According to the versions of the kernel packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities :
In do_epoll_ctl and ep_loop_check_proc of eventpoll.c, there is a possible use after free due to a logic error. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product:
AndroidVersions: Android kernelAndroid ID:
A-147802478References: Upstream kernel(CVE-2020-0466)
In the l2tp subsystem, there is a possible use after free due to a race condition. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-152409173(CVE-2020-27067)
In the nl80211_policy policy of nl80211.c, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not required for exploitation.Product:
AndroidVersions: Android kernelAndroid ID:
A-119770583(CVE-2020-27068)
In audit_free_lsm_field of auditfilter.c, there is a possible bad kfree due to a logic error in audit_data_to_entry. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-150693166References: Upstream kernel(CVE-2020-0444)
In various methods of hid-multitouch.c, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product:
AndroidVersions: Android kernelAndroid ID:
A-162844689References: Upstream kernel(CVE-2020-0465)
Use-after-free vulnerability in fs/block_dev.c in the Linux kernel before 5.8 allows local users to gain privileges or cause a denial of service by leveraging improper access to a certain error field.(CVE-2020-15436)
The Linux kernel before version 5.8 is vulnerable to a NULL pointer dereference in drivers/tty/serial/8250/8250_core.c:serial8250_isa_init
_ports() that allows local users to cause a denial of service by using the p->serial_in pointer which uninitialized.(CVE-2020-15437)
A flaw was found in the Linux kernels implementation of MIDI, where an attacker with a local account and the permissions to issue an ioctl commands to midi devices, could trigger a use-after-free. A write to this specific memory while freed and before use could cause the flow of execution to change and possibly allow for memory corruption or privilege escalation.(CVE-2020-27786)
No description is available for this CVE.(CVE-2020-27815)
NULL-ptr deref in the spk_ttyio_receive_buf2() function in spk_ttyio.c(CVE-2020-27830)
An issue was discovered in __split_huge_pmd in mm/huge_memory.c in the Linux kernel before 5.7.5. The copy-on-write implementation can grant unintended write access because of a race condition in a THP mapcount check, aka CID-c444eb564fb1.(CVE-2020-29368)
An issue was discovered in kmem_cache_alloc_bulk in mm/slub.c in the Linux kernel before 5.5.11. The slowpath lacks the required TID increment, aka CID-fd4d9c7d0c71.(CVE-2020-29370)
An issue was discovered in romfs_dev_read in fs/romfs/storage.c in the Linux kernel before 5.8.4.
Uninitialized memory leaks to userspace, aka CID-bcf85fcedfdd.(CVE-2020-29371)
A locking inconsistency issue was discovered in the tty subsystem of the Linux kernel through 5.9.13.
drivers/tty/tty_io.c and drivers/tty/tty_jobctrl.c may allow a read-after-free attack against TIOCGSID, aka CID-c8bcd9c5be24.(CVE-2020-29660)
A locking issue was discovered in the tty subsystem of the Linux kernel through 5.9.13.
drivers/tty/tty_jobctrl.c allows a use-after-free attack against TIOCSPGRP, aka CID-54ffccbf053b.(CVE-2020-29661)
A slab-out-of-bounds read in fbcon in the Linux kernel before 5.9.7 could be used by local attackers to read privileged information or potentially crash the kernel, aka CID-3c4e0dff2095. This occurs because KD_FONT_OP_COPY in drivers/tty/vt/vt.c can be used for manipulations such as font height.(CVE-2020-28974)
An issue was discovered in the Linux kernel through 5.9.1, as used with Xen through 4.14.x. Guest OS users can cause a denial of service (host OS hang) via a high rate of events to dom0, aka CID-e99502f76271.(CVE-2020-27673)
An issue was discovered in drivers/accessibility/speakup/spk_ttyio.c in the Linux kernel through 5.9.9. Local attackers on systems with the speakup driver could cause a local denial of service attack, aka CID-d41227544427. This occurs because of an invalid free when the line discipline is used more than once.(CVE-2020-28941)
An issue was discovered in the Linux kernel through 5.9.1, as used with Xen through 4.14.x.
drivers/xen/events/events_base.c allows event-channel removal during the event-handling loop (a race condition). This can cause a use-after-free or NULL pointer dereference, as demonstrated by a dom0 crash via events for an in-reconfiguration paravirtualized device, aka CID-073d0552ead5.(CVE-2020-27675)
A buffer over-read (at the framebuffer layer) in the fbcon code in the Linux kernel before 5.8.15 could be used by local attackers to read kernel memory, aka CID-6735b4632def.(CVE-2020-28915)
A flaw was found in the Linux kernel. A use-after-free memory flaw was found in the perf subsystem allowing a local attacker with permission to monitor perf events to corrupt memory and possibly escalate privileges. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.(CVE-2020-14351)
A flaw in the way reply ICMP packets are limited in the Linux kernel functionality was found that allows to quickly scan open UDP ports. This flaw allows an off-path remote user to effectively bypassing source port UDP randomization. The highest threat from this vulnerability is to confidentiality and possibly integrity, because software that relies on UDP source port randomization are indirectly affected as well.
