Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nessusThis script is Copyright (C) 2023 and is owned by Tenable, Inc. or an Affiliate thereof.NEWSTART_CGSL_NS-SA-2023-0073_KERNEL.NASL
HistoryDec 27, 2023 - 12:00 a.m.

NewStart CGSL MAIN 6.02 : kernel Multiple Vulnerabilities (NS-SA-2023-0073)

2023-12-2700:00:00
This script is Copyright (C) 2023 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
9
newstart cgsl
main 6.02
kernel vulnerabilities
nfs
scsi_ioctl
udf file system
pfkey_register
ipsec
networking code
usb drivers
information leaks
denial of service
use-after-free
internal memory corruption

7 High

AI Score

Confidence

High

JSON

The remote NewStart CGSL host, running version MAIN 6.02, has kernel packages installed that are affected by multiple vulnerabilities:

  • In the Linux kernel before 5.7.8, fs/nfsd/vfs.c (in the NFS server) can set incorrect permissions on new filesystem objects when the filesystem lacks ACL support, aka CID-22cf8419f131. This occurs because the current umask is not considered. (CVE-2020-24394)

  • A kernel information leak flaw was identified in the scsi_ioctl function in drivers/scsi/scsi_ioctl.c in the Linux kernel. This flaw allows a local attacker with a special user privilege (CAP_SYS_ADMIN or CAP_SYS_RAWIO) to create issues with confidentiality. (CVE-2022-0494)

  • A flaw null pointer dereference in the Linux kernel UDF file system functionality was found in the way user triggers udf_file_write_iter function for the malicious UDF image. A local user could use this flaw to crash the system. Actual from Linux kernel 4.2-rc1 till 5.17-rc2. (CVE-2022-0617)

  • A vulnerability was found in the pfkey_register function in net/key/af_key.c in the Linux kernel. This flaw allows a local, unprivileged user to gain access to kernel memory, leading to a system crash or a leak of internal kernel information. (CVE-2022-1353)

  • Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none. (CVE-2022-3542)

  • A vulnerability has been found in Linux Kernel and classified as critical. Affected by this vulnerability is the function area_cache_get of the file drivers/net/ethernet/netronome/nfp/nfpcore/nfp_cppcore.c of the component IPsec. The manipulation leads to use after free. It is recommended to apply a patch to fix this issue. The identifier VDB-211045 was assigned to this vulnerability. (CVE-2022-3545)

  • A flaw was found in the Linux kernel’s networking code. A use-after-free was found in the way the sch_sfb enqueue function used the socket buffer (SKB) cb field after the same SKB had been enqueued (and freed) into a child qdisc. This flaw allows a local, unprivileged user to crash the system, causing a denial of service. (CVE-2022-3586)

  • A vulnerability was found in Linux Kernel. It has been declared as problematic. Affected by this vulnerability is the function intr_callback of the file drivers/net/usb/r8152.c of the component BPF. The manipulation leads to logging of excessive data. The attack can be launched remotely. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-211363.
    (CVE-2022-3594)

  • drivers/usb/mon/mon_bin.c in usbmon in the Linux kernel before 5.19.15 and 6.x before 6.0.1 allows a user- space client to corrupt the monitor’s internal memory. (CVE-2022-43750)

Note that Nessus has not tested for these issues but has instead relied only on the application’s self-reported version number.

