Lucene search
This script is Copyright (C) 2023 and is owned by Tenable, Inc. or an Affiliate thereof.NEWSTART_CGSL_NS-SA-2023-0004_QEMU.NASLHistoryFeb 21, 2023 - 12:00 a.m.
NewStart CGSL MAIN 6.02 : qemu Vulnerability (NS-SA-2023-0004)
2023-02-2100:00:00
This script is Copyright (C) 2023 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
12
The remote NewStart CGSL host, running version MAIN 6.02, has qemu packages installed that are affected by a vulnerability:
- A use-after-free vulnerability was found in the LSI53C895A SCSI Host Bus Adapter emulation of QEMU. The flaw occurs while processing repeated messages to cancel the current SCSI request via the lsi_do_msgout function. This flaw allows a malicious privileged user within the guest to crash the QEMU process on the host, resulting in a denial of service. (CVE-2022-0216)
Note that Nessus has not tested for this issue but has instead relied only on the application’s self-reported version number.
#%NASL_MIN_LEVEL 80900
##
# (C) Tenable, Inc.
#
# The descriptive text and package checks in this plugin were
# extracted from ZTE advisory NS-SA-2023-0004. The text
# itself is copyright (C) ZTE, Inc.
##
include('compat.inc');
if (description)
{
script_id(171705);
script_version("1.1");
script_set_attribute(attribute:"plugin_modification_date", value:"2023/09/01");
script_cve_id("CVE-2022-0216");
script_name(english:"NewStart CGSL MAIN 6.02 : qemu Vulnerability (NS-SA-2023-0004)");
script_set_attribute(attribute:"synopsis", value:
"The remote NewStart CGSL host is affected by a vulnerability.");
script_set_attribute(attribute:"description", value:
"The remote NewStart CGSL host, running version MAIN 6.02, has qemu packages installed that are affected by a
vulnerability:
- A use-after-free vulnerability was found in the LSI53C895A SCSI Host Bus Adapter emulation of QEMU. The
flaw occurs while processing repeated messages to cancel the current SCSI request via the lsi_do_msgout
function. This flaw allows a malicious privileged user within the guest to crash the QEMU process on the
host, resulting in a denial of service. (CVE-2022-0216)
Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version
number.");
script_set_attribute(attribute:"see_also", value:"http://security.gd-linux.com/notice/NS-SA-2023-0004");
script_set_attribute(attribute:"see_also", value:"http://security.gd-linux.com/info/CVE-2022-0216");
script_set_attribute(attribute:"solution", value:
"Upgrade the vulnerable CGSL qemu packages. Note that updated packages may not be available yet. Please contact ZTE for
more information.");
script_set_cvss_base_vector("CVSS2#AV:L/AC:L/Au:M/C:N/I:N/A:C");
script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C");
script_set_cvss3_base_vector("CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H");
script_set_cvss3_temporal_vector("CVSS:3.0/E:P/RL:O/RC:C");
script_set_attribute(attribute:"cvss_score_source", value:"CVE-2022-0216");
script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
script_set_attribute(attribute:"exploit_available", value:"true");
script_set_attribute(attribute:"vuln_publication_date", value:"2022/08/26");
script_set_attribute(attribute:"patch_publication_date", value:"2023/02/20");
script_set_attribute(attribute:"plugin_publication_date", value:"2023/02/21");
script_set_attribute(attribute:"plugin_type", value:"local");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:zte:cgsl_main:qemu");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:zte:cgsl_main:qemu-block-rbd");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:zte:cgsl_main:qemu-common");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:zte:cgsl_main:qemu-img");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:zte:cgsl_main:qemu-kvm");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:zte:cgsl_main:qemu-tools");
script_set_attribute(attribute:"cpe", value:"cpe:/o:zte:cgsl_main:6");
