Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nessusThis script is Copyright (C) 2022 and is owned by Tenable, Inc. or an Affiliate thereof.EULEROS_SA-2022-1934.NASL
HistoryJun 22, 2022 - 12:00 a.m.

EulerOS 2.0 SP8 : kernel (EulerOS-SA-2022-1934)

2022-06-2200:00:00
This script is Copyright (C) 2022 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
34
JSON

According to the versions of the kernel packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities :

  • In aio_poll_complete_work of aio.c, there is a possible memory corruption due to a use after free. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID:
    A-185125206References: Upstream kernel (CVE-2021-39698)

  • Product: AndroidVersions: Android kernelAndroid ID: A-173788806References: Upstream kernel (CVE-2021-39713)

  • In the Linux kernel before 5.15.3, fs/quota/quota_tree.c does not validate the block number in the quota tree (on disk). This can, for example, lead to a kernel/locking/rwsem.c use-after-free if there is a corrupted quota file. (CVE-2021-45868)

  • Non-transparent sharing of branch predictor selectors between contexts in some IntelĀ® Processors may allow an authorized user to potentially enable information disclosure via local access. (CVE-2022-0001)

  • Non-transparent sharing of branch predictor within a context in some IntelĀ® Processors may allow an authorized user to potentially enable information disclosure via local access. (CVE-2022-0002)

  • A kernel information leak flaw was identified in the scsi_ioctl function in drivers/scsi/scsi_ioctl.c in the Linux kernel. This flaw allows a local attacker with a special user privilege (CAP_SYS_ADMIN or CAP_SYS_RAWIO) to create issues with confidentiality. (CVE-2022-0494)

  • A use-after-free flaw was found in the Linux kernelā€™s FUSE filesystem in the way a user triggers write().
    This flaw allows a local user to gain unauthorized access to data from the FUSE filesystem, resulting in privilege escalation. (CVE-2022-1011)

  • A vulnerability was found in the pfkey_register function in net/key/af_key.c in the Linux kernel. This flaw allows a local, unprivileged user to gain access to kernel memory, leading to a system crash or a leak of internal kernel information. (CVE-2022-1353)

  • Certain Arm Cortex and Neoverse processors through 2022-03-08 do not properly restrict cache speculation, aka Spectre-BHB. An attacker can leverage the shared branch history in the Branch History Buffer (BHB) to influence mispredicted branches. Then, cache allocation can allow the attacker to obtain sensitive information. (CVE-2022-23960)

  • A heap buffer overflow flaw was found in IPsec ESP transformation code in net/ipv4/esp4.c and net/ipv6/esp6.c. This flaw allows a local attacker with a normal user privilege to overwrite kernel heap objects and may cause a local privilege escalation threat. (CVE-2022-27666)

  • usb_8dev_start_xmit in drivers/net/can/usb/usb_8dev.c in the Linux kernel through 5.17.1 has a double free. (CVE-2022-28388)

  • ems_usb_start_xmit in drivers/net/can/usb/ems_usb.c in the Linux kernel through 5.17.1 has a double free.
    (CVE-2022-28390)

Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

##
# (C) Tenable, Inc.
##

include('compat.inc');

if (description)
{
  script_id(162450);
  script_version("1.6");
  script_set_attribute(attribute:"plugin_modification_date", value:"2022/10/19");

  script_cve_id(
    "CVE-2021-39698",
    "CVE-2021-39713",
    "CVE-2021-45868",
    "CVE-2022-0001",
    "CVE-2022-0002",
    "CVE-2022-0494",
    "CVE-2022-1011",
    "CVE-2022-1016",
    "CVE-2022-1353",
    "CVE-2022-23960",
    "CVE-2022-27666",
    "CVE-2022-28388",
    "CVE-2022-28390"
  );

  script_name(english:"EulerOS 2.0 SP8 : kernel (EulerOS-SA-2022-1934)");

  script_set_attribute(attribute:"synopsis", value:
"The remote EulerOS host is missing multiple security updates.");
  script_set_attribute(attribute:"description", value:
"According to the versions of the kernel packages installed, the EulerOS installation on the remote host is affected by
the following vulnerabilities :

