The remote NewStart CGSL host, running version MAIN 6.06, has kernel packages installed that are affected by multiple vulnerabilities:
Linux kernel vhost since version 4.8 does not properly initialize memory in messages passed between virtual guests and the host operating system in the vhost/vhost.c:vhost_new_msg() function. This can allow local privileged users to read some kernel memory contents when reading from the /dev/vhost-net device file. (CVE-2018-1118)
In the tun subsystem in the Linux kernel before 4.13.14, dev_get_valid_name is not called before register_netdevice. This allows local users to cause a denial of service (NULL pointer dereference and panic) via an ioctl(TUNSETIFF) call with a dev name containing a / character. This is similar to CVE-2013-4343. (CVE-2018-7191)
An issue was discovered in the Linux kernel through 5.2.13. nbd_genl_status in drivers/block/nbd.c does not check the nla_nest_start_noflag return value. (CVE-2019-16089)
An issue was discovered in netfilter in the Linux kernel before 5.10. There can be a use-after-free in the packet processing context, because the per-CPU sequence count is mishandled during concurrent iptables rules replacement. This could be exploited with the CAP_NET_ADMIN capability in an unprivileged namespace.
NOTE: cc00bca was reverted in 5.12. (CVE-2020-36694)
An issue was discovered in the Linux kernel before 5.11.11. The BPF subsystem does not properly consider that resolved_ids and resolved_sizes are intentionally uninitialized in the vmlinux BPF Type Format (BTF), which can cause a system crash upon an unexpected access attempt (in map_create in kernel/bpf/syscall.c or check_btf_info in kernel/bpf/verifier.c), aka CID-350a5c4dd245. (CVE-2021-29648)
An issue was discovered in the Linux kernel through 5.11.11. synic_get in arch/x86/kvm/hyperv.c has a NULL pointer dereference for certain accesses to the SynIC Hyper-V context, aka CID-919f4ebc5987.
(CVE-2021-30178)
An Out-of-Bounds Read was discovered in arch/arm/mach-footbridge/personal-pci.c in the Linux kernel through 5.12.11 because of the lack of a check for a value that shouldn’t be negative, e.g., access to element -2 of an array, aka CID-298a58e165e4. (CVE-2021-32078)
Insufficient control flow management for the Intel® 82599 Ethernet Controllers and Adapters may allow an authenticated user to potentially enable denial of service via local access. (CVE-2021-33061)
A memory overflow vulnerability was found in the Linux kernel’s ipc functionality of the memcg subsystem, in the way a user calls the semget function multiple times, creating semaphores. This flaw allows a local user to starve the resources, causing a denial of service. The highest threat from this vulnerability is to system availability. (CVE-2021-3759)
A use-after-free flaw was found in fs/ext4/namei.c:dx_insert_block() in the Linux kernel’s filesystem sub- component. This flaw allows a local attacker with a user privilege to cause a denial of service.
(CVE-2022-1184)
A regression exists in the Linux Kernel within KVM: nVMX that allowed for speculative execution attacks.
L2 can carry out Spectre v2 attacks on L1 due to L1 thinking it doesn’t need retpolines or IBPB after running L2 due to KVM (L0) advertising eIBRS support to L1. An attacker at L2 with code execution can execute code on an indirect branch on the host machine. We recommend upgrading to Kernel 6.2 or past commit 2e7eab81425a (CVE-2022-2196)
A race condition was found in the way the Linux kernel’s memory subsystem handled the copy-on-write (COW) breakage of private read-only shared memory mappings. This flaw allows an unprivileged, local user to gain write access to read-only memory mappings, increasing their privileges on the system. (CVE-2022-2590)
An issue was discovered in the Linux kernel through 5.16-rc6. kfd_parse_subtype_iolink in drivers/gpu/drm/amd/amdkfd/kfd_crat.c lacks check of the return value of kmemdup(). (CVE-2022-3108)
A race condition flaw was found in the Linux kernel sound subsystem due to improper locking. It could lead to a NULL pointer dereference while handling the SNDCTL_DSP_SYNC ioctl. A privileged local user (root or member of the audio group) could use this flaw to crash the system, resulting in a denial of service condition (CVE-2022-3303)
A flaw was found in the KVM’s AMD nested virtualization (SVM). A malicious L1 guest could purposely fail to intercept the shutdown of a cooperative nested guest (L2), possibly leading to a page fault and kernel panic in the host (L0). (CVE-2022-3344)
A use-after-free flaw was found in the Linux kernel’s SGI GRU driver in the way the first gru_file_unlocked_ioctl function is called by the user, where a fail pass occurs in the gru_check_chiplet_assignment function. This flaw allows a local user to crash or potentially escalate their privileges on the system. (CVE-2022-3424)
A vulnerability was found in Linux Kernel. It has been classified as problematic. Affected is an unknown function of the file mm/memory.c of the component Driver Handler. The manipulation leads to use after free. It is possible to launch the attack remotely. It is recommended to apply a patch to fix this issue.
