EulerOS Virtualization 2.10.1 kernel affected by multiple vulnerabilitie
#%NASL_MIN_LEVEL 80900
##
# (C) Tenable, Inc.
##
include('compat.inc');
if (description)
{
script_id(175775);
script_version("1.1");
script_set_attribute(attribute:"plugin_modification_date", value:"2024/01/16");
script_cve_id(
"CVE-2022-1184",
"CVE-2022-2602",
"CVE-2022-3108",
"CVE-2022-3111",
"CVE-2022-3524",
"CVE-2022-3542",
"CVE-2022-3545",
"CVE-2022-3566",
"CVE-2022-3567",
"CVE-2022-3586",
"CVE-2022-3629",
"CVE-2022-4129",
"CVE-2022-4662",
"CVE-2022-20572",
"CVE-2022-41218",
"CVE-2022-43750",
"CVE-2022-47929",
"CVE-2023-0394",
"CVE-2023-23454"
);
script_name(english:"EulerOS Virtualization 2.10.1 : kernel (EulerOS-SA-2023-1902)");
script_set_attribute(attribute:"synopsis", value:
"The remote EulerOS Virtualization host is missing multiple security updates.");
script_set_attribute(attribute:"description", value:
"According to the versions of the kernel packages installed, the EulerOS Virtualization installation on the remote host
is affected by the following vulnerabilities :
- A use-after-free flaw was found in fs/ext4/namei.c:dx_insert_block() in the Linux kernel's filesystem sub-
component. This flaw allows a local attacker with a user privilege to cause a denial of service.
(CVE-2022-1184)
- In verity_target of dm-verity-target.c, there is a possible way to modify read-only files due to a missing
permission check. This could lead to local escalation of privilege with System execution privileges
needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid
ID: A-234475629References: Upstream kernel (CVE-2022-20572)
- io_uring UAF, Unix SCM garbage collection (CVE-2022-2602)
- An issue was discovered in the Linux kernel through 5.16-rc6. kfd_parse_subtype_iolink in
drivers/gpu/drm/amd/amdkfd/kfd_crat.c lacks check of the return value of kmemdup(). (CVE-2022-3108)
- An issue was discovered in the Linux kernel through 5.16-rc6. free_charger_irq() in
drivers/power/supply/wm8350_power.c lacks free of WM8350_IRQ_CHG_FAST_RDY, which is registered in
wm8350_init_charger(). (CVE-2022-3111)
- A vulnerability was found in Linux Kernel. It has been declared as problematic. Affected by this
vulnerability is the function ipv6_renew_options of the component IPv6 Handler. The manipulation leads to
memory leak. The attack can be launched remotely. It is recommended to apply a patch to fix this issue.
The identifier VDB-211021 was assigned to this vulnerability. (CVE-2022-3524)
- Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn
by its CNA. Further investigation showed that it was not a security issue. Notes: none. (CVE-2022-3542)
- A vulnerability has been found in Linux Kernel and classified as critical. Affected by this vulnerability
is the function area_cache_get of the file drivers/net/ethernet/netronome/nfp/nfpcore/nfp_cppcore.c of the
component IPsec. The manipulation leads to use after free. It is recommended to apply a patch to fix this
issue. The identifier VDB-211045 was assigned to this vulnerability. (CVE-2022-3545)
- A vulnerability, which was classified as problematic, was found in Linux Kernel. This affects the function
tcp_getsockopt/tcp_setsockopt of the component TCP Handler. The manipulation leads to race condition. It
is recommended to apply a patch to fix this issue. The identifier VDB-211089 was assigned to this
vulnerability. (CVE-2022-3566)
- A vulnerability has been found in Linux Kernel and classified as problematic. This vulnerability affects
the function inet6_stream_ops/inet6_dgram_ops of the component IPv6 Handler. The manipulation leads to
race condition. It is recommended to apply a patch to fix this issue. VDB-211090 is the identifier
assigned to this vulnerability. (CVE-2022-3567)
- A flaw was found in the Linux kernel's networking code. A use-after-free was found in the way the sch_sfb
enqueue function used the socket buffer (SKB) cb field after the same SKB had been enqueued (and freed)
into a child qdisc. This flaw allows a local, unprivileged user to crash the system, causing a denial of
service. (CVE-2022-3586)
- A vulnerability was found in Linux Kernel. It has been declared as problematic. This vulnerability affects
the function vsock_connect of the file net/vmw_vsock/af_vsock.c. The manipulation leads to memory leak.
The complexity of an attack is rather high. The exploitation appears to be difficult. It is recommended to
apply a patch to fix this issue. VDB-211930 is the identifier assigned to this vulnerability.