  - In aio_poll_complete_work of aio.c, there is a possible memory corruption due to a use after free. This
    could lead to local escalation of privilege with no additional execution privileges needed. User
    interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID:
    A-185125206References: Upstream kernel (CVE-2021-39698)

  - Product: AndroidVersions: Android kernelAndroid ID: A-173788806References: Upstream kernel
    (CVE-2021-39713)

  - In the Linux kernel before 5.15.3, fs/quota/quota_tree.c does not validate the block number in the quota
    tree (on disk). This can, for example, lead to a kernel/locking/rwsem.c use-after-free if there is a
    corrupted quota file. (CVE-2021-45868)

  - Non-transparent sharing of branch predictor selectors between contexts in some Intel(R) Processors may
    allow an authorized user to potentially enable information disclosure via local access. (CVE-2022-0001)

  - Non-transparent sharing of branch predictor within a context in some Intel(R) Processors may allow an
    authorized user to potentially enable information disclosure via local access. (CVE-2022-0002)

  - A kernel information leak flaw was identified in the scsi_ioctl function in drivers/scsi/scsi_ioctl.c in
    the Linux kernel. This flaw allows a local attacker with a special user privilege (CAP_SYS_ADMIN or
    CAP_SYS_RAWIO) to create issues with confidentiality. (CVE-2022-0494)

  - A use-after-free flaw was found in the Linux kernel's FUSE filesystem in the way a user triggers write().
    This flaw allows a local user to gain unauthorized access to data from the FUSE filesystem, resulting in
    privilege escalation. (CVE-2022-1011)

  - A vulnerability was found in the pfkey_register function in net/key/af_key.c in the Linux kernel. This
    flaw allows a local, unprivileged user to gain access to kernel memory, leading to a system crash or a
    leak of internal kernel information. (CVE-2022-1353)

  - Certain Arm Cortex and Neoverse processors through 2022-03-08 do not properly restrict cache speculation,
    aka Spectre-BHB. An attacker can leverage the shared branch history in the Branch History Buffer (BHB) to
    influence mispredicted branches. Then, cache allocation can allow the attacker to obtain sensitive
    information. (CVE-2022-23960)

  - A heap buffer overflow flaw was found in IPsec ESP transformation code in net/ipv4/esp4.c and
    net/ipv6/esp6.c. This flaw allows a local attacker with a normal user privilege to overwrite kernel heap
    objects and may cause a local privilege escalation threat. (CVE-2022-27666)

  - usb_8dev_start_xmit in drivers/net/can/usb/usb_8dev.c in the Linux kernel through 5.17.1 has a double
    free. (CVE-2022-28388)

  - ems_usb_start_xmit in drivers/net/can/usb/ems_usb.c in the Linux kernel through 5.17.1 has a double free.
    (CVE-2022-28390)

Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security
advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional
issues.");
  # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2022-1934
  script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?97f07722");
  script_set_attribute(attribute:"solution", value:
"Update the affected kernel packages.");
  script_set_cvss_base_vector("CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C");
  script_set_cvss_temporal_vector("CVSS2#E:F/RL:OF/RC:C");
  script_set_cvss3_base_vector("CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H");
  script_set_cvss3_temporal_vector("CVSS:3.0/E:F/RL:O/RC:C");
  script_set_attribute(attribute:"cvss_score_source", value:"CVE-2021-39698");
  script_set_attribute(attribute:"cvss3_score_source", value:"CVE-2022-28390");

  script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"true");
  script_set_attribute(attribute:"exploit_framework_canvas", value:"true");
  script_set_attribute(attribute:"canvas_package", value:"CANVAS");