The identifier of this vulnerability is VDB-211020. (CVE-2022-3523)
A vulnerability was found in Linux Kernel. It has been rated as problematic. Affected by this issue is the function sess_free_buffer of the file fs/cifs/sess.c of the component CIFS Handler. The manipulation leads to double free. It is recommended to apply a patch to fix this issue. The identifier of this vulnerability is VDB-211364. (CVE-2022-3595)
A vulnerability was found in Linux Kernel. It has been classified as problematic. This affects the function find_prog_by_sec_insn of the file tools/lib/bpf/libbpf.c of the component BPF. The manipulation leads to null pointer dereference. It is recommended to apply a patch to fix this issue. The identifier VDB-211749 was assigned to this vulnerability. (CVE-2022-3606)
An out-of-bounds(OOB) memory access vulnerability was found in vmwgfx driver in drivers/gpu/vmxgfx/vmxgfx_kms.c in GPU component in the Linux kernel with device file ‘/dev/dri/renderD128 (or Dxxx)’. This flaw allows a local attacker with a user account on the system to gain privilege, causing a denial of service(DoS). (CVE-2022-36280)
Guests can trigger NIC interface reset/abort/crash via netback It is possible for a guest to trigger a NIC interface reset/abort/crash in a Linux based network backend by sending certain kinds of packets. It appears to be an (unwritten?) assumption in the rest of the Linux network stack that packet protocol headers are all contained within the linear section of the SKB and some NICs behave badly if this is not the case. This has been reported to occur with Cisco (enic) and Broadcom NetXtrem II BCM5780 (bnx2x) though it may be an issue with other NICs/drivers as well. In case the frontend is sending requests with split headers, netback will forward those violating above mentioned assumption to the networking core, resulting in said misbehavior. (CVE-2022-3643)
A double-free memory flaw was found in the Linux kernel. The Intel GVT-g graphics driver triggers VGA card system resource overload, causing a fail in the intel_gvt_dma_map_guest_page function. This issue could allow a local user to crash the system. (CVE-2022-3707)
An incorrect read request flaw was found in the Infrared Transceiver USB driver in the Linux kernel. This issue occurs when a user attaches a malicious USB device. A local user could use this flaw to starve the resources, causing denial of service or potentially crashing the system. (CVE-2022-3903)
A use-after-free flaw was found in Linux kernel before 5.19.2. This issue occurs in cmd_hdl_filter in drivers/staging/rtl8712/rtl8712_cmd.c, allowing an attacker to launch a local denial of service attack and gain escalation of privileges. (CVE-2022-4095)
In drivers/media/dvb-core/dmxdev.c in the Linux kernel through 5.19.10, there is a use-after-free caused by refcount races, affecting dvb_demux_open and dvb_dmxdev_release. (CVE-2022-41218)
A flaw was found in the Linux kernel’s Layer 2 Tunneling Protocol (L2TP). A missing lock when clearing sk_user_data can lead to a race condition and NULL pointer dereference. A local user could use this flaw to potentially crash the system causing a denial of service. (CVE-2022-4129)
drivers/video/fbdev/smscufx.c in the Linux kernel through 5.19.12 has a race condition and resultant use- after-free if a physically proximate attacker removes a USB device while calling open(), aka a race condition between ufx_ops_open and ufx_usb_disconnect. (CVE-2022-41849)
roccat_report_event in drivers/hid/hid-roccat.c in the Linux kernel through 5.19.12 has a race condition and resultant use-after-free in certain situations where a report is received while copying a report->value is in progress. (CVE-2022-41850)
Guests can trigger deadlock in Linux netback driver T[his CNA information record relates to multiple CVEs;
the text explains which aspects/vulnerabilities correspond to which CVE.] The patch for XSA-392 introduced another issue which might result in a deadlock when trying to free the SKB of a packet dropped due to the XSA-392 handling (CVE-2022-42328). Additionally when dropping packages for other reasons the same deadlock could occur in case of netpoll being active for the interface the xen-netback driver is connected to (CVE-2022-42329). (CVE-2022-42328, CVE-2022-42329)
This vulnerability allows local attackers to disclose sensitive information on affected installations of the Linux Kernel 6.0-rc2. An attacker must first obtain the ability to execute high-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the nft_osf_eval function. The issue results from the lack of proper initialization of memory prior to accessing it. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of the kernel. Was ZDI-CAN-18540. (CVE-2022-42432)
mm/rmap.c in the Linux kernel before 5.19.7 has a use-after-free related to leaf anon_vma double reuse.
(CVE-2022-42703)
A use-after-free vulnerability was found in __nfs42_ssc_open() in fs/nfs/nfs4file.c in the Linux kernel.
This flaw allows an attacker to conduct a remote denial (CVE-2022-4379)
A use-after-free flaw caused by a race among the superblock operations in the gadgetfs Linux driver was found. It could be triggered by yanking out a device that is running the gadgetfs side. (CVE-2022-4382)
An issue was discovered in the Linux kernel through 6.0.9. drivers/media/dvb-core/dvbdev.c has a use- after-free, related to dvb_register_device dynamically allocating fops. (CVE-2022-45884)
An issue was discovered in the Linux kernel through 6.0.9. drivers/media/dvb-core/dvb_frontend.c has a race condition that can cause a use-after-free when a device is disconnected. (CVE-2022-45885)
An issue was discovered in the Linux kernel through 6.0.9. drivers/media/dvb-core/dvb_net.c has a .disconnect versus dvb_device_open race condition that leads to a use-after-free. (CVE-2022-45886)
An issue was discovered in the Linux kernel through 6.0.9. drivers/media/usb/ttusb-dec/ttusb_dec.c has a memory leak because of the lack of a dvb_frontend_detach call. (CVE-2022-45887)
An issue was discovered in the Linux kernel through 6.0.10. l2cap_config_req in net/bluetooth/l2cap_core.c has an integer wraparound via L2CAP_CONF_REQ packets. (CVE-2022-45934)
A flaw incorrect access control in the Linux kernel USB core subsystem was found in the way user attaches usb device. A local user could use this flaw to crash the system. (CVE-2022-4662)
A double-free flaw was found in the Linux kernel’s TUN/TAP device driver functionality in how a user registers the device when the register_netdevice function fails (NETDEV_REGISTER notifier). This flaw allows a local user to crash or potentially escalate their privileges on the system. (CVE-2022-4744)
An issue was discovered in the Linux kernel before 6.0.11. Missing validation of the number of channels in drivers/net/wireless/microchip/wilc1000/cfg80211.c in the WILC1000 wireless driver can trigger a heap- based buffer overflow when copying the list of operating channels from Wi-Fi management frames.
