EulerOS 2.0 SP2 kernel vulnerabilitie
Reporter | Title | Published | Views | Family All 199 |
---|---|---|---|---|
OpenVAS | Huawei EulerOS: Security Advisory for kernel (EulerOS-SA-2020-1674) | 16 Jun 202000:00 | – | openvas |
OpenVAS | SUSE: Security Advisory (SUSE-SU-2020:14354-1) | 9 Jun 202100:00 | – | openvas |
OpenVAS | Huawei EulerOS: Security Advisory for kernel (EulerOS-SA-2020-1713) | 3 Jul 202000:00 | – | openvas |
OpenVAS | Huawei EulerOS: Security Advisory for kernel (EulerOS-SA-2020-1396) | 16 Apr 202000:00 | – | openvas |
OpenVAS | SUSE: Security Advisory (SUSE-SU-2020:1255-1) | 19 Apr 202100:00 | – | openvas |
OpenVAS | Ubuntu: Security Advisory (USN-4364-1) | 19 May 202000:00 | – | openvas |
OpenVAS | SUSE: Security Advisory (SUSE-SU-2020:1275-1) | 19 Apr 202100:00 | – | openvas |
OpenVAS | Huawei EulerOS: Security Advisory for kernel (EulerOS-SA-2020-1606) | 3 Jun 202000:00 | – | openvas |
OpenVAS | Debian: Security Advisory (DLA-2242-1) | 11 Jun 202000:00 | – | openvas |
OpenVAS | Debian: Security Advisory (DSA-4698-1) | 11 Jun 202000:00 | – | openvas |
#%NASL_MIN_LEVEL 70300
#
# (C) Tenable Network Security, Inc.
#
include('deprecated_nasl_level.inc');
include('compat.inc');
if (description)
{
script_id(137516);
script_version("1.8");
script_set_attribute(attribute:"plugin_modification_date", value:"2023/04/25");
script_cve_id(
"CVE-2014-3180",
"CVE-2014-4508",
"CVE-2014-4608",
"CVE-2014-5206",
"CVE-2014-5207",
"CVE-2014-7970",
"CVE-2016-3951",
"CVE-2016-9756",
"CVE-2017-12153",
"CVE-2017-13080",
"CVE-2017-13693",
"CVE-2017-8068",
"CVE-2018-1000204",
"CVE-2018-13093",
"CVE-2018-9383",
"CVE-2018-9389",
"CVE-2019-10220",
"CVE-2019-14895",
"CVE-2019-14896",
"CVE-2019-14897",
"CVE-2019-14898",
"CVE-2019-14901",
"CVE-2019-16230",
"CVE-2019-18675",
"CVE-2019-19054",
"CVE-2019-19056",
"CVE-2019-19057",
"CVE-2019-19060",
"CVE-2019-19062",
"CVE-2019-19063",
"CVE-2019-19066",
"CVE-2019-19073",
"CVE-2019-19074",
"CVE-2019-19227",
"CVE-2019-19319",
"CVE-2019-19332",
"CVE-2019-19523",
"CVE-2019-19524",
"CVE-2019-19527",
"CVE-2019-19528",
"CVE-2019-19530",
"CVE-2019-19531",
"CVE-2019-19532",
"CVE-2019-19533",
"CVE-2019-19534",
"CVE-2019-19536",
"CVE-2019-19537",
"CVE-2019-19768",
"CVE-2019-19922",
"CVE-2019-19965",
"CVE-2019-19966",
"CVE-2019-20054",
"CVE-2019-20096",
"CVE-2019-20636",
"CVE-2019-2215",
"CVE-2019-5108",
"CVE-2019-9458",
"CVE-2020-10720",
"CVE-2020-10942",
"CVE-2020-11494",
"CVE-2020-11565",
"CVE-2020-11608",
"CVE-2020-11609",
"CVE-2020-11668",
"CVE-2020-12464",
"CVE-2020-12652",
"CVE-2020-12653",
"CVE-2020-12654",
"CVE-2020-12655",
"CVE-2020-12770",
"CVE-2020-12826",
"CVE-2020-13143",
"CVE-2020-2732",
"CVE-2020-8647",
"CVE-2020-8648",
"CVE-2020-8649",
"CVE-2020-8992",
"CVE-2020-9383"
);
script_bugtraq_id(
68126,
68214,
69214,
69216,
70319
);
script_xref(name:"CISA-KNOWN-EXPLOITED", value:"2022/05/03");
script_name(english:"EulerOS 2.0 SP2 : kernel (EulerOS-SA-2020-1674)");
script_set_attribute(attribute:"synopsis", value:
"The remote EulerOS host is missing multiple security updates.");
script_set_attribute(attribute:"description", value:
"According to the versions of the kernel packages installed, the
EulerOS installation on the remote host is affected by the following
vulnerabilities :
- The kernel package contains the Linux kernel (vmlinuz),
the core of any Linux operating system. The kernel
handles the basic functions of the operating system:
memory allocation, process allocation, device input and
output, etc.Security Fix(es):In the Linux kernel before
5.5.8, get_raw_socket in drivers/vhost/ net.c lacks
validation of an sk_family field, which might allow
attackers to trigger kernel stack corruption via
crafted system calls.(CVE-2020-10942)In the Linux
kernel 5.0.21, a setxattr operation, after a mount of a
crafted ext4 image, can cause a slab-out-of-bounds
write access because of an ext4_xattr_set_entry
use-after-free in fs/ext4/xattr.c when a large old_size
