EulerOS 2.0 SP10 kernel vulnerabilities with memory leaks and use after fre
Reporter | Title | Published | Views | Family All 199 |
---|---|---|---|---|
OpenVAS | Huawei EulerOS: Security Advisory for kernel (EulerOS-SA-2023-1360) | 10 Feb 202300:00 | – | openvas |
OpenVAS | Huawei EulerOS: Security Advisory for kernel (EulerOS-SA-2023-1102) | 9 Jan 202300:00 | – | openvas |
OpenVAS | Huawei EulerOS: Security Advisory for kernel (EulerOS-SA-2023-1637) | 27 Apr 202300:00 | – | openvas |
OpenVAS | Huawei EulerOS: Security Advisory for kernel (EulerOS-SA-2023-1902) | 16 May 202300:00 | – | openvas |
OpenVAS | Huawei EulerOS: Security Advisory for kernel (EulerOS-SA-2023-1126) | 9 Jan 202300:00 | – | openvas |
OpenVAS | Huawei EulerOS: Security Advisory for kernel (EulerOS-SA-2023-1345) | 9 Feb 202300:00 | – | openvas |
OpenVAS | Huawei EulerOS: Security Advisory for kernel (EulerOS-SA-2023-1388) | 10 Feb 202300:00 | – | openvas |
OpenVAS | SUSE: Security Advisory (SUSE-SU-2022:4272-1) | 30 Nov 202200:00 | – | openvas |
OpenVAS | SUSE: Security Advisory (SUSE-SU-2022:4273-1) | 30 Nov 202200:00 | – | openvas |
OpenVAS | Ubuntu: Security Advisory (USN-5756-1) | 2 Dec 202200:00 | – | openvas |
#%NASL_MIN_LEVEL 80900
##
# (C) Tenable, Inc.
##
include('compat.inc');
if (description)
{
script_id(171303);
script_version("1.2");
script_set_attribute(attribute:"plugin_modification_date", value:"2024/01/16");
script_cve_id(
"CVE-2022-2602",
"CVE-2022-3524",
"CVE-2022-3542",
"CVE-2022-3545",
"CVE-2022-3566",
"CVE-2022-3567",
"CVE-2022-3586",
"CVE-2022-3629",
"CVE-2022-43750"
);
script_name(english:"EulerOS 2.0 SP10 : kernel (EulerOS-SA-2023-1360)");
script_set_attribute(attribute:"synopsis", value:
"The remote EulerOS host is missing multiple security updates.");
script_set_attribute(attribute:"description", value:
"According to the versions of the kernel packages installed, the EulerOS installation on the remote host is affected by
the following vulnerabilities :
- io_uring UAF, Unix SCM garbage collection (CVE-2022-2602)
- A vulnerability was found in Linux Kernel. It has been declared as problematic. Affected by this
vulnerability is the function ipv6_renew_options of the component IPv6 Handler. The manipulation leads to
memory leak. The attack can be launched remotely. It is recommended to apply a patch to fix this issue.
The identifier VDB-211021 was assigned to this vulnerability. (CVE-2022-3524)
- Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn
by its CNA. Further investigation showed that it was not a security issue. Notes: none. (CVE-2022-3542)
- A vulnerability has been found in Linux Kernel and classified as critical. Affected by this vulnerability
is the function area_cache_get of the file drivers/net/ethernet/netronome/nfp/nfpcore/nfp_cppcore.c of the
component IPsec. The manipulation leads to use after free. It is recommended to apply a patch to fix this
issue. The identifier VDB-211045 was assigned to this vulnerability. (CVE-2022-3545)
- A vulnerability, which was classified as problematic, was found in Linux Kernel. This affects the function
tcp_getsockopt/tcp_setsockopt of the component TCP Handler. The manipulation leads to race condition. It
is recommended to apply a patch to fix this issue. The identifier VDB-211089 was assigned to this
vulnerability. (CVE-2022-3566)
- A vulnerability has been found in Linux Kernel and classified as problematic. This vulnerability affects
the function inet6_stream_ops/inet6_dgram_ops of the component IPv6 Handler. The manipulation leads to
race condition. It is recommended to apply a patch to fix this issue. VDB-211090 is the identifier
assigned to this vulnerability. (CVE-2022-3567)
- A flaw was found in the Linux kernel's networking code. A use-after-free was found in the way the sch_sfb
enqueue function used the socket buffer (SKB) cb field after the same SKB had been enqueued (and freed)
into a child qdisc. This flaw allows a local, unprivileged user to crash the system, causing a denial of
service. (CVE-2022-3586)
- A vulnerability was found in Linux Kernel. It has been declared as problematic. This vulnerability affects
the function vsock_connect of the file net/vmw_vsock/af_vsock.c. The manipulation leads to memory leak.
