Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nessusThis script is Copyright (C) 2022-2023 and is owned by Tenable, Inc. or an Affiliate thereof.EULEROS_SA-2022-1208.NASL
HistoryFeb 25, 2022 - 12:00 a.m.

EulerOS 2.0 SP10 : kernel (EulerOS-SA-2022-1208)

2022-02-2500:00:00
This script is Copyright (C) 2022-2023 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
27

7.9 High

AI Score

Confidence

High

JSON

According to the versions of the kernel packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities :

  • An issue was discovered in the Linux kernel through 5.2.13. nbd_genl_status in drivers/block/nbd.c does not check the nla_nest_start_noflag return value. (CVE-2019-16089)

  • A flaw in the processing of received ICMP errors (ICMP fragment needed and ICMP redirect) in the Linux kernel functionality was found to allow the ability to quickly scan open UDP ports. This flaw allows an off-path remote user to effectively bypass the source port UDP randomization. The highest threat from this vulnerability is to confidentiality and possibly integrity, because software that relies on UDP source port randomization are indirectly affected as well. (CVE-2021-20322)

  • A use-after-free flaw was found in the Linux kernel’s Bluetooth subsystem in the way user calls connect to the socket and disconnect simultaneously due to a race condition. This flaw allows a user to crash the system or escalate their privileges. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability. (CVE-2021-3752)

  • arch/mips/net/bpf_jit.c in the Linux kernel before 5.4.10 can generate undesirable machine code when transforming unprivileged cBPF programs, allowing execution of arbitrary code within the kernel context.
    This occurs because conditional branches can exceed the 128 KB limit of the MIPS architecture.
    (CVE-2021-38300)

  • prealloc_elems_and_freelist in kernel/bpf/stackmap.c in the Linux kernel before 5.14.12 allows unprivileged users to trigger an eBPF multiplication integer overflow with a resultant out-of-bounds write. (CVE-2021-41864)

  • The firewire subsystem in the Linux kernel through 5.14.13 has a buffer overflow related to drivers/media/firewire/firedtv-avc.c and drivers/media/firewire/firedtv-ci.c, because avc_ca_pmt mishandles bounds checking. (CVE-2021-42739)

Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

#%NASL_MIN_LEVEL 70300
##
# (C) Tenable Network Security, Inc.
##

include('deprecated_nasl_level.inc');
include('compat.inc');

if (description)
{
  script_id(158396);
  script_version("1.5");
  script_set_attribute(attribute:"plugin_modification_date", value:"2023/11/07");

  script_cve_id(
    "CVE-2019-16089",
    "CVE-2021-3669",
    "CVE-2021-3744",
    "CVE-2021-3752",
    "CVE-2021-3764",
    "CVE-2021-20322",
    "CVE-2021-38300",
    "CVE-2021-41864",
    "CVE-2021-42739"
  );

  script_name(english:"EulerOS 2.0 SP10 : kernel (EulerOS-SA-2022-1208)");

  script_set_attribute(attribute:"synopsis", value:
"The remote EulerOS host is missing multiple security updates.");
  script_set_attribute(attribute:"description", value:
"According to the versions of the kernel packages installed, the EulerOS installation on the remote host is affected by
the following vulnerabilities :

  - An issue was discovered in the Linux kernel through 5.2.13. nbd_genl_status in drivers/block/nbd.c does
    not check the nla_nest_start_noflag return value. (CVE-2019-16089)

  - A flaw in the processing of received ICMP errors (ICMP fragment needed and ICMP redirect) in the Linux
    kernel functionality was found to allow the ability to quickly scan open UDP ports. This flaw allows an
    off-path remote user to effectively bypass the source port UDP randomization. The highest threat from this
    vulnerability is to confidentiality and possibly integrity, because software that relies on UDP source
    port randomization are indirectly affected as well. (CVE-2021-20322)

  - A use-after-free flaw was found in the Linux kernel's Bluetooth subsystem in the way user calls connect to
    the socket and disconnect simultaneously due to a race condition. This flaw allows a user to crash the
    system or escalate their privileges. The highest threat from this vulnerability is to confidentiality,
    integrity, as well as system availability. (CVE-2021-3752)