value is used in a memset call.(CVE-2019-19319)In
kernel/compat.c in the Linux kernel before 3.17, as
used in Google Chrome OS and other products, there is a
possible out-of-bounds read. restart_syscall uses
uninitialized data when restarting
compat_sys_nanosleep. NOTE: this is disputed because
the code path is unreachable.(CVE-2014-3180)In the
Linux kernel 5.4.0-rc2, there is a use-after-free
(read) in the __blk_add_trace function in
kernel/trace/blktrace.c (which is used to fill out a
blk_io_trace structure and place it in a per-cpu
sub-buffer).(CVE-2019-19768)There is a use-after-free
vulnerability in the Linux kernel through 5.5.2 in the
vc_do_resize function in
drivers/tty/vt/vt.c.(CVE-2020-8647)There is a
use-after-free vulnerability in the Linux kernel
through 5.5.2 in the vgacon_invert_region function in
drivers/video/console/vgacon.c.(CVE-2020-8649)drivers/g
pu/drm/radeon/radeon_display.c in the Linux kernel
5.2.14 does not check the alloc_workqueue return value,
leading to a NULL pointer dereference. NOTE: A
third-party software maintainer states that the work
queue allocation is happening during device
initialization, which for a graphics card occurs during
boot. It is not attacker controllable and OOM at that
time is highly unlikely.(CVE-2019-16230)There is a
use-after-free vulnerability in the Linux kernel
through 5.5.2 in the n_tty_receive_buf_common function
in drivers/tty/ n_tty.c.(CVE-2020-8648)A flaw was
discovered in the way that the KVM hypervisor handled
instruction emulation for an L2 guest when nested
virtualisation is enabled. Under some circumstances, an
L2 guest may trick the L0 guest into accessing
sensitive L1 resources that should be inaccessible to
the L2 guest.(CVE-2020-2732)An issue was discovered in
the Linux kernel through 5.5.6. set_fdc in
drivers/block/floppy.c leads to a wait_til_ready
out-of-bounds read because the FDC index is not checked
for errors before assigning it, aka
CID-2e90ca68b0d2.(CVE-2020-9383)ext4_protect_reserved_i
node in fs/ext4/block_validity.c in the Linux kernel
through 5.5.3 allows attackers to cause a denial of
service (soft lockup) via a crafted journal
size.(CVE-2020-8992)Wi-Fi Protected Access (WPA and
WPA2) allows reinstallation of the Group Temporal Key
(GTK) during the group key handshake, allowing an
attacker within radio range to replay frames from
access points to clients.(CVE-2017-13080)Linux Kernel
version 3.18 to 4.16 incorrectly handles an SG_IO ioctl
on /dev/sg0 with dxfer_direction=SG_DXFER_FROM_DEV and
an empty 6-byte cmdp. This may lead to copying up to
1000 kernel heap pages to the userspace. This has been
fixed upstream in
https://github.com/torvalds/linux/commit/a45b599ad808c3
c982fdcdc12b0b8611c2f92824 already. The problem has
limited scope, as users don't usually have permissions
to access SCSI devices. On the other hand, e.g. the
Nero user manual suggests doing `chmod o+r+w /dev/sg*`
to make the devices accessible. NOTE: third parties
dispute the relevance of this report, noting that the
requirement for an attacker to have both the
CAP_SYS_ADMIN and CAP_SYS_RAWIO capabilities makes it
'virtually impossible to exploit.'(CVE-2018-1000204)The
Linux kernel through 5.3.13 has a start_offset+size
Integer Overflow in cpia2_remap_buffer in
drivers/media/usb/cpia2/cpia2_core.c because cpia2 has
its own mmap implementation. This allows local users
(with /dev/video0 access) to obtain read and write
permissions on kernel physical pages, which can
possibly result in a privilege
escalation.(CVE-2019-18675)arch/x86/kvm/emulate.c in
the Linux kernel before 4.8.12 does not properly
initialize Code Segment (CS) in certain error cases,
which allows local users to obtain sensitive
information from kernel stack memory via a crafted
application.(CVE-2016-9756)Double free vulnerability in
drivers/ net/usb/cdc_ncm.c in the Linux kernel before
4.5 allows physically proximate attackers to cause a