(CVE-2022-47518)
An issue was discovered in the Linux kernel before 6.0.11. Missing validation of IEEE80211_P2P_ATTR_OPER_CHANNEL in drivers/net/wireless/microchip/wilc1000/cfg80211.c in the WILC1000 wireless driver can trigger an out-of-bounds write when parsing the channel list attribute from Wi-Fi management frames. (CVE-2022-47519)
An issue was discovered in the Linux kernel before 6.0.11. Missing offset validation in drivers/net/wireless/microchip/wilc1000/hif.c in the WILC1000 wireless driver can trigger an out-of-bounds read when parsing a Robust Security Network (RSN) information element from a Netlink packet.
(CVE-2022-47520)
An issue was discovered in the Linux kernel before 6.0.11. Missing validation of IEEE80211_P2P_ATTR_CHANNEL_LIST in drivers/net/wireless/microchip/wilc1000/cfg80211.c in the WILC1000 wireless driver can trigger a heap-based buffer overflow when parsing the operating channel attribute from Wi-Fi management frames. (CVE-2022-47521)
In the Linux kernel before 6.1.6, a NULL pointer dereference bug in the traffic control subsystem allows an unprivileged user to trigger a denial of service (system crash) via a crafted traffic control configuration that is set up with tc qdisc and tc class commands. This affects qdisc_graft in net/sched/sch_api.c. (CVE-2022-47929)
An issue was discovered in the Linux kernel 5.10.x before 5.10.155. A use-after-free in io_sqpoll_wait_sq in fs/io_uring.c allows an attacker to crash the kernel, resulting in denial of service. finish_wait can be skipped. An attack can occur in some situations by forking a process and then quickly terminating it.
NOTE: later kernel versions, such as the 5.15 longterm series, substantially changed the implementation of io_sqpoll_wait_sq. (CVE-2022-47946)
A buffer overflow vulnerability was found in the Netfilter subsystem in the Linux Kernel. This issue could allow the leakage of both stack and heap addresses, and potentially allow Local Privilege Escalation to the root user via arbitrary code execution. (CVE-2023-0179)
A use after free vulnerability exists in the ALSA PCM package in the Linux Kernel.
SNDRV_CTL_IOCTL_ELEM_{READ|WRITE}32 is missing locks that can be used in a use-after-free that can result in a priviledge escalation to gain ring0 access from the system user. We recommend upgrading past commit 56b88b50565cd8b946a2d00b0c83927b7ebb055e (CVE-2023-0266)
A flaw was found in the Linux kernel, where unauthorized access to the execution of the setuid file with capabilities was found in the Linux kernel’s OverlayFS subsystem in how a user copies a capable file from a nosuid mount into another mount. This uid mapping bug allows a local user to escalate their privileges on the system. (CVE-2023-0386)
A NULL pointer dereference flaw was found in rawv6_push_pending_frames in net/ipv6/raw.c in the network subcomponent in the Linux kernel. This flaw causes the system to crash. (CVE-2023-0394)
A speculative pointer dereference problem exists in the Linux Kernel on the do_prlimit() function. The resource argument value is controlled and is used in pointer arithmetic for the ‘rlim’ variable and can be used to leak the contents. We recommend upgrading past version 6.1.8 or commit 739790605705ddcf18f21782b9c99ad7d53a8c11 (CVE-2023-0458)
Copy_from_user on 64-bit versions of the Linux kernel does not implement the __uaccess_begin_nospec allowing a user to bypass the access_ok check and pass a kernel pointer to copy_from_user(). This would allow an attacker to leak information. We recommend upgrading beyond commit 74e19ef0ff8061ef55957c3abd71614ef0f42f47 (CVE-2023-0459)
There is a use-after-free vulnerability in the Linux Kernel which can be exploited to achieve local privilege escalation. To reach the vulnerability kernel configuration flag CONFIG_TLS or CONFIG_XFRM_ESPINTCP has to be configured, but the operation does not require any privilege. There is a use-after-free bug of icsk_ulp_data of a struct inet_connection_sock. When CONFIG_TLS is enabled, user can install a tls context (struct tls_context) on a connected tcp socket. The context is not cleared if this socket is disconnected and reused as a listener. If a new socket is created from the listener, the context is inherited and vulnerable. The setsockopt TCP_ULP operation does not require any privilege. We recommend upgrading past commit 2c02d41d71f90a5168391b6a5f2954112ba2307c (CVE-2023-0461)
A use-after-free flaw was found in qdisc_graft in net/sched/sch_api.c in the Linux Kernel due to a race problem. This flaw leads to a denial of service issue. If patch ebda44da44f6 (net: sched: fix race condition in qdisc_graft()) not applied yet, then kernel could be affected. (CVE-2023-0590)
A flaw possibility of memory leak in the Linux kernel cpu_entry_area mapping of X86 CPU data to memory was found in the way user can guess location of exception stack(s) or other important data. A local user could use this flaw to get access to some important data with expected location in memory. (CVE-2023-0597)
A memory corruption flaw was found in the Linux kernel’s human interface device (HID) subsystem in how a user inserts a malicious USB device. This flaw allows a local user to crash or potentially escalate their privileges on the system. (CVE-2023-1073)
A memory leak flaw was found in the Linux kernel’s Stream Control Transmission Protocol. This issue may occur when a user starts a malicious networking service and someone connects to this service. This could allow a local user to starve resources, causing a denial of service. (CVE-2023-1074)
A flaw was found in the Linux Kernel. The tls_is_tx_ready() incorrectly checks for list emptiness, potentially accessing a type confused entry to the list_head, leaking the last byte of the confused field that overlaps with rec->tx_ready. (CVE-2023-1075)
A flaw was found in the Linux Kernel. The tun/tap sockets have their socket UID hardcoded to 0 due to a type confusion in their initialization function. While it will be often correct, as tuntap devices require CAP_NET_ADMIN, it may not always be the case, e.g., a non-root user only having that capability. This would make tun/tap sockets being incorrectly treated in filtering/routing decisions, possibly bypassing network filters. (CVE-2023-1076)
In the Linux kernel, pick_next_rt_entity() may return a type confused entry, not detected by the BUG_ON condition, as the confused entry will not be NULL, but list_head.The buggy error condition would lead to a type confused entry with the list head,which would then be used as a type confused sched_rt_entity,causing memory corruption. (CVE-2023-1077)
A flaw use after free in the Linux kernel integrated infrared receiver/transceiver driver was found in the way user detaching rc device. A local user could use this flaw to crash the system or potentially escalate their privileges on the system. (CVE-2023-1118)
Use After Free vulnerability in Linux kernel traffic control index filter (tcindex) allows Privilege Escalation. The imperfect hash area can be updated while packets are traversing, which will cause a use- after-free when ‘tcf_exts_exec()’ is called with the destroyed tcf_ext. A local attacker user can use this vulnerability to elevate its privileges to root. This issue affects Linux Kernel: from 4.14 before git commit ee059170b1f7e94e55fa6cadee544e176a6e59c2. (CVE-2023-1281)
A data race flaw was found in the Linux kernel, between where con is allocated and con->sock is set. This issue leads to a NULL pointer dereference when accessing con->sock->sk in net/tipc/topsrv.c in the tipc protocol in the Linux kernel. (CVE-2023-1382)
A use-after-free vulnerability in the Linux Kernel traffic control index filter (tcindex) can be exploited to achieve local privilege escalation. The tcindex_delete function which does not properly deactivate filters in case of a perfect hashes while deleting the underlying structure which can later lead to double freeing the structure. A local attacker user can use this vulnerability to elevate its privileges to root.
