Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nessusThis script is Copyright (C) 2022-2023 and is owned by Tenable, Inc. or an Affiliate thereof.EULEROS_SA-2022-2273.NASL
HistoryAug 17, 2022 - 12:00 a.m.

EulerOS 2.0 SP5 : kernel (EulerOS-SA-2022-2273)

2022-08-1700:00:00
This script is Copyright (C) 2022-2023 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
32
JSON

According to the versions of the kernel packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities :

  • Insufficient control flow management for the Intel® 82599 Ethernet Controllers and Adapters may allow an authenticated user to potentially enable denial of service via local access. (CVE-2021-33061)

  • In do_ipt_get_ctl and do_ipt_set_ctl of ip_tables.c, there is a possible way to leak kernel information due to uninitialized data. This could lead to local information disclosure with system execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-120612905References: Upstream kernel (CVE-2021-39636)

  • A memory leak flaw was found in the Linux kernel’s DMA subsystem, in the way a user calls DMA_FROM_DEVICE.
    This flaw allows a local user to read random memory from the kernel space. (CVE-2022-0854)

  • Linux Kernel could allow a local attacker to execute arbitrary code on the system, caused by a concurrency use-after-free flaw in the bad_flp_intr function. By executing a specially-crafted program, an attacker could exploit this vulnerability to execute arbitrary code or cause a denial of service condition on the system. (CVE-2022-1652)

  • In lg_probe and related functions of hid-lg.c and other USB HID files, there is a possible out of bounds read due to improper input validation. This could lead to local information disclosure if a malicious USB HID device were plugged in, with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-188677105References: Upstream kernel (CVE-2022-20132)

  • In various methods of kernel base drivers, there is a possible out of bounds write due to a heap buffer overflow. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID:
    A-182388481References: Upstream kernel (CVE-2022-20166)

  • drivers/block/floppy.c in the Linux kernel before 5.17.6 is vulnerable to a denial of service, because of a concurrency use-after-free flaw after deallocating raw_cmd in the raw_cmd_ioctl function.
    (CVE-2022-33981)

  • kernel: information leak in copy_page_to_iter() in iov_iter.c (CVE-2022-0850)

  • kernel: race condition in perf_event_open leads to privilege escalation (CVE-2022-1729)

Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

#%NASL_MIN_LEVEL 80900
##
# (C) Tenable, Inc.
##

include('compat.inc');

if (description)
{
  script_id(164235);
  script_version("1.3");
  script_set_attribute(attribute:"plugin_modification_date", value:"2023/10/13");

  script_cve_id(
    "CVE-2021-33061",
    "CVE-2021-39636",
    "CVE-2022-0850",
    "CVE-2022-0854",
    "CVE-2022-1652",
    "CVE-2022-1729",
    "CVE-2022-20132",
    "CVE-2022-20166",
    "CVE-2022-33981"
  );

  script_name(english:"EulerOS 2.0 SP5 : kernel (EulerOS-SA-2022-2273)");

  script_set_attribute(attribute:"synopsis", value:
"The remote EulerOS host is missing multiple security updates.");
  script_set_attribute(attribute:"description", value:
"According to the versions of the kernel packages installed, the EulerOS installation on the remote host is affected by
the following vulnerabilities :

  - Insufficient control flow management for the Intel(R) 82599 Ethernet Controllers and Adapters may allow an
    authenticated user to potentially enable denial of service via local access. (CVE-2021-33061)

  - In do_ipt_get_ctl and do_ipt_set_ctl of ip_tables.c, there is a possible way to leak kernel information
    due to uninitialized data. This could lead to local information disclosure with system execution
    privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android
    kernelAndroid ID: A-120612905References: Upstream kernel (CVE-2021-39636)

  - A memory leak flaw was found in the Linux kernel's DMA subsystem, in the way a user calls DMA_FROM_DEVICE.
    This flaw allows a local user to read random memory from the kernel space. (CVE-2022-0854)

  - Linux Kernel could allow a local attacker to execute arbitrary code on the system, caused by a concurrency
    use-after-free flaw in the bad_flp_intr function. By executing a specially-crafted program, an attacker
    could exploit this vulnerability to execute arbitrary code or cause a denial of service condition on the
    system. (CVE-2022-1652)

  - In lg_probe and related functions of hid-lg.c and other USB HID files, there is a possible out of bounds
    read due to improper input validation. This could lead to local information disclosure if a malicious USB
    HID device were plugged in, with no additional execution privileges needed. User interaction is not needed
    for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-188677105References: Upstream
    kernel (CVE-2022-20132)

  - In various methods of kernel base drivers, there is a possible out of bounds write due to a heap buffer
    overflow. This could lead to local escalation of privilege with System execution privileges needed. User
    interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID:
    A-182388481References: Upstream kernel (CVE-2022-20166)

  - drivers/block/floppy.c in the Linux kernel before 5.17.6 is vulnerable to a denial of service, because of
    a concurrency use-after-free flaw after deallocating raw_cmd in the raw_cmd_ioctl function.
    (CVE-2022-33981)