Kernel versions before 5.10 may be vulnerable to this issue.(CVE-2020-25705)
No description is available for this CVE.(CVE-2020-25668)
No description is available for this CVE.(CVE-2020-25669)
A flaw was found in the way RTAS handled memory accesses in userspace to kernel communication. On a locked down (usually due to Secure Boot) guest system running on top of PowerVM or KVM hypervisors (pseries platform) a root like local user could use this flaw to further increase their privileges to that of a running kernel.(CVE-2020-27777)
kernel: perf_event_parse_addr_filter memory(CVE-2020-25704)
Insufficient access control in the Linux kernel driver for some Intel® Processors may allow an authenticated user to potentially enable information disclosure via local access.(CVE-2020-8694)
A flaw was found in the Linux kernel. A use-after-free was found in the way the console subsystem was using ioctls KDGKBSENT and KDSKBSENT. A local user could use this flaw to get read memory access out of bounds. The highest threat from this vulnerability is to data confidentiality.(CVE-2020-25656)
In kbd_keycode of keyboard.c, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product:
AndroidVersions: Android kernelAndroid ID:
A-144161459(CVE-2020-0431)
A flaw was found in the HDLC_PPP module of the Linux kernel in versions before 5.9-rc7. Memory corruption and a read overflow is caused by improper input validation in the ppp_cp_parse_cr function which can cause the system to crash or cause a denial of service.
The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.(CVE-2020-25643)
A flaw was found in the Linux kernel in versions before 5.9-rc7. Traffic between two Geneve endpoints may be unencrypted when IPsec is configured to encrypt traffic for the specific UDP port used by the GENEVE tunnel allowing anyone between the two endpoints to read the traffic unencrypted. The main threat from this vulnerability is to data confidentiality.(CVE-2020-25645)
Vulnerability Summary for CVE-2020-12351(CVE-2020-12351)
Vulnerability Summary for CVE-2020-12352(CVE-2020-12352)
Vulnerability Summary for CVE-2020-24490(CVE-2020-24490)
A missing CAP_NET_RAW check in NFC socket creation in net/nfc/rawsock.c in the Linux kernel before 5.8.2 could be used by local attackers to create raw sockets, bypassing security mechanisms, aka CID-26896f01467a.(CVE-2020-26088)
A flaw was found in the Linux kernel’s implementation of biovecs in versions before 5.9-rc7. A zero-length biovec request issued by the block subsystem could cause the kernel to enter an infinite loop, causing a denial of service. This flaw allows a local attacker with basic privileges to issue requests to a block device, resulting in a denial of service. The highest threat from this vulnerability is to system availability.(CVE-2020-25641)
In skb_to_mamac of networking.c, there is a possible out of bounds write due to an integer overflow. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product:
AndroidVersions: Android kernelAndroid ID:
A-143560807(CVE-2020-0432)
A race condition between hugetlb sysctl handlers in mm/hugetlb.c in the Linux kernel before 5.8.8 could be used by local attackers to corrupt memory, cause a NULL pointer dereference, or possibly have unspecified other impact, aka CID-17743798d812.(CVE-2020-25285)
A flaw was found in the Linux kernel in versions from 2.2.3 through 5.9.rc5. When changing screen size, an out-of-bounds memory write can occur leading to memory corruption or a denial of service. This highest threat from this vulnerability is to system availability.(CVE-2020-14390)
A flaw was found in the Linux kernel before 5.9-rc4.
