Linux 'Dirty Pipe' Vulnerability

Hi,

I tried to add this report in my LanSweeper, but I got an error when I save or run:

Error converting data type nvarchar to bigint.

The error is related to checking the cleaned-up version number. After selecting each version component, it is converted to a number field, you probably have a Linux version like 5.a5.10. Because of the letter, it can't convert it to a number.

I adjusted the query on the report page to do some validation that the data it tries to convert is a number. The updated report is also below.

Select Top 1000000 tblAssets.AssetID,
  tblAssets.AssetName,
  tblAssets.Domain,
  tblAssets.Username,
  tblAssets.Userdomain,
  Coalesce(tsysOS.Image, tsysAssetTypes.AssetTypeIcon10) As icon,
  tblAssets.IPAddress,
  tsysIPLocations.IPLocation,
  tblAssetCustom.Manufacturer,
  tblAssetCustom.Model,
  tblLinuxSystem.osrelease,
  tblLinuxSystem.kernelrelease,
  S1.KernelVersion As [Kernel Version Cleaned],
  Case
    When Len(tblLinuxSystem.kernelrelease) -
      Len(Replace(tblLinuxSystem.kernelrelease, '.', '')) < 2 Then ''
    When IsNumeric(ParseName(S1.KernelVersion, 3)) = 1 And
      IsNumeric(ParseName(S1.KernelVersion, 2)) = 1 And
      IsNumeric(ParseName(S1.KernelVersion, 1)) = 1 And
      Cast(ParseName(S1.KernelVersion, 3) As bigint) = 5 And
      Cast(ParseName(S1.KernelVersion, 2) As bigint) = 10 And
      Cast(ParseName(S1.KernelVersion, 1) As bigint) >= 102 Then 'Safe'
    When IsNumeric(ParseName(S1.KernelVersion, 3)) = 1 And
      IsNumeric(ParseName(S1.KernelVersion, 2)) = 1 And
      IsNumeric(ParseName(S1.KernelVersion, 1)) = 1 And
      Cast(ParseName(S1.KernelVersion, 3) As bigint) = 5 And
      Cast(ParseName(S1.KernelVersion, 2) As bigint) = 15 And
      Cast(ParseName(S1.KernelVersion, 1) As bigint) >= 25 Then 'Safe'
    When IsNumeric(ParseName(S1.KernelVersion, 3)) = 1 And
      IsNumeric(ParseName(S1.KernelVersion, 2)) = 1 And
      IsNumeric(ParseName(S1.KernelVersion, 1)) = 1 And
      Cast(ParseName(S1.KernelVersion, 3) As bigint) = 5 And
      Cast(ParseName(S1.KernelVersion, 2) As bigint) = 16 And
      Cast(ParseName(S1.KernelVersion, 1) As bigint) >= 11 Then 'Safe'
    Else 'Vulnerable'
  End As [Safe/Vulnerable],
  Case
    When tblErrors.ErrorText Is Not Null Or
      tblErrors.ErrorText != '' Then
      'Scanning Error: ' + tsysasseterrortypes.ErrorMsg
    Else ''
  End As ScanningErrors,
  tblAssets.Lastseen,
  tblAssets.Lasttried,
  Case
    When Len(tblLinuxSystem.kernelrelease) -
      Len(Replace(tblLinuxSystem.kernelrelease, '.', '')) < 2 Then ''
    When IsNumeric(ParseName(S1.KernelVersion, 3)) = 1 And
      IsNumeric(ParseName(S1.KernelVersion, 2)) = 1 And
      IsNumeric(ParseName(S1.KernelVersion, 1)) = 1 And
      Cast(ParseName(S1.KernelVersion, 3) As bigint) = 5 And
      Cast(ParseName(S1.KernelVersion, 2) As bigint) = 10 And
      Cast(ParseName(S1.KernelVersion, 1) As bigint) >= 102 Then '#d4f4be'
    When IsNumeric(ParseName(S1.KernelVersion, 3)) = 1 And
      IsNumeric(ParseName(S1.KernelVersion, 2)) = 1 And
      IsNumeric(ParseName(S1.KernelVersion, 1)) = 1 And
      Cast(ParseName(S1.KernelVersion, 3) As bigint) = 5 And
      Cast(ParseName(S1.KernelVersion, 2) As bigint) = 15 And
      Cast(ParseName(S1.KernelVersion, 1) As bigint) >= 25 Then '#d4f4be'
    When IsNumeric(ParseName(S1.KernelVersion, 3)) = 1 And
      IsNumeric(ParseName(S1.KernelVersion, 2)) = 1 And
      IsNumeric(ParseName(S1.KernelVersion, 1)) = 1 And
      Cast(ParseName(S1.KernelVersion, 3) As bigint) = 5 And
      Cast(ParseName(S1.KernelVersion, 2) As bigint) = 16 And
      Cast(ParseName(S1.KernelVersion, 1) As bigint) >= 11 Then '#d4f4be'
    Else '#ffadad'
  End As backgroundcolor
From tblAssets
  Inner Join tblAssetCustom On tblAssets.AssetID = tblAssetCustom.AssetID
  Inner Join tsysAssetTypes On tsysAssetTypes.AssetType = tblAssets.Assettype
  Inner Join tsysIPLocations On tsysIPLocations.LocationID =
      tblAssets.LocationID
  Inner Join tblLinuxSystem On tblLinuxSystem.AssetID = tblAssets.AssetID
  Left Join (Select tblLinuxSystem.AssetID,
      Case
        When tblLinuxSystem.kernelrelease Like '%-%' Then
          Left(tblLinuxSystem.kernelrelease, CharIndex('-',
          tblLinuxSystem.kernelrelease) - 1)
      End As KernelVersion
    From tblLinuxSystem) As S1 On S1.AssetID = tblAssets.AssetID
  Inner Join tblState On tblState.State = tblAssetCustom.State
  Left Join tsysOS On tsysOS.OScode = tblAssets.OScode
  Left Join (Select Distinct Top 1000000 tblErrors.AssetID As ID,
      Max(tblErrors.Teller) As ErrorID
    From tblErrors
    Group By tblErrors.AssetID) As ScanningError On tblAssets.AssetID =
      ScanningError.ID
  Left Join tblErrors On ScanningError.ErrorID = tblErrors.Teller
  Left Join tsysasseterrortypes On tsysasseterrortypes.Errortype =
      tblErrors.ErrorType
Where tblState.Statename = 'Active'
Order By tblAssets.Domain,
  tblAssets.AssetName