  - arch/mips/net/bpf_jit.c in the Linux kernel before 5.4.10 can generate undesirable machine code when
    transforming unprivileged cBPF programs, allowing execution of arbitrary code within the kernel context.
    This occurs because conditional branches can exceed the 128 KB limit of the MIPS architecture.
    (CVE-2021-38300)

  - prealloc_elems_and_freelist in kernel/bpf/stackmap.c in the Linux kernel before 5.14.12 allows
    unprivileged users to trigger an eBPF multiplication integer overflow with a resultant out-of-bounds
    write. (CVE-2021-41864)

  - The firewire subsystem in the Linux kernel through 5.14.13 has a buffer overflow related to
    drivers/media/firewire/firedtv-avc.c and drivers/media/firewire/firedtv-ci.c, because avc_ca_pmt
    mishandles bounds checking. (CVE-2021-42739)

Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security
advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional
issues.");
  # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2022-1208
  script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?5eaca286");
  script_set_attribute(attribute:"solution", value:
"Update the affected kernel packages.");
  script_set_cvss_base_vector("CVSS2#AV:A/AC:M/Au:N/C:C/I:C/A:C");
  script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C");
  script_set_cvss3_base_vector("CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H");
  script_set_cvss3_temporal_vector("CVSS:3.0/E:P/RL:O/RC:C");
  script_set_attribute(attribute:"cvss_score_source", value:"CVE-2021-3752");
  script_set_attribute(attribute:"cvss3_score_source", value:"CVE-2021-41864");

  script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"true");

  script_set_attribute(attribute:"vuln_publication_date", value:"2019/09/06");
  script_set_attribute(attribute:"patch_publication_date", value:"2022/02/25");
  script_set_attribute(attribute:"plugin_publication_date", value:"2022/02/25");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:bpftool");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:kernel");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:kernel-abi-stablelists");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:kernel-devel");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:kernel-headers");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:kernel-tools");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:kernel-tools-libs");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:kernel-tools-libs-devel");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:perf");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:python3-perf");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:huawei:euleros:2.0");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"Huawei Local Security Checks");

  script_copyright(english:"This script is Copyright (C) 2022-2023 and is owned by Tenable, Inc. or an Affiliate thereof.");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/EulerOS/release", "Host/EulerOS/rpm-list", "Host/EulerOS/sp");
  script_exclude_keys("Host/EulerOS/uvp_version");

  exit(0);
}

include("audit.inc");
include("global_settings.inc");
include("rpm.inc");

if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);

var release = get_kb_item("Host/EulerOS/release");
if (isnull(release) || release !~ "^EulerOS") audit(AUDIT_OS_NOT, "EulerOS");
var uvp = get_kb_item("Host/EulerOS/uvp_version");
if (release !~ "^EulerOS release 2\.0(\D|$)") audit(AUDIT_OS_NOT, "EulerOS 2.0 SP10");

var sp = get_kb_item("Host/EulerOS/sp");
if (isnull(sp) || sp !~ "^(10)$") audit(AUDIT_OS_NOT, "EulerOS 2.0 SP10");

if (!empty_or_null(uvp)) audit(AUDIT_OS_NOT, "EulerOS 2.0 SP10", "EulerOS UVP " + uvp);

if (!get_kb_item("Host/EulerOS/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);

var cpu = get_kb_item("Host/cpu");
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$" && "aarch64" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "EulerOS", cpu);
if ("aarch64" >!< cpu) audit(AUDIT_ARCH_NOT, "aarch64", cpu);

var flag = 0;

var pkgs = [
  "bpftool-4.19.90-vhulk2110.1.0.h860.eulerosv2r10",
  "kernel-4.19.90-vhulk2110.1.0.h860.eulerosv2r10",
  "kernel-abi-stablelists-4.19.90-vhulk2110.1.0.h860.eulerosv2r10",
  "kernel-devel-4.19.90-vhulk2110.1.0.h860.eulerosv2r10",
  "kernel-headers-4.19.90-vhulk2110.1.0.h860.eulerosv2r10",
  "kernel-tools-4.19.90-vhulk2110.1.0.h860.eulerosv2r10",
  "kernel-tools-libs-4.19.90-vhulk2110.1.0.h860.eulerosv2r10",
  "kernel-tools-libs-devel-4.19.90-vhulk2110.1.0.h860.eulerosv2r10",
  "perf-4.19.90-vhulk2110.1.0.h860.eulerosv2r10",
  "python3-perf-4.19.90-vhulk2110.1.0.h860.eulerosv2r10"
];