denial of service (system crash) or possibly have
unspecified other impact by inserting a USB device with
an invalid USB descriptor.(CVE-2016-3951)Linux Kernel
contains an out-of-bounds read flaw in the
asn1_ber_decoder() function in lib/asn1_decoder.c that
is triggered when decoding ASN.1 data. This may allow a
remote attacker to disclose potentially sensitive
memory contents.(CVE-2018-9383)Linux Kernel contains a
flaw in the ip6_setup_cork() function in
net/ipv6/ip6_output.c that is triggered when handling
too small IPv6 MTU sizes. This may allow a local
attacker to cause a crash or potentially gain elevated
privileges.(CVE-2018-9389)In the Android kernel in the
video driver there is a use after free due to a race
condition. This could lead to local escalation of
privilege with no additional execution privileges
needed. User interaction is not needed for
exploitation.(CVE-2019-9458)An out-of-bounds memory
write issue was found in the Linux Kernel, version 3.13
through 5.4, in the way the Linux kernel's KVM
hypervisor handled the 'KVM_GET_EMULATED_CPUID'
ioctl(2) request to get CPUID features emulated by the
KVM hypervisor. A user or process able to access the
'/dev/kvm' device could use this flaw to crash the
system, resulting in a denial of
service.(CVE-2019-19332)kernel/sched/fair.c in the
Linux kernel before 5.3.9, when cpu.cfs_quota_us is
used (e.g., with Kubernetes), allows attackers to cause
a denial of service against non-cpu-bound applications
by generating a workload that triggers unwanted slice
expiration, aka CID-de53fd7aedb1. (In other words,
although this slice expiration would typically be seen
with benign workloads, it is possible that an attacker
could calculate how many stray requests are required to
force an entire Kubernetes cluster into a
low-performance state caused by slice expiration, and
ensure that a DDoS attack sent that number of stray
requests. An attack does not affect the stability of
the kernel it only causes mismanagement of application
execution.)(CVE-2019-19922)An exploitable
denial-of-service vulnerability exists in the Linux
kernel prior to mainline 5.3. An attacker could exploit
this vulnerability by triggering AP to send IAPP
location updates for stations before the required
authentication process has completed. This could lead
to different denial-of-service scenarios, either by
causing CAM table attacks, or by leading to traffic
flapping if faking already existing clients in other
nearby APs of the same wireless infrastructure. An
attacker can forge Authentication and Association
Request packets to trigger this
vulnerability.(CVE-2019-5108)A heap-based buffer
overflow vulnerability was found in the Linux kernel,
version kernel-2.6.32, in Marvell WiFi chip driver. A
remote attacker could cause a denial of service (system
crash) or, possibly execute arbitrary code, when the
lbs_ibss_join_existing function is called after a STA
connects to an AP.(CVE-2019-14896)A stack-based buffer
overflow was found in the Linux kernel, version
kernel-2.6.32, in Marvell WiFi chip driver. An attacker
is able to cause a denial of service (system crash) or,
possibly execute arbitrary code, when a STA works in
IBSS mode (allows connecting stations together without
the use of an AP) and connects to another
STA.(CVE-2019-14897)In the Linux kernel through 5.4.6,
there is a NULL pointer dereference in
drivers/scsi/libsas/sas_discover.c because of
mishandling of port disconnection during discovery,
related to a PHY down race condition, aka
CID-f70267f379b5.(CVE-2019-19965)In the Linux kernel
before 5.1.6, there is a use-after-free in cpia2_exit()
in drivers/media/usb/cpia2/cpia2_v4l.c that will cause
denial of service, aka
CID-dea37a972655.(CVE-2019-19966)In the Linux kernel
before 5.1, there is a memory leak in
__feat_register_sp() in net/dccp/feat.c, which may
cause denial of service, aka
CID-1d3ff0950e2b.(CVE-2019-20096)In the Linux kernel