I've been patching lots of Ubuntu 20.04 servers today, but the report is still showing red/vulnerable status.

Shouldn't kernel 5.4.0-104-generic be a safe version?

Esben.D wrote:
<cut>

Esben,
Could we get the 5.4.0-104 kernel version recognized, and update the report to also properly report on which Kernel versions are not impacted by this.
I.E. Xenial/16.04 v4.4.0

https://ubuntu.com/security/CVE-2022-0847

Canonical urges all Ubuntu users to update their installations to the new Linux kernel versions available in the stable repositories (linux-image 5.13.0.35.44 for Ubuntu 21.10 and Ubuntu 20.04.4 LTS, linux-image 5.4.0.104.108 for Ubuntu 20.04 LTS, as well as linux-image-hwe 5.4.0.104.118~18.04.89 for Ubuntu 18.04.6 LTS).

Canonical released today Ubuntu 20.04.4 as the fourth point release for its long-term supported Ubuntu 20.04 LTS (Focal Fossa) operating system series.

Released on April 23rd, 2020, the Ubuntu 20.04 LTS (Focal Fossa) operating system series is a long-term supported one that will receive software and security updates for a least five years, until April 2025, on the desktop.

Canonical also provides the community with up-to-date installation media every six months incorporating newer Linux kernel and Mesa graphics stacks. The Ubuntu 20.04.4 point release is here with Linux kernel 5.13 and Mesa 21.2.6 graphics stacks from Ubuntu 21.10 (Impish Indri).

However, the Linux 5.13 HWE (Hardware Enablement) kernel included in the Ubuntu 20.04.4 point release is intended only for new installations. Therefore, users running Ubuntu 20.04 LTS with the stock kernel (e.g. Linux 5.4), won’t receive the newer kernel when performing an upgrade. They will have to manually install it if they want to use the newer kernel from Ubuntu 21.10.

Updated.

for future reference, you can add other versions manually by adding the following to the query and adjust the highlighted:

In the first [Safe/Vulnerable] case statement

When IsNumeric(ParseName(S1.KernelVersion, 3)) = 1 And
IsNumeric(ParseName(S1.KernelVersion, 2)) = 1 And
IsNumeric(ParseName(S1.KernelVersion, 1)) = 1 And
Cast(ParseName(S1.KernelVersion, 3) As bigint) = 5 And
Cast(ParseName(S1.KernelVersion, 2) As bigint) = 4 And
Cast(ParseName(S1.KernelVersion, 1) As bigint) >= 0 Then 'Safe'

In the backgroundcolor case statement:

When IsNumeric(ParseName(S1.KernelVersion, 3)) = 1 And
IsNumeric(ParseName(S1.KernelVersion, 2)) = 1 And
IsNumeric(ParseName(S1.KernelVersion, 1)) = 1 And
Cast(ParseName(S1.KernelVersion, 3) As bigint) = 5 And
Cast(ParseName(S1.KernelVersion, 2) As bigint) = 4 And
Cast(ParseName(S1.KernelVersion, 1) As bigint) >= 0 Then '#d4f4be'