CVSS2
Attack Vector
LOCAL
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:L/AC:L/Au:N/C:C/I:C/A:C
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
AI Score
Confidence
Low
EPSS
Percentile
72.5%
According to the versions of the kernel packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities :
In the Linux kernel through 5.13.7, an unprivileged BPF program can obtain sensitive information from kernel memory via a Speculative Store Bypass side-channel attack because the protection mechanism neglects the possibility of uninitialized memory locations on the BPF stack. (CVE-2021-34556)
In the Linux kernel through 5.13.7, an unprivileged BPF program can obtain sensitive information from kernel memory via a Speculative Store Bypass side-channel attack because a certain preempting store operation does not necessarily occur before a store operation that has an attacker-controlled value.
(CVE-2021-35477)
A vulnerability was found in the Linux kernel in versions prior to v5.14-rc1. Missing size validations on inbound SCTP packets may allow the kernel to read uninitialized memory. (CVE-2021-3655)
A lack of CPU resource in the Linux kernel tracing module functionality in versions prior to 5.14-rc3 was found in the way user uses trace ring buffer in a specific way. Only privileged local users (with CAP_SYS_ADMIN capability) could use this flaw to starve the resources causing denial of service.
(CVE-2021-3679)
hso_free_net_device in drivers/net/usb/hso.c in the Linux kernel through 5.13.4 calls unregister_netdev without checking for the NETREG_REGISTERED state, leading to a use-after-free and a double free.
(CVE-2021-37159)
DISPUTED In drivers/char/virtio_console.c in the Linux kernel before 5.13.4, data corruption or loss can be triggered by an untrusted device that supplies a buf->len value exceeding the buffer size. NOTE:
the vendor indicates that the cited data corruption is not a vulnerability in any existing use case; the length validation was added solely for robustness in the face of anomalous host OS behavior.
(CVE-2021-38160)
fs/nfs/nfs4client.c in the Linux kernel before 5.13.4 has incorrect connection-setup ordering, which allows operators of remote NFSv4 servers to cause a denial of service (hanging of mounts) by arranging for those servers to be unreachable during trunking detection. (CVE-2021-38199)
drivers/net/ethernet/xilinx/xilinx_emaclite.c in the Linux kernel before 5.13.3 makes it easier for attackers to defeat an ASLR protection mechanism because it prints a kernel pointer (i.e., the real IOMEM pointer). (CVE-2021-38205)
drivers/net/ethernet/xilinx/ll_temac_main.c in the Linux kernel before 5.12.13 allows remote attackers to cause a denial of service (buffer overflow and lockup) by sending heavy network traffic for about ten minutes. (CVE-2021-38207)
net/nfc/llcp_sock.c in the Linux kernel before 5.12.10 allows local unprivileged users to cause a denial of service (NULL pointer dereference and BUG) by making a getsockname call after a certain type of failure of a bind call. (CVE-2021-38208)
Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
#%NASL_MIN_LEVEL 70300
##
# (C) Tenable Network Security, Inc.
##
include('deprecated_nasl_level.inc');
include('compat.inc');
if (description)
{
script_id(155261);
script_version("1.3");
script_set_attribute(attribute:"plugin_modification_date", value:"2023/11/24");
script_cve_id(
"CVE-2021-3655",
"CVE-2021-3659",
"CVE-2021-3679",
"CVE-2021-3743",
"CVE-2021-3753",
"CVE-2021-34556",
"CVE-2021-35477",
"CVE-2021-37159",
"CVE-2021-38160",
"CVE-2021-38199",
"CVE-2021-38205",
"CVE-2021-38207",
"CVE-2021-38208"
);
script_name(english:"EulerOS 2.0 SP9 : kernel (EulerOS-SA-2021-2688)");
script_set_attribute(attribute:"synopsis", value:
"The remote EulerOS host is missing multiple security updates.");
script_set_attribute(attribute:"description", value:
"According to the versions of the kernel packages installed, the EulerOS installation on the remote host is affected by
the following vulnerabilities :
- In the Linux kernel through 5.13.7, an unprivileged BPF program can obtain sensitive information from
kernel memory via a Speculative Store Bypass side-channel attack because the protection mechanism neglects
the possibility of uninitialized memory locations on the BPF stack. (CVE-2021-34556)
- In the Linux kernel through 5.13.7, an unprivileged BPF program can obtain sensitive information from
kernel memory via a Speculative Store Bypass side-channel attack because a certain preempting store
operation does not necessarily occur before a store operation that has an attacker-controlled value.
(CVE-2021-35477)
- A vulnerability was found in the Linux kernel in versions prior to v5.14-rc1. Missing size validations on
inbound SCTP packets may allow the kernel to read uninitialized memory. (CVE-2021-3655)
- A lack of CPU resource in the Linux kernel tracing module functionality in versions prior to 5.14-rc3 was
found in the way user uses trace ring buffer in a specific way. Only privileged local users (with
CAP_SYS_ADMIN capability) could use this flaw to starve the resources causing denial of service.
(CVE-2021-3679)
- hso_free_net_device in drivers/net/usb/hso.c in the Linux kernel through 5.13.4 calls unregister_netdev
without checking for the NETREG_REGISTERED state, leading to a use-after-free and a double free.
(CVE-2021-37159)
- ** DISPUTED ** In drivers/char/virtio_console.c in the Linux kernel before 5.13.4, data corruption or loss
can be triggered by an untrusted device that supplies a buf->len value exceeding the buffer size. NOTE:
the vendor indicates that the cited data corruption is not a vulnerability in any existing use case; the
length validation was added solely for robustness in the face of anomalous host OS behavior.