#%NASL_MIN_LEVEL 80900
##
# (C) Tenable, Inc.
#
# The descriptive text and package checks in this plugin were
# extracted from ZTE advisory NS-SA-2023-0073. The text
# itself is copyright (C) ZTE, Inc.
##

include('compat.inc');

if (description)
{
  script_id(187337);
  script_version("1.0");
  script_set_attribute(attribute:"plugin_modification_date", value:"2023/12/27");

  script_cve_id(
    "CVE-2020-24394",
    "CVE-2022-0494",
    "CVE-2022-0617",
    "CVE-2022-1353",
    "CVE-2022-3542",
    "CVE-2022-3545",
    "CVE-2022-3586",
    "CVE-2022-3594",
    "CVE-2022-43750"
  );

  script_name(english:"NewStart CGSL MAIN 6.02 : kernel Multiple Vulnerabilities (NS-SA-2023-0073)");

  script_set_attribute(attribute:"synopsis", value:
"The remote NewStart CGSL host is affected by multiple vulnerabilities.");
  script_set_attribute(attribute:"description", value:
"The remote NewStart CGSL host, running version MAIN 6.02, has kernel packages installed that are affected by multiple
vulnerabilities:

  - In the Linux kernel before 5.7.8, fs/nfsd/vfs.c (in the NFS server) can set incorrect permissions on new
    filesystem objects when the filesystem lacks ACL support, aka CID-22cf8419f131. This occurs because the
    current umask is not considered. (CVE-2020-24394)

  - A kernel information leak flaw was identified in the scsi_ioctl function in drivers/scsi/scsi_ioctl.c in
    the Linux kernel. This flaw allows a local attacker with a special user privilege (CAP_SYS_ADMIN or
    CAP_SYS_RAWIO) to create issues with confidentiality. (CVE-2022-0494)

  - A flaw null pointer dereference in the Linux kernel UDF file system functionality was found in the way
    user triggers udf_file_write_iter function for the malicious UDF image. A local user could use this flaw
    to crash the system. Actual from Linux kernel 4.2-rc1 till 5.17-rc2. (CVE-2022-0617)

  - A vulnerability was found in the pfkey_register function in net/key/af_key.c in the Linux kernel. This
    flaw allows a local, unprivileged user to gain access to kernel memory, leading to a system crash or a
    leak of internal kernel information. (CVE-2022-1353)

  - Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn
    by its CNA. Further investigation showed that it was not a security issue. Notes: none. (CVE-2022-3542)

  - A vulnerability has been found in Linux Kernel and classified as critical. Affected by this vulnerability
    is the function area_cache_get of the file drivers/net/ethernet/netronome/nfp/nfpcore/nfp_cppcore.c of the
    component IPsec. The manipulation leads to use after free. It is recommended to apply a patch to fix this
    issue. The identifier VDB-211045 was assigned to this vulnerability. (CVE-2022-3545)

  - A flaw was found in the Linux kernel's networking code. A use-after-free was found in the way the sch_sfb
    enqueue function used the socket buffer (SKB) cb field after the same SKB had been enqueued (and freed)
    into a child qdisc. This flaw allows a local, unprivileged user to crash the system, causing a denial of
    service. (CVE-2022-3586)

  - A vulnerability was found in Linux Kernel. It has been declared as problematic. Affected by this
    vulnerability is the function intr_callback of the file drivers/net/usb/r8152.c of the component BPF. The
    manipulation leads to logging of excessive data. The attack can be launched remotely. It is recommended to
    apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-211363.
    (CVE-2022-3594)

