Lucene search
This script is Copyright (C) 2020-2024 and is owned by Tenable, Inc. or an Affiliate thereof.EULEROS_SA-2020-1092.NASLHistoryJan 13, 2020 - 12:00 a.m.
EulerOS Virtualization for ARM 64 3.0.5.0 : spdk (EulerOS-SA-2020-1092)
2020-01-1300:00:00
This script is Copyright (C) 2020-2024 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
15
5 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:N/I:N/A:P
7.5 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
7.4 High
AI Score
Confidence
High
0.006 Low
EPSS
Percentile
78.8%
According to the version of the spdk package installed, the EulerOS Virtualization for ARM 64 installation on the remote host is affected by the following vulnerability :
- A flaw was found in all dpdk version 17.x.x before 17.11.8, 16.x.x before 16.11.10, 18.x.x before 18.11.4 and 19.x.x before 19.08.1 where a malicious master, or a container with access to vhost_user socket, can send specially crafted VRING_SET_NUM messages, resulting in a memory leak including file descriptors. This flaw could lead to a denial of service condition.(CVE-2019-14818)
Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
#%NASL_MIN_LEVEL 70300
#
# (C) Tenable Network Security, Inc.
#
include('deprecated_nasl_level.inc');
include('compat.inc');
if (description)
{
script_id(132846);
script_version("1.5");
script_set_attribute(attribute:"plugin_modification_date", value:"2024/04/01");
script_cve_id("CVE-2019-14818");
script_name(english:"EulerOS Virtualization for ARM 64 3.0.5.0 : spdk (EulerOS-SA-2020-1092)");
script_set_attribute(attribute:"synopsis", value:
"The remote EulerOS Virtualization for ARM 64 host is missing a security update.");
script_set_attribute(attribute:"description", value:
"According to the version of the spdk package installed, the EulerOS
Virtualization for ARM 64 installation on the remote host is affected
by the following vulnerability :
- A flaw was found in all dpdk version 17.x.x before
17.11.8, 16.x.x before 16.11.10, 18.x.x before 18.11.4
and 19.x.x before 19.08.1 where a malicious master, or
a container with access to vhost_user socket, can send
specially crafted VRING_SET_NUM messages, resulting in
a memory leak including file descriptors. This flaw
could lead to a denial of service
condition.(CVE-2019-14818)
Note that Tenable Network Security has extracted the preceding
description block directly from the EulerOS security advisory. Tenable
has attempted to automatically clean and format it as much as possible
without introducing additional issues.");
# https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2020-1092
script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?58e20318");
script_set_attribute(attribute:"solution", value:
"Update the affected spdk package.");
script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P");
script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H");
script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
script_set_attribute(attribute:"cvss_score_source", value:"CVE-2019-14818");
script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
script_set_attribute(attribute:"exploit_available", value:"false");
script_set_attribute(attribute:"patch_publication_date", value:"2020/01/13");
script_set_attribute(attribute:"plugin_publication_date", value:"2020/01/13");
script_set_attribute(attribute:"plugin_type", value:"local");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:spdk");
script_set_attribute(attribute:"cpe", value:"cpe:/o:huawei:euleros:uvp:3.0.5.0");
script_set_attribute(attribute:"generated_plugin", value:"current");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_family(english:"Huawei Local Security Checks");
script_copyright(english:"This script is Copyright (C) 2020-2024 and is owned by Tenable, Inc. or an Affiliate thereof.");
script_dependencies("ssh_get_info.nasl");
script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/EulerOS/release", "Host/EulerOS/rpm-list", "Host/EulerOS/uvp_version");
exit(0);
}
include("audit.inc");
include("global_settings.inc");
include("rpm.inc");
if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
release = get_kb_item("Host/EulerOS/release");
if (isnull(release) || release !~ "^EulerOS") audit(AUDIT_OS_NOT, "EulerOS");
uvp = get_kb_item("Host/EulerOS/uvp_version");
if (uvp != "3.0.5.0") audit(AUDIT_OS_NOT, "EulerOS Virtualization 3.0.5.0");
if (!get_kb_item("Host/EulerOS/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
cpu = get_kb_item("Host/cpu");
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$" && "aarch64" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "EulerOS", cpu);
if ("aarch64" >!< cpu) audit(AUDIT_ARCH_NOT, "aarch64", cpu);
flag = 0;
pkgs = ["spdk-19.01.1-015"];
foreach (pkg in pkgs)
if (rpm_check(release:"EulerOS-2.0", reference:pkg)) flag++;
if (flag)
{
security_report_v4(
port : 0,
severity : SECURITY_WARNING,
extra : rpm_report_get()
);
exit(0);
}
else
{
tested = pkg_tests_get();
if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
else audit(AUDIT_PACKAGE_NOT_INSTALLED, "spdk");
}
Related
ubuntu
ubuntu
DPDK vulnerability
2019-11-13 00:00:00
nessus
nessus
SUSE SLES15 Security Update : dpdk (SUSE-SU-2019:3179-1)
2019-12-06 00:00:00
SUSE SLED15 / SLES15 Security Update : dpdk (SUSE-SU-2020:0439-1)
2020-02-25 00:00:00
Ubuntu 18.04 LTS : DPDK vulnerability (USN-4189-1)
2019-11-14 00:00:00
ubuntucve
ubuntucve
CVE-2019-14818
2019-11-12 00:00:00
openvas
openvas
SUSE: Security Advisory (SUSE-SU-2019:3179-1)
2021-06-09 00:00:00
SUSE: Security Advisory (SUSE-SU-2019:3032-1)
2021-04-19 00:00:00
Ubuntu: Security Advisory (USN-4189-1)
2019-11-14 00:00:00
redhat
redhat
(RHSA-2020:0166) Moderate: openvswitch2.11 security and bug fix update
2020-01-21 06:02:26
(RHSA-2020:0165) Moderate: openvswitch security and bug fix update
2020-01-21 06:00:26
(RHSA-2020:0168) Moderate: openvswitch2.12 security and bug fix update
2020-01-21 15:55:10
oraclelinux
oraclelinux
dpdk security, bug fix, and enhancement update
2020-05-05 00:00:00
cve
cve
CVE-2019-14818
2019-11-14 17:15:14
debian
debian
[SECURITY] [DSA 4567-1] dpdk security update
2019-11-12 21:53:52
redhatcve
redhatcve
CVE-2019-14818
2020-04-04 17:28:08
veracode
veracode
Denial Of Service (DoS)
2020-09-21 06:28:31
nvd
nvd
CVE-2019-14818
2019-11-14 17:15:14
osv
osv
dpdk - security update
2019-11-12 00:00:00
fedora
fedora
[SECURITY] Fedora 31 Update: dpdk-18.11.2-3.fc31
2019-11-22 00:48:11
debiancve
debiancve
CVE-2019-14818
2019-11-14 17:15:14
alpinelinux
alpinelinux
CVE-2019-14818
2019-11-14 17:15:14
prion
prion
Race condition
2019-11-14 17:15:00
cvelist
cvelist
CVE-2019-14818
2019-11-14 00:00:00
5 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:N/I:N/A:P
7.5 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
7.4 High
AI Score
Confidence
High
0.006 Low
EPSS
Percentile
78.8%
Related for EULEROS_SA-2020-1092.NASL