Lucene search
This script is Copyright (C) 2021-2023 and is owned by Tenable, Inc. or an Affiliate thereof.EULEROS_SA-2021-2934.NASLHistoryDec 31, 2021 - 12:00 a.m.
EulerOS 2.0 SP5 : kernel (EulerOS-SA-2021-2934)
2021-12-3100:00:00
This script is Copyright (C) 2021-2023 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
19
7.1 High
AI Score
Confidence
Low
According to the versions of the kernel packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities :
-
An information disclosure vulnerability exists in the ARM SIGPAGE functionality of Linux Kernel v5.4.66 and v5.4.54. The latest version (5.11-rc4) seems to still be vulnerable. A userland application can read the contents of the sigpage, which can leak kernel memory contents. An attacker can read a process’s memory at a specific offset to trigger this vulnerability. This was fixed in kernel releases: 4.14.222 4.19.177 5.4.99 5.10.17 5.11 (CVE-2021-21781)
-
A lack of CPU resource in the Linux kernel tracing module functionality in versions prior to 5.14-rc3 was found in the way user uses trace ring buffer in a specific way. Only privileged local users (with CAP_SYS_ADMIN capability) could use this flaw to starve the resources causing denial of service.
(CVE-2021-3679) -
hso_free_net_device in drivers/net/usb/hso.c in the Linux kernel through 5.13.4 calls unregister_netdev without checking for the NETREG_REGISTERED state, leading to a use-after-free and a double free.
(CVE-2021-37159) -
fs/nfs/nfs4client.c in the Linux kernel before 5.13.4 has incorrect connection-setup ordering, which allows operators of remote NFSv4 servers to cause a denial of service (hanging of mounts) by arranging for those servers to be unreachable during trunking detection. (CVE-2021-38199)
-
A race condition was discovered in ext4_write_inline_data_end in fs/ext4/inline.c in the ext4 subsystem in the Linux kernel through 5.13.13. (CVE-2021-40490)
-
The decode_data function in drivers/net/hamradio/6pack.c in the Linux kernel before 5.13.13 has a slab out-of-bounds write. Input from a process that has the CAP_NET_ADMIN capability can lead to root access.
(CVE-2021-42008)
Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
#%NASL_MIN_LEVEL 70300
##
# (C) Tenable Network Security, Inc.
##
include('deprecated_nasl_level.inc');
include('compat.inc');
if (description)
{
script_id(156431);
script_version("1.3");
script_set_attribute(attribute:"plugin_modification_date", value:"2023/11/21");
script_cve_id(
"CVE-2021-3679",
"CVE-2021-3753",
"CVE-2021-20322",
"CVE-2021-21781",
"CVE-2021-37159",
"CVE-2021-38199",
"CVE-2021-40490",
"CVE-2021-42008"
);
script_name(english:"EulerOS 2.0 SP5 : kernel (EulerOS-SA-2021-2934)");
script_set_attribute(attribute:"synopsis", value:
"The remote EulerOS host is missing multiple security updates.");
script_set_attribute(attribute:"description", value:
"According to the versions of the kernel packages installed, the EulerOS installation on the remote host is affected by
the following vulnerabilities :
- An information disclosure vulnerability exists in the ARM SIGPAGE functionality of Linux Kernel v5.4.66
and v5.4.54. The latest version (5.11-rc4) seems to still be vulnerable. A userland application can read
the contents of the sigpage, which can leak kernel memory contents. An attacker can read a process's
memory at a specific offset to trigger this vulnerability. This was fixed in kernel releases: 4.14.222
4.19.177 5.4.99 5.10.17 5.11 (CVE-2021-21781)
- A lack of CPU resource in the Linux kernel tracing module functionality in versions prior to 5.14-rc3 was
found in the way user uses trace ring buffer in a specific way. Only privileged local users (with
CAP_SYS_ADMIN capability) could use this flaw to starve the resources causing denial of service.
(CVE-2021-3679)
- hso_free_net_device in drivers/net/usb/hso.c in the Linux kernel through 5.13.4 calls unregister_netdev
without checking for the NETREG_REGISTERED state, leading to a use-after-free and a double free.
(CVE-2021-37159)
- fs/nfs/nfs4client.c in the Linux kernel before 5.13.4 has incorrect connection-setup ordering, which
allows operators of remote NFSv4 servers to cause a denial of service (hanging of mounts) by arranging for
those servers to be unreachable during trunking detection. (CVE-2021-38199)
- A race condition was discovered in ext4_write_inline_data_end in fs/ext4/inline.c in the ext4 subsystem in
the Linux kernel through 5.13.13. (CVE-2021-40490)
- The decode_data function in drivers/net/hamradio/6pack.c in the Linux kernel before 5.13.13 has a slab
out-of-bounds write. Input from a process that has the CAP_NET_ADMIN capability can lead to root access.