(CVE-2022-3629)
- In drivers/media/dvb-core/dmxdev.c in the Linux kernel through 5.19.10, there is a use-after-free caused
by refcount races, affecting dvb_demux_open and dvb_dmxdev_release. (CVE-2022-41218)
- A flaw was found in the Linux kernel's Layer 2 Tunneling Protocol (L2TP). A missing lock when clearing
sk_user_data can lead to a race condition and NULL pointer dereference. A local user could use this flaw
to potentially crash the system causing a denial of service. (CVE-2022-4129)
- drivers/usb/mon/mon_bin.c in usbmon in the Linux kernel before 5.19.15 and 6.x before 6.0.1 allows a user-
space client to corrupt the monitor's internal memory. (CVE-2022-43750)
- A flaw incorrect access control in the Linux kernel USB core subsystem was found in the way user attaches
usb device. A local user could use this flaw to crash the system. (CVE-2022-4662)
- In the Linux kernel before 6.1.6, a NULL pointer dereference bug in the traffic control subsystem allows
an unprivileged user to trigger a denial of service (system crash) via a crafted traffic control
configuration that is set up with 'tc qdisc' and 'tc class' commands. This affects qdisc_graft in
net/sched/sch_api.c. (CVE-2022-47929)
- A NULL pointer dereference flaw was found in rawv6_push_pending_frames in net/ipv6/raw.c in the network
subcomponent in the Linux kernel. This flaw causes the system to crash. (CVE-2023-0394)
- cbq_classify in net/sched/sch_cbq.c in the Linux kernel through 6.1.4 allows attackers to cause a denial
of service (slab-out-of-bounds read) because of type confusion (non-negative numbers can sometimes
indicate a TC_ACT_SHOT condition rather than valid classification results). (CVE-2023-23454)
Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security
advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional
issues.");
# https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2023-1902
script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?269b0b00");
script_set_attribute(attribute:"solution", value:
"Update the affected kernel packages.");
script_set_cvss_base_vector("CVSS2#AV:L/AC:L/Au:S/C:C/I:C/A:C");
script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C");
script_set_cvss3_base_vector("CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H");
script_set_cvss3_temporal_vector("CVSS:3.0/E:P/RL:O/RC:C");
script_set_attribute(attribute:"cvss_score_source", value:"CVE-2022-3545");
script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
script_set_attribute(attribute:"exploit_available", value:"true");
script_set_attribute(attribute:"vuln_publication_date", value:"2022/08/29");
script_set_attribute(attribute:"patch_publication_date", value:"2023/05/15");
script_set_attribute(attribute:"plugin_publication_date", value:"2023/05/16");
script_set_attribute(attribute:"plugin_type", value:"local");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:kernel");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:kernel-abi-stablelists");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:kernel-tools");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:kernel-tools-libs");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:python3-perf");
script_set_attribute(attribute:"cpe", value:"cpe:/o:huawei:euleros:uvp:2.10.1");
script_set_attribute(attribute:"generated_plugin", value:"current");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_family(english:"Huawei Local Security Checks");
script_copyright(english:"This script is Copyright (C) 2023-2024 and is owned by Tenable, Inc. or an Affiliate thereof.");
script_dependencies("ssh_get_info.nasl");
script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/EulerOS/release", "Host/EulerOS/rpm-list", "Host/EulerOS/uvp_version");
exit(0);
}
include("rpm.inc");
if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
var _release = get_kb_item("Host/EulerOS/release");
if (isnull(_release) || _release !~ "^EulerOS") audit(AUDIT_OS_NOT, "EulerOS");
var uvp = get_kb_item("Host/EulerOS/uvp_version");
if (uvp != "2.10.1") audit(AUDIT_OS_NOT, "EulerOS Virtualization 2.10.1");
if (!get_kb_item("Host/EulerOS/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
var cpu = get_kb_item("Host/cpu");
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$" && "aarch64" >!< cpu && "x86" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "EulerOS", cpu);
if ("aarch64" >!< cpu) audit(AUDIT_ARCH_NOT, "aarch64", cpu);
var flag = 0;
var pkgs = [
"kernel-4.19.90-vhulk2211.3.0.h1373.eulerosv2r10",
"kernel-abi-stablelists-4.19.90-vhulk2211.3.0.h1373.eulerosv2r10",
"kernel-tools-4.19.90-vhulk2211.3.0.h1373.eulerosv2r10",
"kernel-tools-libs-4.19.90-vhulk2211.3.0.h1373.eulerosv2r10",
"python3-perf-4.19.90-vhulk2211.3.0.h1373.eulerosv2r10"
];
foreach (var pkg in pkgs)
if (rpm_check(release:"EulerOS-2.0", reference:pkg)) flag++;
if (flag)
{
security_report_v4(
port : 0,
severity : SECURITY_WARNING,
extra : rpm_report_get()
);
exit(0);
}
else
{
var tested = pkg_tests_get();
if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
else audit(AUDIT_PACKAGE_NOT_INSTALLED, "kernel");
}
Transform Your Security Services
Elevate your offerings with Vulners' advanced Vulnerability Intelligence. Contact us for a demo and discover the difference comprehensive, actionable intelligence can make in your security strategy.
Book a live demo