Distro: Amazon Linux
Add support for ingesting Amazon Linux into the command line component for vuln-list ingestion.
Trivy Ingestion Code
Ingestion
- Organization:
/amazon/<distro version 1, 2, 2022>/- Example:
/amazon/2022/ - JSON files named:
ALAS2022-2022-042.json
- Example:
- Mapping to CVE
- root property
cveidsprovides a list of CVE id’s that are resolved by the packages listed. - Each JSON file can contain multiple CVEs that have been resolved
- All packages get all CVEs from the JSON file
- root property
- Fixed Version
- root property
packages— A list of updated packages containing the fix - Fixed Version construction
- https://github.com/aquasecurity/trivy-db/blob/db9680195a7a130c30c80407bd34d53ebdc3d0b2/pkg/utils/utils.go#L17
- if
epochis ≠ 0 or emptyepoch:
version- if
release≠””-release
- Example:
- Example with epoch
-
epoch”1”version”5.15.29”release”16.111.amzn2022” 1:5.15.29-16.111.amzn2022
-
- Example without epoch
-
epoch”0”version”5.5.29”release”16.111.amzn2022” 5.15.29-16.111.amzn2022
-
- Example with epoch
- root property
- Normalizing severity:
-
low→ low -
moderate→ medium -
important→ high -
critical→ critical
-
Example
Click to expand
{
"id": "ALAS2022-2022-042",
"title": "Amazon Linux 2022 - ALAS2022-2022-042: Important priority package update for kernel",
"issued": {
"date": "2022-04-18 23:18"
},
"updated": {
"date": "2022-05-02 18:17"
},
"severity": "Important",
"description": "Package updates are available for Amazon Linux 2022 that fix the following vulnerabilities:\nCVE-2022-29156:\n\tdrivers/infiniband/ulp/rtrs/rtrs-clt.c in the Linux kernel before 5.16.12 has a double free related to rtrs_clt_dev_release.\n\nCVE-2022-27223:\n\tIn drivers/usb/gadget/udc/udc-xilinx.c in the Linux kernel before 5.16.12, the endpoint index is not validated and might be manipulated by the host for out-of-array access.\n\nCVE-2022-25636:\n\tAn out-of-bounds (OOB) memory access flaw was found in nft_fwd_dup_netdev_offload in net/netfilter/nf_dup_netdev.c in the netfilter subcomponent in the Linux kernel due to a heap out-of-bounds write problem. This flaw allows a local attacker with a user account on the system to gain access to out-of-bounds memory, leading to a system crash or a privilege escalation threat.\n\nCVE-2022-24958:\n\tdrivers/usb/gadget/legacy/inode.c in the Linux kernel through 5.16.8 mishandles dev-\u003ebuf release.\n\nCVE-2022-1199:\n\tA flaw was found in the Linux kernel. This flaw allows an attacker to crash the Linux kernel by simulating amateur radio from the user space, resulting in a null-ptr-deref vulnerability and a use-after-free vulnerability.\n\nCVE-2022-1016:\n\tA flaw was found in the Linux kernel in net/netfilter/nf_tables_core.c:nft_do_chain, which can cause a use-after-free. This issue needs to handle return with proper preconditions, as it can lead to a kernel information leak problem caused by a local, unprivileged attacker.\n\nCVE-2022-1015:\n\tA flaw was found in the Linux kernel in linux/net/netfilter/nf_tables_api.c of the netfilter subsystem. This flaw allows a local user to cause an out-of-bounds write issue.\n\nCVE-2022-0854:\n\tA memory leak flaw was found in the Linux kernel's DMA subsystem, in the way a user calls DMA_FROM_DEVICE. This flaw allows a local user to read random memory from the kernel space.\n\nCVE-2022-0742:\n\tA memory leak flaw was found in the Linux kernel's ICMPv6 networking protocol, in the way a user generated malicious ICMPv6 packets.\nThis flaw allows a remote user to crash the system.\n\nCVE-2022-0494:\n\tA kernel information leak flaw was identified in the scsi_ioctl function in drivers/scsi/scsi_ioctl.c in the Linux kernel. This flaw allows a local attacker with a special user privilege (CAP_SYS_ADMIN or CAP_SYS_RAWIO) to create issues with confidentiality.\n",