Memory corruption can be exploited to gain root privileges from unprivileged processes. The highest threat from this vulnerability is to data confidentiality and integrity.(CVE-2020-14386)
Insufficient input validation in i40e driver for Intel® Ethernet 700 Series Controllers versions before 7.0 may allow an authenticated user to potentially enable a denial of service via local access.(CVE-2019-0147)
A TOCTOU mismatch in the NFS client code in the Linux kernel before 5.8.3 could be used by local attackers to corrupt memory or possibly have unspecified other impact because a size check is in fs/nfs/nfs4proc.c instead of fs/nfs/nfs4xdr.c, aka CID-b4487b935452.(CVE-2020-25212)
A flaw was found in the Linux kernel before 5.9-rc4. A failure of the file system metadata validator in XFS can cause an inode with a valid, user-creatable extended attribute to be flagged as corrupt. This can lead to the filesystem being shutdown, or otherwise rendered inaccessible until it is remounted, leading to a denial of service. The highest threat from this vulnerability is to system availability.(CVE-2020-14385)
In uvc_scan_chain_forward of uvc_driver.c, there is a possible linked list corruption due to an unusual root cause. This could lead to local escalation of privilege in the kernel with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-111893654References: Upstream kernel(CVE-2020-0404)
The rbd block device driver in drivers/block/rbd.c in the Linux kernel through 5.8.9 used incomplete permission checking for access to rbd devices, which could be leveraged by local attackers to map or unmap rbd block devices, aka CID-f44d04e696fe.(CVE-2020-25284)
A memory out-of-bounds read flaw was found in the Linux kernel before 5.9-rc2 with the ext3/ext4 file system, in the way it accesses a directory with broken indexing. This flaw allows a local user to crash the system if the directory exists. The highest threat from this vulnerability is to system availability.(CVE-2020-14314)
A flaw null pointer dereference in the Linux kernel cgroupv2 subsystem in versions before 5.7.10 was found in the way when reboot the system. A local user could use this flaw to crash the system or escalate their privileges on the system.(CVE-2020-24394)
A flaw was found in the Linux kernel’s implementation of the invert video code on VGA consoles when a local attacker attempts to resize the console, calling an ioctl VT_RESIZE, which causes an out-of-bounds write to occur. This flaw allows a local user with access to the VGA console to crash the system, potentially escalating their privileges on the system. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.(CVE-2020-14331)
The Linux kernel, as used in Red Hat Enterprise Linux 7, kernel-rt, and Enterprise MRG 2 and when booted with UEFI Secure Boot enabled, allows local users to bypass intended securelevel/secureboot restrictions by leveraging improper handling of secure_boot flag across kexec reboot.(CVE-2015-7837)
In the Linux kernel through 5.8.7, local attackers able to inject conntrack netlink configuration could overflow a local buffer, causing crashes or triggering use of incorrect protocol numbers in ctnetlink_parse_tuple_filter in net/netfilter/nf_conntrack_netlink.c, aka CID-1cc5ef91d2ff.(CVE-2020-25211)
A flaw null pointer dereference in the Linux kernel cgroupv2 subsystem in versions before 5.7.10 was found in the way when reboot the system. A local user could use this flaw to crash the system or escalate their privileges on the system.(CVE-2020-14356)
Buffer overflow in i40e driver for Intel® Ethernet 700 Series Controllers versions before 7.0 may allow an authenticated user to potentially enable an escalation of privilege via local access.(CVE-2019-0145)
The Linux kernel through 5.7.11 allows remote attackers to make observations that help to obtain sensitive information about the internal state of the network RNG, aka CID-f227e3ec3b5c. This is related to drivers/char/random.c and kernel/time/timer.c.(CVE-2020-16166)
The VFIO PCI driver in the Linux kernel through 5.6.13 mishandles attempts to access disabled memory space.(CVE-2020-12888)
In the Linux kernel through 5.7.6, usbtest_disconnect in drivers/usb/misc/usbtest.c has a memory leak, aka CID-28ebeb8db770.(CVE-2020-15393)
A logic bug was found in the Linux kernels implementation of SSBD. A bug in the logic handling can allow an attacker with a local account to disable SSBD protection during a context switch when additional speculative execution mitigations are in place.(CVE-2020-10766)
The prctl() function can be used to enable indirect branch speculation even after it has been disabled.
This same call will incorrectly report it being ‘force disabled’ when it is not.(CVE-2020-10768)
A flaw was found in the Linux kernel’s implementation of the Enhanced IBPB (Indirect Branch Prediction Barrier). The IBPB mitigation will be disabled when STIBP is not available or when the Enhanced Indirect Branch Restricted Speculation (IBRS) is available. This flaw allows a local attacker to perform a Spectre V2 style attack when this configuration is active. The highest threat from this vulnerability is to confidentiality.(CVE-2020-10767)
A flaw was found in the ZRAM kernel module, where a user with a local account and the ability to read the /sys/class/zram-control/hot_add file can create ZRAM device nodes in the /dev/ directory. This read allocates kernel memory and is not accounted for a user that triggers the creation of that ZRAM device. With this vulnerability, continually reading the device may consume a large amount of system memory and cause the Out-of-Memory (OOM) killer to activate and terminate random userspace processes, possibly making the system inoperable.(CVE-2020-10781)
A flaw was found in the Linux kernel. An index buffer overflow during Direct IO write leading to the NFS client to crash. In some cases, a reach out of the index after one memory allocation by kmalloc will cause a kernel panic. The highest threat from this vulnerability is to data confidentiality and system availability.(CVE-2020-10742)
Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
#%NASL_MIN_LEVEL 70300
#
# (C) Tenable Network Security, Inc.
#
include('deprecated_nasl_level.inc');
include('compat.inc');
if (description)
{
script_id(147512);
script_version("1.7");
script_set_attribute(attribute:"plugin_modification_date", value:"2023/02/09");
script_cve_id(
"CVE-2015-7837",
"CVE-2019-0145",
"CVE-2019-0147",
"CVE-2020-0404",
"CVE-2020-0431",
"CVE-2020-0432",
"CVE-2020-0444",
"CVE-2020-0465",
"CVE-2020-0466",
"CVE-2020-8694",
"CVE-2020-10742",
"CVE-2020-10766",
"CVE-2020-10767",
"CVE-2020-10768",
"CVE-2020-10781",
"CVE-2020-12351",
"CVE-2020-12352",
"CVE-2020-12888",
"CVE-2020-14314",
"CVE-2020-14331",
"CVE-2020-14351",
"CVE-2020-14356",
"CVE-2020-14385",
"CVE-2020-14386",
"CVE-2020-14390",
"CVE-2020-15393",
"CVE-2020-15436",
"CVE-2020-15437",
"CVE-2020-16166",
"CVE-2020-24394",
"CVE-2020-24490",
"CVE-2020-25211",
"CVE-2020-25212",
"CVE-2020-25284",
"CVE-2020-25285",
"CVE-2020-25641",
"CVE-2020-25643",
"CVE-2020-25645",
"CVE-2020-25656",
"CVE-2020-25668",
"CVE-2020-25669",
"CVE-2020-25704",
"CVE-2020-25705",
"CVE-2020-26088",
"CVE-2020-27067",
"CVE-2020-27068",
"CVE-2020-27673",
"CVE-2020-27675",
"CVE-2020-27777",
"CVE-2020-27786",
"CVE-2020-27815",
"CVE-2020-27830",
"CVE-2020-28915",
"CVE-2020-28941",
"CVE-2020-28974",
"CVE-2020-29368",
"CVE-2020-29370",
"CVE-2020-29371",
"CVE-2020-29660",
"CVE-2020-29661"
);
script_xref(name:"CEA-ID", value:"CEA-2020-0138");
script_name(english:"EulerOS Virtualization 2.9.1 : kernel (EulerOS-SA-2021-1604)");
script_set_attribute(attribute:"synopsis", value:
"The remote EulerOS Virtualization host is missing multiple security
updates.");
script_set_attribute(attribute:"description", value:
"According to the versions of the kernel packages installed, the
EulerOS Virtualization installation on the remote host is affected by
the following vulnerabilities :
- In do_epoll_ctl and ep_loop_check_proc of eventpoll.c,
there is a possible use after free due to a logic
error. This could lead to local escalation of privilege
with no additional execution privileges needed. User
interaction is not needed for exploitation.Product:
AndroidVersions: Android kernelAndroid ID:
A-147802478References: Upstream kernel(CVE-2020-0466)
- In the l2tp subsystem, there is a possible use after
free due to a race condition. This could lead to local
escalation of privilege with System execution
privileges needed. User interaction is not needed for
exploitation.Product: AndroidVersions: Android
kernelAndroid ID: A-152409173(CVE-2020-27067)
- In the nl80211_policy policy of nl80211.c, there is a
possible out of bounds read due to a missing bounds
check. This could lead to local information disclosure
with System execution privileges needed. User
interaction is not required for exploitation.Product:
AndroidVersions: Android kernelAndroid ID:
A-119770583(CVE-2020-27068)
- In audit_free_lsm_field of auditfilter.c, there is a
possible bad kfree due to a logic error in
audit_data_to_entry. This could lead to local
escalation of privilege with no additional execution
privileges needed. User interaction is not needed for
exploitation.Product: AndroidVersions: Android
kernelAndroid ID: A-150693166References: Upstream
kernel(CVE-2020-0444)
- In various methods of hid-multitouch.c, there is a
possible out of bounds write due to a missing bounds
check. This could lead to local escalation of privilege
with no additional execution privileges needed. User
interaction is not needed for exploitation.Product:
AndroidVersions: Android kernelAndroid ID:
A-162844689References: Upstream kernel(CVE-2020-0465)
- Use-after-free vulnerability in fs/block_dev.c in the
Linux kernel before 5.8 allows local users to gain
privileges or cause a denial of service by leveraging
improper access to a certain error
field.(CVE-2020-15436)
- The Linux kernel before version 5.8 is vulnerable to a
NULL pointer dereference in
drivers/tty/serial/8250/8250_core.c:serial8250_isa_init