  script_set_attribute(attribute:"vuln_publication_date", value:"2022/03/07");
  script_set_attribute(attribute:"patch_publication_date", value:"2022/06/22");
  script_set_attribute(attribute:"plugin_publication_date", value:"2022/06/22");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:bpftool");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:kernel");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:kernel-devel");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:kernel-headers");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:kernel-tools");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:kernel-tools-libs");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:perf");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:python-perf");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:python3-perf");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:huawei:euleros:2.0");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"Huawei Local Security Checks");

  script_copyright(english:"This script is Copyright (C) 2022 and is owned by Tenable, Inc. or an Affiliate thereof.");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/EulerOS/release", "Host/EulerOS/rpm-list", "Host/EulerOS/sp");
  script_exclude_keys("Host/EulerOS/uvp_version");

  exit(0);
}

include("rpm.inc");

if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);

var release = get_kb_item("Host/EulerOS/release");
if (isnull(release) || release !~ "^EulerOS") audit(AUDIT_OS_NOT, "EulerOS");
var uvp = get_kb_item("Host/EulerOS/uvp_version");
if (release !~ "^EulerOS release 2\.0(\D|$)") audit(AUDIT_OS_NOT, "EulerOS 2.0 SP8");

var sp = get_kb_item("Host/EulerOS/sp");
if (isnull(sp) || sp !~ "^(8)$") audit(AUDIT_OS_NOT, "EulerOS 2.0 SP8");

if (!empty_or_null(uvp)) audit(AUDIT_OS_NOT, "EulerOS 2.0 SP8", "EulerOS UVP " + uvp);

if (!get_kb_item("Host/EulerOS/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);

var cpu = get_kb_item("Host/cpu");
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$" && "aarch64" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "EulerOS", cpu);
if ("aarch64" >!< cpu) audit(AUDIT_ARCH_NOT, "aarch64", cpu);

var flag = 0;

var pkgs = [
  "bpftool-4.19.36-vhulk1907.1.0.h1229.eulerosv2r8",
  "kernel-4.19.36-vhulk1907.1.0.h1229.eulerosv2r8",
  "kernel-devel-4.19.36-vhulk1907.1.0.h1229.eulerosv2r8",
  "kernel-headers-4.19.36-vhulk1907.1.0.h1229.eulerosv2r8",
  "kernel-tools-4.19.36-vhulk1907.1.0.h1229.eulerosv2r8",
  "kernel-tools-libs-4.19.36-vhulk1907.1.0.h1229.eulerosv2r8",
  "perf-4.19.36-vhulk1907.1.0.h1229.eulerosv2r8",
  "python-perf-4.19.36-vhulk1907.1.0.h1229.eulerosv2r8",
  "python3-perf-4.19.36-vhulk1907.1.0.h1229.eulerosv2r8"
];

foreach (var pkg in pkgs)
  if (rpm_check(release:"EulerOS-2.0", sp:"8", reference:pkg)) flag++;

if (flag)
{
  security_report_v4(
    port       : 0,
    severity   : SECURITY_HOLE,
    extra      : rpm_report_get()
  );
  exit(0);
}
else
{
  var tested = pkg_tests_get();
  if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
  else audit(AUDIT_PACKAGE_NOT_INSTALLED, "kernel");
}
VendorProductVersionCPE
huaweieulerosbpftoolp-cpe:/a:huawei:euleros:bpftool
huaweieuleroskernelp-cpe:/a:huawei:euleros:kernel
huaweieuleroskernel-develp-cpe:/a:huawei:euleros:kernel-devel
huaweieuleroskernel-headersp-cpe:/a:huawei:euleros:kernel-headers
huaweieuleroskernel-toolsp-cpe:/a:huawei:euleros:kernel-tools
huaweieuleroskernel-tools-libsp-cpe:/a:huawei:euleros:kernel-tools-libs
huaweieulerosperfp-cpe:/a:huawei:euleros:perf
huaweieulerospython-perfp-cpe:/a:huawei:euleros:python-perf
huaweieulerospython3-perfp-cpe:/a:huawei:euleros:python3-perf
huaweieuleros2.0cpe:/o:huawei:euleros:2.0

