Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nessusThis script is Copyright (C) 2022-2023 and is owned by Tenable, Inc. or an Affiliate thereof.EULEROS_SA-2022-1243.NASL
HistoryFeb 25, 2022 - 12:00 a.m.

EulerOS 2.0 SP10 : kernel (EulerOS-SA-2022-1243)

2022-02-2500:00:00
This script is Copyright (C) 2022-2023 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
31
JSON

According to the versions of the kernel packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities :

  • Use-after-free vulnerability in the Linux kernel exploitable by a local attacker due to reuse of a DCCP socket with an attached dccps_hc_tx_ccid object as a listener after being released. Fixed in Ubuntu Linux kernel 5.4.0-51.56, 5.3.0-68.63, 4.15.0-121.123, 4.4.0-193.224, 3.13.0.182.191 and 3.2.0-149.196.
    (CVE-2020-16119)

  • In unix_scm_to_skb of af_unix.c, there is a possible use after free bug due to a race condition. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-196926917References:
    Upstream kernel (CVE-2021-0920)

  • An issue was discovered in the Linux kernel before 5.14.15. There is an array-index-out-of-bounds flaw in the detach_capi_ctr function in drivers/isdn/capi/kcapi.c. (CVE-2021-43389)

  • In the Linux kernel through 5.15.2, hw_atl_utils_fw_rpc_wait in drivers/net/ethernet/aquantia/atlantic/hw_atl/hw_atl_utils.c allows an attacker (who can introduce a crafted device) to trigger an out-of-bounds write via a crafted length value. (CVE-2021-43975)

Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

#%NASL_MIN_LEVEL 70300
##
# (C) Tenable Network Security, Inc.
##

include('deprecated_nasl_level.inc');
include('compat.inc');

if (description)
{
  script_id(158416);
  script_version("1.6");
  script_set_attribute(attribute:"plugin_modification_date", value:"2023/04/25");

  script_cve_id(
    "CVE-2020-16119",
    "CVE-2021-0920",
    "CVE-2021-43389",
    "CVE-2021-43975"
  );
  script_xref(name:"CISA-KNOWN-EXPLOITED", value:"2022/06/13");

  script_name(english:"EulerOS 2.0 SP10 : kernel (EulerOS-SA-2022-1243)");

  script_set_attribute(attribute:"synopsis", value:
"The remote EulerOS host is missing multiple security updates.");
  script_set_attribute(attribute:"description", value:
"According to the versions of the kernel packages installed, the EulerOS installation on the remote host is affected by
the following vulnerabilities :

  - Use-after-free vulnerability in the Linux kernel exploitable by a local attacker due to reuse of a DCCP
    socket with an attached dccps_hc_tx_ccid object as a listener after being released. Fixed in Ubuntu Linux
    kernel 5.4.0-51.56, 5.3.0-68.63, 4.15.0-121.123, 4.4.0-193.224, 3.13.0.182.191 and 3.2.0-149.196.
    (CVE-2020-16119)

  - In unix_scm_to_skb of af_unix.c, there is a possible use after free bug due to a race condition. This
    could lead to local escalation of privilege with System execution privileges needed. User interaction is
    not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-196926917References:
    Upstream kernel (CVE-2021-0920)

  - An issue was discovered in the Linux kernel before 5.14.15. There is an array-index-out-of-bounds flaw in
    the detach_capi_ctr function in drivers/isdn/capi/kcapi.c. (CVE-2021-43389)

  - In the Linux kernel through 5.15.2, hw_atl_utils_fw_rpc_wait in
    drivers/net/ethernet/aquantia/atlantic/hw_atl/hw_atl_utils.c allows an attacker (who can introduce a
    crafted device) to trigger an out-of-bounds write via a crafted length value. (CVE-2021-43975)

Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security
advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional
issues.");
  # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2022-1243
  script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?da05deca");
  script_set_attribute(attribute:"solution", value:
"Update the affected kernel packages.");
  script_set_cvss_base_vector("CVSS2#AV:L/AC:M/Au:N/C:C/I:C/A:C");
  script_set_cvss_temporal_vector("CVSS2#E:F/RL:OF/RC:C");
  script_set_cvss3_base_vector("CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H");
  script_set_cvss3_temporal_vector("CVSS:3.0/E:F/RL:O/RC:C");
  script_set_attribute(attribute:"cvss_score_source", value:"CVE-2021-0920");
  script_set_attribute(attribute:"cvss3_score_source", value:"CVE-2020-16119");

  script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"true");

  script_set_attribute(attribute:"vuln_publication_date", value:"2020/10/15");
  script_set_attribute(attribute:"patch_publication_date", value:"2022/02/25");
  script_set_attribute(attribute:"plugin_publication_date", value:"2022/02/25");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:kernel");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:kernel-abi-stablelists");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:kernel-tools");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:kernel-tools-libs");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:python3-perf");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:huawei:euleros:2.0");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"Huawei Local Security Checks");