  - drivers/usb/mon/mon_bin.c in usbmon in the Linux kernel before 5.19.15 and 6.x before 6.0.1 allows a user-
    space client to corrupt the monitor's internal memory. (CVE-2022-43750)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version
number.");
  script_set_attribute(attribute:"see_also", value:"https://security.gd-linux.com/notice/NS-SA-2023-0073");
  script_set_attribute(attribute:"see_also", value:"https://security.gd-linux.com/info/CVE-2020-24394");
  script_set_attribute(attribute:"see_also", value:"https://security.gd-linux.com/info/CVE-2022-0494");
  script_set_attribute(attribute:"see_also", value:"https://security.gd-linux.com/info/CVE-2022-0617");
  script_set_attribute(attribute:"see_also", value:"https://security.gd-linux.com/info/CVE-2022-1353");
  script_set_attribute(attribute:"see_also", value:"https://security.gd-linux.com/info/CVE-2022-3542");
  script_set_attribute(attribute:"see_also", value:"https://security.gd-linux.com/info/CVE-2022-3545");
  script_set_attribute(attribute:"see_also", value:"https://security.gd-linux.com/info/CVE-2022-3586");
  script_set_attribute(attribute:"see_also", value:"https://security.gd-linux.com/info/CVE-2022-3594");
  script_set_attribute(attribute:"see_also", value:"https://security.gd-linux.com/info/CVE-2022-43750");
  script_set_attribute(attribute:"solution", value:
"Upgrade the vulnerable CGSL kernel packages. Note that updated packages may not be available yet. Please contact ZTE for
more information.");
  script_set_cvss_base_vector("CVSS2#AV:L/AC:L/Au:N/C:C/I:N/A:N");
  script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C");
  script_set_cvss3_base_vector("CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H");
  script_set_cvss3_temporal_vector("CVSS:3.0/E:P/RL:O/RC:C");
  script_set_attribute(attribute:"cvss_score_source", value:"CVE-2022-0494");
  script_set_attribute(attribute:"cvss3_score_source", value:"CVE-2022-3545");

  script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"true");

  script_set_attribute(attribute:"vuln_publication_date", value:"2020/08/18");
  script_set_attribute(attribute:"patch_publication_date", value:"2023/05/29");
  script_set_attribute(attribute:"plugin_publication_date", value:"2023/12/27");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:zte:cgsl_main:bpftool");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:zte:cgsl_main:kernel");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:zte:cgsl_main:kernel-core");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:zte:cgsl_main:kernel-devel");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:zte:cgsl_main:kernel-headers");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:zte:cgsl_main:kernel-modules");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:zte:cgsl_main:kernel-modules-extra");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:zte:cgsl_main:kernel-tools");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:zte:cgsl_main:kernel-tools-libs");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:zte:cgsl_main:perf");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:zte:cgsl_main:python3-perf");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:zte:cgsl_main:6");
  script_set_attribute(attribute:"generated_plugin", value:"current");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"NewStart CGSL Local Security Checks");

  script_copyright(english:"This script is Copyright (C) 2023 and is owned by Tenable, Inc. or an Affiliate thereof.");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/ZTE-CGSL/release", "Host/ZTE-CGSL/rpm-list", "Host/cpu");

  exit(0);
}

include('rpm.inc');

if (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);

var os_release = get_kb_item('Host/ZTE-CGSL/release');
if (isnull(os_release) || os_release !~ "^CGSL (MAIN|CORE)") audit(AUDIT_OS_NOT, 'NewStart Carrier Grade Server Linux');

if (os_release !~ "CGSL MAIN 6.02")
  audit(AUDIT_OS_NOT, 'NewStart CGSL MAIN 6.02');

if (!get_kb_item('Host/ZTE-CGSL/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);

var cpu = get_kb_item('Host/cpu');
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if ('x86_64' >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'NewStart Carrier Grade Server Linux', cpu);

var flag = 0;

var pkgs = {
  'CGSL MAIN 6.02': [
    'bpftool-4.18.0-193.14.2.el8_2.cgslv6_2.599.g67816c2b8',
    'kernel-4.18.0-193.14.2.el8_2.cgslv6_2.599.g67816c2b8',
    'kernel-core-4.18.0-193.14.2.el8_2.cgslv6_2.599.g67816c2b8',
    'kernel-devel-4.18.0-193.14.2.el8_2.cgslv6_2.599.g67816c2b8',
    'kernel-headers-4.18.0-193.14.2.el8_2.cgslv6_2.599.g67816c2b8',
    'kernel-modules-4.18.0-193.14.2.el8_2.cgslv6_2.599.g67816c2b8',
    'kernel-modules-extra-4.18.0-193.14.2.el8_2.cgslv6_2.599.g67816c2b8',
    'kernel-tools-4.18.0-193.14.2.el8_2.cgslv6_2.599.g67816c2b8',
    'kernel-tools-libs-4.18.0-193.14.2.el8_2.cgslv6_2.599.g67816c2b8',
    'perf-4.18.0-193.14.2.el8_2.cgslv6_2.599.g67816c2b8',
    'python3-perf-4.18.0-193.14.2.el8_2.cgslv6_2.599.g67816c2b8'
  ]
};
var pkg_list = pkgs[os_release];