_ports() that allows local users to cause a denial of
service by using the p->serial_in pointer which
uninitialized.(CVE-2020-15437)
- A flaw was found in the Linux kernels implementation of
MIDI, where an attacker with a local account and the
permissions to issue an ioctl commands to midi devices,
could trigger a use-after-free. A write to this
specific memory while freed and before use could cause
the flow of execution to change and possibly allow for
memory corruption or privilege
escalation.(CVE-2020-27786)
- No description is available for this
CVE.(CVE-2020-27815)
- NULL-ptr deref in the spk_ttyio_receive_buf2() function
in spk_ttyio.c(CVE-2020-27830)
- An issue was discovered in __split_huge_pmd in
mm/huge_memory.c in the Linux kernel before 5.7.5. The
copy-on-write implementation can grant unintended write
access because of a race condition in a THP mapcount
check, aka CID-c444eb564fb1.(CVE-2020-29368)
- An issue was discovered in kmem_cache_alloc_bulk in
mm/slub.c in the Linux kernel before 5.5.11. The
slowpath lacks the required TID increment, aka
CID-fd4d9c7d0c71.(CVE-2020-29370)
- An issue was discovered in romfs_dev_read in
fs/romfs/storage.c in the Linux kernel before 5.8.4.
Uninitialized memory leaks to userspace, aka
CID-bcf85fcedfdd.(CVE-2020-29371)
- A locking inconsistency issue was discovered in the tty
subsystem of the Linux kernel through 5.9.13.
drivers/tty/tty_io.c and drivers/tty/tty_jobctrl.c may
allow a read-after-free attack against TIOCGSID, aka
CID-c8bcd9c5be24.(CVE-2020-29660)
- A locking issue was discovered in the tty subsystem of
the Linux kernel through 5.9.13.
drivers/tty/tty_jobctrl.c allows a use-after-free
attack against TIOCSPGRP, aka
CID-54ffccbf053b.(CVE-2020-29661)
- A slab-out-of-bounds read in fbcon in the Linux kernel
before 5.9.7 could be used by local attackers to read
privileged information or potentially crash the kernel,
aka CID-3c4e0dff2095. This occurs because
KD_FONT_OP_COPY in drivers/tty/vt/vt.c can be used for
manipulations such as font height.(CVE-2020-28974)
- An issue was discovered in the Linux kernel through
5.9.1, as used with Xen through 4.14.x. Guest OS users
can cause a denial of service (host OS hang) via a high
rate of events to dom0, aka
CID-e99502f76271.(CVE-2020-27673)
- An issue was discovered in
drivers/accessibility/speakup/spk_ttyio.c in the Linux
kernel through 5.9.9. Local attackers on systems with
the speakup driver could cause a local denial of
service attack, aka CID-d41227544427. This occurs
because of an invalid free when the line discipline is
used more than once.(CVE-2020-28941)
- An issue was discovered in the Linux kernel through
5.9.1, as used with Xen through 4.14.x.
drivers/xen/events/events_base.c allows event-channel
removal during the event-handling loop (a race
condition). This can cause a use-after-free or NULL
pointer dereference, as demonstrated by a dom0 crash
via events for an in-reconfiguration paravirtualized
device, aka CID-073d0552ead5.(CVE-2020-27675)
- A buffer over-read (at the framebuffer layer) in the
fbcon code in the Linux kernel before 5.8.15 could be
used by local attackers to read kernel memory, aka
CID-6735b4632def.(CVE-2020-28915)
- A flaw was found in the Linux kernel. A use-after-free
memory flaw was found in the perf subsystem allowing a
local attacker with permission to monitor perf events
to corrupt memory and possibly escalate privileges. The
highest threat from this vulnerability is to data
confidentiality and integrity as well as system
availability.(CVE-2020-14351)
- A flaw in the way reply ICMP packets are limited in the
Linux kernel functionality was found that allows to
quickly scan open UDP ports. This flaw allows an
off-path remote user to effectively bypassing source
port UDP randomization. The highest threat from this
vulnerability is to confidentiality and possibly
integrity, because software that relies on UDP source
port randomization are indirectly affected as well.