We recommend upgrading past commit 8c710f75256bb3cf05ac7b1672c82b92c43f3d28. (CVE-2023-1829)
A use-after-free flaw was found in xgene_hwmon_remove in drivers/hwmon/xgene-hwmon.c in the Hardware Monitoring Linux Kernel Driver (xgene-hwmon). This flaw could allow a local attacker to crash the system due to a race problem. This vulnerability could even lead to a kernel information leak problem.
(CVE-2023-1855)
A use-after-free flaw was found in xen_9pfs_front_removet in net/9p/trans_xen.c in Xen transport for 9pfs in the Linux Kernel. This flaw could allow a local attacker to crash the system due to a race problem, possibly leading to a kernel information leak. (CVE-2023-1859)
A use-after-free flaw was found in btsdio_remove in drivers\bluetooth\btsdio.c in the Linux Kernel. In this flaw, a call to btsdio_remove with an unfinished job, may cause a race problem leading to a UAF on hdev devices. (CVE-2023-1989)
The Linux kernel allows userspace processes to enable mitigations by calling prctl with PR_SET_SPECULATION_CTRL which disables the speculation feature as well as by using seccomp. We had noticed that on VMs of at least one major cloud provider, the kernel still left the victim process exposed to attacks in some cases even after enabling the spectre-BTI mitigation with prctl. The same behavior can be observed on a bare-metal machine when forcing the mitigation to IBRS on boot command line. This happened because when plain IBRS was enabled (not enhanced IBRS), the kernel had some logic that determined that STIBP was not needed. The IBRS bit implicitly protects against cross-thread branch target injection.
However, with legacy IBRS, the IBRS bit was cleared on returning to userspace, due to performance reasons, which disabled the implicit STIBP and left userspace threads vulnerable to cross-thread branch target injection against which STIBP protects. (CVE-2023-1998)
A race condition was found in the Linux kernel’s RxRPC network protocol, within the processing of RxRPC bundles. This issue results from the lack of proper locking when performing operations on an object. This may allow an attacker to escalate privileges and execute arbitrary code in the context of the kernel.
(CVE-2023-2006)
The specific flaw exists within the DPT I2O Controller driver. The issue results from the lack of proper locking when performing operations on an object. An attacker can leverage this in conjunction with other vulnerabilities to escalate privileges and execute arbitrary code in the context of the kernel.
(CVE-2023-2007)
An out-of-bounds memory access flaw was found in the Linux kernel’s XFS file system in how a user restores an XFS image after failure (with a dirty log journal). This flaw allows a local user to crash or potentially escalate their privileges on the system. (CVE-2023-2124)
A use-after-free vulnerability was found in iscsi_sw_tcp_session_create in drivers/scsi/iscsi_tcp.c in SCSI sub-component in the Linux Kernel. In this flaw an attacker could leak kernel internal information.
(CVE-2023-2162)
A null pointer dereference issue was found in the sctp network protocol in net/sctp/stream_sched.c in Linux Kernel. If stream_in allocation is failed, stream_out is freed which would further be accessed. A local user could use this flaw to crash the system or potentially cause a denial of service.
(CVE-2023-2177)
A use-after-free vulnerability in the Linux Kernel Performance Events system can be exploited to achieve local privilege escalation. The perf_group_detach function did not check the event’s siblings’ attach_state before calling add_event_to_groups(), but remove_on_exec made it possible to call list_del_event() on before detaching from their group, making it possible to use a dangling pointer causing a use-after-free vulnerability. We recommend upgrading past commit fd0815f632c24878e325821943edccc7fde947a2. (CVE-2023-2235)
A denial of service problem was found, due to a possible recursive locking scenario, resulting in a deadlock in table_clear in drivers/md/dm-ioctl.c in the Linux Kernel Device Mapper-Multipathing sub- component. (CVE-2023-2269)
In the Linux kernel before 5.17, drivers/phy/tegra/xusb.c mishandles the tegra_xusb_find_port_node return value. Callers expect NULL in the error case, but an error pointer is used. (CVE-2023-23000)
In the Linux kernel before 5.19, drivers/gpu/drm/arm/malidp_planes.c misinterprets the get_sg_table return value (expects it to be NULL in the error case, whereas it is actually an error pointer). (CVE-2023-23004)
cbq_classify in net/sched/sch_cbq.c in the Linux kernel through 6.1.4 allows attackers to cause a denial of service (slab-out-of-bounds read) because of type confusion (non-negative numbers can sometimes indicate a TC_ACT_SHOT condition rather than valid classification results). (CVE-2023-23454)
atm_tc_enqueue in net/sched/sch_atm.c in the Linux kernel through 6.1.4 allows attackers to cause a denial of service because of type confusion (non-negative numbers can sometimes indicate a TC_ACT_SHOT condition rather than valid classification results). (CVE-2023-23455)
In rndis_query_oid in drivers/net/wireless/rndis_wlan.c in the Linux kernel through 6.1.5, there is an integer overflow in an addition. (CVE-2023-23559)
The Linux kernel through 6.1.9 has a Use-After-Free in bigben_remove in drivers/hid/hid-bigbenff.c via a crafted USB device because the LED controllers remain registered for too long. (CVE-2023-25012)
In the Linux kernel before 6.1.13, there is a double free in net/mpls/af_mpls.c upon an allocation failure (for registering the sysctl table under a new location) during the renaming of a device. (CVE-2023-26545)
In the Linux kernel 6.0.8, there is an out-of-bounds read in ntfs_attr_find in fs/ntfs/attrib.c.
