the local network (LAN).
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
4) Security restrictions bypass
EUVDB-ID: #VU61258
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2021-4197
CWE-ID:
CWE-264 - Permissions, Privileges, and Access Controls
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to missing permissions checks within the cgroups (control groups) functionality of Linux Kernel when writing into a file descriptor. A local low privileged process can trick a higher privileged parent process into writing arbitrary data into files, which can result in denial of service or privileges escalation.
Update the affected packages:
i686:Vulnerable software versions
perf-4.14.268-139.500.amzn1.i686
kernel-debuginfo-4.14.268-139.500.amzn1.i686
kernel-devel-4.14.268-139.500.amzn1.i686
kernel-debuginfo-common-i686-4.14.268-139.500.amzn1.i686
kernel-4.14.268-139.500.amzn1.i686
kernel-tools-debuginfo-4.14.268-139.500.amzn1.i686
kernel-headers-4.14.268-139.500.amzn1.i686
perf-debuginfo-4.14.268-139.500.amzn1.i686
kernel-tools-4.14.268-139.500.amzn1.i686
kernel-tools-devel-4.14.268-139.500.amzn1.i686
src:
kernel-4.14.268-139.500.amzn1.src
x86_64:
kernel-tools-4.14.268-139.500.amzn1.x86_64
kernel-headers-4.14.268-139.500.amzn1.x86_64
kernel-debuginfo-4.14.268-139.500.amzn1.x86_64
perf-debuginfo-4.14.268-139.500.amzn1.x86_64
kernel-4.14.268-139.500.amzn1.x86_64
kernel-tools-debuginfo-4.14.268-139.500.amzn1.x86_64
kernel-tools-devel-4.14.268-139.500.amzn1.x86_64
kernel-debuginfo-common-x86_64-4.14.268-139.500.amzn1.x86_64
perf-4.14.268-139.500.amzn1.x86_64
kernel-devel-4.14.268-139.500.amzn1.x86_64
Amazon Linux AMI: All versions
CPE2.3 External linkshttps://alas.aws.amazon.com/ALAS-2022-1571.html
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
5) Information disclosure
EUVDB-ID: #VU61198
Risk: Low
CVSSv4.0: 1.9 [CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2022-0001
CWE-ID:
CWE-200 - Information exposure
Exploit availability: No
DescriptionThe vulnerability allows a local user to gain access to potentially sensitive information.
The vulnerability exists due to non-transparent sharing of branch predictor selectors between contexts. A local user can gain unauthorized access to sensitive information on the system.
MitigationUpdate the affected packages:
i686:Vulnerable software versions
perf-4.14.268-139.500.amzn1.i686
kernel-debuginfo-4.14.268-139.500.amzn1.i686
kernel-devel-4.14.268-139.500.amzn1.i686
kernel-debuginfo-common-i686-4.14.268-139.500.amzn1.i686
kernel-4.14.268-139.500.amzn1.i686
kernel-tools-debuginfo-4.14.268-139.500.amzn1.i686
kernel-headers-4.14.268-139.500.amzn1.i686
perf-debuginfo-4.14.268-139.500.amzn1.i686
kernel-tools-4.14.268-139.500.amzn1.i686
kernel-tools-devel-4.14.268-139.500.amzn1.i686
src:
kernel-4.14.268-139.500.amzn1.src
x86_64:
kernel-tools-4.14.268-139.500.amzn1.x86_64
kernel-headers-4.14.268-139.500.amzn1.x86_64
kernel-debuginfo-4.14.268-139.500.amzn1.x86_64
perf-debuginfo-4.14.268-139.500.amzn1.x86_64
kernel-4.14.268-139.500.amzn1.x86_64
kernel-tools-debuginfo-4.14.268-139.500.amzn1.x86_64
kernel-tools-devel-4.14.268-139.500.amzn1.x86_64
kernel-debuginfo-common-x86_64-4.14.268-139.500.amzn1.x86_64
perf-4.14.268-139.500.amzn1.x86_64
kernel-devel-4.14.268-139.500.amzn1.x86_64
Amazon Linux AMI: All versions
CPE2.3 External linkshttps://alas.aws.amazon.com/ALAS-2022-1571.html
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
6) Information disclosure
EUVDB-ID: #VU61199
Risk: Low
CVSSv4.0: 1.9 [CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2022-0002
CWE-ID:
CWE-200 - Information exposure
Exploit availability: No
DescriptionThe vulnerability allows a local user to gain access to potentially sensitive information.