Kernel versions before 5.10 may be vulnerable to this
issue.(CVE-2020-25705)
- No description is available for this
CVE.(CVE-2020-25668)
- No description is available for this
CVE.(CVE-2020-25669)
- A flaw was found in the way RTAS handled memory
accesses in userspace to kernel communication. On a
locked down (usually due to Secure Boot) guest system
running on top of PowerVM or KVM hypervisors (pseries
platform) a root like local user could use this flaw to
further increase their privileges to that of a running
kernel.(CVE-2020-27777)
- kernel: perf_event_parse_addr_filter
memory(CVE-2020-25704)
- Insufficient access control in the Linux kernel driver
for some Intel(R) Processors may allow an authenticated
user to potentially enable information disclosure via
local access.(CVE-2020-8694)
- A flaw was found in the Linux kernel. A use-after-free
was found in the way the console subsystem was using
ioctls KDGKBSENT and KDSKBSENT. A local user could use
this flaw to get read memory access out of bounds. The
highest threat from this vulnerability is to data
confidentiality.(CVE-2020-25656)
- In kbd_keycode of keyboard.c, there is a possible out
of bounds write due to a missing bounds check. This
could lead to local escalation of privilege with no
additional execution privileges needed. User
interaction is not needed for exploitation.Product:
AndroidVersions: Android kernelAndroid ID:
A-144161459(CVE-2020-0431)
- A flaw was found in the HDLC_PPP module of the Linux
kernel in versions before 5.9-rc7. Memory corruption
and a read overflow is caused by improper input
validation in the ppp_cp_parse_cr function which can
cause the system to crash or cause a denial of service.
The highest threat from this vulnerability is to data
confidentiality and integrity as well as system
availability.(CVE-2020-25643)
- A flaw was found in the Linux kernel in versions before
5.9-rc7. Traffic between two Geneve endpoints may be
unencrypted when IPsec is configured to encrypt traffic
for the specific UDP port used by the GENEVE tunnel
allowing anyone between the two endpoints to read the
traffic unencrypted. The main threat from this
vulnerability is to data
confidentiality.(CVE-2020-25645)
- Vulnerability Summary for
CVE-2020-12351(CVE-2020-12351)
- Vulnerability Summary for
CVE-2020-12352(CVE-2020-12352)
- Vulnerability Summary for
CVE-2020-24490(CVE-2020-24490)
- A missing CAP_NET_RAW check in NFC socket creation in
net/nfc/rawsock.c in the Linux kernel before 5.8.2
could be used by local attackers to create raw sockets,
bypassing security mechanisms, aka
CID-26896f01467a.(CVE-2020-26088)
- A flaw was found in the Linux kernel's implementation
of biovecs in versions before 5.9-rc7. A zero-length
biovec request issued by the block subsystem could
cause the kernel to enter an infinite loop, causing a
denial of service. This flaw allows a local attacker
with basic privileges to issue requests to a block
device, resulting in a denial of service. The highest
threat from this vulnerability is to system
availability.(CVE-2020-25641)
- In skb_to_mamac of networking.c, there is a possible
out of bounds write due to an integer overflow. This
could lead to local escalation of privilege with no
additional execution privileges needed. User
interaction is not needed for exploitation.Product:
AndroidVersions: Android kernelAndroid ID:
A-143560807(CVE-2020-0432)
- A race condition between hugetlb sysctl handlers in
mm/hugetlb.c in the Linux kernel before 5.8.8 could be
used by local attackers to corrupt memory, cause a NULL
pointer dereference, or possibly have unspecified other
impact, aka CID-17743798d812.(CVE-2020-25285)
- A flaw was found in the Linux kernel in versions from
2.2.3 through 5.9.rc5. When changing screen size, an
out-of-bounds memory write can occur leading to memory
corruption or a denial of service. This highest threat
from this vulnerability is to system
availability.(CVE-2020-14390)
- A flaw was found in the Linux kernel before 5.9-rc4.