before 5.0.6, there is a NULL pointer dereference in
drop_sysctl_table() in fs/proc/proc_sysctl.c, related
to put_links, aka
CID-23da9588037e.(CVE-2019-20054)drivers/
net/usb/pegasus.c in the Linux kernel 4.9.x before
4.9.11 interacts incorrectly with the CONFIG_VMAP_STACK
option, which allows local users to cause a denial of
service (system crash or memory corruption) or possibly
have unspecified other impact by leveraging use of more
than one virtual page for a DMA
scatterlist.(CVE-2017-8068)A heap-based buffer overflow
was discovered in the Linux kernel, all versions 3.x.x
and 4.x.x before 4.18.0, in Marvell WiFi chip driver.
The flaw could occur when the station attempts a
connection negotiation during the handling of the
remote devices country settings. This could allow the
remote device to cause a denial of service (system
crash) or possibly execute arbitrary
code.(CVE-2019-14895)The acpi_ds_create_operands()
function in drivers/acpi/acpica/dsutils.c in the Linux
kernel through 4.12.9 does not flush the operand cache
and causes a kernel stack dump, which allows local
users to obtain sensitive information from kernel
memory and bypass the KASLR protection mechanism (in
the kernel through 4.9) via a crafted ACPI
table.(CVE-2017-13693)Linux kernel CIFS implementation,
version 4.9.0 is vulnerable to a relative paths
injection in directory entry lists.(CVE-2019-10220)A
heap overflow flaw was found in the Linux kernel, all
versions 3.x.x and 4.x.x before 4.18.0, in Marvell WiFi
chip driver. The vulnerability allows a remote attacker
to cause a system crash, resulting in a denial of
service, or execute arbitrary code. The highest threat
with this vulnerability is with the availability of the
system. If code execution occurs, the code will run
with the permissions of root. This will affect both
confidentiality and integrity of files on the
system.(CVE-2019-14901)In the AppleTalk subsystem in
the Linux kernel before 5.1, there is a potential NULL
pointer dereference because register_snap_client may
return NULL. This will lead to denial of service in
net/appletalk/aarp.c and net/appletalk/ddp.c, as
demonstrated by unregister_snap_client, aka
CID-9804501fa122.(CVE-2019-19227)In the Linux kernel
before 5.2.10, there is a use-after-free bug that can
be caused by a malicious USB device in the
drivers/usb/class/cdc-acm.c driver, aka
CID-c52873e5a1ef.(CVE-2019-19530)In the Linux kernel
before 5.3.9, there are multiple out-of-bounds write
bugs that can be caused by a malicious USB device in
the Linux kernel HID drivers, aka CID-d9d4b1e46d95.
This affects drivers/hid/hid-axff.c,
drivers/hid/hid-dr.c, drivers/hid/hid-emsff.c,
drivers/hid/hid-gaff.c, drivers/hid/hid-holtekff.c,
drivers/hid/hid-lg2ff.c, drivers/hid/hid-lg3ff.c,
drivers/hid/hid-lg4ff.c, drivers/hid/hid-lgff.c,
drivers/hid/hid-logitech-hidpp.c,
drivers/hid/hid-microsoft.c, drivers/hid/hid-sony.c,
drivers/hid/hid-tmff.c, and
drivers/hid/hid-zpff.c.(CVE-2019-19532)A use-after-free
in binder.c allows an elevation of privilege from an
application to the Linux Kernel. No user interaction is
required to exploit this vulnerability, however
exploitation does require either the installation of a
malicious local application or a separate vulnerability
in a network facing application.Product: AndroidAndroid
ID: A-141720095(CVE-2019-2215)The do_remount function
in fs/ namespace.c in the Linux kernel through 3.16.1
does not maintain the MNT_LOCK_READONLY bit across a
remount of a bind mount, which allows local users to
bypass an intended read-only restriction and defeat
certain sandbox protection mechanisms via a 'mount -o
remount' command within a user
namespace.(CVE-2014-5206)Multiple integer overflows in
the lzo1x_decompress_safe function in
lib/lzo/lzo1x_decompress_safe.c in the LZO decompressor
in the Linux kernel before 3.15.2 allow
context-dependent attackers to cause a denial of
service (memory corruption) via a crafted Literal Run.