The vulnerability exists due to non-transparent sharing of branch predictor within a context. A local user can gain unauthorized access to sensitive information on the system.
MitigationUpdate the affected packages:
i686:Vulnerable software versions
perf-4.14.268-139.500.amzn1.i686
kernel-debuginfo-4.14.268-139.500.amzn1.i686
kernel-devel-4.14.268-139.500.amzn1.i686
kernel-debuginfo-common-i686-4.14.268-139.500.amzn1.i686
kernel-4.14.268-139.500.amzn1.i686
kernel-tools-debuginfo-4.14.268-139.500.amzn1.i686
kernel-headers-4.14.268-139.500.amzn1.i686
perf-debuginfo-4.14.268-139.500.amzn1.i686
kernel-tools-4.14.268-139.500.amzn1.i686
kernel-tools-devel-4.14.268-139.500.amzn1.i686
src:
kernel-4.14.268-139.500.amzn1.src
x86_64:
kernel-tools-4.14.268-139.500.amzn1.x86_64
kernel-headers-4.14.268-139.500.amzn1.x86_64
kernel-debuginfo-4.14.268-139.500.amzn1.x86_64
perf-debuginfo-4.14.268-139.500.amzn1.x86_64
kernel-4.14.268-139.500.amzn1.x86_64
kernel-tools-debuginfo-4.14.268-139.500.amzn1.x86_64
kernel-tools-devel-4.14.268-139.500.amzn1.x86_64
kernel-debuginfo-common-x86_64-4.14.268-139.500.amzn1.x86_64
perf-4.14.268-139.500.amzn1.x86_64
kernel-devel-4.14.268-139.500.amzn1.x86_64
Amazon Linux AMI: All versions
CPE2.3 External linkshttps://alas.aws.amazon.com/ALAS-2022-1571.html
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
7) Buffer overflow
EUVDB-ID: #VU60988
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2022-0330
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a random memory access flaw caused by a missing TLB flush in Linux kernel GPU i915 kernel driver functionality. A local user can execute arbitrary code on the system with elevated privileges.
Update the affected packages:
i686:Vulnerable software versions
perf-4.14.268-139.500.amzn1.i686
kernel-debuginfo-4.14.268-139.500.amzn1.i686
kernel-devel-4.14.268-139.500.amzn1.i686
kernel-debuginfo-common-i686-4.14.268-139.500.amzn1.i686
kernel-4.14.268-139.500.amzn1.i686
kernel-tools-debuginfo-4.14.268-139.500.amzn1.i686
kernel-headers-4.14.268-139.500.amzn1.i686
perf-debuginfo-4.14.268-139.500.amzn1.i686
kernel-tools-4.14.268-139.500.amzn1.i686
kernel-tools-devel-4.14.268-139.500.amzn1.i686
src:
kernel-4.14.268-139.500.amzn1.src
x86_64:
kernel-tools-4.14.268-139.500.amzn1.x86_64
kernel-headers-4.14.268-139.500.amzn1.x86_64
kernel-debuginfo-4.14.268-139.500.amzn1.x86_64
perf-debuginfo-4.14.268-139.500.amzn1.x86_64
kernel-4.14.268-139.500.amzn1.x86_64
kernel-tools-debuginfo-4.14.268-139.500.amzn1.x86_64
kernel-tools-devel-4.14.268-139.500.amzn1.x86_64
kernel-debuginfo-common-x86_64-4.14.268-139.500.amzn1.x86_64
perf-4.14.268-139.500.amzn1.x86_64
kernel-devel-4.14.268-139.500.amzn1.x86_64
Amazon Linux AMI: All versions
CPE2.3 External linkshttps://alas.aws.amazon.com/ALAS-2022-1571.html
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
8) Stack-based buffer overflow
EUVDB-ID: #VU61216
Risk: High
CVSSv4.0: 6.1 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]
CVE-ID: CVE-2022-0435
CWE-ID:
CWE-121 - Stack-based buffer overflow
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error in the Linux kernel networking module for the Transparent Inter-Process Communication (TIPC) protocol. A remote unauthenticated attacker can send specially crafted traffic to the system, trigger a stack-based buffer overflow and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system but requires that the TIPC bearer is set up.