Related

nessus 83
cloudfoundry 3
ubuntu 10
osv 15
virtuozzo 1
intel 1
redhat 6
xen 1
suse 4
oraclelinux 3
amazon 2
fedora 3
prion 8
debiancve 10
cve 8
cbl_mariner 10
redhatcve 8
ubuntucve 9
cnvd 2
mageia 2
slackware 1
f5 1
veracode 4
ibm 1
githubexploit 2
mscve 1
nessus
nessus
EulerOS 2.0 SP5 : kernel (EulerOS-SA-2022-1896)
2022-06-17 00:00:00
SUSE SLES12 Security Update : kernel (Live Patch 22 for SLE 12 SP4) (SUSE-SU-2022:1318-1)
2022-04-24 00:00:00
SUSE SLES12 Security Update : kernel (Live Patch 25 for SLE 12 SP4) (SUSE-SU-2022:1486-1)
2022-05-04 00:00:00
cloudfoundry
cloudfoundry
USN-5318-1: Linux kernel vulnerabilities | Cloud Foundry
2022-03-11 00:00:00
USN-5319-1: Linux kernel vulnerabilities | Cloud Foundry
2022-04-21 00:00:00
USN-5357-1: Linux kernel vulnerability | Cloud Foundry
2022-05-26 00:00:00
ubuntu
ubuntu
Linux kernel vulnerabilities
2022-03-09 00:00:00
Linux kernel vulnerabilities
2022-03-09 00:00:00
Linux kernel vulnerabilities
2022-03-09 00:00:00
osv
osv
linux, linux-aws, linux-aws-5.4, linux-azure, linux-azure-5.4, linux-azure-fde, linux-bluefield, linux-gcp, linux-gcp-5.4, linux-gke, linux-gke-5.4, linux-gkeop, linux-gkeop-5.4, linux-hwe-5.4, linux-ibm, linux-ibm-5.4, linux-kvm, linux-oracle, linux-oracle-5.4, linux-raspi, linux-raspi-5.4 vulnerabilities
2022-03-09 00:42:34
linux, linux-aws, linux-aws-hwe, linux-azure, linux-azure-4.15, linux-dell300x, linux-gcp, linux-gcp-4.15, linux-hwe, linux-kvm, ilinux-lts-xenial, linux-oracle, linux-raspi2, linux-snapdragon vulnerabilities
2022-03-09 02:02:45
linux, linux-aws, linux-aws-5.13, linux-azure, linux-azure-5.13, linux-gcp, linux-gcp-5.13, linux-hwe-5.13, linux-kvm, linux-oem-5.14, linux-oracle, linux-oracle-5.13, linux-raspi vulnerabilities
2022-03-09 00:00:42
virtuozzo
virtuozzo
[Important] [Security] Virtuozzo ReadyKernel Patch 153.1 for Virtuozzo Hybrid Server 7.5
2023-02-14 00:00:00
intel
intel
IntelĀ® Processor Advisory
2022-03-08 00:00:00
redhat
redhat
(RHSA-2022:6248) Moderate: kernel-rt security and bug fix update
2022-08-30 21:05:29
(RHSA-2022:6243) Moderate: kernel security and bug fix update
2022-08-30 21:03:39
(RHSA-2022:4942) Important: kpatch-patch security update
2022-06-08 08:20:22
xen
xen
Multiple speculative security issues
2022-03-08 18:12:00
suse
suse
Security update for the Linux Kernel (important)
2022-04-13 00:00:00
Security update for xen (important)
2022-03-23 00:00:00
Security update for the Linux Kernel (important)
2022-04-12 00:00:00
oraclelinux
oraclelinux
Unbreakable Enterprise kernel security update
2022-07-05 00:00:00
Unbreakable Enterprise kernel security update
