Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nessusThis script is Copyright (C) 2023-2024 and is owned by Tenable, Inc. or an Affiliate thereof.EULEROS_SA-2023-2541.NASL
HistoryAug 02, 2023 - 12:00 a.m.

EulerOS Virtualization 2.10.1 : kernel (EulerOS-SA-2023-2541)

2023-08-0200:00:00
This script is Copyright (C) 2023-2024 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
12

8.1 High

AI Score

Confidence

High

JSON

According to the versions of the kernel packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities :

  • Intel microprocessor generations 6 to 8 are affected by a new Spectre variant that is able to bypass their retpoline mitigation in the kernel to leak arbitrary data. An attacker with unprivileged user access can hijack return instructions to achieve arbitrary speculative code execution under certain microarchitecture-dependent conditions. (CVE-2022-29901)

  • A speculative pointer dereference problem exists in the Linux Kernel on the do_prlimit() function. The resource argument value is controlled and is used in pointer arithmetic for the ‘rlim’ variable and can be used to leak the contents. We recommend upgrading past version 6.1.8 or commit 739790605705ddcf18f21782b9c99ad7d53a8c11 (CVE-2023-0458)

  • A use-after-free vulnerability was found in iscsi_sw_tcp_session_create in drivers/scsi/iscsi_tcp.c in SCSI sub-component in the Linux Kernel. In this flaw an attacker could leak kernel internal information.
    (CVE-2023-2162)

  • A vulnerability was found in compare_netdev_and_ip in drivers/infiniband/core/cma.c in RDMA in the Linux Kernel. The improper cleanup results in out-of-boundary read, where a local user can utilize this problem to crash the system or escalation of privilege. (CVE-2023-2176)

  • A null pointer dereference issue was found in the sctp network protocol in net/sctp/stream_sched.c in Linux Kernel. If stream_in allocation is failed, stream_out is freed which would further be accessed. A local user could use this flaw to crash the system or potentially cause a denial of service.
    (CVE-2023-2177)

  • An out-of-bounds write vulnerability was found in the Linux kernel’s SLIMpro I2C device driver. The userspace ‘data->block[0]’ variable was not capped to a number between 0-255 and was used as the size of a memcpy, possibly writing beyond the end of dma_buffer. This flaw could allow a local privileged user to crash the system or potentially achieve code execution. (CVE-2023-2194)

  • Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority because it was the duplicate of CVE-2023-31436. (CVE-2023-2248)

  • A denial of service problem was found, due to a possible recursive locking scenario, resulting in a deadlock in table_clear in drivers/md/dm-ioctl.c in the Linux Kernel Device Mapper-Multipathing sub- component. (CVE-2023-2269)

  • Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2023-33203. Reason: This candidate is a reservation duplicate of CVE-2023-33203. Notes: All CVE users should reference CVE-2023-33203 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage. (CVE-2023-2483)

  • qfq_change_class in net/sched/sch_qfq.c in the Linux kernel before 6.2.13 allows an out-of-bounds write because lmax can exceed QFQ_MIN_LMAX. (CVE-2023-31436)

  • In the Linux kernel through 6.3.1, a use-after-free in Netfilter nf_tables when processing batch requests can be abused to perform arbitrary read and write operations on kernel memory. Unprivileged local users can obtain root privileges. This occurs because anonymous sets are mishandled. (CVE-2023-32233)

Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

#%NASL_MIN_LEVEL 80900
##
# (C) Tenable, Inc.
##

include('compat.inc');

if (description)
{
  script_id(179266);
  script_version("1.3");
  script_set_attribute(attribute:"plugin_modification_date", value:"2024/03/04");

  script_cve_id(
    "CVE-2022-29901",
    "CVE-2023-0458",
    "CVE-2023-2162",
    "CVE-2023-2176",
    "CVE-2023-2177",
    "CVE-2023-2194",
    "CVE-2023-2248",
    "CVE-2023-2269",
    "CVE-2023-2483",
    "CVE-2023-31436",
    "CVE-2023-32233"
  );

  script_name(english:"EulerOS Virtualization 2.10.1 : kernel (EulerOS-SA-2023-2541)");

  script_set_attribute(attribute:"synopsis", value:
"The remote EulerOS Virtualization host is missing multiple security updates.");
  script_set_attribute(attribute:"description", value:
"According to the versions of the kernel packages installed, the EulerOS Virtualization installation on the remote host
is affected by the following vulnerabilities :