NOTE: the author of the LZO algorithms says 'the Linux
kernel is *not* affected media hype.'(CVE-2014-4608)The
pivot_root implementation in fs/ namespace.c in the
Linux kernel through 3.17 does not properly interact
with certain locations of a chroot directory, which
allows local users to cause a denial of service
(mount-tree loop) via . (dot) values in both arguments
to the pivot_root system call.(CVE-2014-7970)A security
flaw was discovered in nl80211_set_rekey_data()
function in the Linux kernel since v3.1-rc1 through
v4.13. This function does not check whether the
required attributes are present in a netlink request.
This request can be issued by a user with CAP_NET_ADMIN
privilege and may result in NULL dereference and a
system crash.(CVE-2017-12153)arch/x86/kernel/entry_32.S
in the Linux kernel through 3.15.1 on 32-bit x86
platforms, when syscall auditing is enabled and the sep
CPU feature flag is set, allows local users to cause a
denial of service (OOPS and system crash) via an
invalid syscall number, as demonstrated by number
1000.(CVE-2014-4508)fs/ namespace.c in the Linux kernel
through 3.16.1 does not properly restrict clearing
MNT_NODEV, MNT_NOSUID, and MNT_NOEXEC and changing
MNT_ATIME_MASK during a remount of a bind mount, which
allows local users to gain privileges, interfere with
backups and auditing on systems that had atime enabled,
or cause a denial of service (excessive filesystem
updating) on systems that had atime disabled via a
'mount -o remount' command within a user
namespace.(CVE-2014-5207)In the Linux kernel before
5.3.7, there is a use-after-free bug that can be caused
by a malicious USB device in the
drivers/usb/misc/adutux.c driver, aka
CID-44efc269db79.(CVE-2019-19523)In the Linux kernel
before 5.3.12, there is a use-after-free bug that can
be caused by a malicious USB device in the
drivers/input/ff-memless.c driver, aka
CID-fa3a5a1880c9.(CVE-2019-19524)In the Linux kernel
before 5.2.10, there is a use-after-free bug that can
be caused by a malicious USB device in the
drivers/hid/usbhid/hiddev.c driver, aka
CID-9c09b214f30e.(CVE-2019-19527)In the Linux kernel
before 5.3.7, there is a use-after-free bug that can be
caused by a malicious USB device in the
drivers/usb/misc/iowarrior.c driver, aka
CID-edc4746f253d.(CVE-2019-19528)In the Linux kernel
before 5.2.9, there is a use-after-free bug that can be
caused by a malicious USB device in the
drivers/usb/misc/yurex.c driver, aka
CID-fc05481b2fca.(CVE-2019-19531)In the Linux kernel
before 5.3.4, there is an info-leak bug that can be
caused by a malicious USB device in the
drivers/media/usb/ttusb-dec/ttusb_dec.c driver, aka
CID-a10feaf8c464.(CVE-2019-19533)In the Linux kernel
before 5.3.11, there is an info-leak bug that can be
caused by a malicious USB device in the drivers/
net/can/usb/peak_usb/pcan_usb_core.c driver, aka
CID-f7a1337f0d29..(CVE-2019-19534)In the Linux kernel
before 5.2.9, there is an info-leak bug that can be
caused by a malicious USB device in the drivers/
net/can/usb/peak_usb/pcan_usb_pro.c driver, aka
CID-ead16e53c2f0.(CVE-2019-19536)In the Linux kernel
before 5.2.10, there is a race condition bug that can
be caused by a malicious USB device in the USB
character device driver layer, aka CID-303911cfc5b9.