Update the affected packages:
i686:Vulnerable software versions
perf-4.14.268-139.500.amzn1.i686
kernel-debuginfo-4.14.268-139.500.amzn1.i686
kernel-devel-4.14.268-139.500.amzn1.i686
kernel-debuginfo-common-i686-4.14.268-139.500.amzn1.i686
kernel-4.14.268-139.500.amzn1.i686
kernel-tools-debuginfo-4.14.268-139.500.amzn1.i686
kernel-headers-4.14.268-139.500.amzn1.i686
perf-debuginfo-4.14.268-139.500.amzn1.i686
kernel-tools-4.14.268-139.500.amzn1.i686
kernel-tools-devel-4.14.268-139.500.amzn1.i686
src:
kernel-4.14.268-139.500.amzn1.src
x86_64:
kernel-tools-4.14.268-139.500.amzn1.x86_64
kernel-headers-4.14.268-139.500.amzn1.x86_64
kernel-debuginfo-4.14.268-139.500.amzn1.x86_64
perf-debuginfo-4.14.268-139.500.amzn1.x86_64
kernel-4.14.268-139.500.amzn1.x86_64
kernel-tools-debuginfo-4.14.268-139.500.amzn1.x86_64
kernel-tools-devel-4.14.268-139.500.amzn1.x86_64
kernel-debuginfo-common-x86_64-4.14.268-139.500.amzn1.x86_64
perf-4.14.268-139.500.amzn1.x86_64
kernel-devel-4.14.268-139.500.amzn1.x86_64
Amazon Linux AMI: All versions
CPE2.3 External linkshttps://alas.aws.amazon.com/ALAS-2022-1571.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
9) NULL pointer dereference
EUVDB-ID: #VU61210
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2022-0617
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to a NULL pointer dereference error in the Linux kernel UDF file system functionality. A local user can supply a malicious UDF image to the udf_file_write_iter() function and perform a denial of service (DoS) attack.
Update the affected packages:
i686:Vulnerable software versions
perf-4.14.268-139.500.amzn1.i686
kernel-debuginfo-4.14.268-139.500.amzn1.i686
kernel-devel-4.14.268-139.500.amzn1.i686
kernel-debuginfo-common-i686-4.14.268-139.500.amzn1.i686
kernel-4.14.268-139.500.amzn1.i686
kernel-tools-debuginfo-4.14.268-139.500.amzn1.i686
kernel-headers-4.14.268-139.500.amzn1.i686
perf-debuginfo-4.14.268-139.500.amzn1.i686
kernel-tools-4.14.268-139.500.amzn1.i686
kernel-tools-devel-4.14.268-139.500.amzn1.i686
src:
kernel-4.14.268-139.500.amzn1.src
x86_64:
kernel-tools-4.14.268-139.500.amzn1.x86_64
kernel-headers-4.14.268-139.500.amzn1.x86_64
kernel-debuginfo-4.14.268-139.500.amzn1.x86_64
perf-debuginfo-4.14.268-139.500.amzn1.x86_64
kernel-4.14.268-139.500.amzn1.x86_64
kernel-tools-debuginfo-4.14.268-139.500.amzn1.x86_64
kernel-tools-devel-4.14.268-139.500.amzn1.x86_64
kernel-debuginfo-common-x86_64-4.14.268-139.500.amzn1.x86_64
perf-4.14.268-139.500.amzn1.x86_64
kernel-devel-4.14.268-139.500.amzn1.x86_64
Amazon Linux AMI: All versions
CPE2.3 External linkshttps://alas.aws.amazon.com/ALAS-2022-1571.html
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
10) Use of uninitialized resource
EUVDB-ID: #VU61110
Risk: Low
CVSSv4.0: 8.5 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:A/U:Clear]
CVE-ID: CVE-2022-0847
CWE-ID:
CWE-908 - Use of Uninitialized Resource
Exploit availability: Yes
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to usage of an uninitialized resources. A local user can overwrite arbitrary file in the page cache, even if the file is read-only, and execute arbitrary code on the system with elevated privileges.