Memory corruption can be exploited to gain root
privileges from unprivileged processes. The highest
threat from this vulnerability is to data
confidentiality and integrity.(CVE-2020-14386)
- Insufficient input validation in i40e driver for
Intel(R) Ethernet 700 Series Controllers versions
before 7.0 may allow an authenticated user to
potentially enable a denial of service via local
access.(CVE-2019-0147)
- A TOCTOU mismatch in the NFS client code in the Linux
kernel before 5.8.3 could be used by local attackers to
corrupt memory or possibly have unspecified other
impact because a size check is in fs/nfs/nfs4proc.c
instead of fs/nfs/nfs4xdr.c, aka
CID-b4487b935452.(CVE-2020-25212)
- A flaw was found in the Linux kernel before 5.9-rc4. A
failure of the file system metadata validator in XFS
can cause an inode with a valid, user-creatable
extended attribute to be flagged as corrupt. This can
lead to the filesystem being shutdown, or otherwise
rendered inaccessible until it is remounted, leading to
a denial of service. The highest threat from this
vulnerability is to system
availability.(CVE-2020-14385)
- In uvc_scan_chain_forward of uvc_driver.c, there is a
possible linked list corruption due to an unusual root
cause. This could lead to local escalation of privilege
in the kernel with no additional execution privileges
needed. User interaction is not needed for
exploitation.Product: AndroidVersions: Android
kernelAndroid ID: A-111893654References: Upstream
kernel(CVE-2020-0404)
- The rbd block device driver in drivers/block/rbd.c in
the Linux kernel through 5.8.9 used incomplete
permission checking for access to rbd devices, which
could be leveraged by local attackers to map or unmap
rbd block devices, aka
CID-f44d04e696fe.(CVE-2020-25284)
- A memory out-of-bounds read flaw was found in the Linux
kernel before 5.9-rc2 with the ext3/ext4 file system,
in the way it accesses a directory with broken
indexing. This flaw allows a local user to crash the
system if the directory exists. The highest threat from
this vulnerability is to system
availability.(CVE-2020-14314)
- A flaw null pointer dereference in the Linux kernel
cgroupv2 subsystem in versions before 5.7.10 was found
in the way when reboot the system. A local user could
use this flaw to crash the system or escalate their
privileges on the system.(CVE-2020-24394)
- A flaw was found in the Linux kernel's implementation
of the invert video code on VGA consoles when a local
attacker attempts to resize the console, calling an
ioctl VT_RESIZE, which causes an out-of-bounds write to
occur. This flaw allows a local user with access to the
VGA console to crash the system, potentially escalating
their privileges on the system. The highest threat from
this vulnerability is to data confidentiality and
integrity as well as system
availability.(CVE-2020-14331)
- The Linux kernel, as used in Red Hat Enterprise Linux
7, kernel-rt, and Enterprise MRG 2 and when booted with
UEFI Secure Boot enabled, allows local users to bypass
intended securelevel/secureboot restrictions by
leveraging improper handling of secure_boot flag across
kexec reboot.(CVE-2015-7837)
- In the Linux kernel through 5.8.7, local attackers able
to inject conntrack netlink configuration could
overflow a local buffer, causing crashes or triggering
use of incorrect protocol numbers in
ctnetlink_parse_tuple_filter in
net/netfilter/nf_conntrack_netlink.c, aka
CID-1cc5ef91d2ff.(CVE-2020-25211)
- A flaw null pointer dereference in the Linux kernel
cgroupv2 subsystem in versions before 5.7.10 was found
in the way when reboot the system. A local user could
use this flaw to crash the system or escalate their
privileges on the system.(CVE-2020-14356)
- Buffer overflow in i40e driver for Intel(R) Ethernet
700 Series Controllers versions before 7.0 may allow an
authenticated user to potentially enable an escalation
of privilege via local access.(CVE-2019-0145)
- The Linux kernel through 5.7.11 allows remote attackers
to make observations that help to obtain sensitive
information about the internal state of the network
RNG, aka CID-f227e3ec3b5c. This is related to
drivers/char/random.c and
kernel/time/timer.c.(CVE-2020-16166)
- The VFIO PCI driver in the Linux kernel through 5.6.13
mishandles attempts to access disabled memory
space.(CVE-2020-12888)
- In the Linux kernel through 5.7.6, usbtest_disconnect
in drivers/usb/misc/usbtest.c has a memory leak, aka
CID-28ebeb8db770.(CVE-2020-15393)
- A logic bug was found in the Linux kernels
implementation of SSBD. A bug in the logic handling can
allow an attacker with a local account to disable SSBD
protection during a context switch when additional
speculative execution mitigations are in
place.(CVE-2020-10766)
- The prctl() function can be used to enable indirect
branch speculation even after it has been disabled.