This affects drivers/usb/core/file.c.(CVE-2019-19537)A
memory leak in the cx23888_ir_probe() function in
drivers/media/pci/cx23885/cx23888-ir.c in the Linux
kernel through 5.3.11 allows attackers to cause a
denial of service (memory consumption) by triggering
kfifo_alloc() failures, aka
CID-a7b2df76b42b.(CVE-2019-19054)A memory leak in the
mwifiex_pcie_alloc_cmdrsp_buf() function in drivers/
net/wireless/marvell/mwifiex/pcie.c in the Linux kernel
through 5.3.11 allows attackers to cause a denial of
service (memory consumption) by triggering
mwifiex_map_pci_memory() failures, aka
CID-db8fd2cde932.(CVE-2019-19056)Two memory leaks in
the mwifiex_pcie_init_evt_ring() function in drivers/
net/wireless/marvell/mwifiex/pcie.c in the Linux kernel
through 5.3.11 allow attackers to cause a denial of
service (memory consumption) by triggering
mwifiex_map_pci_memory() failures, aka
CID-d10dcb615c8e.(CVE-2019-19057)A memory leak in the
adis_update_scan_mode() function in
drivers/iio/imu/adis_buffer.c in the Linux kernel
before 5.3.9 allows attackers to cause a denial of
service (memory consumption), aka
CID-ab612b1daf41.(CVE-2019-19060)A memory leak in the
crypto_report() function in crypto/crypto_user_base.c
in the Linux kernel through 5.3.11 allows attackers to
cause a denial of service (memory consumption) by
triggering crypto_report_alg() failures, aka
CID-ffdde5932042.(CVE-2019-19062)Two memory leaks in
the rtl_usb_probe() function in drivers/
net/wireless/realtek/rtlwifi/usb.c in the Linux kernel
through 5.3.11 allow attackers to cause a denial of
service (memory consumption), aka
CID-3f9361695113.(CVE-2019-19063)A memory leak in the
bfad_im_get_stats() function in
drivers/scsi/bfa/bfad_attr.c in the Linux kernel
through 5.3.11 allows attackers to cause a denial of
service (memory consumption) by triggering
bfa_port_get_stats() failures, aka
CID-0e62395da2bd.(CVE-2019-19066)Memory leaks in
drivers/ net/wireless/ath/ath9k/htc_hst.c in the Linux
kernel through 5.3.11 allow attackers to cause a denial
of service (memory consumption) by triggering
wait_for_completion_timeout() failures. This affects
the htc_config_pipe_credits() function, the
htc_setup_complete() function, and the
htc_connect_service() function, aka
CID-853acf7caf10.(CVE-2019-19073)A memory leak in the
ath9k_wmi_cmd() function in drivers/
net/wireless/ath/ath9k/wmi.c in the Linux kernel
through 5.3.11 allows attackers to cause a denial of
service (memory consumption), aka
CID-728c1e2a05e4.(CVE-2019-19074)An issue was
discovered in fs/xfs/xfs_icache.c in the Linux kernel
through 4.17.3. There is a NULL pointer dereference and
panic in lookup_slow() on a NULL inode->i_ops pointer
when doing pathwalks on a corrupted xfs image. This
occurs because of a lack of proper validation that
cached inodes are free during
allocation.(CVE-2018-13093)An issue was discovered in
slc_bump in drivers/ net/can/slcan.c in the Linux
kernel through 5.6.2. It allows attackers to read
uninitialized can_frame data, potentially containing
sensitive information from kernel stack memory, if the
configuration lacks CONFIG_INIT_STACK_ALL, aka
CID-b9258a2cece4.(CVE-2020-11494)An issue was
discovered in the Linux kernel through 5.6.2.
mpol_parse_str in mm/mempolicy.c has a stack-based
out-of-bounds write because an empty nodelist is
mishandled during mount option parsing, aka
CID-aa9f7d5172fa. NOTE: Someone in the security
community disagrees that this is a vulnerability
because the issue 'is a bug in parsing mount options
which can only be specified by a privileged user, so
triggering the bug does not grant any powers not
already held.'.(CVE-2020-11565)In the Linux kernel
before 5.4.12, drivers/input/input.c has out-of-bounds
writes via a crafted keycode table, as demonstrated by
input_set_keycode, aka
CID-cb222aed03d7.(CVE-2019-20636)An issue was
discovered in the Linux kernel before 5.6.1.
