EulerOS 2.0 SP10 kernel vulnerabilitie
Reporter | Title | Published | Views | Family All 199 |
---|---|---|---|---|
![]() | Huawei EulerOS: Security Advisory for kernel (EulerOS-SA-2022-1661) | 9 May 202200:00 | – | openvas |
![]() | Huawei EulerOS: Security Advisory for kernel (EulerOS-SA-2022-1647) | 9 May 202200:00 | – | openvas |
![]() | Huawei EulerOS: Security Advisory for kernel (EulerOS-SA-2022-1779) | 30 May 202200:00 | – | openvas |
![]() | Huawei EulerOS: Security Advisory for kernel (EulerOS-SA-2022-1537) | 25 Apr 202200:00 | – | openvas |
![]() | Ubuntu: Security Advisory (USN-5384-1) | 21 Apr 202200:00 | – | openvas |
![]() | Mageia: Security Advisory (MGASA-2022-0062) | 16 Feb 202200:00 | – | openvas |
![]() | Ubuntu: Security Advisory (USN-5385-1) | 22 Apr 202200:00 | – | openvas |
![]() | Mageia: Security Advisory (MGASA-2022-0063) | 16 Feb 202200:00 | – | openvas |
![]() | SUSE: Security Advisory (SUSE-SU-2022:0766-1) | 9 Mar 202200:00 | – | openvas |
![]() | SUSE: Security Advisory (SUSE-SU-2022:0768-1) | 9 Mar 202200:00 | – | openvas |
##
# (C) Tenable, Inc.
##
include('compat.inc');
if (description)
{
script_id(160644);
script_version("1.4");
script_set_attribute(attribute:"plugin_modification_date", value:"2023/10/30");
script_cve_id(
"CVE-2020-27820",
"CVE-2021-3772",
"CVE-2021-4159",
"CVE-2022-0435",
"CVE-2022-0487",
"CVE-2022-0617",
"CVE-2022-22942",
"CVE-2022-24448"
);
script_name(english:"EulerOS 2.0 SP10 : kernel (EulerOS-SA-2022-1661)");
script_set_attribute(attribute:"synopsis", value:
"The remote EulerOS host is missing multiple security updates.");
script_set_attribute(attribute:"description", value:
"According to the versions of the kernel packages installed, the EulerOS installation on the remote host is affected by
the following vulnerabilities :
- A vulnerability was found in Linux kernel, where a use-after-frees in nouveau's postclose() handler could
happen if removing device (that is not common to remove video card physically without power-off, but same
happens if 'unbind' the driver). (CVE-2020-27820)
- A flaw was found in the Linux SCTP stack. A blind attacker may be able to kill an existing SCTP
association through invalid chunks if the attacker knows the IP-addresses and port numbers being used and
the attacker can send packets with spoofed IP addresses. (CVE-2021-3772)
- A stack overflow flaw was found in the Linux kernel's TIPC protocol functionality in the way a user sends
a packet with malicious content where the number of domain member nodes is higher than the 64 allowed.
