Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nessusThis script is Copyright (C) 2022-2023 and is owned by Tenable, Inc. or an Affiliate thereof.EULEROS_SA-2022-2159.NASL
HistoryJul 29, 2022 - 12:00 a.m.

EulerOS 2.0 SP10 : kernel (EulerOS-SA-2022-2159)

2022-07-2900:00:00
This script is Copyright (C) 2022-2023 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
114
JSON

According to the versions of the kernel packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities :

  • In aio_poll_complete_work of aio.c, there is a possible memory corruption due to a use after free. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID:
    A-185125206References: Upstream kernel (CVE-2021-39698)

  • Product: AndroidVersions: Android kernelAndroid ID: A-173788806References: Upstream kernel (CVE-2021-39713)

  • Non-transparent sharing of branch predictor selectors between contexts in some IntelĀ® Processors may allow an authorized user to potentially enable information disclosure via local access. (CVE-2022-0001)

  • Non-transparent sharing of branch predictor within a context in some IntelĀ® Processors may allow an authorized user to potentially enable information disclosure via local access. (CVE-2022-0002)

  • A kernel information leak flaw was identified in the scsi_ioctl function in drivers/scsi/scsi_ioctl.c in the Linux kernel. This flaw allows a local attacker with a special user privilege (CAP_SYS_ADMIN or CAP_SYS_RAWIO) to create issues with confidentiality. (CVE-2022-0494)

  • A memory leak flaw was found in the Linux kernelā€™s DMA subsystem, in the way a user calls DMA_FROM_DEVICE.
    This flaw allows a local user to read random memory from the kernel space. (CVE-2022-0854)

  • A use-after-free vulnerability was found in drm_lease_held in drivers/gpu/drm/drm_lease.c in the Linux kernel due to a race problem. This flaw allows a local user privilege attacker to cause a denial of service (DoS) or a kernel information leak. (CVE-2022-1280)

  • A vulnerability was found in the pfkey_register function in net/key/af_key.c in the Linux kernel. This flaw allows a local, unprivileged user to gain access to kernel memory, leading to a system crash or a leak of internal kernel information. (CVE-2022-1353)

  • A NULL pointer dereference flaw was found in the Linux kernelā€™s X.25 set of standardized network protocols functionality in the way a user terminates their session using a simulated Ethernet card and continued usage of this connection. This flaw allows a local user to crash the system. (CVE-2022-1516)

  • In mmc_blk_read_single of block.c, there is a possible way to read kernel heap memory due to uninitialized data. This could lead to local information disclosure if reading from an SD card that triggers errors, with no additional execution privileges needed. User interaction is not needed for exploitation.Product:
    AndroidVersions: Android kernelAndroid ID: A-216481035References: Upstream kernel (CVE-2022-20008)

  • Certain Arm Cortex and Neoverse processors through 2022-03-08 do not properly restrict cache speculation, aka Spectre-BHB. An attacker can leverage the shared branch history in the Branch History Buffer (BHB) to influence mispredicted branches. Then, cache allocation can allow the attacker to obtain sensitive information. (CVE-2022-23960)

  • usb_8dev_start_xmit in drivers/net/can/usb/usb_8dev.c in the Linux kernel through 5.17.1 has a double free. (CVE-2022-28388)

  • mcba_usb_start_xmit in drivers/net/can/usb/mcba_usb.c in the Linux kernel through 5.17.1 has a double free. (CVE-2022-28389)

  • ems_usb_start_xmit in drivers/net/can/usb/ems_usb.c in the Linux kernel through 5.17.1 has a double free.
    (CVE-2022-28390)

  • In the Linux kernel before 5.17.3, fs/io_uring.c has a use-after-free due to a race condition in io_uring timeouts. This can be triggered by a local user who has no access to any user namespace; however, the race condition perhaps can only be exploited infrequently. (CVE-2022-29582)

  • No description is available for this CVE. (CVE-2022-1198)

