EulerOS Virtualization 3.0.6.0 : virglrenderer (EulerOS-SA-2022-2595)

2022-10-1000:00:00

www.tenable.com

According to the versions of the virglrenderer packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities :

A heap-based buffer overflow in the vrend_renderer_transfer_write_iov function in vrend_renderer.c in virglrenderer through 0.8.0 allows guest OS users to cause a denial of service via VIRGL_CCMD_RESOURCE_INLINE_WRITE commands. (CVE-2019-18391)

Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

#%NASL_MIN_LEVEL 80900
##
# (C) Tenable, Inc.
##

include('compat.inc');

if (description)
{
  script_id(165971);
  script_version("1.2");
  script_set_attribute(attribute:"plugin_modification_date", value:"2022/10/10");

  script_cve_id("CVE-2019-18391");

  script_name(english:"EulerOS Virtualization 3.0.6.0 : virglrenderer (EulerOS-SA-2022-2595)");

  script_set_attribute(attribute:"synopsis", value:
"The remote EulerOS Virtualization host is missing a security update.");
  script_set_attribute(attribute:"description", value:
"According to the versions of the virglrenderer packages installed, the EulerOS Virtualization installation on the remote
host is affected by the following vulnerabilities :

  - A heap-based buffer overflow in the vrend_renderer_transfer_write_iov function in vrend_renderer.c in
    virglrenderer through 0.8.0 allows guest OS users to cause a denial of service via
    VIRGL_CCMD_RESOURCE_INLINE_WRITE commands. (CVE-2019-18391)

Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security
advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional
issues.");
  # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2022-2595
  script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?f56cc324");
  script_set_attribute(attribute:"solution", value:
"Update the affected virglrenderer packages.");
  script_set_cvss_base_vector("CVSS2#AV:L/AC:L/Au:N/C:N/I:N/A:P");
  script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
  script_set_cvss3_base_vector("CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H");
  script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
  script_set_attribute(attribute:"cvss_score_source", value:"CVE-2019-18391");

  script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"false");

  script_set_attribute(attribute:"vuln_publication_date", value:"2019/12/23");
  script_set_attribute(attribute:"patch_publication_date", value:"2022/10/10");
  script_set_attribute(attribute:"plugin_publication_date", value:"2022/10/10");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:virglrenderer");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:virglrenderer-devel");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:huawei:euleros:uvp:3.0.6.0");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"Huawei Local Security Checks");

  script_copyright(english:"This script is Copyright (C) 2022 and is owned by Tenable, Inc. or an Affiliate thereof.");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/EulerOS/release", "Host/EulerOS/rpm-list", "Host/EulerOS/uvp_version");

  exit(0);
}

include("rpm.inc");

if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);

var release = get_kb_item("Host/EulerOS/release");
if (isnull(release) || release !~ "^EulerOS") audit(AUDIT_OS_NOT, "EulerOS");
var uvp = get_kb_item("Host/EulerOS/uvp_version");
if (uvp != "3.0.6.0") audit(AUDIT_OS_NOT, "EulerOS Virtualization 3.0.6.0");
if (!get_kb_item("Host/EulerOS/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);

var cpu = get_kb_item("Host/cpu");
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$" && "aarch64" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "EulerOS", cpu);
if ("aarch64" >!< cpu) audit(AUDIT_ARCH_NOT, "aarch64", cpu);

var flag = 0;

var pkgs = [
  "virglrenderer-0.6.0-9.20170210git76b3da97b.h1.eulerosv2r8",
  "virglrenderer-devel-0.6.0-9.20170210git76b3da97b.h1.eulerosv2r8"
];

foreach (var pkg in pkgs)
  if (rpm_check(release:"EulerOS-2.0", reference:pkg)) flag++;

if (flag)
{
  security_report_v4(
    port       : 0,
    severity   : SECURITY_NOTE,
    extra      : rpm_report_get()
  );
  exit(0);
}
else
{
  var tested = pkg_tests_get();
  if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
  else audit(AUDIT_PACKAGE_NOT_INSTALLED, "virglrenderer");
}

VendorProductVersionCPE
huaweieulerosvirglrendererp-cpe:/a:huawei:euleros:virglrenderer
huaweieulerosvirglrenderer-develp-cpe:/a:huawei:euleros:virglrenderer-devel
huaweieulerosuvpcpe:/o:huawei:euleros:uvp:3.0.6.0

Vendor	Product	Version	CPE
huawei	euleros	virglrenderer	p-cpe:/a:huawei:euleros:virglrenderer
huawei	euleros	virglrenderer-devel	p-cpe:/a:huawei:euleros:virglrenderer-devel
huawei	euleros	uvp	cpe:/o:huawei:euleros:uvp:3.0.6.0