This flaw allows a remote user to crash the system or possibly escalate their privileges if they have
access to the TIPC network. (CVE-2022-0435)
- A use-after-free vulnerability was found in rtsx_usb_ms_drv_remove in drivers/memstick/host/rtsx_usb_ms.c
in memstick in the Linux kernel. In this flaw, a local attacker with a user privilege may impact system
Confidentiality. This flaw affects kernel versions prior to 5.14 rc1. (CVE-2022-0487)
- A flaw null pointer dereference in the Linux kernel UDF file system functionality was found in the way
user triggers udf_file_write_iter function for the malicious UDF image. A local user could use this flaw
to crash the system. Actual from Linux kernel 4.2-rc1 till 5.17-rc2. (CVE-2022-0617)
- An issue was discovered in fs/nfs/dir.c in the Linux kernel before 5.16.5. If an application sets the
O_DIRECTORY flag, and tries to open a regular file, nfs_atomic_open() performs a regular lookup. If a
regular file is found, ENOTDIR should occur, but the server instead returns uninitialized data in the file
descriptor. (CVE-2022-24448)
Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security
advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional
issues.");
# https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2022-1661
script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?2401b635");
script_set_attribute(attribute:"solution", value:
"Update the affected kernel packages.");
script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:S/C:C/I:C/A:C");
script_set_cvss_temporal_vector("CVSS2#E:H/RL:OF/RC:C");
script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H");
script_set_cvss3_temporal_vector("CVSS:3.0/E:H/RL:O/RC:C");
script_set_attribute(attribute:"cvss_score_source", value:"CVE-2022-0435");
script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
script_set_attribute(attribute:"exploit_available", value:"true");
script_set_attribute(attribute:"exploited_by_malware", value:"true");
script_set_attribute(attribute:"metasploit_name", value:'vmwgfx Driver File Descriptor Handling Priv Esc');
script_set_attribute(attribute:"exploit_framework_metasploit", value:"true");
script_set_attribute(attribute:"vuln_publication_date", value:"2021/11/03");
script_set_attribute(attribute:"patch_publication_date", value:"2022/05/06");
script_set_attribute(attribute:"plugin_publication_date", value:"2022/05/06");
script_set_attribute(attribute:"plugin_type", value:"local");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:bpftool");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:kernel");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:kernel-abi-stablelists");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:kernel-tools");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:kernel-tools-libs");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:python3-perf");
script_set_attribute(attribute:"cpe", value:"cpe:/o:huawei:euleros:2.0");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_family(english:"Huawei Local Security Checks");
script_copyright(english:"This script is Copyright (C) 2022-2023 and is owned by Tenable, Inc. or an Affiliate thereof.");
script_dependencies("ssh_get_info.nasl");
script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/EulerOS/release", "Host/EulerOS/rpm-list", "Host/EulerOS/sp");
script_exclude_keys("Host/EulerOS/uvp_version");
exit(0);
}
include("rpm.inc");
if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
var release = get_kb_item("Host/EulerOS/release");
if (isnull(release) || release !~ "^EulerOS") audit(AUDIT_OS_NOT, "EulerOS");
var uvp = get_kb_item("Host/EulerOS/uvp_version");
if (release !~ "^EulerOS release 2\.0(\D|$)") audit(AUDIT_OS_NOT, "EulerOS 2.0 SP10");
var sp = get_kb_item("Host/EulerOS/sp");
if (isnull(sp) || sp !~ "^(10)$") audit(AUDIT_OS_NOT, "EulerOS 2.0 SP10");
if (!empty_or_null(uvp)) audit(AUDIT_OS_NOT, "EulerOS 2.0 SP10", "EulerOS UVP " + uvp);
if (!get_kb_item("Host/EulerOS/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
var cpu = get_kb_item("Host/cpu");
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$" && "aarch64" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "EulerOS", cpu);
if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_ARCH_NOT, "i686 / x86_64", cpu);
var flag = 0;
var pkgs = [
"bpftool-4.18.0-147.5.2.7.h838.eulerosv2r10",
"kernel-4.18.0-147.5.2.7.h838.eulerosv2r10",
"kernel-abi-stablelists-4.18.0-147.5.2.7.h838.eulerosv2r10",
"kernel-tools-4.18.0-147.5.2.7.h838.eulerosv2r10",
"kernel-tools-libs-4.18.0-147.5.2.7.h838.eulerosv2r10",
"python3-perf-4.18.0-147.5.2.7.h838.eulerosv2r10"
];
foreach (var pkg in pkgs)
if (rpm_check(release:"EulerOS-2.0", sp:"10", reference:pkg)) flag++;
if (flag)
{
security_report_v4(
port : 0,
severity : SECURITY_HOLE,
extra : rpm_report_get()
);
exit(0);
}
else
{
var tested = pkg_tests_get();
if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
else audit(AUDIT_PACKAGE_NOT_INSTALLED, "kernel");
}
Transform Your Security Services
Elevate your offerings with Vulners' advanced Vulnerability Intelligence. Contact us for a demo and discover the difference comprehensive, actionable intelligence can make in your security strategy.
Book a live demo