Find Linux Distributions With an Outdated Kernel Version
A new Kernal version 5.15 was released on October 31, 2021. This version includes a fix for a critical remote code execution vulnerability in the Transparent Inter Process Communication (TIPC) Module. Listed as CVE-2021-43267, TIPC is a transport layer protocol created for machines running in dynamic cluster environments so that they can communicate with each other in a way that is both more efficient and fault-tolerant than for example TCP. SentinelOne identified a vulnerability with a new message type "MSG_CRYPTO" designed to send cryptographic keys.
According to the report, the vulnerability "can be exploited locally or remotely within a network to gain kernel privileges, and would allow an attacker to compromise the entire system," and while there are no reports of exploitation yet, a fix was released with Kernel version 5.15. To check which Kernel version you have on your Linux devices, we've created a color-coded report that shows all your Linux assets with their Kernel version so you know which machines require a kernel update.
Linux Kernel TIPC Module Vulnerability Query
Select Top 1000000 tblAssets.AssetID, tblAssets.AssetName, tblAssets.Domain, tblAssets.Username, tblAssets.Userdomain, Coalesce(tsysOS.Image, tsysAssetTypes.AssetTypeIcon10) As icon, tblAssets.IPAddress, tsysIPLocations.IPLocation, tblAssetCustom.Manufacturer, tblAssetCustom.Model, tblLinuxSystem.osrelease, tblLinuxSystem.kernelrelease, Case when tblLinuxSystem.kernelrelease like '5.11%' then 'Vulnerable' when tblLinuxSystem.kernelrelease like '5.12%' then 'Vulnerable' when tblLinuxSystem.kernelrelease like '5.13%' then 'Vulnerable' when tblLinuxSystem.kernelrelease like '5.14%' then 'Vulnerable' When tblLinuxSystem.kernelrelease is NULL then '' else 'Safe' end as [Safe/Vulnerable], Case When tblErrors.ErrorText Is Not Null Or tblErrors.ErrorText != '' Then 'Scanning Error: ' + tsysasseterrortypes.ErrorMsg Else '' End As ScanningErrors, tblAssets.Lastseen, tblAssets.Lasttried, Case when tblLinuxSystem.kernelrelease like '5.11%' then '#ffadad' when tblLinuxSystem.kernelrelease like '5.12%' then '#ffadad' when tblLinuxSystem.kernelrelease like '5.13%' then '#ffadad' when tblLinuxSystem.kernelrelease like '5.14%' then '#ffadad' When tblLinuxSystem.kernelrelease is NULL then '' else '#d4f4be' end as backgroundcolor From tblAssets Inner Join tblAssetCustom On tblAssets.AssetID = tblAssetCustom.AssetID Inner Join tsysAssetTypes On tsysAssetTypes.AssetType = tblAssets.Assettype Inner Join tsysIPLocations On tsysIPLocations.LocationID = tblAssets.LocationID inner join tblLinuxSystem on tblLinuxSystem.AssetID = tblassets.AssetID Inner Join tblState On tblState.State = tblAssetCustom.State Left Join tsysOS On tsysOS.OScode = tblAssets.OScode Left Join (Select Distinct Top 1000000 tblErrors.AssetID As ID, Max(tblErrors.Teller) As ErrorID From tblErrors Group By tblErrors.AssetID) As ScanningError On tblAssets.AssetID = ScanningError.ID Left Join tblErrors On ScanningError.ErrorID = tblErrors.Teller Left Join tsysasseterrortypes On tsysasseterrortypes.Errortype = tblErrors.ErrorType Where tblState.Statename = 'Active' Order By tblAssets.Domain, tblAssets.AssetName