  • kernel: Null pointer dereference and use after free in ax25_release() (CVE-2022-1199)

  • A NULL pointer dereference flaw was found in the Linux kernelā€™s Amateur Radio AX.25 protocol functionality in the way a user connects with the protocol. This flaw allows a local user to crash the system.
    (CVE-2022-1205)

Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

##
# (C) Tenable, Inc.
##

include('compat.inc');

if (description)
{
  script_id(163543);
  script_version("1.4");
  script_set_attribute(attribute:"plugin_modification_date", value:"2023/10/17");

  script_cve_id(
    "CVE-2021-39698",
    "CVE-2021-39713",
    "CVE-2022-0001",
    "CVE-2022-0002",
    "CVE-2022-0494",
    "CVE-2022-0854",
    "CVE-2022-1198",
    "CVE-2022-1199",
    "CVE-2022-1205",
    "CVE-2022-1280",
    "CVE-2022-1353",
    "CVE-2022-1516",
    "CVE-2022-20008",
    "CVE-2022-23960",
    "CVE-2022-28388",
    "CVE-2022-28389",
    "CVE-2022-28390",
    "CVE-2022-29582"
  );

  script_name(english:"EulerOS 2.0 SP10 : kernel (EulerOS-SA-2022-2159)");

  script_set_attribute(attribute:"synopsis", value:
"The remote EulerOS host is missing multiple security updates.");
  script_set_attribute(attribute:"description", value:
"According to the versions of the kernel packages installed, the EulerOS installation on the remote host is affected by
the following vulnerabilities :

  - In aio_poll_complete_work of aio.c, there is a possible memory corruption due to a use after free. This
    could lead to local escalation of privilege with no additional execution privileges needed. User
    interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID:
    A-185125206References: Upstream kernel (CVE-2021-39698)

  - Product: AndroidVersions: Android kernelAndroid ID: A-173788806References: Upstream kernel
    (CVE-2021-39713)

  - Non-transparent sharing of branch predictor selectors between contexts in some Intel(R) Processors may
    allow an authorized user to potentially enable information disclosure via local access. (CVE-2022-0001)

  - Non-transparent sharing of branch predictor within a context in some Intel(R) Processors may allow an
    authorized user to potentially enable information disclosure via local access. (CVE-2022-0002)

  - A kernel information leak flaw was identified in the scsi_ioctl function in drivers/scsi/scsi_ioctl.c in
    the Linux kernel. This flaw allows a local attacker with a special user privilege (CAP_SYS_ADMIN or
    CAP_SYS_RAWIO) to create issues with confidentiality. (CVE-2022-0494)

  - A memory leak flaw was found in the Linux kernel's DMA subsystem, in the way a user calls DMA_FROM_DEVICE.
    This flaw allows a local user to read random memory from the kernel space. (CVE-2022-0854)

  - A use-after-free vulnerability was found in drm_lease_held in drivers/gpu/drm/drm_lease.c in the Linux
    kernel due to a race problem. This flaw allows a local user privilege attacker to cause a denial of
    service (DoS) or a kernel information leak. (CVE-2022-1280)

  - A vulnerability was found in the pfkey_register function in net/key/af_key.c in the Linux kernel. This
    flaw allows a local, unprivileged user to gain access to kernel memory, leading to a system crash or a
    leak of internal kernel information. (CVE-2022-1353)

  - A NULL pointer dereference flaw was found in the Linux kernel's X.25 set of standardized network protocols
    functionality in the way a user terminates their session using a simulated Ethernet card and continued
    usage of this connection. This flaw allows a local user to crash the system. (CVE-2022-1516)

  - In mmc_blk_read_single of block.c, there is a possible way to read kernel heap memory due to uninitialized
    data. This could lead to local information disclosure if reading from an SD card that triggers errors,
    with no additional execution privileges needed. User interaction is not needed for exploitation.Product:
    AndroidVersions: Android kernelAndroid ID: A-216481035References: Upstream kernel (CVE-2022-20008)