(CVE-2023-26607)
A NULL pointer dereference flaw was found in the UNIX protocol in net/unix/diag.c In unix_diag_get_exact in the Linux Kernel. The newly allocated skb does not have sk, leading to a NULL pointer. This flaw allows a local user to crash or potentially cause a denial of service. (CVE-2023-28327)
A NULL pointer dereference flaw was found in the az6027 driver in drivers/media/usb/dev-usb/az6027.c in the Linux Kernel. The message from user space is not checked properly before transferring into the device.
This flaw allows a local user to crash the system or potentially cause a denial of service.
(CVE-2023-28328)
do_tls_getsockopt in net/tls/tls_main.c in the Linux kernel through 6.2.6 lacks a lock_sock call, leading to a race condition (with a resultant use-after-free or NULL pointer dereference). (CVE-2023-28466)
There is a null-pointer-dereference flaw found in f2fs_write_end_io in fs/f2fs/data.c in the Linux kernel.
This flaw allows a local privileged user to cause a denial of service problem. (CVE-2023-2898)
An issue was discovered in arch/x86/kvm/vmx/nested.c in the Linux kernel before 6.2.8. nVMX on x86_64 lacks consistency checks for CR0 and CR4. (CVE-2023-30456)
qfq_change_class in net/sched/sch_qfq.c in the Linux kernel before 6.2.13 allows an out-of-bounds write because lmax can exceed QFQ_MIN_LMAX. (CVE-2023-31436)
In the Linux kernel through 6.3.1, a use-after-free in Netfilter nf_tables when processing batch requests can be abused to perform arbitrary read and write operations on kernel memory. Unprivileged local users can obtain root privileges. This occurs because anonymous sets are mishandled. (CVE-2023-32233)
An issue was discovered in the Linux kernel before 6.1.11. In net/netrom/af_netrom.c, there is a use- after-free because accept is also allowed for a successfully connected AF_NETROM socket. However, in order for an attacker to exploit this, the system must have netrom routing configured or the attacker must have the CAP_NET_ADMIN capability. (CVE-2023-32269)
A use-after-free vulnerability was found in the cxgb4 driver in the Linux kernel. The bug occurs when the cxgb4 device is detaching due to a possible rearming of the flower_stats_timer from the work queue. This flaw allows a local user to crash the system, causing a denial of service condition. (CVE-2023-4133)
Note that Nessus has not tested for these issues but has instead relied only on the application’s self-reported version number.
#%NASL_MIN_LEVEL 80900
##
# (C) Tenable, Inc.
#
# The descriptive text and package checks in this plugin were
# extracted from ZTE advisory NS-SA-2023-0142. The text
# itself is copyright (C) ZTE, Inc.
##
include('compat.inc');
if (description)
{
script_id(185413);
script_version("1.1");
script_set_attribute(attribute:"plugin_modification_date", value:"2023/11/09");
script_cve_id(
"CVE-2018-1118",
"CVE-2018-7191",
"CVE-2019-16089",
"CVE-2020-36694",
"CVE-2021-3759",
"CVE-2021-29648",
"CVE-2021-30178",
"CVE-2021-32078",
"CVE-2021-33061",
"CVE-2022-1184",
"CVE-2022-2196",
"CVE-2022-2590",
"CVE-2022-3108",
"CVE-2022-3303",
"CVE-2022-3344",
"CVE-2022-3424",
"CVE-2022-3523",
"CVE-2022-3595",
"CVE-2022-3606",
"CVE-2022-3643",
"CVE-2022-3707",
"CVE-2022-3903",
"CVE-2022-4095",
"CVE-2022-4129",
"CVE-2022-4379",
"CVE-2022-4382",
"CVE-2022-4662",
"CVE-2022-4744",
"CVE-2022-36280",
"CVE-2022-41218",
"CVE-2022-41849",
"CVE-2022-41850",
"CVE-2022-42328",
"CVE-2022-42329",
"CVE-2022-42432",
"CVE-2022-42703",
"CVE-2022-45884",
"CVE-2022-45885",
"CVE-2022-45886",
"CVE-2022-45887",
"CVE-2022-45934",
"CVE-2022-47518",
"CVE-2022-47519",
"CVE-2022-47520",
"CVE-2022-47521",
"CVE-2022-47929",
"CVE-2022-47946",
"CVE-2023-0179",
"CVE-2023-0266",
"CVE-2023-0386",
"CVE-2023-0394",
"CVE-2023-0458",
"CVE-2023-0459",
"CVE-2023-0461",
"CVE-2023-0590",
"CVE-2023-0597",
"CVE-2023-1073",
"CVE-2023-1074",
"CVE-2023-1075",
"CVE-2023-1076",
"CVE-2023-1077",
"CVE-2023-1118",
"CVE-2023-1281",
"CVE-2023-1382",
"CVE-2023-1829",
"CVE-2023-1855",
"CVE-2023-1859",
"CVE-2023-1989",
"CVE-2023-1998",
"CVE-2023-2006",
"CVE-2023-2007",
"CVE-2023-2124",
"CVE-2023-2162",
"CVE-2023-2177",
"CVE-2023-2235",
"CVE-2023-2269",
"CVE-2023-2898",
"CVE-2023-4133",
"CVE-2023-23000",
"CVE-2023-23004",
"CVE-2023-23454",
"CVE-2023-23455",
"CVE-2023-23559",
"CVE-2023-25012",
"CVE-2023-26545",
"CVE-2023-26607",
"CVE-2023-28327",
"CVE-2023-28328",
"CVE-2023-28466",
"CVE-2023-30456",
"CVE-2023-31436",
"CVE-2023-32233",
"CVE-2023-32269"
);
script_xref(name:"CISA-KNOWN-EXPLOITED", value:"2023/04/20");
script_name(english:"NewStart CGSL MAIN 6.06 : kernel Multiple Vulnerabilities (NS-SA-2023-0142)");
script_set_attribute(attribute:"synopsis", value:
"The remote NewStart CGSL host is affected by multiple vulnerabilities.");
script_set_attribute(attribute:"description", value:
"The remote NewStart CGSL host, running version MAIN 6.06, has kernel packages installed that are affected by multiple
vulnerabilities:
- Linux kernel vhost since version 4.8 does not properly initialize memory in messages passed between