2022-05-10 00:00:00
Unbreakable Enterprise kernel-container security update
2022-05-10 00:00:00
amazon
amazon
Medium: kernel
2022-05-04 01:01:00
Medium: kernel
2022-05-04 01:01:00
fedora
fedora
[SECURITY] Fedora 36 Update: kernel-5.17.2-300.fc36
2022-04-11 03:35:25
[SECURITY] Fedora 35 Update: kernel-5.16.19-200.fc35
2022-04-13 15:46:39
[SECURITY] Fedora 34 Update: kernel-5.16.19-100.fc34
2022-04-13 15:50:23
prion
prion
Design/Logic Flaw
2022-03-18 07:15:00
Code injection
2022-03-16 15:15:00
Memory corruption
2022-03-16 15:15:00
debiancve
debiancve
CVE-2021-45868
2022-03-18 07:15:00
CVE-2021-39698
2022-03-16 15:15:00
CVE-2021-39713
2022-03-16 15:15:00
cve
cve
CVE-2021-39713
2022-03-16 15:15:00
CVE-2021-39698
2022-03-16 15:15:00
CVE-2021-45868
2022-03-18 07:15:00
cbl_mariner
cbl_mariner
CVE-2021-45868 affecting package kernel 5.10.189.1-1
2022-05-12 02:17:02
CVE-2022-28388 affecting package kernel 5.15.32.1-3
2022-06-03 17:54:27
CVE-2022-28390 affecting package kernel 5.15.32.1-3
2022-06-03 17:54:27
redhatcve
redhatcve
CVE-2021-39713
2022-03-11 15:37:07
CVE-2021-45868
2022-03-18 12:44:50
CVE-2021-39698
2022-03-11 15:24:19
ubuntucve
ubuntucve
CVE-2021-39713
2022-03-16 00:00:00
CVE-2021-45868
2022-03-18 00:00:00
CVE-2021-39698
2022-03-16 00:00:00
cnvd
cnvd
Linux Kernel owner_on_cpu function denial of service vulnerability
2022-03-22 00:00:00
Linux Kernel Buffer Overflow Vulnerability (CNVD-2022-79427)
2022-03-25 00:00:00
mageia
mageia
Updated kernel-linus packages fix security vulnerabilities
2022-03-29 17:25:34
Updated kernel packages fix security vulnerabilities
2022-03-29 17:25:34
slackware
slackware
[slackware-security] Slackware 15.0 kernel
2022-05-09 21:58:04
f5
f5
K53648360 : Linux kernel vulnerability CVE-2022-27666
2022-04-25 00:00:00
veracode
veracode
Double Free
2022-08-04 03:09:20
Denial Of Service (DoS)
2022-06-16 17:10:18
Privilege Escalation
2022-04-16 16:32:53
ibm
ibm
Security Bulletin: IBM Watson Speech Services Cartridge for IBM Cloud Pak for Data is vulnerable to elevated privileges in Linux Kernel (CVE-2022-27666).
2023-01-12 21:59:00
githubexploit
githubexploit
Exploit for Out-of-bounds Write in Linux Linux Kernel
2022-03-23 22:54:28
Exploit for Use After Free in Linux Linux Kernel
2023-06-16 03:02:38
mscve
mscve
Arm: CVE-2022-23960 Cache Speculation Restriction Vulnerability
2022-09-13 07:00:00
JSON
Related for EULEROS_SA-2022-1934.NASL
nessus83cloudfoundry3ubuntu10osv15virtuozzo1intel1redhat6xen1suse4oraclelinux3amazon2fedora3prion8debiancve10cve8cbl_mariner10redhatcve8ubuntucve9cnvd2mageia2slackware1f51veracode4ibm1githubexploit2mscve1