According to the versions of the kernel packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities :
Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
#%NASL_MIN_LEVEL 70300
#
# (C) Tenable Network Security, Inc.
#
include('deprecated_nasl_level.inc');
include('compat.inc');
if (description)
{
script_id(133992);
script_version("1.9");
script_set_attribute(attribute:"plugin_modification_date", value:"2024/03/26");
script_cve_id(
"CVE-2019-11135",
"CVE-2019-14895",
"CVE-2019-14896",
"CVE-2019-14897",
"CVE-2019-16230",
"CVE-2019-17351",
"CVE-2019-19048",
"CVE-2019-19062",
"CVE-2019-19332",
"CVE-2019-19338",
"CVE-2019-19543",
"CVE-2019-19770",
"CVE-2019-19922",
"CVE-2019-19927",
"CVE-2019-19947",
"CVE-2019-19965",
"CVE-2019-19966",
"CVE-2019-20054",
"CVE-2019-20095",
"CVE-2019-20096",
"CVE-2019-5108",
"CVE-2020-7053"
);
script_name(english:"EulerOS 2.0 SP8 : kernel (EulerOS-SA-2020-1158)");
script_set_attribute(attribute:"synopsis", value:
"The remote EulerOS host is missing multiple security updates.");
script_set_attribute(attribute:"description", value:
"According to the versions of the kernel packages installed, the
EulerOS installation on the remote host is affected by the following
vulnerabilities :
- The kernel package contains the Linux kernel (vmlinuz),
the core of any Linux operating system. The kernel
handles the basic functions of the operating system:
memory allocation, process allocation, device input and
output, etc.Security Fix(es):In the Linux kernel
4.19.83, there is a use-after-free (read) in the
debugfs_remove function in fs/debugfs/inode.c (which is
used to remove a file or directory in debugfs that was
previously created with a call to another debugfs
function such as
debugfs_create_file).(CVE-2019-19770)mwifiex_tm_cmd in
driverset/wireless/marvell/mwifiex/cfg80211.c in the
Linux kernel before 5.1.6 has some error-handling cases
that did not free allocated hostcmd memory, aka
CID-003b686ace82. This will cause a memory leak and
denial of service.(CVE-2019-20095)TSX Asynchronous
Abort condition on some CPUs utilizing speculative
execution may allow an authenticated user to
potentially enable information disclosure via a side
channel with local access.(CVE-2019-11135)A memory leak
in the crypto_report() function in
crypto/crypto_user_base.c in the Linux kernel through
5.3.11 allows attackers to cause a denial of service
(memory consumption) by triggering crypto_report_alg()
failures, aka CID-ffdde5932042.(CVE-2019-19062)In the
Linux kernel before 5.1.6, there is a use-after-free in
serial_ir_init_module() in
drivers/media/rc/serial_ir.c.(CVE-2019-19543)In the
Linux kernel through 5.4.6, there is a NULL pointer
dereference in drivers/scsi/libsas/sas_discover.c
because of mishandling of port disconnection during
discovery, related to a PHY down race condition, aka
CID-f70267f379b5.(CVE-2019-19965)In the Linux kernel
before 5.1.6, there is a use-after-free in cpia2_exit()
in drivers/media/usb/cpia2/cpia2_v4l.c that will cause
denial of service, aka
CID-dea37a972655.(CVE-2019-19966)An issue was
discovered in drivers/xen/balloon.c in the Linux kernel
before 5.2.3, as used in Xen through 4.12.x, allowing
guest OS users to cause a denial of service because of
unrestricted resource consumption during the mapping of
guest memory, aka CID-6ef36ab967c7.(CVE-2019-17351)A
memory leak in the crypto_reportstat() function in
drivers/virt/vboxguest/vboxguest_utils.c in the Linux
kernel before 5.3.9 allows attackers to cause a denial
of service (memory consumption) by triggering
copy_form_user() failures, aka
CID-e0b0cb938864.(CVE-2019-19048)kernel/sched/fair.c in
the Linux kernel before 5.3.9, when cpu.cfs_quota_us is
used (e.g., with Kubernetes), allows attackers to cause
a denial of service against non-cpu-bound applications
by generating a workload that triggers unwanted slice
expiration, aka CID-de53fd7aedb1. (In other words,
although this slice expiration would typically be seen
with benign workloads, it is possible that an attacker
could calculate how many stray requests are required to
force an entire Kubernetes cluster into a