script_set_attribute(attribute:"generated_plugin", value:"current");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_family(english:"NewStart CGSL Local Security Checks");
script_copyright(english:"This script is Copyright (C) 2023 and is owned by Tenable, Inc. or an Affiliate thereof.");
script_dependencies("ssh_get_info.nasl");
script_require_keys("Host/local_checks_enabled", "Host/ZTE-CGSL/release", "Host/ZTE-CGSL/rpm-list", "Host/cpu");
exit(0);
}
include('rpm.inc');
if (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
var os_release = get_kb_item('Host/ZTE-CGSL/release');
if (isnull(os_release) || os_release !~ "^CGSL (MAIN|CORE)") audit(AUDIT_OS_NOT, 'NewStart Carrier Grade Server Linux');
if (os_release !~ "CGSL MAIN 6.02")
audit(AUDIT_OS_NOT, 'NewStart CGSL MAIN 6.02');
if (!get_kb_item('Host/ZTE-CGSL/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);
var cpu = get_kb_item('Host/cpu');
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if ('x86_64' >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'NewStart Carrier Grade Server Linux', cpu);
var flag = 0;
var pkgs = {
'CGSL MAIN 6.02': [
'qemu-4.1.0-2.el8.cgslv6_2.257.g8cbbfaa3d',
'qemu-block-rbd-4.1.0-2.el8.cgslv6_2.257.g8cbbfaa3d',
'qemu-common-4.1.0-2.el8.cgslv6_2.257.g8cbbfaa3d',
'qemu-img-4.1.0-2.el8.cgslv6_2.257.g8cbbfaa3d',
'qemu-kvm-4.1.0-2.el8.cgslv6_2.257.g8cbbfaa3d',
'qemu-tools-4.1.0-2.el8.cgslv6_2.257.g8cbbfaa3d'
]
};
var pkg_list = pkgs[os_release];
foreach (pkg in pkg_list)
if (rpm_check(release:'ZTE ' + os_release, reference:pkg)) flag++;
if (flag)
{
security_report_v4(
port : 0,
severity : SECURITY_WARNING,
extra : rpm_report_get()
);
exit(0);
}
else
{
var tested = pkg_tests_get();
if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'qemu');
}
| Vendor | Product | Version | CPE |
|---|---|---|---|
| zte | cgsl_main | qemu | p-cpe:/a:zte:cgsl_main:qemu |
| zte | cgsl_main | qemu-block-rbd | p-cpe:/a:zte:cgsl_main:qemu-block-rbd |
| zte | cgsl_main | qemu-common | p-cpe:/a:zte:cgsl_main:qemu-common |
| zte | cgsl_main | qemu-img | p-cpe:/a:zte:cgsl_main:qemu-img |
| zte | cgsl_main | qemu-kvm | p-cpe:/a:zte:cgsl_main:qemu-kvm |
| zte | cgsl_main | qemu-tools | p-cpe:/a:zte:cgsl_main:qemu-tools |
| zte | cgsl_main | 6 | cpe:/o:zte:cgsl_main:6 |
Related
prion
prion
Design/Logic Flaw
2022-08-26 18:15:00
oraclelinux
oraclelinux
kvm_utils security update
2022-11-08 00:00:00
qemu security update
2022-11-04 00:00:00
kvm_utils2 security update
2022-10-13 00:00:00
cve
cve
CVE-2022-0216
2022-08-26 18:15:00
nessus
nessus
Oracle Linux 7 : qemu (ELSA-2022-9978)
2022-11-05 00:00:00
Oracle Linux 8 : kvm_utils (ELSA-2022-9986)
2022-11-09 00:00:00
SUSE SLED15 / SLES15 Security Update : qemu (SUSE-SU-2022:3660-1)
2022-10-20 00:00:00
cbl_mariner
cbl_mariner
CVE-2022-0216 affecting package qemu-kvm 4.2.0-48
2024-05-10 03:06:45
debiancve
debiancve
CVE-2022-0216
2022-08-26 18:15:00
openvas
openvas
Fedora: Security Advisory for qemu (FEDORA-2022-baf3c3b781)
2022-08-19 00:00:00
Fedora: Security Advisory for qemu (FEDORA-2022-4387579e67)
2022-11-11 00:00:00
SUSE: Security Advisory (SUSE-SU-2022:3660-1)
2022-10-20 00:00:00
f5
f5
K000133511 : QEMU vulnerability CVE-2022-0216
2023-04-14 00:00:00
redhatcve
redhatcve
CVE-2022-0216
2022-04-01 10:34:22
veracode
veracode
Use After Free
2022-09-17 23:55:55
fedora
fedora
[SECURITY] Fedora 36 Update: qemu-6.2.0-14.fc36
2022-08-18 02:05:09
[SECURITY] Fedora 37 Update: qemu-7.0.0-10.fc37
2022-11-10 22:49:15
ubuntucve
ubuntucve
CVE-2022-0216
2022-08-26 00:00:00
osv
osv
CVE-2022-0216
2022-08-26 18:15:08
qemu vulnerabilities
2022-12-12 06:51:06
qemu - security update
2023-03-14 00:00:00
suse
suse
Security update for qemu (moderate)
2022-10-27 00:00:00
Security update for qemu (moderate)
2022-10-19 00:00:00
Security update for qemu (important)
2022-10-17 00:00:00
ubuntu
ubuntu
QEMU vulnerabilities
2022-12-12 00:00:00
debian
debian
[SECURITY] [DLA 3362-1] qemu security update
2023-03-14 21:02:18
Related for NEWSTART_CGSL_NS-SA-2023-0004_QEMU.NASL