This same call will incorrectly report it being 'force
disabled' when it is not.(CVE-2020-10768)
- A flaw was found in the Linux kernel's implementation
of the Enhanced IBPB (Indirect Branch Prediction
Barrier). The IBPB mitigation will be disabled when
STIBP is not available or when the Enhanced Indirect
Branch Restricted Speculation (IBRS) is available. This
flaw allows a local attacker to perform a Spectre V2
style attack when this configuration is active. The
highest threat from this vulnerability is to
confidentiality.(CVE-2020-10767)
- A flaw was found in the ZRAM kernel module, where a
user with a local account and the ability to read the
/sys/class/zram-control/hot_add file can create ZRAM
device nodes in the /dev/ directory. This read
allocates kernel memory and is not accounted for a user
that triggers the creation of that ZRAM device. With
this vulnerability, continually reading the device may
consume a large amount of system memory and cause the
Out-of-Memory (OOM) killer to activate and terminate
random userspace processes, possibly making the system
inoperable.(CVE-2020-10781)
- A flaw was found in the Linux kernel. An index buffer
overflow during Direct IO write leading to the NFS
client to crash. In some cases, a reach out of the
index after one memory allocation by kmalloc will cause
a kernel panic. The highest threat from this
vulnerability is to data confidentiality and system
availability.(CVE-2020-10742)
Note that Tenable Network Security has extracted the preceding
description block directly from the EulerOS security advisory. Tenable
has attempted to automatically clean and format it as much as possible
without introducing additional issues.");
# https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2021-1604
script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?a7233c6a");
script_set_attribute(attribute:"solution", value:
"Update the affected kernel packages.");
script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P");
script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C");
script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H");
script_set_cvss3_temporal_vector("CVSS:3.0/E:P/RL:O/RC:C");
script_set_attribute(attribute:"cvss_score_source", value:"CVE-2020-27068");
script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
script_set_attribute(attribute:"exploit_available", value:"true");
script_set_attribute(attribute:"patch_publication_date", value:"2021/03/10");
script_set_attribute(attribute:"plugin_publication_date", value:"2021/03/10");
script_set_attribute(attribute:"plugin_type", value:"local");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:kernel");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:kernel-tools");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:kernel-tools-libs");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:perf");
script_set_attribute(attribute:"cpe", value:"cpe:/o:huawei:euleros:uvp:2.9.1");
script_set_attribute(attribute:"generated_plugin", value:"current");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_family(english:"Huawei Local Security Checks");
script_copyright(english:"This script is Copyright (C) 2021-2023 and is owned by Tenable, Inc. or an Affiliate thereof.");
script_dependencies("ssh_get_info.nasl");
script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/EulerOS/release", "Host/EulerOS/rpm-list", "Host/EulerOS/uvp_version");
exit(0);
}
include("audit.inc");
include("global_settings.inc");
include("rpm.inc");
if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
release = get_kb_item("Host/EulerOS/release");
if (isnull(release) || release !~ "^EulerOS") audit(AUDIT_OS_NOT, "EulerOS");
uvp = get_kb_item("Host/EulerOS/uvp_version");
if (uvp != "2.9.1") audit(AUDIT_OS_NOT, "EulerOS Virtualization 2.9.1");
if (!get_kb_item("Host/EulerOS/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
cpu = get_kb_item("Host/cpu");
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$" && "aarch64" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "EulerOS", cpu);
if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_ARCH_NOT, "i686 / x86_64", cpu);
flag = 0;
pkgs = ["kernel-4.19.90-vhulk2011.1.0.h352.eulerosv2r9",
"kernel-tools-4.19.90-vhulk2011.1.0.h352.eulerosv2r9",
"kernel-tools-libs-4.19.90-vhulk2011.1.0.h352.eulerosv2r9",
"perf-4.19.90-vhulk2011.1.0.h352.eulerosv2r9"];
foreach (pkg in pkgs)
if (rpm_check(release:"EulerOS-2.0", reference:pkg)) flag++;
if (flag)
{
security_report_v4(
port : 0,
severity : SECURITY_HOLE,
extra : rpm_report_get()
);
exit(0);
}
else
{
tested = pkg_tests_get();
if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
else audit(AUDIT_PACKAGE_NOT_INSTALLED, "kernel");
}
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7837
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-0145
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-0147
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-0404
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-0431
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-0432
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-0444
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-0465
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-0466
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-10742
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-10766
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-10767
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-10768
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-10781
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-12351
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-12352
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-12888
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14314
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14331
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14351
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14356
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14385
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14386
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14390
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15393
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15436
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15437
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-16166
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-24394
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-24490
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25211
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25212
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25284
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25285
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25641
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25643
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25645
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25656
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25668
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25669
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25704
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25705
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-26088
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-27067
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-27068
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-27673
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-27675
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-27777
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-27786
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-27815
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-27830
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28915
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28941
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28974
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-29368
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-29370
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-29371
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-29660
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-29661
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8694
www.nessus.org/u?a7233c6a