According to the versions of the kernel packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities :
Insufficient control flow management for the Intel® 82599 Ethernet Controllers and Adapters may allow an authenticated user to potentially enable denial of service via local access. (CVE-2021-33061)
In several functions of binder.c, there is a possible way to represent the wrong domain to SELinux due to a race condition. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-200688826References: Upstream kernel (CVE-2021-39686)
A memory leak problem was found in the TCP source port generation algorithm in net/ipv4/tcp.c due to the small table perturb size. This flaw may allow an attacker to information leak and may cause a denial of service problem. (CVE-2022-1012)
A use-after-free vulnerability was found in the Linux kernel in drivers/net/hamradio. This flaw allows a local attacker with a user privilege to cause a denial of service (DOS) when the mkiss or sixpack device is detached and reclaim resources early. (CVE-2022-1195)
Linux Kernel could allow a local attacker to execute arbitrary code on the system, caused by a concurrency use-after-free flaw in the bad_flp_intr function. By executing a specially-crafted program, an attacker could exploit this vulnerability to execute arbitrary code or cause a denial of service condition on the system. (CVE-2022-1652)
An issue was discovered in the Linux Kernel from 4.18 to 4.19, an improper update of sock reference in TCP pacing can lead to memory/netns leak, which can be used by remote clients. (CVE-2022-1678)
A flaw in Linux Kernel found in nfcmrvl_nci_unregister_dev() in drivers/nfc/nfcmrvl/main.c can lead to use after free both read or write when non synchronized between cleanup routine and firmware download routine.
(CVE-2022-1734)
With shadow paging enabled, the INVPCID instruction results in a call to kvm_mmu_invpcid_gva. If INVPCID is executed with CR0.PG=0, the invlpg callback is not set and the result is a NULL pointer dereference.
(CVE-2022-1789)
REJECT DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2022-33981. Reason: This candidate is a reservation duplicate of CVE-2022-33981. Notes: All CVE users should reference CVE-2022-33981 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage. (CVE-2022-1836)
Improper Update of Reference Count vulnerability in net/sched of Linux Kernel allows local attacker to cause privilege escalation to root. This issue affects: Linux Kernel versions prior to 5.18; version 4.14 and later versions. (CVE-2022-29581)
The Linux kernel before 5.17.2 mishandles seccomp permissions. The PTRACE_SEIZE code path allows attackers to bypass intended restrictions on setting the PT_SUSPEND_SECCOMP flag. (CVE-2022-30594)
net/netfilter/nf_tables_api.c in the Linux kernel through 5.18.1 allows a local user (able to create user/net namespaces) to escalate privileges to root because an incorrect NFT_STATEFUL_EXPR check leads to a use-after-free. (CVE-2022-32250)
kernel: race condition in perf_event_open leads to privilege escalation (CVE-2022-1729)
Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
#%NASL_MIN_LEVEL 80900
##
# (C) Tenable, Inc.
##
include('compat.inc');
if (description)
{
script_id(164207);
script_version("1.5");
script_set_attribute(attribute:"plugin_modification_date", value:"2024/01/16");
script_cve_id(
"CVE-2021-33061",
"CVE-2021-39686",
"CVE-2022-1012",
"CVE-2022-1195",
"CVE-2022-1652",
"CVE-2022-1678",
"CVE-2022-1729",
"CVE-2022-1734",
"CVE-2022-1789",
"CVE-2022-1836",
"CVE-2022-29581",
"CVE-2022-30594",
"CVE-2022-32250"
);
script_name(english:"EulerOS 2.0 SP10 : kernel (EulerOS-SA-2022-2244)");
script_set_attribute(attribute:"synopsis", value:
"The remote EulerOS host is missing multiple security updates.");
script_set_attribute(attribute:"description", value:
"According to the versions of the kernel packages installed, the EulerOS installation on the remote host is affected by
the following vulnerabilities :
- Insufficient control flow management for the Intel(R) 82599 Ethernet Controllers and Adapters may allow an
authenticated user to potentially enable denial of service via local access. (CVE-2021-33061)
- In several functions of binder.c, there is a possible way to represent the wrong domain to SELinux due to
a race condition. This could lead to local escalation of privilege with no additional execution privileges
needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid
ID: A-200688826References: Upstream kernel (CVE-2021-39686)
- A memory leak problem was found in the TCP source port generation algorithm in net/ipv4/tcp.c due to the
small table perturb size. This flaw may allow an attacker to information leak and may cause a denial of
service problem. (CVE-2022-1012)
- A use-after-free vulnerability was found in the Linux kernel in drivers/net/hamradio. This flaw allows a
local attacker with a user privilege to cause a denial of service (DOS) when the mkiss or sixpack device
is detached and reclaim resources early. (CVE-2022-1195)
- Linux Kernel could allow a local attacker to execute arbitrary code on the system, caused by a concurrency
use-after-free flaw in the bad_flp_intr function. By executing a specially-crafted program, an attacker
could exploit this vulnerability to execute arbitrary code or cause a denial of service condition on the
system. (CVE-2022-1652)
- An issue was discovered in the Linux Kernel from 4.18 to 4.19, an improper update of sock reference in TCP
pacing can lead to memory/netns leak, which can be used by remote clients. (CVE-2022-1678)
- A flaw in Linux Kernel found in nfcmrvl_nci_unregister_dev() in drivers/nfc/nfcmrvl/main.c can lead to use
after free both read or write when non synchronized between cleanup routine and firmware download routine.