drivers/media/usb/gspca/ov519.c allows NULL pointer
dereferences in ov511_mode_init_regs and
ov518_mode_init_regs when there are zero endpoints, aka
CID-998912346c0d.(CVE-2020-11608)An issue was
discovered in the stv06xx subsystem in the Linux kernel
before 5.6.1. drivers/media/usb/gspca/stv06xx/stv06xx.c
and drivers/media/usb/gspca/stv06xx/stv06xx_pb0100.c
mishandle invalid descriptors, as demonstrated by a
NULL pointer dereference, aka
CID-485b06aadb93.(CVE-2020-11609)In the Linux kernel
before 5.6.1, drivers/media/usb/gspca/xirlink_cit.c
(aka the Xirlink camera USB driver) mishandles invalid
descriptors, aka CID-a246b4d54770.(CVE-2020-11668)A
flaw was found in the Linux kernel's implementation of
GRO. This flaw allows an attacker with local access to
crash the
system.(CVE-2020-10720)gadget_dev_desc_UDC_store in
drivers/usb/gadget/configfs.c in the Linux kernel
through 5.6.13 relies on kstrdup without considering
the possibility of an internal '\0' value, which allows
attackers to trigger an out-of-bounds read, aka
CID-15753588bcd4.(CVE-2020-13143)An issue was
discovered in the Linux kernel through 5.6.11. sg_write
lacks an sg_remove_request call in a certain failure
case, aka CID-83c6f2390040.(CVE-2020-12770)A signal
access-control issue was discovered in the Linux kernel
before 5.6.5, aka CID-7395ea4e65c2. Because exec_id in
include/linux/sched.h is only 32 bits, an integer
overflow can interfere with a do_notify_parent
protection mechanism. A child process can send an
arbitrary signal to a parent process in a different
security domain. Exploitation limitations include the
amount of elapsed time before an integer overflow
occurs, and the lack of scenarios where signals to a
parent process present a substantial operational
threat.(CVE-2020-12826)The fix for CVE-2019-11599,
affecting the Linux kernel before 5.0.10 was not
complete. A local user could use this flaw to obtain
sensitive information, cause a denial of service, or
possibly have other unspecified impacts by triggering a
race condition with mmget_not_zero or get_task_mm
calls.(CVE-2019-14898)usb_sg_cancel in
drivers/usb/core/message.c in the Linux kernel before
5.6.8 has a use-after-free because a transfer occurs
without a reference, aka
CID-056ad39ee925.(CVE-2020-12464)The __mptctl_ioctl
function in drivers/message/fusion/mptctl.c in the
Linux kernel before 5.4.14 allows local users to hold
an incorrect lock during the ioctl operation and
trigger a race condition, i.e., a 'double fetch'
vulnerability, aka CID-28d76df18f0a. NOTE: the vendor
states 'The security impact of this bug is not as bad
as it could have been because these operations are all
privileged and root already has enormous destructive
power.'(CVE-2020-12652)An issue was found in Linux
kernel before 5.5.4. The mwifiex_cmd_append_vsie_tlv()
function in drivers/
net/wireless/marvell/mwifiex/scan.c allows local users
to gain privileges or cause a denial of service because
of an incorrect memcpy and buffer overflow, aka
CID-b70261a288ea.(CVE-2020-12653)An issue was found in
Linux kernel before 5.5.4. mwifiex_ret_wmm_get_status()
in drivers/ net/wireless/marvell/mwifiex/wmm.c allows a
remote AP to trigger a heap-based buffer overflow
because of an incorrect memcpy, aka
CID-3a9b153c5591.(CVE-2020-12654)An issue was
discovered in xfs_agf_verify in
fs/xfs/libxfs/xfs_alloc.c in the Linux kernel through
5.6.10. Attackers may trigger a sync of excessive
duration via an XFS v5 image with crafted metadata, aka
CID-d0c7feaf8767.(CVE-2020-12655)
Note that Tenable Network Security has extracted the preceding
description block directly from the EulerOS security advisory. Tenable
has attempted to automatically clean and format it as much as possible
without introducing additional issues.");
# https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2020-1674
script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?35c58a13");
script_set_attribute(attribute:"solution", value:
"Update the affected kernel packages.");
script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C");
script_set_cvss_temporal_vector("CVSS2#E:H/RL:OF/RC:C");