(CVE-2021-42008)
Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security
advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional
issues.");
# https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2021-2934
script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?32432ab9");
script_set_attribute(attribute:"solution", value:
"Update the affected kernel packages.");
script_set_cvss_base_vector("CVSS2#AV:L/AC:M/Au:N/C:C/I:C/A:C");
script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C");
script_set_cvss3_base_vector("CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H");
script_set_cvss3_temporal_vector("CVSS:3.0/E:P/RL:O/RC:C");
script_set_attribute(attribute:"cvss_score_source", value:"CVE-2021-42008");
script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
script_set_attribute(attribute:"exploit_available", value:"true");
script_set_attribute(attribute:"vuln_publication_date", value:"2021/07/21");
script_set_attribute(attribute:"patch_publication_date", value:"2021/12/31");
script_set_attribute(attribute:"plugin_publication_date", value:"2021/12/31");
script_set_attribute(attribute:"plugin_type", value:"local");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:kernel");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:kernel-devel");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:kernel-headers");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:kernel-tools");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:kernel-tools-libs");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:perf");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:python-perf");
script_set_attribute(attribute:"cpe", value:"cpe:/o:huawei:euleros:2.0");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_family(english:"Huawei Local Security Checks");
script_copyright(english:"This script is Copyright (C) 2021-2023 and is owned by Tenable, Inc. or an Affiliate thereof.");
script_dependencies("ssh_get_info.nasl");
script_require_keys("Host/local_checks_enabled", "Host/EulerOS/release", "Host/EulerOS/rpm-list", "Host/EulerOS/sp");
script_exclude_keys("Host/EulerOS/uvp_version");
exit(0);
}
include("audit.inc");
include("global_settings.inc");
include("rpm.inc");
if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
var release = get_kb_item("Host/EulerOS/release");
if (isnull(release) || release !~ "^EulerOS") audit(AUDIT_OS_NOT, "EulerOS");
var uvp = get_kb_item("Host/EulerOS/uvp_version");
if (release !~ "^EulerOS release 2\.0(\D|$)") audit(AUDIT_OS_NOT, "EulerOS 2.0 SP5");
var sp = get_kb_item("Host/EulerOS/sp");
if (isnull(sp) || sp !~ "^(5)$") audit(AUDIT_OS_NOT, "EulerOS 2.0 SP5");
if (!empty_or_null(uvp)) audit(AUDIT_OS_NOT, "EulerOS 2.0 SP5", "EulerOS UVP " + uvp);
if (!get_kb_item("Host/EulerOS/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
var cpu = get_kb_item("Host/cpu");
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$" && "aarch64" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "EulerOS", cpu);
if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_ARCH_NOT, "i686 / x86_64", cpu);
var flag = 0;
var pkgs = [
"kernel-3.10.0-862.14.1.5.h641.eulerosv2r7",
"kernel-devel-3.10.0-862.14.1.5.h641.eulerosv2r7",
"kernel-headers-3.10.0-862.14.1.5.h641.eulerosv2r7",
"kernel-tools-3.10.0-862.14.1.5.h641.eulerosv2r7",
"kernel-tools-libs-3.10.0-862.14.1.5.h641.eulerosv2r7",
"perf-3.10.0-862.14.1.5.h641.eulerosv2r7",
"python-perf-3.10.0-862.14.1.5.h641.eulerosv2r7"
];
foreach (var pkg in pkgs)
if (rpm_check(release:"EulerOS-2.0", sp:"5", reference:pkg)) flag++;
if (flag)
{
security_report_v4(
port : 0,
severity : SECURITY_WARNING,
extra : rpm_report_get()
);
exit(0);
}
else
{
var tested = pkg_tests_get();
if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
else audit(AUDIT_PACKAGE_NOT_INSTALLED, "kernel");
}
| Vendor | Product | Version | CPE |
|---|---|---|---|
| huawei | euleros | kernel | p-cpe:/a:huawei:euleros:kernel |
| huawei | euleros | kernel-devel | p-cpe:/a:huawei:euleros:kernel-devel |
| huawei | euleros | kernel-headers | p-cpe:/a:huawei:euleros:kernel-headers |