foreach (pkg in pkg_list)
  if (rpm_check(release:'ZTE ' + os_release, reference:pkg)) flag++;

if (flag)
{
  security_report_v4(
    port       : 0,
    severity   : SECURITY_WARNING,
    extra      : rpm_report_get()
  );
  exit(0);
}
else
{
  var tested = pkg_tests_get();
  if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
  else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'kernel');
}
VendorProductVersionCPE
ztecgsl_mainkernelp-cpe:/a:zte:cgsl_main:kernel
ztecgsl_mainkernel-develp-cpe:/a:zte:cgsl_main:kernel-devel
ztecgsl_mainkernel-headersp-cpe:/a:zte:cgsl_main:kernel-headers
ztecgsl_mainkernel-toolsp-cpe:/a:zte:cgsl_main:kernel-tools
ztecgsl_mainkernel-tools-libsp-cpe:/a:zte:cgsl_main:kernel-tools-libs
ztecgsl_mainperfp-cpe:/a:zte:cgsl_main:perf
ztecgsl_mainbpftoolp-cpe:/a:zte:cgsl_main:bpftool
ztecgsl_main6cpe:/o:zte:cgsl_main:6
ztecgsl_mainkernel-corep-cpe:/a:zte:cgsl_main:kernel-core
ztecgsl_mainkernel-modulesp-cpe:/a:zte:cgsl_main:kernel-modules
Rows per page:
1-10 of 121