script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H");
script_set_cvss3_temporal_vector("CVSS:3.0/E:H/RL:O/RC:C");
script_set_attribute(attribute:"cvss_score_source", value:"CVE-2019-14901");
script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
script_set_attribute(attribute:"exploit_available", value:"true");
script_set_attribute(attribute:"exploited_by_malware", value:"true");
script_set_attribute(attribute:"metasploit_name", value:'Android Binder Use-After-Free Exploit');
script_set_attribute(attribute:"exploit_framework_metasploit", value:"true");
script_set_attribute(attribute:"patch_publication_date", value:"2020/06/16");
script_set_attribute(attribute:"plugin_publication_date", value:"2020/06/17");
script_set_attribute(attribute:"plugin_type", value:"local");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:kernel");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:kernel-debug");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:kernel-debug-devel");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:kernel-debuginfo");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:kernel-debuginfo-common-x86_64");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:kernel-devel");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:kernel-headers");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:kernel-tools");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:kernel-tools-libs");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:perf");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:python-perf");
script_set_attribute(attribute:"cpe", value:"cpe:/o:huawei:euleros:2.0");
script_set_attribute(attribute:"generated_plugin", value:"current");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_family(english:"Huawei Local Security Checks");
script_copyright(english:"This script is Copyright (C) 2020-2023 and is owned by Tenable, Inc. or an Affiliate thereof.");
script_dependencies("ssh_get_info.nasl");
script_require_keys("Host/local_checks_enabled", "Host/EulerOS/release", "Host/EulerOS/rpm-list", "Host/EulerOS/sp");
script_exclude_keys("Host/EulerOS/uvp_version");
exit(0);
}
include("audit.inc");
include("global_settings.inc");
include("rpm.inc");
if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
release = get_kb_item("Host/EulerOS/release");
if (isnull(release) || release !~ "^EulerOS") audit(AUDIT_OS_NOT, "EulerOS");
if (release !~ "^EulerOS release 2\.0(\D|$)") audit(AUDIT_OS_NOT, "EulerOS 2.0");
sp = get_kb_item("Host/EulerOS/sp");
if (isnull(sp) || sp !~ "^(2)$") audit(AUDIT_OS_NOT, "EulerOS 2.0 SP2");
uvp = get_kb_item("Host/EulerOS/uvp_version");
if (!empty_or_null(uvp)) audit(AUDIT_OS_NOT, "EulerOS 2.0 SP2", "EulerOS UVP " + uvp);
if (!get_kb_item("Host/EulerOS/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
cpu = get_kb_item("Host/cpu");
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$" && "aarch64" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "EulerOS", cpu);
if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_ARCH_NOT, "i686 / x86_64", cpu);
flag = 0;
pkgs = ["kernel-3.10.0-327.62.59.83.h230",
"kernel-debug-3.10.0-327.62.59.83.h230",
"kernel-debug-devel-3.10.0-327.62.59.83.h230",
"kernel-debuginfo-3.10.0-327.62.59.83.h230",
"kernel-debuginfo-common-x86_64-3.10.0-327.62.59.83.h230",
"kernel-devel-3.10.0-327.62.59.83.h230",
"kernel-headers-3.10.0-327.62.59.83.h230",
"kernel-tools-3.10.0-327.62.59.83.h230",
"kernel-tools-libs-3.10.0-327.62.59.83.h230",
"perf-3.10.0-327.62.59.83.h230",
"python-perf-3.10.0-327.62.59.83.h230"];
foreach (pkg in pkgs)
if (rpm_check(release:"EulerOS-2.0", sp:"2", reference:pkg)) flag++;
if (flag)
{
security_report_v4(
port : 0,
severity : SECURITY_HOLE,
extra : rpm_report_get()
);
exit(0);
}
else
{
tested = pkg_tests_get();
if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
else audit(AUDIT_PACKAGE_NOT_INSTALLED, "kernel");
}
Transform Your Security Services
Elevate your offerings with Vulners' advanced Vulnerability Intelligence. Contact us for a demo and discover the difference comprehensive, actionable intelligence can make in your security strategy.
Book a live demo