  - Certain Arm Cortex and Neoverse processors through 2022-03-08 do not properly restrict cache speculation,
    aka Spectre-BHB. An attacker can leverage the shared branch history in the Branch History Buffer (BHB) to
    influence mispredicted branches. Then, cache allocation can allow the attacker to obtain sensitive
    information. (CVE-2022-23960)

  - usb_8dev_start_xmit in drivers/net/can/usb/usb_8dev.c in the Linux kernel through 5.17.1 has a double
    free. (CVE-2022-28388)

  - mcba_usb_start_xmit in drivers/net/can/usb/mcba_usb.c in the Linux kernel through 5.17.1 has a double
    free. (CVE-2022-28389)

  - ems_usb_start_xmit in drivers/net/can/usb/ems_usb.c in the Linux kernel through 5.17.1 has a double free.
    (CVE-2022-28390)

  - In the Linux kernel before 5.17.3, fs/io_uring.c has a use-after-free due to a race condition in io_uring
    timeouts. This can be triggered by a local user who has no access to any user namespace; however, the race
    condition perhaps can only be exploited infrequently. (CVE-2022-29582)

  - No description is available for this CVE. (CVE-2022-1198)

  - kernel: Null pointer dereference and use after free in ax25_release() (CVE-2022-1199)

  - A NULL pointer dereference flaw was found in the Linux kernel's Amateur Radio AX.25 protocol functionality
    in the way a user connects with the protocol. This flaw allows a local user to crash the system.
    (CVE-2022-1205)

Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security
advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional
issues.");
  # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2022-2159
  script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?57bf4fc0");
  script_set_attribute(attribute:"solution", value:
"Update the affected kernel packages.");
  script_set_cvss_base_vector("CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C");
  script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C");
  script_set_cvss3_base_vector("CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H");
  script_set_cvss3_temporal_vector("CVSS:3.0/E:P/RL:O/RC:C");
  script_set_attribute(attribute:"cvss_score_source", value:"CVE-2021-39698");
  script_set_attribute(attribute:"cvss3_score_source", value:"CVE-2022-28390");

  script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"true");

  script_set_attribute(attribute:"vuln_publication_date", value:"2022/03/07");
  script_set_attribute(attribute:"patch_publication_date", value:"2022/07/29");
  script_set_attribute(attribute:"plugin_publication_date", value:"2022/07/29");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:kernel");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:kernel-abi-stablelists");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:kernel-tools");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:kernel-tools-libs");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:python3-perf");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:huawei:euleros:2.0");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"Huawei Local Security Checks");

  script_copyright(english:"This script is Copyright (C) 2022-2023 and is owned by Tenable, Inc. or an Affiliate thereof.");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/EulerOS/release", "Host/EulerOS/rpm-list", "Host/EulerOS/sp");
  script_exclude_keys("Host/EulerOS/uvp_version");

  exit(0);
}

include("rpm.inc");

if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);

var release = get_kb_item("Host/EulerOS/release");
if (isnull(release) || release !~ "^EulerOS") audit(AUDIT_OS_NOT, "EulerOS");
var uvp = get_kb_item("Host/EulerOS/uvp_version");
if (release !~ "^EulerOS release 2\.0(\D|$)") audit(AUDIT_OS_NOT, "EulerOS 2.0 SP10");

var sp = get_kb_item("Host/EulerOS/sp");
if (isnull(sp) || sp !~ "^(10)$") audit(AUDIT_OS_NOT, "EulerOS 2.0 SP10");

if (!empty_or_null(uvp)) audit(AUDIT_OS_NOT, "EulerOS 2.0 SP10", "EulerOS UVP " + uvp);

if (!get_kb_item("Host/EulerOS/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);

var cpu = get_kb_item("Host/cpu");
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$" && "aarch64" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "EulerOS", cpu);
if ("aarch64" >!< cpu) audit(AUDIT_ARCH_NOT, "aarch64", cpu);

var flag = 0;