  - kernel: information leak in copy_page_to_iter() in iov_iter.c (CVE-2022-0850)

  - kernel: race condition in perf_event_open leads to privilege escalation (CVE-2022-1729)

Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security
advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional
issues.");
  # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2022-2273
  script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?e5100b70");
  script_set_attribute(attribute:"solution", value:
"Update the affected kernel packages.");
  script_set_cvss_base_vector("CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C");
  script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C");
  script_set_cvss3_base_vector("CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H");
  script_set_cvss3_temporal_vector("CVSS:3.0/E:P/RL:O/RC:C");
  script_set_attribute(attribute:"cvss_score_source", value:"CVE-2022-1652");

  script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"true");

  script_set_attribute(attribute:"vuln_publication_date", value:"2021/12/15");
  script_set_attribute(attribute:"patch_publication_date", value:"2022/08/17");
  script_set_attribute(attribute:"plugin_publication_date", value:"2022/08/17");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:kernel");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:kernel-devel");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:kernel-headers");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:kernel-tools");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:kernel-tools-libs");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:perf");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:python-perf");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:huawei:euleros:2.0");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"Huawei Local Security Checks");

  script_copyright(english:"This script is Copyright (C) 2022-2023 and is owned by Tenable, Inc. or an Affiliate thereof.");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/EulerOS/release", "Host/EulerOS/rpm-list", "Host/EulerOS/sp");
  script_exclude_keys("Host/EulerOS/uvp_version");

  exit(0);
}

include("rpm.inc");

if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);

var release = get_kb_item("Host/EulerOS/release");
if (isnull(release) || release !~ "^EulerOS") audit(AUDIT_OS_NOT, "EulerOS");
var uvp = get_kb_item("Host/EulerOS/uvp_version");
if (release !~ "^EulerOS release 2\.0(\D|$)") audit(AUDIT_OS_NOT, "EulerOS 2.0 SP5");

var sp = get_kb_item("Host/EulerOS/sp");
if (isnull(sp) || sp !~ "^(5)$") audit(AUDIT_OS_NOT, "EulerOS 2.0 SP5");

if (!empty_or_null(uvp)) audit(AUDIT_OS_NOT, "EulerOS 2.0 SP5", "EulerOS UVP " + uvp);

if (!get_kb_item("Host/EulerOS/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);

var cpu = get_kb_item("Host/cpu");
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$" && "aarch64" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "EulerOS", cpu);
if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_ARCH_NOT, "i686 / x86_64", cpu);

var flag = 0;

var pkgs = [
  "kernel-3.10.0-862.14.1.5.h697.eulerosv2r7",
  "kernel-devel-3.10.0-862.14.1.5.h697.eulerosv2r7",
  "kernel-headers-3.10.0-862.14.1.5.h697.eulerosv2r7",
  "kernel-tools-3.10.0-862.14.1.5.h697.eulerosv2r7",
  "kernel-tools-libs-3.10.0-862.14.1.5.h697.eulerosv2r7",
  "perf-3.10.0-862.14.1.5.h697.eulerosv2r7",
  "python-perf-3.10.0-862.14.1.5.h697.eulerosv2r7"
];

foreach (var pkg in pkgs)
  if (rpm_check(release:"EulerOS-2.0", sp:"5", reference:pkg)) flag++;

if (flag)
{
  security_report_v4(
    port       : 0,
    severity   : SECURITY_HOLE,
    extra      : rpm_report_get()
  );
  exit(0);
}
else
{
  var tested = pkg_tests_get();
  if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
  else audit(AUDIT_PACKAGE_NOT_INSTALLED, "kernel");
}
VendorProductVersionCPE
huaweieuleroskernelp-cpe:/a:huawei:euleros:kernel
huaweieuleroskernel-develp-cpe:/a:huawei:euleros:kernel-devel
huaweieuleroskernel-headersp-cpe:/a:huawei:euleros:kernel-headers
huaweieuleroskernel-toolsp-cpe:/a:huawei:euleros:kernel-tools
huaweieuleroskernel-tools-libsp-cpe:/a:huawei:euleros:kernel-tools-libs
huaweieulerosperfp-cpe:/a:huawei:euleros:perf
huaweieulerospython-perfp-cpe:/a:huawei:euleros:python-perf
huaweieuleros2.0cpe:/o:huawei:euleros:2.0