  - Intel microprocessor generations 6 to 8 are affected by a new Spectre variant that is able to bypass their
    retpoline mitigation in the kernel to leak arbitrary data. An attacker with unprivileged user access can
    hijack return instructions to achieve arbitrary speculative code execution under certain
    microarchitecture-dependent conditions. (CVE-2022-29901)

  - A speculative pointer dereference problem exists in the Linux Kernel on the do_prlimit() function. The
    resource argument value is controlled and is used in pointer arithmetic for the 'rlim' variable and can be
    used to leak the contents. We recommend upgrading past version 6.1.8 or commit
    739790605705ddcf18f21782b9c99ad7d53a8c11 (CVE-2023-0458)

  - A use-after-free vulnerability was found in iscsi_sw_tcp_session_create in drivers/scsi/iscsi_tcp.c in
    SCSI sub-component in the Linux Kernel. In this flaw an attacker could leak kernel internal information.
    (CVE-2023-2162)

  - A vulnerability was found in compare_netdev_and_ip in drivers/infiniband/core/cma.c in RDMA in the Linux
    Kernel. The improper cleanup results in out-of-boundary read, where a local user can utilize this problem
    to crash the system or escalation of privilege. (CVE-2023-2176)

  - A null pointer dereference issue was found in the sctp network protocol in net/sctp/stream_sched.c in
    Linux Kernel. If stream_in allocation is failed, stream_out is freed which would further be accessed. A
    local user could use this flaw to crash the system or potentially cause a denial of service.
    (CVE-2023-2177)

  - An out-of-bounds write vulnerability was found in the Linux kernel's SLIMpro I2C device driver. The
    userspace 'data->block[0]' variable was not capped to a number between 0-255 and was used as the size of a
    memcpy, possibly writing beyond the end of dma_buffer. This flaw could allow a local privileged user to
    crash the system or potentially achieve code execution. (CVE-2023-2194)

  - Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority because it was
    the duplicate of CVE-2023-31436. (CVE-2023-2248)

  - A denial of service problem was found, due to a possible recursive locking scenario, resulting in a
    deadlock in table_clear in drivers/md/dm-ioctl.c in the Linux Kernel Device Mapper-Multipathing sub-
    component. (CVE-2023-2269)

  - Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2023-33203. Reason: This candidate is a
    reservation duplicate of CVE-2023-33203. Notes: All CVE users should reference CVE-2023-33203 instead of
    this candidate. All references and descriptions in this candidate have been removed to prevent accidental
    usage. (CVE-2023-2483)

  - qfq_change_class in net/sched/sch_qfq.c in the Linux kernel before 6.2.13 allows an out-of-bounds write
    because lmax can exceed QFQ_MIN_LMAX. (CVE-2023-31436)

  - In the Linux kernel through 6.3.1, a use-after-free in Netfilter nf_tables when processing batch requests
    can be abused to perform arbitrary read and write operations on kernel memory. Unprivileged local users
    can obtain root privileges. This occurs because anonymous sets are mishandled. (CVE-2023-32233)

Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security
advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional
issues.");
  # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2023-2541
  script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?9534c8c3");
  script_set_attribute(attribute:"solution", value:
"Update the affected kernel packages.");
  script_set_cvss_base_vector("CVSS2#AV:L/AC:M/Au:N/C:P/I:N/A:N");
  script_set_cvss_temporal_vector("CVSS2#E:H/RL:OF/RC:C");
  script_set_cvss3_base_vector("CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H");
  script_set_cvss3_temporal_vector("CVSS:3.0/E:H/RL:O/RC:C");
  script_set_attribute(attribute:"cvss_score_source", value:"CVE-2022-29901");
  script_set_attribute(attribute:"cvss3_score_source", value:"CVE-2023-32233");

  script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"true");
  script_set_attribute(attribute:"exploit_framework_core", value:"true");
  script_set_attribute(attribute:"exploited_by_malware", value:"true");

  script_set_attribute(attribute:"vuln_publication_date", value:"2022/07/12");
  script_set_attribute(attribute:"patch_publication_date", value:"2023/08/02");
  script_set_attribute(attribute:"plugin_publication_date", value:"2023/08/02");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:kernel");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:kernel-abi-stablelists");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:kernel-tools");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:kernel-tools-libs");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:python3-perf");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:huawei:euleros:uvp:2.10.1");
  script_set_attribute(attribute:"generated_plugin", value:"current");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"Huawei Local Security Checks");