var pkgs = [
  "kernel-4.19.90-vhulk2204.1.0.h1121.eulerosv2r10",
  "kernel-abi-stablelists-4.19.90-vhulk2204.1.0.h1121.eulerosv2r10",
  "kernel-tools-4.19.90-vhulk2204.1.0.h1121.eulerosv2r10",
  "kernel-tools-libs-4.19.90-vhulk2204.1.0.h1121.eulerosv2r10",
  "python3-perf-4.19.90-vhulk2204.1.0.h1121.eulerosv2r10"
];

foreach (var pkg in pkgs)
  if (rpm_check(release:"EulerOS-2.0", sp:"10", reference:pkg)) flag++;

if (flag)
{
  security_report_v4(
    port       : 0,
    severity   : SECURITY_HOLE,
    extra      : rpm_report_get()
  );
  exit(0);
}
else
{
  var tested = pkg_tests_get();
  if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
  else audit(AUDIT_PACKAGE_NOT_INSTALLED, "kernel");
}
VendorProductVersionCPE
huaweieuleros2.0cpe:/o:huawei:euleros:2.0
huaweieuleroskernelp-cpe:/a:huawei:euleros:kernel
huaweieuleroskernel-toolsp-cpe:/a:huawei:euleros:kernel-tools
huaweieuleroskernel-tools-libsp-cpe:/a:huawei:euleros:kernel-tools-libs
huaweieulerospython3-perfp-cpe:/a:huawei:euleros:python3-perf
huaweieuleroskernel-abi-stablelistsp-cpe:/a:huawei:euleros:kernel-abi-stablelists