foreach (var pkg in pkgs)
  if (rpm_check(release:"EulerOS-2.0", sp:"10", reference:pkg)) flag++;

if (flag)
{
  security_report_v4(
    port       : 0,
    severity   : SECURITY_HOLE,
    extra      : rpm_report_get()
  );
  exit(0);
}
else
{
  var tested = pkg_tests_get();
  if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
  else audit(AUDIT_PACKAGE_NOT_INSTALLED, "kernel");
}
VendorProductVersionCPE
huaweieuleroskernel-tools-libsp-cpe:/a:huawei:euleros:kernel-tools-libs
huaweieuleroskernel-develp-cpe:/a:huawei:euleros:kernel-devel
huaweieuleroskernel-toolsp-cpe:/a:huawei:euleros:kernel-tools
huaweieulerosbpftoolp-cpe:/a:huawei:euleros:bpftool
huaweieuleroskernel-abi-stablelistsp-cpe:/a:huawei:euleros:kernel-abi-stablelists
huaweieuleroskernel-headersp-cpe:/a:huawei:euleros:kernel-headers
huaweieulerosperfp-cpe:/a:huawei:euleros:perf
huaweieulerospython3-perfp-cpe:/a:huawei:euleros:python3-perf
huaweieuleroskernel-tools-libs-develp-cpe:/a:huawei:euleros:kernel-tools-libs-devel
huaweieuleroskernelp-cpe:/a:huawei:euleros:kernel
Rows per page:
1-10 of 111