  script_copyright(english:"This script is Copyright (C) 2023-2024 and is owned by Tenable, Inc. or an Affiliate thereof.");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/EulerOS/release", "Host/EulerOS/rpm-list", "Host/EulerOS/uvp_version");

  exit(0);
}

include("rpm.inc");

if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);

var _release = get_kb_item("Host/EulerOS/release");
if (isnull(_release) || _release !~ "^EulerOS") audit(AUDIT_OS_NOT, "EulerOS");
var uvp = get_kb_item("Host/EulerOS/uvp_version");
if (uvp != "2.10.1") audit(AUDIT_OS_NOT, "EulerOS Virtualization 2.10.1");
if (!get_kb_item("Host/EulerOS/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);

var cpu = get_kb_item("Host/cpu");
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$" && "aarch64" >!< cpu && "x86" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "EulerOS", cpu);
if ("aarch64" >!< cpu) audit(AUDIT_ARCH_NOT, "aarch64", cpu);

var flag = 0;

var pkgs = [
  "kernel-4.19.90-vhulk2211.3.0.h1543.eulerosv2r10",
  "kernel-abi-stablelists-4.19.90-vhulk2211.3.0.h1543.eulerosv2r10",
  "kernel-tools-4.19.90-vhulk2211.3.0.h1543.eulerosv2r10",
  "kernel-tools-libs-4.19.90-vhulk2211.3.0.h1543.eulerosv2r10",
  "python3-perf-4.19.90-vhulk2211.3.0.h1543.eulerosv2r10"
];

foreach (var pkg in pkgs)
  if (rpm_check(release:"EulerOS-2.0", reference:pkg)) flag++;

if (flag)
{
  security_report_v4(
    port       : 0,
    severity   : SECURITY_NOTE,
    extra      : rpm_report_get()
  );
  exit(0);
}
else
{
  var tested = pkg_tests_get();
  if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
  else audit(AUDIT_PACKAGE_NOT_INSTALLED, "kernel");
}
VendorProductVersionCPE
huaweieuleroskernelp-cpe:/a:huawei:euleros:kernel
huaweieuleroskernel-abi-stablelistsp-cpe:/a:huawei:euleros:kernel-abi-stablelists
huaweieuleroskernel-toolsp-cpe:/a:huawei:euleros:kernel-tools
huaweieuleroskernel-tools-libsp-cpe:/a:huawei:euleros:kernel-tools-libs
huaweieulerospython3-perfp-cpe:/a:huawei:euleros:python3-perf
huaweieulerosuvpcpe:/o:huawei:euleros:uvp:2.10.1