The vulnerability was dubbed Dirty Pipe.
Update the affected packages:
i686:Vulnerable software versions
perf-4.14.268-139.500.amzn1.i686
kernel-debuginfo-4.14.268-139.500.amzn1.i686
kernel-devel-4.14.268-139.500.amzn1.i686
kernel-debuginfo-common-i686-4.14.268-139.500.amzn1.i686
kernel-4.14.268-139.500.amzn1.i686
kernel-tools-debuginfo-4.14.268-139.500.amzn1.i686
kernel-headers-4.14.268-139.500.amzn1.i686
perf-debuginfo-4.14.268-139.500.amzn1.i686
kernel-tools-4.14.268-139.500.amzn1.i686
kernel-tools-devel-4.14.268-139.500.amzn1.i686
src:
kernel-4.14.268-139.500.amzn1.src
x86_64:
kernel-tools-4.14.268-139.500.amzn1.x86_64
kernel-headers-4.14.268-139.500.amzn1.x86_64
kernel-debuginfo-4.14.268-139.500.amzn1.x86_64
perf-debuginfo-4.14.268-139.500.amzn1.x86_64
kernel-4.14.268-139.500.amzn1.x86_64
kernel-tools-debuginfo-4.14.268-139.500.amzn1.x86_64
kernel-tools-devel-4.14.268-139.500.amzn1.x86_64
kernel-debuginfo-common-x86_64-4.14.268-139.500.amzn1.x86_64
perf-4.14.268-139.500.amzn1.x86_64
kernel-devel-4.14.268-139.500.amzn1.x86_64
Amazon Linux AMI: All versions
CPE2.3 External linkshttps://alas.aws.amazon.com/ALAS-2022-1571.html
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
Yes. This vulnerability is being exploited in the wild.
11) Missing initialization of resource
EUVDB-ID: #VU61211
Risk: Low
CVSSv4.0: 1.1 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2022-24448
CWE-ID:
CWE-909 - Missing initialization of resource
Exploit availability: No
DescriptionThe vulnerability allows a local user to gain access to sensitive information.
The vulnerability exists due to missing initialization of resource within the fs/nfs/dir.c in the Linux kernel. If an application sets the O_DIRECTORY flag, and tries to open a regular file, nfs_atomic_open() performs a regular lookup. If a regular file is found, ENOTDIR should occur, but the server instead returns uninitialized data in the file descriptor.
Update the affected packages:
i686:Vulnerable software versions
perf-4.14.268-139.500.amzn1.i686
kernel-debuginfo-4.14.268-139.500.amzn1.i686
kernel-devel-4.14.268-139.500.amzn1.i686
kernel-debuginfo-common-i686-4.14.268-139.500.amzn1.i686
kernel-4.14.268-139.500.amzn1.i686
kernel-tools-debuginfo-4.14.268-139.500.amzn1.i686
kernel-headers-4.14.268-139.500.amzn1.i686
perf-debuginfo-4.14.268-139.500.amzn1.i686
kernel-tools-4.14.268-139.500.amzn1.i686
kernel-tools-devel-4.14.268-139.500.amzn1.i686
src:
kernel-4.14.268-139.500.amzn1.src
x86_64:
kernel-tools-4.14.268-139.500.amzn1.x86_64
kernel-headers-4.14.268-139.500.amzn1.x86_64
kernel-debuginfo-4.14.268-139.500.amzn1.x86_64
perf-debuginfo-4.14.268-139.500.amzn1.x86_64
kernel-4.14.268-139.500.amzn1.x86_64
kernel-tools-debuginfo-4.14.268-139.500.amzn1.x86_64
kernel-tools-devel-4.14.268-139.500.amzn1.x86_64
kernel-debuginfo-common-x86_64-4.14.268-139.500.amzn1.x86_64
perf-4.14.268-139.500.amzn1.x86_64
kernel-devel-4.14.268-139.500.amzn1.x86_64
Amazon Linux AMI: All versions
CPE2.3 External linkshttps://alas.aws.amazon.com/ALAS-2022-1571.html
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
