Find Linux Distributions With an Outdated Kernel Version
A new Kernal version 5.15 was released on October 31, 2021. This version includes a fix for a critical remote code execution vulnerability in the Transparent Inter Process Communication (TIPC) Module. Listed as CVE-2021-43267, TIPC is a transport layer protocol created for machines running in dynamic cluster environments so that they can communicate with each other in a way that is both more efficient and fault-tolerant than for example TCP. SentinelOne identified a vulnerability with a new message type „MSG_CRYPTO“ designed to send cryptographic keys.
According to the report, the vulnerability „can be exploited locally or remotely within a network to gain kernel privileges, and would allow an attacker to compromise the entire system,“ and while there are no reports of exploitation yet, a fix was released with Kernel version 5.15. To check which Kernel version you have on your Linux devices, we’ve created a color-coded report that shows all your Linux assets with their Kernel version so you know which machines require a kernel update.
Linux Kernel TIPC Module Vulnerability Query
Select Top 1000000 tblAssets.AssetID,
tblAssets.AssetName,
tblAssets.Domain,
tblAssets.Username,
tblAssets.Userdomain,
Coalesce(tsysOS.Image, tsysAssetTypes.AssetTypeIcon10) As icon,
tblAssets.IPAddress,
tsysIPLocations.IPLocation,
tblAssetCustom.Manufacturer,
tblAssetCustom.Model,
tblLinuxSystem.osrelease,
tblLinuxSystem.kernelrelease,
Case
when tblLinuxSystem.kernelrelease like '5.11%' then 'Vulnerable'
when tblLinuxSystem.kernelrelease like '5.12%' then 'Vulnerable'
when tblLinuxSystem.kernelrelease like '5.13%' then 'Vulnerable'
when tblLinuxSystem.kernelrelease like '5.14%' then 'Vulnerable'
When tblLinuxSystem.kernelrelease is NULL then ''
else 'Safe'
end as [Safe/Vulnerable],
Case
When tblErrors.ErrorText Is Not Null Or
tblErrors.ErrorText != '' Then
'Scanning Error: ' + tsysasseterrortypes.ErrorMsg
Else ''
End As ScanningErrors,
tblAssets.Lastseen,
tblAssets.Lasttried,
Case
when tblLinuxSystem.kernelrelease like '5.11%' then '#ffadad'
when tblLinuxSystem.kernelrelease like '5.12%' then '#ffadad'
when tblLinuxSystem.kernelrelease like '5.13%' then '#ffadad'
when tblLinuxSystem.kernelrelease like '5.14%' then '#ffadad'
When tblLinuxSystem.kernelrelease is NULL then ''
else '#d4f4be'
end as backgroundcolor
From tblAssets
Inner Join tblAssetCustom On tblAssets.AssetID = tblAssetCustom.AssetID
Inner Join tsysAssetTypes On tsysAssetTypes.AssetType = tblAssets.Assettype
Inner Join tsysIPLocations On tsysIPLocations.LocationID =
tblAssets.LocationID
inner join tblLinuxSystem on tblLinuxSystem.AssetID = tblassets.AssetID
Inner Join tblState On tblState.State = tblAssetCustom.State
Left Join tsysOS On tsysOS.OScode = tblAssets.OScode
Left Join (Select Distinct Top 1000000 tblErrors.AssetID As ID,
Max(tblErrors.Teller) As ErrorID
From tblErrors
Group By tblErrors.AssetID) As ScanningError On tblAssets.AssetID =
ScanningError.ID
Left Join tblErrors On ScanningError.ErrorID = tblErrors.Teller
Left Join tsysasseterrortypes On tsysasseterrortypes.Errortype =
tblErrors.ErrorType
Where tblState.Statename = 'Active'
Order By tblAssets.Domain,
tblAssets.AssetName