Related

nessus 51
openvas 25
ubuntucve 12
cve 12
debiancve 11
prion 10
mageia 2
debian 2
osv 13
oraclelinux 3
ubuntu 6
photon 1
cbl_mariner 18
redhatcve 11
f5 1
veracode 2
intel 1
virtuozzo 2
almalinux 2
redhat 3
githubexploit 5
rocky 1
alpinelinux 1
amazon 2
broadcom 1
cnvd 1
nessus
nessus
EulerOS 2.0 SP10 : kernel (EulerOS-SA-2023-2383)
2023-07-18 00:00:00
EulerOS 2.0 SP9 : kernel (EulerOS-SA-2023-2614)
2023-08-08 00:00:00
EulerOS Virtualization 2.9.1 : kernel (EulerOS-SA-2023-2957)
2024-01-16 00:00:00
openvas
openvas
Huawei EulerOS: Security Advisory for kernel (EulerOS-SA-2023-2541)
2023-08-03 00:00:00
Huawei EulerOS: Security Advisory for kernel (EulerOS-SA-2023-2383)
2023-07-17 00:00:00
Huawei EulerOS: Security Advisory for kernel (EulerOS-SA-2023-2957)
2023-10-13 00:00:00
ubuntucve
ubuntucve
CVE-2023-2248
2023-05-01 00:00:00
CVE-2023-33203
2023-05-18 00:00:00
CVE-2023-32233
2023-05-08 00:00:00
cve
cve
CVE-2023-2248
2023-05-01 13:15:44
CVE-2023-2483
2023-05-23 13:15:09
CVE-2023-33203
2023-05-18 08:15:08
debiancve
debiancve
CVE-2023-2483
2023-05-23 13:15:00
CVE-2023-33203
2023-05-18 08:15:08
CVE-2023-2248
2023-05-01 13:15:00
prion
prion
Open redirect
2023-05-01 13:15:00
Race condition
2023-05-18 08:15:00
Design/Logic Flaw
2022-07-12 19:15:00
mageia
mageia
Updated kernel packages fix security vulnerabilities
2023-05-16 22:17:40
Updated kernel-linus packages fix security vulnerabilities
2023-05-19 10:23:17
debian
debian
[SECURITY] [DLA 3446-1] linux-5.10 security update
2023-06-05 18:45:37
[SECURITY] [DSA 5402-1] linux security update
2023-05-13 11:20:28
osv
osv
linux - security update
2023-05-13 00:00:00
linux-5.10 - security update
2023-06-05 00:00:00
linux, linux-aws, linux-aws-hwe, linux-azure, linux-azure-4.15, linux-gcp, linux-gcp-4.15, linux-hwe, linux-kvm, linux-oracle, linux-snapdragon vulnerabilities
2023-06-01 17:28:21
oraclelinux
oraclelinux
Unbreakable Enterprise kernel security update
2023-06-07 00:00:00
Unbreakable Enterprise kernel security update
2023-06-13 00:00:00
kernel security and bug fix update
2023-06-01 00:00:00
ubuntu
ubuntu
Linux kernel vulnerabilities
2023-06-01 00:00:00
Linux kernel vulnerabilities
2023-06-01 00:00:00
Linux kernel vulnerabilities
2023-05-31 00:00:00
photon
photon
Important Photon OS Security Update - PHSA-2023-3.0-0585
2023-05-24 00:00:00
cbl_mariner
cbl_mariner
CVE-2023-33203 affecting package kernel 5.10.179.1-1
2023-06-13 20:02:41
CVE-2023-2248 affecting package kernel for versions less than 5.15.111.1-1
2023-05-25 09:38:10
CVE-2023-32233 affecting package kernel for versions less than 5.15.112.1-1
2023-06-02 21:37:28
redhatcve
redhatcve
CVE-2023-33203
2023-06-19 15:14:48
CVE-2023-2248
2023-05-02 18:22:25
CVE-2023-31436
2023-05-02 18:22:34
f5
f5
K000135206 : Linux kernel vulnerability CVE-2023-32233
2023-06-23 00:00:00
veracode
veracode
Use-After-Free
2023-05-11 07:16:36
Authentication Bypass
2022-11-10 00:24:39
intel
intel
Intel® Processors Return Stack Buffer Underflow Advisory
2022-07-12 00:00:00
virtuozzo
virtuozzo
[Important] [Security] Virtuozzo ReadyKernel Patch 157.3 for Virtuozzo Hybrid Server 7.5
2023-07-06 00:00:00
[Important] [Security] Virtuozzo ReadyKernel Patch 164.1 for Virtuozzo Hybrid Server 7.5
2023-11-28 00:00:00
almalinux
almalinux
Important: kernel security and bug fix update
2023-05-30 00:00:00
Important: kernel-rt security and bug fix update
2023-05-30 00:00:00
redhat
redhat
(RHSA-2023:3350) Important: kernel-rt security and bug fix update
2023-05-30 14:45:56
(RHSA-2023:3349) Important: kernel security and bug fix update
2023-05-30 14:45:55
(RHSA-2023:3351) Important: kpatch-patch security update
2023-05-30 14:45:56
githubexploit
githubexploit
Exploit for Use After Free in Linux Linux Kernel
2023-05-16 02:22:26
Exploit for Use After Free in Linux Linux Kernel
2023-05-16 05:58:03
Exploit for Use After Free in Linux Linux Kernel
2023-05-16 03:06:40
rocky
rocky
kernel-rt security and bug fix update
2023-06-13 19:54:33
alpinelinux
alpinelinux
CVE-2023-32233
2023-05-08 20:15:20
amazon
amazon
Important: kernel
2023-05-25 17:41:00
Important: kernel
2023-05-25 17:41:00
broadcom
broadcom
A use-after-free vulnerability was found in the Netfilter subsystem of the Linux kernel when processing batch requests to update nf_tables configuration. (CVE-2023-32233)
2023-11-07 00:00:00
cnvd
cnvd
Linux kernel denial of service vulnerability (CNVD-2023-51389)
2023-04-28 00:00:00

8.1 High

AI Score

Confidence

High

JSON
Related for EULEROS_SA-2023-2541.NASL
nessus51openvas25ubuntucve12cve12debiancve11prion10mageia2debian2osv13oraclelinux3ubuntu6photon1cbl_mariner18redhatcve11f51veracode2intel1virtuozzo2almalinux2redhat3githubexploit5rocky1alpinelinux1amazon2broadcom1cnvd1