References

Related

nessus 60
fedora 3
osv 19
ubuntu 11
mageia 2
amazon 3
redhatcve 11
suse 3
debian 2
cloudfoundry 2
intel 1
redhat 2
oraclelinux 3
slackware 1
xen 1
photon 2
ubuntucve 11
prion 12
cve 12
debiancve 13
cbl_mariner 12
veracode 8
cnvd 3
githubexploit 1
mscve 1
nessus
nessus
EulerOS Virtualization 2.10.1 : kernel (EulerOS-SA-2022-2110)
2022-07-14 00:00:00
EulerOS 2.0 SP8 : kernel (EulerOS-SA-2022-1934)
2022-06-22 00:00:00
EulerOS Virtualization 2.10.0 : kernel (EulerOS-SA-2022-2090)
2022-07-14 00:00:00
fedora
fedora
[SECURITY] Fedora 35 Update: kernel-5.16.19-200.fc35
2022-04-13 15:46:39
[SECURITY] Fedora 36 Update: kernel-5.17.2-300.fc36
2022-04-11 03:35:25
[SECURITY] Fedora 34 Update: kernel-5.16.19-100.fc34
2022-04-13 15:50:23
osv
osv
linux-oem-5.14 vulnerabilities
2022-05-12 01:12:46
linux-azure vulnerabilities
2022-07-28 23:48:14
linux, linux-aws, linux-aws-hwe, linux-azure, linux-azure-4.15, linux-dell300x, linux-gcp, linux-gcp-4.15, linux-hwe, linux-kvm, linux-oracle, linux-raspi2, linux-snapdragon vulnerabilities
2022-07-13 19:09:34
ubuntu
ubuntu
Linux kernel (OEM) vulnerabilities
2022-05-12 00:00:00
Linux kernel (Azure) vulnerabilities
2022-07-28 00:00:00
Linux kernel vulnerabilities
2022-07-13 00:00:00
mageia
mageia
Updated kernel packages fix security vulnerabilities
2022-04-28 18:51:51
Updated kernel-linus packages fix security vulnerabilities
2022-04-28 18:51:51
amazon
amazon
Medium: kernel
2022-05-04 01:01:00
Medium: kernel
2022-05-04 01:01:00
Important: kernel
2022-05-31 23:47:00
redhatcve
redhatcve
CVE-2022-28389
2022-04-07 15:55:09
CVE-2021-39713
2022-03-11 15:37:07
CVE-2021-39698
2022-03-11 15:24:19
suse
suse
Security update for the Linux Kernel (important)
2022-04-13 00:00:00
Security update for xen (important)
2022-03-23 00:00:00
Security update for the Linux Kernel (important)
2022-04-12 00:00:00
debian
debian
[SECURITY] [DSA 5127-1] linux security update
2022-05-02 21:02:58
[SECURITY] [DSA 5173-1] linux security update
2022-07-03 15:49:12
cloudfoundry
cloudfoundry
USN-5318-1: Linux kernel vulnerabilities | Cloud Foundry
2022-03-11 00:00:00
USN-5319-1: Linux kernel vulnerabilities | Cloud Foundry
2022-04-21 00:00:00
intel
intel
IntelĀ® Processor Advisory
2022-03-08 00:00:00
redhat
redhat
(RHSA-2022:6248) Moderate: kernel-rt security and bug fix update
2022-08-30 21:05:29
(RHSA-2022:6243) Moderate: kernel security and bug fix update
2022-08-30 21:03:39
oraclelinux
oraclelinux
Unbreakable Enterprise kernel security update
2022-06-30 00:00:00
Unbreakable Enterprise kernel security update
2022-07-05 00:00:00
Unbreakable Enterprise kernel-container security update
2022-06-30 00:00:00
slackware
slackware
[slackware-security] Slackware 15.0 kernel
2022-05-09 21:58:04
xen
xen
Multiple speculative security issues
2022-03-08 18:12:00
photon
photon
Important Photon OS Security Update - PHSA-2022-0201
2022-06-21 00:00:00
Important Photon OS Security Update - PHSA-2022-4.0-0201
2022-06-21 00:00:00
ubuntucve
ubuntucve
CVE-2022-20008
2022-05-10 00:00:00
CVE-2021-39713
2022-03-16 00:00:00
CVE-2021-39698
2022-03-16 00:00:00
prion
prion
Code injection
2022-03-16 15:15:00
Memory corruption
2022-03-16 15:15:00
Double free
2022-04-03 21:15:00
cve
cve
CVE-2021-39713
2022-03-16 15:15:00
CVE-2022-20008
2022-05-10 20:15:00
CVE-2021-39698
2022-03-16 15:15:00
debiancve
debiancve
CVE-2021-39713
2022-03-16 15:15:00
CVE-2022-20008
2022-05-10 20:15:00
CVE-2021-39698
2022-03-16 15:15:00
cbl_mariner
cbl_mariner
CVE-2022-28388 affecting package kernel 5.15.32.1-3
2022-06-03 17:54:27
CVE-2022-29582 affecting package kernel 5.10.111.1-1
2022-05-26 19:04:50
CVE-2022-29582 affecting package kernel 5.15.32.1-3
2022-06-03 17:54:27
veracode
veracode
Double Free
2022-06-16 17:10:14
Double Free
2022-08-04 03:09:20
Denial Of Service (DoS)
2023-03-06 20:12:12
cnvd
cnvd
Google Android Information Disclosure Vulnerability* (CNVD-2022-53378)
2022-06-24 00:00:00
Linux kernel information disclosure vulnerability (CNVD-2022-79426)
2022-03-25 00:00:00
Linux kernel resource management error vulnerability (CNVD-2022-74092)
2022-09-02 00:00:00
githubexploit
githubexploit
Exploit for Race Condition in Linux Linux Kernel
2022-08-04 15:29:04
mscve
mscve
Arm: CVE-2022-23960 Cache Speculation Restriction Vulnerability
2022-09-13 07:00:00
JSON
Related for EULEROS_SA-2022-2159.NASL
nessus60fedora3osv19ubuntu11mageia2amazon3redhatcve11suse3debian2cloudfoundry2intel1redhat2oraclelinux3slackware1xen1photon2ubuntucve11prion12cve12debiancve13cbl_mariner12veracode8cnvd3githubexploit1mscve1