virtual guests and the host operating system in the vhost/vhost.c:vhost_new_msg() function. This can allow
local privileged users to read some kernel memory contents when reading from the /dev/vhost-net device
file. (CVE-2018-1118)
- In the tun subsystem in the Linux kernel before 4.13.14, dev_get_valid_name is not called before
register_netdevice. This allows local users to cause a denial of service (NULL pointer dereference and
panic) via an ioctl(TUNSETIFF) call with a dev name containing a / character. This is similar to
CVE-2013-4343. (CVE-2018-7191)
- An issue was discovered in the Linux kernel through 5.2.13. nbd_genl_status in drivers/block/nbd.c does
not check the nla_nest_start_noflag return value. (CVE-2019-16089)
- An issue was discovered in netfilter in the Linux kernel before 5.10. There can be a use-after-free in the
packet processing context, because the per-CPU sequence count is mishandled during concurrent iptables
rules replacement. This could be exploited with the CAP_NET_ADMIN capability in an unprivileged namespace.
NOTE: cc00bca was reverted in 5.12. (CVE-2020-36694)
- An issue was discovered in the Linux kernel before 5.11.11. The BPF subsystem does not properly consider
that resolved_ids and resolved_sizes are intentionally uninitialized in the vmlinux BPF Type Format (BTF),
which can cause a system crash upon an unexpected access attempt (in map_create in kernel/bpf/syscall.c or
check_btf_info in kernel/bpf/verifier.c), aka CID-350a5c4dd245. (CVE-2021-29648)
- An issue was discovered in the Linux kernel through 5.11.11. synic_get in arch/x86/kvm/hyperv.c has a NULL
pointer dereference for certain accesses to the SynIC Hyper-V context, aka CID-919f4ebc5987.
(CVE-2021-30178)
- An Out-of-Bounds Read was discovered in arch/arm/mach-footbridge/personal-pci.c in the Linux kernel
through 5.12.11 because of the lack of a check for a value that shouldn't be negative, e.g., access to
element -2 of an array, aka CID-298a58e165e4. (CVE-2021-32078)
- Insufficient control flow management for the Intel(R) 82599 Ethernet Controllers and Adapters may allow an
authenticated user to potentially enable denial of service via local access. (CVE-2021-33061)
- A memory overflow vulnerability was found in the Linux kernel's ipc functionality of the memcg subsystem,
in the way a user calls the semget function multiple times, creating semaphores. This flaw allows a local
user to starve the resources, causing a denial of service. The highest threat from this vulnerability is
to system availability. (CVE-2021-3759)
- A use-after-free flaw was found in fs/ext4/namei.c:dx_insert_block() in the Linux kernel's filesystem sub-
component. This flaw allows a local attacker with a user privilege to cause a denial of service.
(CVE-2022-1184)
- A regression exists in the Linux Kernel within KVM: nVMX that allowed for speculative execution attacks.
L2 can carry out Spectre v2 attacks on L1 due to L1 thinking it doesn't need retpolines or IBPB after
running L2 due to KVM (L0) advertising eIBRS support to L1. An attacker at L2 with code execution can
execute code on an indirect branch on the host machine. We recommend upgrading to Kernel 6.2 or past
commit 2e7eab81425a (CVE-2022-2196)
- A race condition was found in the way the Linux kernel's memory subsystem handled the copy-on-write (COW)
breakage of private read-only shared memory mappings. This flaw allows an unprivileged, local user to gain
write access to read-only memory mappings, increasing their privileges on the system. (CVE-2022-2590)
- An issue was discovered in the Linux kernel through 5.16-rc6. kfd_parse_subtype_iolink in
drivers/gpu/drm/amd/amdkfd/kfd_crat.c lacks check of the return value of kmemdup(). (CVE-2022-3108)
- A race condition flaw was found in the Linux kernel sound subsystem due to improper locking. It could lead
to a NULL pointer dereference while handling the SNDCTL_DSP_SYNC ioctl. A privileged local user (root or
member of the audio group) could use this flaw to crash the system, resulting in a denial of service
condition (CVE-2022-3303)
- A flaw was found in the KVM's AMD nested virtualization (SVM). A malicious L1 guest could purposely fail
to intercept the shutdown of a cooperative nested guest (L2), possibly leading to a page fault and kernel
panic in the host (L0). (CVE-2022-3344)
- A use-after-free flaw was found in the Linux kernel's SGI GRU driver in the way the first
gru_file_unlocked_ioctl function is called by the user, where a fail pass occurs in the
gru_check_chiplet_assignment function. This flaw allows a local user to crash or potentially escalate
their privileges on the system. (CVE-2022-3424)
- A vulnerability was found in Linux Kernel. It has been classified as problematic. Affected is an unknown
function of the file mm/memory.c of the component Driver Handler. The manipulation leads to use after
free. It is possible to launch the attack remotely. It is recommended to apply a patch to fix this issue.