(CVE-2022-1734)
- With shadow paging enabled, the INVPCID instruction results in a call to kvm_mmu_invpcid_gva. If INVPCID
is executed with CR0.PG=0, the invlpg callback is not set and the result is a NULL pointer dereference.
(CVE-2022-1789)
- ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2022-33981. Reason: This candidate is a
reservation duplicate of CVE-2022-33981. Notes: All CVE users should reference CVE-2022-33981 instead of
this candidate. All references and descriptions in this candidate have been removed to prevent accidental
usage. (CVE-2022-1836)
- Improper Update of Reference Count vulnerability in net/sched of Linux Kernel allows local attacker to
cause privilege escalation to root. This issue affects: Linux Kernel versions prior to 5.18; version 4.14
and later versions. (CVE-2022-29581)
- The Linux kernel before 5.17.2 mishandles seccomp permissions. The PTRACE_SEIZE code path allows attackers
to bypass intended restrictions on setting the PT_SUSPEND_SECCOMP flag. (CVE-2022-30594)
- net/netfilter/nf_tables_api.c in the Linux kernel through 5.18.1 allows a local user (able to create
user/net namespaces) to escalate privileges to root because an incorrect NFT_STATEFUL_EXPR check leads to
a use-after-free. (CVE-2022-32250)
- kernel: race condition in perf_event_open leads to privilege escalation (CVE-2022-1729)
Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security
advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional
issues.");
# https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2022-2244
script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?812f70b6");
script_set_attribute(attribute:"solution", value:
"Update the affected kernel packages.");
script_set_cvss_base_vector("CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C");
script_set_cvss_temporal_vector("CVSS2#E:H/RL:OF/RC:C");
script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H");
script_set_cvss3_temporal_vector("CVSS:3.0/E:H/RL:O/RC:C");
script_set_attribute(attribute:"cvss_score_source", value:"CVE-2022-32250");
script_set_attribute(attribute:"cvss3_score_source", value:"CVE-2022-1012");
script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
script_set_attribute(attribute:"exploit_available", value:"true");
script_set_attribute(attribute:"exploited_by_malware", value:"true");
script_set_attribute(attribute:"vuln_publication_date", value:"2022/02/09");
script_set_attribute(attribute:"patch_publication_date", value:"2022/08/17");
script_set_attribute(attribute:"plugin_publication_date", value:"2022/08/17");
script_set_attribute(attribute:"plugin_type", value:"local");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:kernel");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:kernel-abi-stablelists");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:kernel-tools");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:kernel-tools-libs");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:python3-perf");
script_set_attribute(attribute:"cpe", value:"cpe:/o:huawei:euleros:2.0");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_family(english:"Huawei Local Security Checks");
script_copyright(english:"This script is Copyright (C) 2022-2024 and is owned by Tenable, Inc. or an Affiliate thereof.");
script_dependencies("ssh_get_info.nasl");
script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/EulerOS/release", "Host/EulerOS/rpm-list", "Host/EulerOS/sp");
script_exclude_keys("Host/EulerOS/uvp_version");
exit(0);
}
include("rpm.inc");
if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
var release = get_kb_item("Host/EulerOS/release");
if (isnull(release) || release !~ "^EulerOS") audit(AUDIT_OS_NOT, "EulerOS");
var uvp = get_kb_item("Host/EulerOS/uvp_version");
if (release !~ "^EulerOS release 2\.0(\D|$)") audit(AUDIT_OS_NOT, "EulerOS 2.0 SP10");
var sp = get_kb_item("Host/EulerOS/sp");
if (isnull(sp) || sp !~ "^(10)$") audit(AUDIT_OS_NOT, "EulerOS 2.0 SP10");
if (!empty_or_null(uvp)) audit(AUDIT_OS_NOT, "EulerOS 2.0 SP10", "EulerOS UVP " + uvp);
if (!get_kb_item("Host/EulerOS/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
var cpu = get_kb_item("Host/cpu");
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$" && "aarch64" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "EulerOS", cpu);
if ("aarch64" >!< cpu) audit(AUDIT_ARCH_NOT, "aarch64", cpu);
var flag = 0;
var pkgs = [
"kernel-4.19.90-vhulk2204.1.0.h1160.eulerosv2r10",
"kernel-abi-stablelists-4.19.90-vhulk2204.1.0.h1160.eulerosv2r10",
"kernel-tools-4.19.90-vhulk2204.1.0.h1160.eulerosv2r10",
"kernel-tools-libs-4.19.90-vhulk2204.1.0.h1160.eulerosv2r10",
"python3-perf-4.19.90-vhulk2204.1.0.h1160.eulerosv2r10"
];
foreach (var pkg in pkgs)
if (rpm_check(release:"EulerOS-2.0", sp:"10", reference:pkg)) flag++;
if (flag)
{
security_report_v4(
port : 0,
severity : SECURITY_HOLE,
extra : rpm_report_get()
);
exit(0);
}
else
{
var tested = pkg_tests_get();
if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
else audit(AUDIT_PACKAGE_NOT_INSTALLED, "kernel");
}
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-33061
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-39686
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1012
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1195
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1652
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1678
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1729
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1734
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1789
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1836
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-29581
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-30594
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-32250
www.nessus.org/u?812f70b6