References

Related

nessus 72
redhat 18
openvas 10
oraclelinux 4
f5 1
prion 9
redhatcve 9
debiancve 9
veracode 8
cbl_mariner 17
ubuntucve 9
cve 9
zdi 1
cnvd 3
virtuozzo 2
cloudlinux 2
amazon 2
photon 2
rocky 2
osv 6
almalinux 4
nessus
nessus
NewStart CGSL CORE 5.04 / MAIN 5.04 : kernel Multiple Vulnerabilities (NS-SA-2023-0030)
2023-04-11 00:00:00
RHEL 8 : kernel-rt (RHSA-2022:6248)
2022-08-31 00:00:00
RHEL 8 : kernel (RHSA-2022:6243)
2022-08-31 00:00:00
redhat
redhat
(RHSA-2022:6248) Moderate: kernel-rt security and bug fix update
2022-08-30 21:05:29
(RHSA-2022:6243) Moderate: kernel security and bug fix update
2022-08-30 21:03:39
(RHSA-2023:1987) Moderate: kernel security and bug fix update
2023-04-25 13:08:32
openvas
openvas
Huawei EulerOS: Security Advisory for kernel (EulerOS-SA-2023-1102)
2023-01-09 00:00:00
Huawei EulerOS: Security Advisory for kernel (EulerOS-SA-2023-1360)
2023-02-10 00:00:00
Huawei EulerOS: Security Advisory for kernel (EulerOS-SA-2023-1637)
2023-04-27 00:00:00
oraclelinux
oraclelinux
Unbreakable Enterprise kernel security update
2023-01-03 00:00:00
kernel security and bug fix update
2023-04-26 00:00:00
kernel security, bug fix, and enhancement update
2022-10-26 00:00:00
f5
f5
K04553557 : Linux nfsd kernel vulnerability CVE-2020-24394
2021-03-02 00:00:00
prion
prion
Code injection
2020-08-19 13:15:00
Design/Logic Flaw
2022-10-17 12:15:00
Design/Logic Flaw
2022-10-19 18:15:00
redhatcve
redhatcve
CVE-2020-24394
2020-08-19 15:09:51
CVE-2022-3542
2022-12-30 05:34:53
CVE-2022-3586
2022-10-18 10:10:06
debiancve
debiancve
CVE-2020-24394
2020-08-19 13:15:00
CVE-2022-3542
2022-10-17 12:15:00
CVE-2022-43750
2022-10-26 04:15:00
veracode
veracode
Wrong Access Permission
2020-09-21 06:39:25
Denial Of Service (DoS)
2023-01-17 19:00:50
Memory Corruption
2023-01-17 17:03:00
cbl_mariner
cbl_mariner
CVE-2020-24394 affecting package kernel 5.4.91-6
2021-04-06 23:51:14
CVE-2022-3542 affecting package kernel 5.15.77.1-1
2022-11-30 04:44:18
CVE-2022-3542 affecting package kernel 5.10.149.1-1
2022-11-24 00:45:57
ubuntucve
ubuntucve
CVE-2020-24394
2020-08-19 00:00:00
CVE-2022-43750
2022-10-26 00:00:00
CVE-2022-3542
2022-10-17 00:00:00
cve
cve
CVE-2020-24394
2020-08-19 13:15:00
CVE-2022-3542
2022-10-17 12:15:00
CVE-2022-43750
2022-10-26 04:15:00
zdi
zdi
Linux Kernel Net Scheduler Use-After-Free Information Disclosure Vulnerability
2022-10-21 00:00:00
cnvd
cnvd
Linux kernel resource management error vulnerability (CNVD-2022-74087)
2022-10-21 00:00:00
Linux kernel denial-of-service vulnerability (CNVD-2022-69196)
2022-02-18 00:00:00
Linux kernel has unspecified vulnerabilities (CNVD-2022-70572)
2022-10-20 00:00:00
virtuozzo
virtuozzo
[Important] [Security] Virtuozzo ReadyKernel Patch 160.0 for Virtuozzo Hybrid Server 7.5
2023-08-25 00:00:00
[Important] [Security] Virtuozzo ReadyKernel Patch 153.1 for Virtuozzo Hybrid Server 7.5
2023-02-14 00:00:00
cloudlinux
cloudlinux
kernel: Fix of 7 CVEs
2023-04-28 18:43:13
kernel: Fix of 7 CVEs
2023-04-28 19:55:00
amazon
amazon
Important: kernel
2022-10-31 19:40:00
Important: kernel
2022-12-01 17:33:00
photon
photon
Important Photon OS Security Update - PHSA-2022-0542
2022-11-18 00:00:00
Important Photon OS Security Update - PHSA-2022-3.0-0485
2022-11-10 00:00:00
rocky
rocky
kernel security, bug fix, and enhancement update
2022-10-25 07:23:52
kernel-rt security and bug fix update
2022-10-25 07:38:43
osv
osv
Important: kernel-rt security and bug fix update
2022-10-25 07:38:43
Important: kernel security, bug fix, and enhancement update
2022-10-25 00:00:00
Important: kernel security, bug fix, and enhancement update
2022-10-25 07:23:52
almalinux
almalinux
Important: kernel-rt security and bug fix update
2022-10-25 00:00:00
Important: kernel security, bug fix, and enhancement update
2022-10-25 00:00:00
Moderate: kernel-rt security and bug fix update
2022-08-09 00:00:00

7 High

AI Score

Confidence

High

JSON
Related for NEWSTART_CGSL_NS-SA-2023-0073_KERNEL.NASL
nessus72redhat18openvas10oraclelinux4f51prion9redhatcve9debiancve9veracode8cbl_mariner17ubuntucve9cve9zdi1cnvd3virtuozzo2cloudlinux2amazon2photon2rocky2osv6almalinux4