The identifier of this vulnerability is VDB-211020. (CVE-2022-3523)
- A vulnerability was found in Linux Kernel. It has been rated as problematic. Affected by this issue is the
function sess_free_buffer of the file fs/cifs/sess.c of the component CIFS Handler. The manipulation leads
to double free. It is recommended to apply a patch to fix this issue. The identifier of this vulnerability
is VDB-211364. (CVE-2022-3595)
- A vulnerability was found in Linux Kernel. It has been classified as problematic. This affects the
function find_prog_by_sec_insn of the file tools/lib/bpf/libbpf.c of the component BPF. The manipulation
leads to null pointer dereference. It is recommended to apply a patch to fix this issue. The identifier
VDB-211749 was assigned to this vulnerability. (CVE-2022-3606)
- An out-of-bounds(OOB) memory access vulnerability was found in vmwgfx driver in
drivers/gpu/vmxgfx/vmxgfx_kms.c in GPU component in the Linux kernel with device file '/dev/dri/renderD128
(or Dxxx)'. This flaw allows a local attacker with a user account on the system to gain privilege, causing
a denial of service(DoS). (CVE-2022-36280)
- Guests can trigger NIC interface reset/abort/crash via netback It is possible for a guest to trigger a NIC
interface reset/abort/crash in a Linux based network backend by sending certain kinds of packets. It
appears to be an (unwritten?) assumption in the rest of the Linux network stack that packet protocol
headers are all contained within the linear section of the SKB and some NICs behave badly if this is not
the case. This has been reported to occur with Cisco (enic) and Broadcom NetXtrem II BCM5780 (bnx2x)
though it may be an issue with other NICs/drivers as well. In case the frontend is sending requests with
split headers, netback will forward those violating above mentioned assumption to the networking core,
resulting in said misbehavior. (CVE-2022-3643)
- A double-free memory flaw was found in the Linux kernel. The Intel GVT-g graphics driver triggers VGA card
system resource overload, causing a fail in the intel_gvt_dma_map_guest_page function. This issue could
allow a local user to crash the system. (CVE-2022-3707)
- An incorrect read request flaw was found in the Infrared Transceiver USB driver in the Linux kernel. This
issue occurs when a user attaches a malicious USB device. A local user could use this flaw to starve the
resources, causing denial of service or potentially crashing the system. (CVE-2022-3903)
- A use-after-free flaw was found in Linux kernel before 5.19.2. This issue occurs in cmd_hdl_filter in
drivers/staging/rtl8712/rtl8712_cmd.c, allowing an attacker to launch a local denial of service attack and
gain escalation of privileges. (CVE-2022-4095)
- In drivers/media/dvb-core/dmxdev.c in the Linux kernel through 5.19.10, there is a use-after-free caused
by refcount races, affecting dvb_demux_open and dvb_dmxdev_release. (CVE-2022-41218)
- A flaw was found in the Linux kernel's Layer 2 Tunneling Protocol (L2TP). A missing lock when clearing
sk_user_data can lead to a race condition and NULL pointer dereference. A local user could use this flaw
to potentially crash the system causing a denial of service. (CVE-2022-4129)
- drivers/video/fbdev/smscufx.c in the Linux kernel through 5.19.12 has a race condition and resultant use-
after-free if a physically proximate attacker removes a USB device while calling open(), aka a race
condition between ufx_ops_open and ufx_usb_disconnect. (CVE-2022-41849)
- roccat_report_event in drivers/hid/hid-roccat.c in the Linux kernel through 5.19.12 has a race condition
and resultant use-after-free in certain situations where a report is received while copying a
report->value is in progress. (CVE-2022-41850)
- Guests can trigger deadlock in Linux netback driver T[his CNA information record relates to multiple CVEs;
the text explains which aspects/vulnerabilities correspond to which CVE.] The patch for XSA-392 introduced
another issue which might result in a deadlock when trying to free the SKB of a packet dropped due to the
XSA-392 handling (CVE-2022-42328). Additionally when dropping packages for other reasons the same deadlock
could occur in case of netpoll being active for the interface the xen-netback driver is connected to
(CVE-2022-42329). (CVE-2022-42328, CVE-2022-42329)
- This vulnerability allows local attackers to disclose sensitive information on affected installations of
the Linux Kernel 6.0-rc2. An attacker must first obtain the ability to execute high-privileged code on the
target system in order to exploit this vulnerability. The specific flaw exists within the nft_osf_eval
function. The issue results from the lack of proper initialization of memory prior to accessing it. An
attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the
context of the kernel. Was ZDI-CAN-18540. (CVE-2022-42432)
- mm/rmap.c in the Linux kernel before 5.19.7 has a use-after-free related to leaf anon_vma double reuse.
(CVE-2022-42703)
- A use-after-free vulnerability was found in __nfs42_ssc_open() in fs/nfs/nfs4file.c in the Linux kernel.