"packages": [
{
"name": "kernel-tools-devel",
"epoch": "0",
"version": "5.15.29",
"release": "16.111.amzn2022",
"arch": "x86_64",
"filename": "Packages/kernel-tools-devel-5.15.29-16.111.amzn2022.x86_64.rpm"
},
{
"name": "kernel-tools-debuginfo",
"epoch": "0",
"version": "5.15.29",
"release": "16.111.amzn2022",
"arch": "x86_64",
"filename": "Packages/kernel-tools-debuginfo-5.15.29-16.111.amzn2022.x86_64.rpm"
},
{
"name": "kernel-livepatch-5.15.29-16.111",
"epoch": "0",
"version": "1.0",
"release": "0.amzn2022",
"arch": "x86_64",
"filename": "Packages/kernel-livepatch-5.15.29-16.111-1.0-0.amzn2022.x86_64.rpm"
},
{
"name": "bpftool-debuginfo",
"epoch": "0",
"version": "5.15.29",
"release": "16.111.amzn2022",
"arch": "x86_64",
"filename": "Packages/bpftool-debuginfo-5.15.29-16.111.amzn2022.x86_64.rpm"
},
{
"name": "perf-debuginfo",
"epoch": "0",
"version": "5.15.29",
"release": "16.111.amzn2022",
"arch": "x86_64",
"filename": "Packages/perf-debuginfo-5.15.29-16.111.amzn2022.x86_64.rpm"
},
{
"name": "python3-perf-debuginfo",
"epoch": "0",
"version": "5.15.29",
"release": "16.111.amzn2022",
"arch": "x86_64",
"filename": "Packages/python3-perf-debuginfo-5.15.29-16.111.amzn2022.x86_64.rpm"
},
{
"name": "kernel-tools",
"epoch": "0",
"version": "5.15.29",
"release": "16.111.amzn2022",
"arch": "x86_64",
"filename": "Packages/kernel-tools-5.15.29-16.111.amzn2022.x86_64.rpm"
},
{
"name": "kernel-headers",
"epoch": "0",
"version": "5.15.29",
"release": "16.111.amzn2022",
"arch": "x86_64",
"filename": "Packages/kernel-headers-5.15.29-16.111.amzn2022.x86_64.rpm"
},
{
"name": "bpftool",
"epoch": "0",
"version": "5.15.29",
"release": "16.111.amzn2022",
"arch": "x86_64",
"filename": "Packages/bpftool-5.15.29-16.111.amzn2022.x86_64.rpm"
},
{
"name": "python3-perf",
"epoch": "0",
"version": "5.15.29",
"release": "16.111.amzn2022",
"arch": "x86_64",
"filename": "Packages/python3-perf-5.15.29-16.111.amzn2022.x86_64.rpm"
},
{
"name": "perf",
"epoch": "0",
"version": "5.15.29",
"release": "16.111.amzn2022",
"arch": "x86_64",
"filename": "Packages/perf-5.15.29-16.111.amzn2022.x86_64.rpm"
},
{
"name": "kernel-debuginfo",
"epoch": "0",
"version": "5.15.29",
"release": "16.111.amzn2022",
"arch": "x86_64",
"filename": "Packages/kernel-debuginfo-5.15.29-16.111.amzn2022.x86_64.rpm"
},
{
"name": "kernel",
"epoch": "0",
"version": "5.15.29",
"release": "16.111.amzn2022",
"arch": "x86_64",
"filename": "Packages/kernel-5.15.29-16.111.amzn2022.x86_64.rpm"
},
{
"name": "kernel-debuginfo-common-x86_64",
"epoch": "0",
"version": "5.15.29",
"release": "16.111.amzn2022",
"arch": "x86_64",
"filename": "Packages/kernel-debuginfo-common-x86_64-5.15.29-16.111.amzn2022.x86_64.rpm"
},
{
"name": "kernel-devel",
"epoch": "0",
"version": "5.15.29",
"release": "16.111.amzn2022",
"arch": "x86_64",
"filename": "Packages/kernel-devel-5.15.29-16.111.amzn2022.x86_64.rpm"
},
{
"name": "kernel-headers",
"epoch": "0",
"version": "5.15.29",
"release": "16.111.amzn2022",
"arch": "i686",
"filename": "Packages/kernel-headers-5.15.29-16.111.amzn2022.i686.rpm"
},
{
"name": "kernel-livepatch-5.15.29-16.111",
"epoch": "0",
"version": "1.0",
"release": "0.amzn2022",
"arch": "aarch64",
"filename": "Packages/kernel-livepatch-5.15.29-16.111-1.0-0.amzn2022.aarch64.rpm"
},
{
"name": "python3-perf",
"epoch": "0",
"version": "5.15.29",
"release": "16.111.amzn2022",
"arch": "aarch64",
"filename": "Packages/python3-perf-5.15.29-16.111.amzn2022.aarch64.rpm"
},
{
"name": "perf",
"epoch": "0",
"version": "5.15.29",
"release": "16.111.amzn2022",
"arch": "aarch64",
"filename": "Packages/perf-5.15.29-16.111.amzn2022.aarch64.rpm"
