HistoryJan 31, 2023 - 12:00 a.m.

Huawei EulerOS: Security Advisory for kernel (EulerOS-SA-2023-1262)

The remote host is missing an update for the Huawei EulerOS

  script_cve_id("CVE-2020-0466", "CVE-2020-27815", "CVE-2020-36385", "CVE-2021-22555", "CVE-2021-29154", "CVE-2021-38160", "CVE-2021-40490", "CVE-2022-0492");
  script_name("Huawei EulerOS: Security Advisory for kernel (EulerOS-SA-2023-1262)");
  script_xref(name:"Advisory-ID", value:"EulerOS-SA-2023-1262");
  script_tag(name:"summary", value:"The remote host is missing an update for the Huawei EulerOS 'kernel' package(s) announced via the EulerOS-SA-2023-1262 advisory.");

  script_tag(name:"vuldetect", value:"Checks if a vulnerable package version is present on the target host.");

  script_tag(name:"insight", value:"A vulnerability was found in the Linux kernel's cgroup_release_agent_write in the kernel/cgroup/cgroup-v1.c function. This flaw, under certain circumstances, allows the use of the cgroups v1 release_agent feature to escalate privileges and bypass the namespace isolation unexpectedly.(CVE-2022-0492)

BPF JIT compilers in the Linux kernel through 5.11.12 have incorrect computation of branch displacements, allowing them to execute arbitrary code within the kernel context. This affects arch/x86/net/bpf_jit_comp.c and arch/x86/net/bpf_jit_comp32.c.(CVE-2021-29154)

In do_epoll_ctl and ep_loop_check_proc of eventpoll.c, there is a possible use after free due to a logic error. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-147802478References: Upstream kernel(CVE-2020-0466)

Vulnerability Summary for CVE-2020-27815(CVE-2020-27815)

An issue was discovered in the Linux kernels Userspace Connection Manager Access for RDMA. This could allow a local attacker to crash the system, corrupt memory or escalate privileges.(CVE-2020-36385)

This CVE is being DISPUTED (*) by Red Hat with a note that the cited data corruption is not a vulnerability in any existing use case, the length validation was added solely for robustness in the face of anomalous host OS behavior. (*) [link moved to references](CVE-2021-38160)

A race condition was discovered in ext4_write_inline_data_end in fs/ext4/inline.c in the ext4 subsystem in the Linux kernel through 5.13.13.(CVE-2021-40490)

A flaw was discovered in processing setsockopt IPT_SO_SET_REPLACE (or IP6T_SO_SET_REPLACE) for 32 bit processes on 64 bit systems. This flaw will allow local user to gain privileges or cause a DoS through user name space. This action is usually restricted to root-privileged users but can also be leveraged if the kernel is compiled with CONFIG_USER_NS and CONFIG_NET_NS and the user is granted elevated privileges.(CVE-2021-22555)");

  script_tag(name:"affected", value:"'kernel' package(s) on Huawei EulerOS Virtualization");

  script_tag(name:"solution", value:"Please install the updated package(s).");