Related

ubuntu 11
nessus 71
osv 14
suse 5
cloudfoundry 5
mageia 2
fedora 6
amazon 1
photon 3
ubuntucve 9
prion 9
cve 10
cbl_mariner 12
redhatcve 9
f5 4
debiancve 9
veracode 7
oraclelinux 3
cnvd 1
ibm 3
rocky 1
trellix 2
redhat 2
ubuntu
ubuntu
Linux kernel (OEM 5.14) vulnerabilities
2021-11-11 00:00:00
Linux kernel vulnerabilities
2022-02-03 00:00:00
Linux kernel vulnerabilities
2022-02-03 00:00:00
nessus
nessus
EulerOS 2.0 SP9 : kernel (EulerOS-SA-2022-1010)
2022-01-28 00:00:00
Amazon Linux 2 : kernel (ALASKERNEL-5.4-2022-009)
2022-05-02 00:00:00
EulerOS 2.0 SP10 : kernel (EulerOS-SA-2022-1227)
2022-02-25 00:00:00
osv
osv
linux-oem-5.14 vulnerabilities
2021-11-11 05:40:50
linux, linux-aws, linux-aws-hwe, linux-azure, linux-dell300x, linux-gcp, linux-gcp-4.15, linux-hwe, linux-kvm, linux-oracle, linux-raspi2, linux-snapdragon vulnerabilities
2022-02-03 05:48:15
linux-raspi, linux-raspi-5.4 vulnerabilities
2022-02-17 06:11:12
suse
suse
Security update for the Linux Kernel (important)
2021-10-12 00:00:00
Security update for the Linux Kernel (important)
2021-10-15 00:00:00
Security update for the Linux Kernel (important)
2021-10-18 00:00:00
cloudfoundry
cloudfoundry
USN-5268-1: Linux kernel vulnerabilities | Cloud Foundry
2022-03-10 00:00:00
USN-5164-1: Linux kernel vulnerabilities | Cloud Foundry
2022-01-20 00:00:00
USN-5267-1: Linux kernel vulnerabilities | Cloud Foundry
2022-03-10 00:00:00
mageia
mageia
Updated kernel packages fix security vulnerabilities
2021-10-25 18:49:26
Updated kernel-linus packages fix security vulnerabilities
2021-10-25 18:49:26
fedora
fedora
[SECURITY] Fedora 34 Update: kernel-5.14.10-200.fc34
2021-10-11 21:33:46
[SECURITY] Fedora 35 Update: kernel-5.14.10-300.fc35
2021-10-09 01:36:43
[SECURITY] Fedora 33 Update: kernel-5.14.10-100.fc33
2021-10-11 21:36:34
amazon
amazon
Important: kernel
2021-10-28 23:22:00
photon
photon
Important Photon OS Security Update - PHSA-2021-3.0-0336
2021-12-02 00:00:00
Important Photon OS Security Update - PHSA-2022-0499
2022-07-23 00:00:00
Important Photon OS Security Update - PHSA-2021-3.0-0325
2021-11-04 00:00:00
ubuntucve
ubuntucve
CVE-2021-3764
2021-09-15 00:00:00
CVE-2021-38300
2021-09-20 00:00:00
CVE-2019-16089
2019-09-06 00:00:00
prion
prion
Code injection
2019-09-06 23:15:00
Code injection
2021-09-20 06:15:00
Design/Logic Flaw
2022-02-18 18:15:00
cve
cve
CVE-2019-16089
2019-09-06 23:15:00
CVE-2021-38300
2021-09-20 06:15:00
CVE-2021-20322
2022-02-18 18:15:00
cbl_mariner
cbl_mariner
CVE-2021-38300 affecting package kernel 5.10.168.1-1
2021-11-03 19:21:29
CVE-2021-38300 affecting package kernel 5.10.78.1-1
2022-04-09 06:52:47
CVE-2021-41864 affecting package kernel 5.10.78.1-1
2022-04-09 06:52:47
redhatcve
redhatcve
CVE-2021-38300
2021-09-16 14:15:15
CVE-2019-16089
2020-01-03 21:55:36
CVE-2021-41864
2021-10-04 17:53:50
f5
f5
K03814795 : Linux kernel vulnerability CVE-2019-16089
2019-10-18 00:00:00
K49440205 : Linux kernel vulnerability CVE-2021-38300
2022-10-12 00:00:00
K11255393 : Linux kernel vulnerability CVE-2021-41864
2022-10-18 00:00:00
debiancve
debiancve
CVE-2019-16089
2019-09-06 23:15:00
CVE-2021-38300
2021-09-20 06:15:00
CVE-2021-42739
2021-10-20 07:15:00
veracode
veracode
Denial Of Service (DoS)
2020-09-21 06:39:35
Denial Of Service (DoS)
2022-02-08 17:16:04
Denial Of Service (DoS)
2022-01-15 00:38:33
oraclelinux
oraclelinux
Unbreakable Enterprise kernel-container security update
2021-12-20 00:00:00
Unbreakable Enterprise kernel security update
2021-12-20 00:00:00
kernel security, bug fix, and enhancement update
2022-05-17 00:00:00
cnvd
cnvd
Linux Kernel Resource Management Error Vulnerability (CNVD-2022-69189)
2022-09-30 00:00:00
ibm
ibm
Security Bulletin: Vulnerabilities in the Linux Kernel affect IBM Spectrum Copy Data Management
2022-06-09 17:51:49
Security Bulletin: There are multiple vulnerabilities in the Linux Kernel used in IBM Elastic Storage System
2022-08-29 11:08:07
Security Bulletin: IBM DataPower Gateway vulnerable to network state information leakage (CVE-2021-20322, CVE-2021-45485, CVE-2021-45486)
2022-12-16 21:16:31
rocky
rocky
kernel-rt security and bug fix update
2022-05-10 06:42:36
trellix
trellix
The Bug Report November 2021 Edition
2021-11-30 00:00:00
The Bug Report November 2021 Edition
2021-11-30 00:00:00
redhat
redhat
(RHSA-2022:0063) Moderate: kernel security and bug fix update
2022-01-11 09:02:34
(RHSA-2022:0065) Moderate: kernel-rt security and bug fix update
2022-01-11 09:03:22

7.9 High

AI Score

Confidence

High

JSON
Related for EULEROS_SA-2022-1208.NASL
ubuntu11nessus71osv14suse5cloudfoundry5mageia2fedora6amazon1photon3ubuntucve9prion9cve10cbl_mariner12redhatcve9f54debiancve9veracode7oraclelinux3cnvd1ibm3rocky1trellix2redhat2