low-performance state caused by slice expiration, and
ensure that a DDoS attack sent that number of stray
requests. An attack does not affect the stability of
the kernel it only causes mismanagement of application
execution.)(CVE-2019-19922)An out-of-bounds memory
write issue was found in the Linux Kernel, version 3.13
through 5.4, in the way the Linux kernel's KVM
hypervisor handled the 'KVM_GET_EMULATED_CPUID'
ioctl(2) request to get CPUID features emulated by the
KVM hypervisor. A user or process able to access the
'/dev/kvm' device could use this flaw to crash the
system, resulting in a denial of
service.(CVE-2019-19332)A flaw was found in the fix for
CVE-2019-11135, the way Intel CPUs handle speculative
execution of instructions when a TSX Asynchronous Abort
(TAA) error occurs. When a guest is running on a host
CPU affected by the TAA flaw (TAA_NO=0), but is not
affected by the MDS issue (MDS_NO=1), the guest was to
clear the affected buffers by using a VERW instruction
mechanism. But when the MDS_NO=1 bit was exported to
the guests, the guests did not use the VERW mechanism
to clear the affected buffers. This issue affects
guests running on Cascade Lake CPUs and requires that
host has 'TSX' enabled. Confidentiality of data is the
highest threat associated with this
vulnerability.(CVE-2019-19338)In the Linux kernel
5.0.0-rc7 (as distributed in ubuntu/linux.git on
kernel.ubuntu.com), mounting a crafted f2fs filesystem
image and performing some operations can lead to
slab-out-of-bounds read access in ttm_put_pages in
drivers/gpu/drm/ttm/ttm_page_alloc.c. This is related
to the vmwgfx or ttm module.(CVE-2019-19927)In the
Linux kernel 4.14 longterm through 4.14.165 and 4.19
longterm through 4.19.96 (and 5.x before 5.2), there is
a use-after-free (write) in the i915_ppgtt_close
function in drivers/gpu/drm/i915/i915_gem_gtt.c, aka
CID-7dc40713618c. This is related to
i915_gem_context_destroy_ioctl in
drivers/gpu/drm/i915/i915_gem_context.c.(CVE-2020-7053)
In the Linux kernel through 5.4.6, there are
information leaks of uninitialized memory to a USB
device in the
driverset/can/usb/kvaser_usb/kvaser_usb_leaf.c driver,
aka CID-da2311a6385c.(CVE-2019-19947)In the Linux
kernel before 5.0.6, there is a NULL pointer
dereference in drop_sysctl_table() in
fs/proc/proc_sysctl.c, related to put_links, aka
CID-23da9588037e.(CVE-2019-20054)In the Linux kernel
before 5.1, there is a memory leak in
__feat_register_sp() in net/dccp/feat.c, which may
cause denial of service, aka
CID-1d3ff0950e2b.(CVE-2019-20096)A heap-based buffer
overflow vulnerability was found in the Linux kernel,
version kernel-2.6.32, in Marvell WiFi chip driver. A
remote attacker could cause a denial of service (system
crash) or, possibly execute arbitrary code, when the
lbs_ibss_join_existing function is called after a STA
connects to an AP.(CVE-2019-14896)A heap-based buffer
overflow was discovered in the Linux kernel, all
versions 3.x.x and 4.x.x before 4.18.0, in Marvell WiFi
chip driver. The flaw could occur when the station
attempts a connection negotiation during the handling
of the remote devices country settings. This could
allow the remote device to cause a denial of service
(system crash) or possibly execute arbitrary
code.(CVE-2019-14895)A stack-based buffer overflow was
found in the Linux kernel, version kernel-2.6.32, in
Marvell WiFi chip driver. An attacker is able to cause
a denial of service (system crash) or, possibly execute
arbitrary code, when a STA works in IBSS mode (allows
connecting stations together without the use of an AP)
and connects to another STA.(CVE-2019-14897)An
exploitable denial-of-service vulnerability exists in
the Linux kernel prior to mainline 5.3. An attacker
could exploit this vulnerability by triggering AP to
send IAPP location updates for stations before the
required authentication process has completed. This
could lead to different denial-of-service scenarios,
either by causing CAM table attacks, or by leading to
traffic flapping if faking already existing clients in
other nearby APs of the same wireless infrastructure.