Related

openvas 31
altlinux 1
nessus 49
prion 9
cve 10
debiancve 9
ubuntucve 9
cnvd 4
redhatcve 9
osv 17
cbl_mariner 8
veracode 3
oraclelinux 7
f5 1
rocky 2
redhat 6
fedora 9
almalinux 2
intel 1
ubuntu 10
mageia 1
suse 1
openvas
openvas
Huawei EulerOS: Security Advisory for kernel (EulerOS-SA-2022-2273)
2022-08-18 00:00:00
Huawei EulerOS: Security Advisory for kernel (EulerOS-SA-2022-2257)
2022-08-18 00:00:00
Fedora: Security Advisory for kernel-tools (FEDORA-2022-014c3a24d9)
2022-05-29 00:00:00
altlinux
altlinux
Security fix for the ALT Linux 10 package kernel-image-std-def version 2:5.10.118-alt1
2022-05-30 00:00:00
nessus
nessus
EulerOS 2.0 SP10 : kernel (EulerOS-SA-2022-2257)
2022-08-17 00:00:00
EulerOS Virtualization 2.10.0 : kernel (EulerOS-SA-2022-2873)
2022-12-27 00:00:00
EulerOS 2.0 SP10 : kernel (EulerOS-SA-2022-2244)
2022-08-17 00:00:00
prion
prion
Information disclosure
2021-12-15 19:15:00
Design/Logic Flaw
2022-06-18 16:15:00
Heap overflow
2022-06-15 14:15:00
cve
cve
CVE-2021-39636
2021-12-15 19:15:00
CVE-2022-20132
2022-06-15 13:15:00
CVE-2022-20166
2022-06-15 14:15:00
debiancve
debiancve
CVE-2021-39636
2021-12-15 19:15:00
CVE-2022-20132
2022-06-15 13:15:00
CVE-2022-20166
2022-06-15 14:15:00
ubuntucve
ubuntucve
CVE-2021-39636
2021-12-15 00:00:00
CVE-2022-20132
2022-06-15 00:00:00
CVE-2022-33981
2022-06-18 00:00:00
cnvd
cnvd
Google Android Kernel Information Disclosure Vulnerability (CNVD-2022-01770)
2022-01-05 00:00:00
Google Android out-of-bounds read vulnerability (CNVD-2022-53382)
2022-06-14 00:00:00
Linux kernel information disclosure vulnerability (CNVD-2022-79426)
2022-03-25 00:00:00
redhatcve
redhatcve
CVE-2021-39636
2022-03-25 18:26:35
CVE-2022-20132
2023-03-05 12:29:17
CVE-2021-33061
2022-03-31 20:43:49
osv
osv
hid-fuzzer: Kernel failure in lg_probe
2022-06-01 00:00:00
Linux kernel vulnerability advisory
2023-02-01 00:00:00
Important: kernel-rt security and bug fix update
2022-07-13 00:00:00
cbl_mariner
cbl_mariner
CVE-2022-33981 affecting package kernel 5.15.48.1-2
2022-08-03 21:15:19
CVE-2022-33981 affecting package kernel 5.10.123.1-1
2022-08-12 16:45:24
CVE-2022-0850 affecting package kernel 5.15.126.1-1
2023-08-30 15:15:49
veracode
veracode
Information Disclosure
2022-03-26 18:15:16
Information Disclosure
2023-02-03 23:00:48
Denial Of Service
2022-07-05 00:43:35
oraclelinux
oraclelinux
Unbreakable Enterprise kernel-container security update
2022-07-11 00:00:00
Unbreakable Enterprise kernel security update
2022-07-11 00:00:00
Unbreakable Enterprise kernel-container security update
2022-05-20 00:00:00
f5
f5
K000132933 : Linux kernel vulnerability CVE-2022-1729
2023-03-13 00:00:00
rocky
rocky
kernel-rt security and bug fix update
2022-07-13 06:31:32
kernel security, bug fix, and enhancement update
2022-07-13 06:31:31
redhat
redhat
(RHSA-2022:6741) Important: kernel security and bug fix update
2022-09-28 14:42:43
(RHSA-2022:5564) Important: kernel security, bug fix, and enhancement update
2022-07-13 06:31:31
(RHSA-2022:5565) Important: kernel-rt security and bug fix update
2022-07-13 06:31:32
fedora
fedora
[SECURITY] Fedora 36 Update: kernel-tools-5.17.11-300.fc36
2022-05-28 01:16:41
[SECURITY] Fedora 35 Update: kernel-tools-5.17.11-200.fc35
2022-05-28 01:22:58
[SECURITY] Fedora 34 Update: kernel-5.17.11-100.fc34
2022-05-28 01:32:51
almalinux
almalinux
Important: kernel-rt security and bug fix update
2022-07-13 00:00:00
Important: kernel security, bug fix, and enhancement update
2022-07-13 00:00:00
intel
intel
Intel® 82599 Ethernet Controllers Advisory
2022-02-08 00:00:00
ubuntu
ubuntu
Linux kernel (HWE) vulnerabilities
2022-09-05 00:00:00
Linux kernel (Raspberry Pi) vulnerabilities
2022-09-08 00:00:00
Linux kernel vulnerabilities
2022-09-01 00:00:00
mageia
mageia
Updated kernel-linus packages fix security vulnerabilities
2022-05-28 11:56:13
suse
suse
Security update for the Linux Kernel (important)
2022-07-13 00:00:00
JSON
Related for EULEROS_SA-2022-2273.NASL
openvas31altlinux1nessus49prion9cve10debiancve9ubuntucve9cnvd4redhatcve9osv17cbl_mariner8veracode3oraclelinux7f51rocky2redhat6fedora9almalinux2intel1ubuntu10mageia1suse1