| huawei | euleros | kernel-tools | p-cpe:/a:huawei:euleros:kernel-tools |
| huawei | euleros | kernel-tools-libs | p-cpe:/a:huawei:euleros:kernel-tools-libs |
| huawei | euleros | perf | p-cpe:/a:huawei:euleros:perf |
| huawei | euleros | python-perf | p-cpe:/a:huawei:euleros:python-perf |
| huawei | euleros | 2.0 | cpe:/o:huawei:euleros:2.0 |
References
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-20322
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-21781
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3679
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-37159
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3753
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-38199
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-40490
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42008
www.nessus.org/u?32432ab9
Related
openvas
openvas
Huawei EulerOS: Security Advisory for kernel (EulerOS-SA-2021-2934)
2022-01-02 00:00:00
Huawei EulerOS: Security Advisory for kernel (EulerOS-SA-2021-2636)
2021-11-03 00:00:00
Huawei EulerOS: Security Advisory for kernel (EulerOS-SA-2023-1066)
2023-01-09 00:00:00
nessus
nessus
EulerOS 2.0 SP8 : kernel (EulerOS-SA-2021-2636)
2021-11-02 00:00:00
Amazon Linux 2 : kernel (ALASKERNEL-5.4-2022-007)
2022-05-02 00:00:00
EulerOS Virtualization 3.0.2.6 : kernel (EulerOS-SA-2023-1066)
2024-01-16 00:00:00
osv
osv
ubuntu
ubuntu
Linux kernel vulnerabilities
2021-10-22 00:00:00
Linux kernel vulnerabilities
2021-10-19 00:00:00
Linux kernel (OEM) vulnerabilities
2021-10-20 00:00:00
githubexploit
githubexploit
Exploit for Out-of-bounds Write in Linux Linux Kernel
2021-12-03 14:08:26
Exploit for Out-of-bounds Write in Linux Linux Kernel
2021-12-03 13:18:32
Exploit for Race Condition in Linux Linux Kernel
2022-01-11 05:42:58
debiancve
debiancve
redhatcve
redhatcve
debian
debian
[SECURITY] [DLA 2843-1] linux security update
2021-12-16 21:27:40
[SECURITY] [DSA 4978-1] linux security update
2021-09-25 08:09:05
[SECURITY] [DSA 4978-1] linux security update
2021-09-25 08:09:05
prion
prion
Information disclosure
2021-08-18 15:15:00
Design/Logic Flaw
2021-10-05 00:15:00
Code injection
2021-08-08 20:15:00
ubuntucve
ubuntucve
cve
cve
veracode
veracode
Information Disclosure
2022-06-23 22:13:00
Denial Of Service (DoS)
2021-09-30 13:39:21
Denial Of Service (DoS)
2021-10-25 18:01:36
cnvd
cnvd
Linux kernel information disclosure vulnerability (CNVD-2021-60526)
2021-06-29 00:00:00
Linux kernel denial-of-service vulnerability (CNVD-2021-60513)
2021-08-10 00:00:00
cbl_mariner
cbl_mariner
CVE-2021-38199 affecting package kernel 5.10.78.1-1
2022-04-09 06:52:47
CVE-2021-38199 affecting package kernel 5.10.189.1-1
2021-09-09 15:03:26
CVE-2021-42008 affecting package kernel 5.10.78.1-1
2022-04-09 06:52:47
talos
talos
Linux Kernel Arm SIGPAGE information disclosure vulnerability
2021-05-28 00:00:00
oraclelinux
oraclelinux
Unbreakable Enterprise kernel security update
2021-10-11 00:00:00
Unbreakable Enterprise kernel-container security update
2021-10-11 00:00:00
Unbreakable Enterprise kernel-container security update
2021-09-22 00:00:00
suse
suse
Security update for the Linux Kernel (important)
2021-08-11 00:00:00
Security update for the Linux Kernel (important)
2021-11-24 00:00:00
Security update for the Linux Kernel (important)
2021-11-25 00:00:00
mageia
mageia
Updated kernel packages fix security vulnerabilities
2021-09-08 12:23:46
fedora
fedora
[SECURITY] Fedora 33 Update: kernel-5.13.15-100.fc33
2021-09-14 15:06:23
[SECURITY] Fedora 34 Update: kernel-5.13.15-200.fc34
2021-09-14 14:59:57
amazon
amazon
Medium: kernel
2021-10-04 20:16:00
Medium: kernel
2021-09-08 23:35:00
f5
f5
K04712583 : Linux kernel vulnerability CVE-2021-40490
2022-10-19 00:00:00
cloudfoundry
cloudfoundry
USN-5091-1: Linux kernel vulnerabilities | Cloud Foundry
2021-10-04 00:00:00
USN-5136-1: Linux kernel vulnerabilities | Cloud Foundry
2022-01-20 00:00:00
photon
photon
Moderate Photon OS Security Update - PHSA-2021-0410
2021-10-30 00:00:00
Important Photon OS Security Update - PHSA-2022-0499
2022-07-23 00:00:00
Moderate Photon OS Security Update - PHSA-2021-0447
2021-10-22 00:00:00
ibm
ibm