},
{
"name": "bpftool",
"epoch": "0",
"version": "5.15.29",
"release": "16.111.amzn2022",
"arch": "aarch64",
"filename": "Packages/bpftool-5.15.29-16.111.amzn2022.aarch64.rpm"
},
{
"name": "perf-debuginfo",
"epoch": "0",
"version": "5.15.29",
"release": "16.111.amzn2022",
"arch": "aarch64",
"filename": "Packages/perf-debuginfo-5.15.29-16.111.amzn2022.aarch64.rpm"
},
{
"name": "python3-perf-debuginfo",
"epoch": "0",
"version": "5.15.29",
"release": "16.111.amzn2022",
"arch": "aarch64",
"filename": "Packages/python3-perf-debuginfo-5.15.29-16.111.amzn2022.aarch64.rpm"
},
{
"name": "bpftool-debuginfo",
"epoch": "0",
"version": "5.15.29",
"release": "16.111.amzn2022",
"arch": "aarch64",
"filename": "Packages/bpftool-debuginfo-5.15.29-16.111.amzn2022.aarch64.rpm"
},
{
"name": "kernel-tools",
"epoch": "0",
"version": "5.15.29",
"release": "16.111.amzn2022",
"arch": "aarch64",
"filename": "Packages/kernel-tools-5.15.29-16.111.amzn2022.aarch64.rpm"
},
{
"name": "kernel-headers",
"epoch": "0",
"version": "5.15.29",
"release": "16.111.amzn2022",
"arch": "aarch64",
"filename": "Packages/kernel-headers-5.15.29-16.111.amzn2022.aarch64.rpm"
},
{
"name": "kernel-tools-debuginfo",
"epoch": "0",
"version": "5.15.29",
"release": "16.111.amzn2022",
"arch": "aarch64",
"filename": "Packages/kernel-tools-debuginfo-5.15.29-16.111.amzn2022.aarch64.rpm"
},
{
"name": "kernel-tools-devel",
"epoch": "0",
"version": "5.15.29",
"release": "16.111.amzn2022",
"arch": "aarch64",
"filename": "Packages/kernel-tools-devel-5.15.29-16.111.amzn2022.aarch64.rpm"
},
{
"name": "kernel",
"epoch": "0",
"version": "5.15.29",
"release": "16.111.amzn2022",
"arch": "aarch64",
"filename": "Packages/kernel-5.15.29-16.111.amzn2022.aarch64.rpm"
},
{
"name": "kernel-debuginfo",
"epoch": "0",
"version": "5.15.29",
"release": "16.111.amzn2022",
"arch": "aarch64",
"filename": "Packages/kernel-debuginfo-5.15.29-16.111.amzn2022.aarch64.rpm"
},
{
"name": "kernel-debuginfo-common-aarch64",
"epoch": "0",
"version": "5.15.29",
"release": "16.111.amzn2022",
"arch": "aarch64",
"filename": "Packages/kernel-debuginfo-common-aarch64-5.15.29-16.111.amzn2022.aarch64.rpm"
},
{
"name": "kernel-devel",
"epoch": "0",
"version": "5.15.29",
"release": "16.111.amzn2022",
"arch": "aarch64",
"filename": "Packages/kernel-devel-5.15.29-16.111.amzn2022.aarch64.rpm"
}
],
"references": [
{
"href": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0494",
"id": "CVE-2022-0494",
"type": "cve"
},
{
"href": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0742",
"id": "CVE-2022-0742",
"type": "cve"
},
{
"href": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0854",
"id": "CVE-2022-0854",
"type": "cve"
},
{
"href": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1015",
"id": "CVE-2022-1015",
"type": "cve"
},
{
"href": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1016",
"id": "CVE-2022-1016",
"type": "cve"
},
{
"href": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1199",
"id": "CVE-2022-1199",
"type": "cve"
},
{
"href": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24958",
"id": "CVE-2022-24958",
"type": "cve"
},
{
"href": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-25636",
"id": "CVE-2022-25636",
"type": "cve"
},
{
"href": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-27223",
"id": "CVE-2022-27223",
"type": "cve"
},
{
"href": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-29156",
"id": "CVE-2022-29156",
"type": "cve"
}
],
"cveids": [
"CVE-2022-0494",
"CVE-2022-0742",
"CVE-2022-0854",
"CVE-2022-1015",
"CVE-2022-1016",
"CVE-2022-1199",
"CVE-2022-24958",
"CVE-2022-25636",
"CVE-2022-27223",
"CVE-2022-29156"
]
}Edited by Michael Eddington