(CVE-2021-38160)
- fs/nfs/nfs4client.c in the Linux kernel before 5.13.4 has incorrect connection-setup ordering, which
allows operators of remote NFSv4 servers to cause a denial of service (hanging of mounts) by arranging for
those servers to be unreachable during trunking detection. (CVE-2021-38199)
- drivers/net/ethernet/xilinx/xilinx_emaclite.c in the Linux kernel before 5.13.3 makes it easier for
attackers to defeat an ASLR protection mechanism because it prints a kernel pointer (i.e., the real IOMEM
pointer). (CVE-2021-38205)
- drivers/net/ethernet/xilinx/ll_temac_main.c in the Linux kernel before 5.12.13 allows remote attackers to
cause a denial of service (buffer overflow and lockup) by sending heavy network traffic for about ten
minutes. (CVE-2021-38207)
- net/nfc/llcp_sock.c in the Linux kernel before 5.12.10 allows local unprivileged users to cause a denial
of service (NULL pointer dereference and BUG) by making a getsockname call after a certain type of failure
of a bind call. (CVE-2021-38208)
Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security
advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional
issues.");
# https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2021-2688
script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?d2ef017d");
script_set_attribute(attribute:"solution", value:
"Update the affected kernel packages.");
script_set_cvss_base_vector("CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C");
script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C");
script_set_cvss3_base_vector("CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H");
script_set_cvss3_temporal_vector("CVSS:3.0/E:P/RL:O/RC:C");
script_set_attribute(attribute:"cvss_score_source", value:"CVE-2021-38160");
script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
script_set_attribute(attribute:"exploit_available", value:"true");
script_set_attribute(attribute:"vuln_publication_date", value:"2021/07/21");
script_set_attribute(attribute:"patch_publication_date", value:"2021/11/11");
script_set_attribute(attribute:"plugin_publication_date", value:"2021/11/11");
script_set_attribute(attribute:"plugin_type", value:"local");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:kernel");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:kernel-tools");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:kernel-tools-libs");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:python3-perf");
script_set_attribute(attribute:"cpe", value:"cpe:/o:huawei:euleros:2.0");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_family(english:"Huawei Local Security Checks");
script_copyright(english:"This script is Copyright (C) 2021-2023 and is owned by Tenable, Inc. or an Affiliate thereof.");
script_dependencies("ssh_get_info.nasl");
script_require_keys("Host/local_checks_enabled", "Host/EulerOS/release", "Host/EulerOS/rpm-list", "Host/EulerOS/sp");
script_exclude_keys("Host/EulerOS/uvp_version");
exit(0);
}
include("audit.inc");
include("global_settings.inc");
include("rpm.inc");
if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
var release = get_kb_item("Host/EulerOS/release");
if (isnull(release) || release !~ "^EulerOS") audit(AUDIT_OS_NOT, "EulerOS");
var uvp = get_kb_item("Host/EulerOS/uvp_version");
if (release !~ "^EulerOS release 2\.0(\D|$)") audit(AUDIT_OS_NOT, "EulerOS 2.0 SP9");
var sp = get_kb_item("Host/EulerOS/sp");
if (isnull(sp) || sp !~ "^(9)$") audit(AUDIT_OS_NOT, "EulerOS 2.0 SP9");
if (!empty_or_null(uvp)) audit(AUDIT_OS_NOT, "EulerOS 2.0 SP9", "EulerOS UVP " + uvp);
if (!get_kb_item("Host/EulerOS/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
var cpu = get_kb_item("Host/cpu");
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$" && "aarch64" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "EulerOS", cpu);
if ("aarch64" >!< cpu) audit(AUDIT_ARCH_NOT, "aarch64", cpu);
var flag = 0;
var pkgs = [
"kernel-4.19.90-vhulk2103.1.0.h584.eulerosv2r9",
"kernel-tools-4.19.90-vhulk2103.1.0.h584.eulerosv2r9",
"kernel-tools-libs-4.19.90-vhulk2103.1.0.h584.eulerosv2r9",
"python3-perf-4.19.90-vhulk2103.1.0.h584.eulerosv2r9"
];
foreach (var pkg in pkgs)
if (rpm_check(release:"EulerOS-2.0", sp:"9", reference:pkg)) flag++;
if (flag)
{
security_report_v4(
port : 0,
severity : SECURITY_HOLE,
extra : rpm_report_get()
);
exit(0);
}
else
{
var tested = pkg_tests_get();
if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
else audit(AUDIT_PACKAGE_NOT_INSTALLED, "kernel");
}
Vendor | Product | Version | CPE |
---|---|---|---|
huawei | euleros | kernel | p-cpe:/a:huawei:euleros:kernel |
huawei | euleros | kernel-tools | p-cpe:/a:huawei:euleros:kernel-tools |
huawei | euleros | kernel-tools-libs | p-cpe:/a:huawei:euleros:kernel-tools-libs |
huawei | euleros | python3-perf | p-cpe:/a:huawei:euleros:python3-perf |
huawei | euleros | 2.0 | cpe:/o:huawei:euleros:2.0 |
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-34556
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-35477
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3655
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3659
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3679
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-37159
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3743
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3753
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-38160
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-38199
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-38205
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-38207
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-38208
www.nessus.org/u?d2ef017d
CVSS2
Attack Vector
LOCAL
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:L/AC:L/Au:N/C:C/I:C/A:C
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
AI Score
Confidence
Low
EPSS
Percentile
72.5%