  script_copyright(english:"This script is Copyright (C) 2022-2023 and is owned by Tenable, Inc. or an Affiliate thereof.");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/EulerOS/release", "Host/EulerOS/rpm-list", "Host/EulerOS/sp");
  script_exclude_keys("Host/EulerOS/uvp_version");

  exit(0);
}

include("audit.inc");
include("global_settings.inc");
include("rpm.inc");

if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);

var release = get_kb_item("Host/EulerOS/release");
if (isnull(release) || release !~ "^EulerOS") audit(AUDIT_OS_NOT, "EulerOS");
var uvp = get_kb_item("Host/EulerOS/uvp_version");
if (release !~ "^EulerOS release 2\.0(\D|$)") audit(AUDIT_OS_NOT, "EulerOS 2.0 SP10");

var sp = get_kb_item("Host/EulerOS/sp");
if (isnull(sp) || sp !~ "^(10)$") audit(AUDIT_OS_NOT, "EulerOS 2.0 SP10");

if (!empty_or_null(uvp)) audit(AUDIT_OS_NOT, "EulerOS 2.0 SP10", "EulerOS UVP " + uvp);

if (!get_kb_item("Host/EulerOS/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);

var cpu = get_kb_item("Host/cpu");
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$" && "aarch64" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "EulerOS", cpu);
if ("aarch64" >!< cpu) audit(AUDIT_ARCH_NOT, "aarch64", cpu);

var flag = 0;

var pkgs = [
  "kernel-4.19.90-vhulk2111.1.0.h893.eulerosv2r10",
  "kernel-abi-stablelists-4.19.90-vhulk2111.1.0.h893.eulerosv2r10",
  "kernel-tools-4.19.90-vhulk2111.1.0.h893.eulerosv2r10",
  "kernel-tools-libs-4.19.90-vhulk2111.1.0.h893.eulerosv2r10",
  "python3-perf-4.19.90-vhulk2111.1.0.h893.eulerosv2r10"
];

foreach (var pkg in pkgs)
  if (rpm_check(release:"EulerOS-2.0", sp:"10", reference:pkg)) flag++;

if (flag)
{
  security_report_v4(
    port       : 0,
    severity   : SECURITY_WARNING,
    extra      : rpm_report_get()
  );
  exit(0);
}
else
{
  var tested = pkg_tests_get();
  if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
  else audit(AUDIT_PACKAGE_NOT_INSTALLED, "kernel");
}
VendorProductVersionCPE
huaweieuleroskernelp-cpe:/a:huawei:euleros:kernel
huaweieuleroskernel-abi-stablelistsp-cpe:/a:huawei:euleros:kernel-abi-stablelists
huaweieuleroskernel-toolsp-cpe:/a:huawei:euleros:kernel-tools
huaweieuleroskernel-tools-libsp-cpe:/a:huawei:euleros:kernel-tools-libs
huaweieulerospython3-perfp-cpe:/a:huawei:euleros:python3-perf
huaweieuleros2.0cpe:/o:huawei:euleros:2.0