The complexity of an attack is rather high. The exploitation appears to be difficult. It is recommended to
apply a patch to fix this issue. VDB-211930 is the identifier assigned to this vulnerability.
(CVE-2022-3629)
- drivers/usb/mon/mon_bin.c in usbmon in the Linux kernel before 5.19.15 and 6.x before 6.0.1 allows a user-
space client to corrupt the monitor's internal memory. (CVE-2022-43750)
Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security
advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional
issues.");
# https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2023-1360
script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?8d5a22a6");
script_set_attribute(attribute:"solution", value:
"Update the affected kernel packages.");
script_set_cvss_base_vector("CVSS2#AV:L/AC:L/Au:S/C:C/I:C/A:C");
script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C");
script_set_cvss3_base_vector("CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H");
script_set_cvss3_temporal_vector("CVSS:3.0/E:P/RL:O/RC:C");
script_set_attribute(attribute:"cvss_score_source", value:"CVE-2022-3545");
script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
script_set_attribute(attribute:"exploit_available", value:"true");
script_set_attribute(attribute:"vuln_publication_date", value:"2022/10/16");
script_set_attribute(attribute:"patch_publication_date", value:"2023/02/10");
script_set_attribute(attribute:"plugin_publication_date", value:"2023/02/10");
script_set_attribute(attribute:"plugin_type", value:"local");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:kernel");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:kernel-abi-stablelists");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:kernel-tools");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:kernel-tools-libs");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:python3-perf");
script_set_attribute(attribute:"cpe", value:"cpe:/o:huawei:euleros:2.0");
script_set_attribute(attribute:"generated_plugin", value:"current");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_family(english:"Huawei Local Security Checks");
script_copyright(english:"This script is Copyright (C) 2023-2024 and is owned by Tenable, Inc. or an Affiliate thereof.");
script_dependencies("ssh_get_info.nasl");
script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/EulerOS/release", "Host/EulerOS/rpm-list", "Host/EulerOS/sp");
script_exclude_keys("Host/EulerOS/uvp_version");
exit(0);
}
include("rpm.inc");
if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
var _release = get_kb_item("Host/EulerOS/release");
if (isnull(_release) || _release !~ "^EulerOS") audit(AUDIT_OS_NOT, "EulerOS");
var uvp = get_kb_item("Host/EulerOS/uvp_version");
if (_release !~ "^EulerOS release 2\.0(\D|$)") audit(AUDIT_OS_NOT, "EulerOS 2.0 SP10");
var sp = get_kb_item("Host/EulerOS/sp");
if (isnull(sp) || sp !~ "^(10)$") audit(AUDIT_OS_NOT, "EulerOS 2.0 SP10");
if (!empty_or_null(uvp)) audit(AUDIT_OS_NOT, "EulerOS 2.0 SP10", "EulerOS UVP " + uvp);
if (!get_kb_item("Host/EulerOS/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
var cpu = get_kb_item("Host/cpu");
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$" && "aarch64" >!< cpu && "x86" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "EulerOS", cpu);
if ("aarch64" >!< cpu) audit(AUDIT_ARCH_NOT, "aarch64", cpu);
var flag = 0;
var pkgs = [
"kernel-4.19.90-vhulk2209.2.0.h1327.eulerosv2r10",
"kernel-abi-stablelists-4.19.90-vhulk2209.2.0.h1327.eulerosv2r10",
"kernel-tools-4.19.90-vhulk2209.2.0.h1327.eulerosv2r10",
"kernel-tools-libs-4.19.90-vhulk2209.2.0.h1327.eulerosv2r10",
"python3-perf-4.19.90-vhulk2209.2.0.h1327.eulerosv2r10"
];
foreach (var pkg in pkgs)
if (rpm_check(release:"EulerOS-2.0", sp:"10", reference:pkg)) flag++;
if (flag)
{
security_report_v4(
port : 0,
severity : SECURITY_WARNING,
extra : rpm_report_get()
);
exit(0);
}
else
{
var tested = pkg_tests_get();
if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
else audit(AUDIT_PACKAGE_NOT_INSTALLED, "kernel");
}
Transform Your Security Services
Elevate your offerings with Vulners' advanced Vulnerability Intelligence. Contact us for a demo and discover the difference comprehensive, actionable intelligence can make in your security strategy.
Book a live demo