An attacker can forge Authentication and Association
Request packets to trigger this
vulnerability.(CVE-2019-5108)drivers/gpu/drm/radeon/rad
eon_display.c in the Linux kernel 5.2.14 does not check
the alloc_workqueue return value, leading to a NULL
pointer dereference.(CVE-2019-16230)
Note that Tenable Network Security has extracted the preceding
description block directly from the EulerOS security advisory. Tenable
has attempted to automatically clean and format it as much as possible
without introducing additional issues.");
# https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2020-1158
script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?e66e3a3b");
script_set_attribute(attribute:"solution", value:
"Update the affected kernel packages.");
script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C");
script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C");
script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H");
script_set_cvss3_temporal_vector("CVSS:3.0/E:P/RL:O/RC:C");
script_set_attribute(attribute:"cvss_score_source", value:"CVE-2019-14896");
script_set_attribute(attribute:"cvss3_score_source", value:"CVE-2019-14897");
script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
script_set_attribute(attribute:"exploit_available", value:"true");
script_set_attribute(attribute:"patch_publication_date", value:"2020/02/25");
script_set_attribute(attribute:"plugin_publication_date", value:"2020/02/25");
script_set_attribute(attribute:"plugin_type", value:"local");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:bpftool");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:kernel");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:kernel-devel");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:kernel-headers");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:kernel-source");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:kernel-tools");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:kernel-tools-libs");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:perf");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:python-perf");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:python3-perf");
script_set_attribute(attribute:"cpe", value:"cpe:/o:huawei:euleros:2.0");
script_set_attribute(attribute:"generated_plugin", value:"current");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_family(english:"Huawei Local Security Checks");
script_copyright(english:"This script is Copyright (C) 2020-2024 and is owned by Tenable, Inc. or an Affiliate thereof.");
script_dependencies("ssh_get_info.nasl");
script_require_keys("Host/local_checks_enabled", "Host/EulerOS/release", "Host/EulerOS/rpm-list", "Host/EulerOS/sp");
script_exclude_keys("Host/EulerOS/uvp_version");
exit(0);
}
include("audit.inc");
include("global_settings.inc");
include("rpm.inc");
if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
release = get_kb_item("Host/EulerOS/release");
if (isnull(release) || release !~ "^EulerOS") audit(AUDIT_OS_NOT, "EulerOS");
if (release !~ "^EulerOS release 2\.0(\D|$)") audit(AUDIT_OS_NOT, "EulerOS 2.0");
sp = get_kb_item("Host/EulerOS/sp");
if (isnull(sp) || sp !~ "^(8)$") audit(AUDIT_OS_NOT, "EulerOS 2.0 SP8");
uvp = get_kb_item("Host/EulerOS/uvp_version");
if (!empty_or_null(uvp)) audit(AUDIT_OS_NOT, "EulerOS 2.0 SP8", "EulerOS UVP " + uvp);
if (!get_kb_item("Host/EulerOS/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
cpu = get_kb_item("Host/cpu");
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$" && "aarch64" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "EulerOS", cpu);
if ("aarch64" >!< cpu) audit(AUDIT_ARCH_NOT, "aarch64", cpu);
flag = 0;
pkgs = ["bpftool-4.19.36-vhulk1907.1.0.h683.eulerosv2r8",
"kernel-4.19.36-vhulk1907.1.0.h683.eulerosv2r8",
"kernel-devel-4.19.36-vhulk1907.1.0.h683.eulerosv2r8",
"kernel-headers-4.19.36-vhulk1907.1.0.h683.eulerosv2r8",
"kernel-source-4.19.36-vhulk1907.1.0.h683.eulerosv2r8",
"kernel-tools-4.19.36-vhulk1907.1.0.h683.eulerosv2r8",
"kernel-tools-libs-4.19.36-vhulk1907.1.0.h683.eulerosv2r8",
"perf-4.19.36-vhulk1907.1.0.h683.eulerosv2r8",
"python-perf-4.19.36-vhulk1907.1.0.h683.eulerosv2r8",
"python3-perf-4.19.36-vhulk1907.1.0.h683.eulerosv2r8"];
foreach (pkg in pkgs)
if (rpm_check(release:"EulerOS-2.0", sp:"8", reference:pkg)) flag++;
if (flag)
{
security_report_v4(
port : 0,
severity : SECURITY_HOLE,
extra : rpm_report_get()
);
exit(0);
}
else
{
tested = pkg_tests_get();
if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
else audit(AUDIT_PACKAGE_NOT_INSTALLED, "kernel");
}
Vendor | Product | Version | CPE |
---|---|---|---|
huawei | euleros | bpftool | p-cpe:/a:huawei:euleros:bpftool |
huawei | euleros | kernel | p-cpe:/a:huawei:euleros:kernel |
huawei | euleros | kernel-devel | p-cpe:/a:huawei:euleros:kernel-devel |
huawei | euleros | kernel-headers | p-cpe:/a:huawei:euleros:kernel-headers |
huawei | euleros | kernel-source | p-cpe:/a:huawei:euleros:kernel-source |
huawei | euleros | kernel-tools | p-cpe:/a:huawei:euleros:kernel-tools |
huawei | euleros | kernel-tools-libs | p-cpe:/a:huawei:euleros:kernel-tools-libs |
huawei | euleros | perf | p-cpe:/a:huawei:euleros:perf |
huawei | euleros | python-perf | p-cpe:/a:huawei:euleros:python-perf |
huawei | euleros | python3-perf | p-cpe:/a:huawei:euleros:python3-perf |
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11135
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14895
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14896
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14897
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-16230
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-17351
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-19048
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-19062
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-19332
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-19338
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-19543
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-19770
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-19922
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-19927
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-19947
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-19965
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-19966
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-20054
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-20095
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-20096
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5108
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-7053
www.nessus.org/u?e66e3a3b