Related

photon 10
ubuntu 14
redhatcve 4
prion 4
f5 1
osv 16
debiancve 4
cve 5
ubuntucve 4
cbl_mariner 4
nessus 70
cnvd 3
veracode 3
attackerkb 1
cisa_kev 1
virtuozzo 1
googleprojectzero 2
mageia 6
fedora 9
oraclelinux 8
redhat 17
amazon 1
cloudlinux 2
suse 2
debian 1
cloudfoundry 5
rocky 1
photon
photon
Important Photon OS Security Update - PHSA-2020-0152
2020-10-16 00:00:00
Home Download Photon OS User Documentation FAQ Security Advisories Related Information Lightwave - PHSA-2020-1.0-0333
2020-10-16 00:00:00
Important Photon OS Security Update - PHSA-2020-3.0-0152
2020-10-16 00:00:00
ubuntu
ubuntu
Linux kernel vulnerability
2020-10-14 00:00:00
Linux kernel vulnerabilities
2020-10-14 00:00:00
Linux kernel vulnerabilities
2020-10-14 00:00:00
redhatcve
redhatcve
CVE-2020-16119
2020-10-14 01:33:42
CVE-2021-43389
2021-11-06 17:30:42
CVE-2021-43975
2021-11-19 16:45:01
prion
prion
Design/Logic Flaw
2021-01-14 01:15:00
Out-of-bounds
2021-11-17 17:15:00
Out-of-bounds
2021-11-04 19:15:00
f5
f5
K82248373 : Linux kernel vulnerability CVE-2020-16119
2021-11-02 00:00:00
osv
osv
linux, linux-lts-trusty vulnerability
2020-10-14 02:24:44
Linux kernel: race condition during SCM_RIGHTS garbage collection
2021-11-01 00:00:00
linux-hwe, linux-gke-5.0, linux-gke-5.3, linux-oem-osp1, linux-raspi2-5.3 vulnerabilities
2020-10-14 02:28:30
debiancve
debiancve
CVE-2020-16119
2021-01-14 01:15:00
CVE-2021-43389
2021-11-04 19:15:00
CVE-2021-43975
2021-11-17 17:15:00
cve
cve
CVE-2020-16119
2021-01-14 01:15:00
CVE-2021-43975
2021-11-17 17:15:00
CVE-2021-43389
2021-11-04 19:15:00
ubuntucve
ubuntucve
CVE-2020-16119
2020-10-13 00:00:00
CVE-2021-43975
2021-11-17 00:00:00
CVE-2021-43389
2021-11-04 00:00:00
cbl_mariner
cbl_mariner
CVE-2021-43389 affecting package kernel 5.10.78.1-1
2022-04-09 06:52:47
CVE-2021-43975 affecting package kernel 5.10.189.1-1
2022-01-26 22:54:05
CVE-2021-43389 affecting package kernel 5.10.189.1-1
2021-12-17 20:10:00
nessus
nessus
CBL Mariner 2.0 Security Update: kernel (CVE-2021-43389)
2023-03-20 00:00:00
CBL Mariner 2.0 Security Update: kernel (CVE-2021-43975)
2023-03-20 00:00:00
SUSE SLES15 Security Update : kernel (Live Patch 25 for SLE 15 SP2) (SUSE-SU-2022:0996-1)
2022-03-30 00:00:00
cnvd
cnvd
Linux kernel buffer overflow vulnerability (CNVD-2021-92971)
2021-11-18 00:00:00
Linux kernel array index out-of-bounds vulnerability
2021-11-05 00:00:00
Google Android Kernel Component Elevation of Privilege Vulnerability (CNVD-2021-101428)
2021-11-02 00:00:00
veracode
veracode
Out-of-bounds Write
2022-02-22 17:33:29
Denial Of Service (DoS)
2022-01-20 06:19:59
Privilege Escalation
2022-03-08 23:57:17
attackerkb
attackerkb
CVE-2021-0920
2021-12-15 00:00:00
cisa_kev
cisa_kev
Android Kernel Race Condition Vulnerability
2022-05-23 00:00:00
virtuozzo
virtuozzo
[Important] [Security] Virtuozzo ReadyKernel patch 139.0 for Virtuozzo Hybrid Server 7.0, 7.5
2022-03-29 00:00:00
googleprojectzero
googleprojectzero
Racing against the clock -- hitting a tiny kernel race window
2022-03-24 00:00:00
The quantum state of Linux kernel garbage collection CVE-2021-0920 (Part I)
2022-08-10 00:00:00
mageia
mageia
Updated kernel packages fix security vulnerabilities
2021-10-04 19:42:18
Updated kernel-linus packages fix security vulnerabilities
2021-10-04 19:42:18
Updated kernel packages fix security vulnerabilities
2021-12-22 02:27:37
fedora
fedora
[SECURITY] Fedora 34 Update: kernel-headers-5.15.4-100.fc34
2021-11-27 01:17:15
[SECURITY] Fedora 34 Update: kernel-5.15.4-101.fc34
2021-11-27 01:17:15
[SECURITY] Fedora 35 Update: kernel-tools-5.15.4-200.fc35
2021-11-27 01:12:07
oraclelinux
oraclelinux
Unbreakable Enterprise kernel-container security update
2021-10-14 00:00:00
Unbreakable Enterprise kernel security update
2021-10-14 00:00:00
Unbreakable Enterprise kernel-container security update
2022-01-10 00:00:00
redhat
redhat
(RHSA-2022:1106) Important: kernel security update
2022-03-29 08:22:25
(RHSA-2022:0590) Important: kpatch-patch security update
2022-02-22 08:35:59
(RHSA-2022:0629) Important: kernel-rt security and bug fix update
2022-02-22 14:32:18
amazon
amazon
Medium: kernel
2021-10-04 20:16:00
cloudlinux
cloudlinux
Fix of CVE: CVE-2020-0466, CVE-2022-0492, CVE-2021-4155, CVE-2021-0920
2022-04-26 15:21:28
Fix of CVE: CVE-2021-0920, CVE-2022-0492, CVE-2020-0466, CVE-2021-4155
2022-04-26 15:23:09
suse
suse
Security update for the Linux Kernel (important)
2021-11-25 00:00:00
Security update for the Linux Kernel (important)
2021-11-24 00:00:00
debian
debian
[SECURITY] [DLA 2843-1] linux security update
2021-12-16 21:27:40
cloudfoundry
cloudfoundry
USN-5209-1: Linux kernel vulnerabilities | Cloud Foundry
2022-03-08 00:00:00
USN-4578-1: Linux kernel vulnerabilities | Cloud Foundry
2020-11-19 00:00:00
USN-5210-2: Linux kernel regression | Cloud Foundry
2022-01-20 00:00:00
rocky
rocky
kernel-rt security and bug fix update
2022-03-10 14:37:54
JSON
Related for EULEROS_SA-2022-1243.NASL
photon10ubuntu14redhatcve4prion4f51osv16debiancve4cve5ubuntucve4cbl_mariner4nessus70cnvd3veracode3attackerkb1cisa_kev1virtuozzo1googleprojectzero2mageia6fedora9oraclelinux8redhat17amazon1cloudlinux2suse2debian1cloudfoundry5rocky1