This flaw allows an attacker to conduct a remote denial (CVE-2022-4379)
- A use-after-free flaw caused by a race among the superblock operations in the gadgetfs Linux driver was
found. It could be triggered by yanking out a device that is running the gadgetfs side. (CVE-2022-4382)
- An issue was discovered in the Linux kernel through 6.0.9. drivers/media/dvb-core/dvbdev.c has a use-
after-free, related to dvb_register_device dynamically allocating fops. (CVE-2022-45884)
- An issue was discovered in the Linux kernel through 6.0.9. drivers/media/dvb-core/dvb_frontend.c has a
race condition that can cause a use-after-free when a device is disconnected. (CVE-2022-45885)
- An issue was discovered in the Linux kernel through 6.0.9. drivers/media/dvb-core/dvb_net.c has a
.disconnect versus dvb_device_open race condition that leads to a use-after-free. (CVE-2022-45886)
- An issue was discovered in the Linux kernel through 6.0.9. drivers/media/usb/ttusb-dec/ttusb_dec.c has a
memory leak because of the lack of a dvb_frontend_detach call. (CVE-2022-45887)
- An issue was discovered in the Linux kernel through 6.0.10. l2cap_config_req in net/bluetooth/l2cap_core.c
has an integer wraparound via L2CAP_CONF_REQ packets. (CVE-2022-45934)
- A flaw incorrect access control in the Linux kernel USB core subsystem was found in the way user attaches
usb device. A local user could use this flaw to crash the system. (CVE-2022-4662)
- A double-free flaw was found in the Linux kernel's TUN/TAP device driver functionality in how a user
registers the device when the register_netdevice function fails (NETDEV_REGISTER notifier). This flaw
allows a local user to crash or potentially escalate their privileges on the system. (CVE-2022-4744)
- An issue was discovered in the Linux kernel before 6.0.11. Missing validation of the number of channels in
drivers/net/wireless/microchip/wilc1000/cfg80211.c in the WILC1000 wireless driver can trigger a heap-
based buffer overflow when copying the list of operating channels from Wi-Fi management frames.
(CVE-2022-47518)
- An issue was discovered in the Linux kernel before 6.0.11. Missing validation of
IEEE80211_P2P_ATTR_OPER_CHANNEL in drivers/net/wireless/microchip/wilc1000/cfg80211.c in the WILC1000
wireless driver can trigger an out-of-bounds write when parsing the channel list attribute from Wi-Fi
management frames. (CVE-2022-47519)
- An issue was discovered in the Linux kernel before 6.0.11. Missing offset validation in
drivers/net/wireless/microchip/wilc1000/hif.c in the WILC1000 wireless driver can trigger an out-of-bounds
read when parsing a Robust Security Network (RSN) information element from a Netlink packet.
(CVE-2022-47520)
- An issue was discovered in the Linux kernel before 6.0.11. Missing validation of
IEEE80211_P2P_ATTR_CHANNEL_LIST in drivers/net/wireless/microchip/wilc1000/cfg80211.c in the WILC1000
wireless driver can trigger a heap-based buffer overflow when parsing the operating channel attribute from
Wi-Fi management frames. (CVE-2022-47521)
- In the Linux kernel before 6.1.6, a NULL pointer dereference bug in the traffic control subsystem allows
an unprivileged user to trigger a denial of service (system crash) via a crafted traffic control
configuration that is set up with tc qdisc and tc class commands. This affects qdisc_graft in
net/sched/sch_api.c. (CVE-2022-47929)
- An issue was discovered in the Linux kernel 5.10.x before 5.10.155. A use-after-free in io_sqpoll_wait_sq
in fs/io_uring.c allows an attacker to crash the kernel, resulting in denial of service. finish_wait can
be skipped. An attack can occur in some situations by forking a process and then quickly terminating it.
NOTE: later kernel versions, such as the 5.15 longterm series, substantially changed the implementation of
io_sqpoll_wait_sq. (CVE-2022-47946)
- A buffer overflow vulnerability was found in the Netfilter subsystem in the Linux Kernel. This issue could
allow the leakage of both stack and heap addresses, and potentially allow Local Privilege Escalation to
the root user via arbitrary code execution. (CVE-2023-0179)
- A use after free vulnerability exists in the ALSA PCM package in the Linux Kernel.
SNDRV_CTL_IOCTL_ELEM_{READ|WRITE}32 is missing locks that can be used in a use-after-free that can result
in a priviledge escalation to gain ring0 access from the system user. We recommend upgrading past commit
56b88b50565cd8b946a2d00b0c83927b7ebb055e (CVE-2023-0266)
- A flaw was found in the Linux kernel, where unauthorized access to the execution of the setuid file with
capabilities was found in the Linux kernel's OverlayFS subsystem in how a user copies a capable file from
a nosuid mount into another mount. This uid mapping bug allows a local user to escalate their privileges
on the system. (CVE-2023-0386)
- A NULL pointer dereference flaw was found in rawv6_push_pending_frames in net/ipv6/raw.c in the network
subcomponent in the Linux kernel. This flaw causes the system to crash. (CVE-2023-0394)
- A speculative pointer dereference problem exists in the Linux Kernel on the do_prlimit() function. The
resource argument value is controlled and is used in pointer arithmetic for the 'rlim' variable and can be
used to leak the contents. We recommend upgrading past version 6.1.8 or commit
739790605705ddcf18f21782b9c99ad7d53a8c11 (CVE-2023-0458)
- Copy_from_user on 64-bit versions of the Linux kernel does not implement the __uaccess_begin_nospec
allowing a user to bypass the access_ok check and pass a kernel pointer to copy_from_user(). This would
allow an attacker to leak information. We recommend upgrading beyond commit
74e19ef0ff8061ef55957c3abd71614ef0f42f47 (CVE-2023-0459)
- There is a use-after-free vulnerability in the Linux Kernel which can be exploited to achieve local
privilege escalation. To reach the vulnerability kernel configuration flag CONFIG_TLS or
CONFIG_XFRM_ESPINTCP has to be configured, but the operation does not require any privilege. There is a
use-after-free bug of icsk_ulp_data of a struct inet_connection_sock. When CONFIG_TLS is enabled, user can
install a tls context (struct tls_context) on a connected tcp socket. The context is not cleared if this
socket is disconnected and reused as a listener. If a new socket is created from the listener, the context
is inherited and vulnerable. The setsockopt TCP_ULP operation does not require any privilege. We recommend
upgrading past commit 2c02d41d71f90a5168391b6a5f2954112ba2307c (CVE-2023-0461)
- A use-after-free flaw was found in qdisc_graft in net/sched/sch_api.c in the Linux Kernel due to a race
problem. This flaw leads to a denial of service issue. If patch ebda44da44f6 (net: sched: fix race
condition in qdisc_graft()) not applied yet, then kernel could be affected. (CVE-2023-0590)
- A flaw possibility of memory leak in the Linux kernel cpu_entry_area mapping of X86 CPU data to memory was
found in the way user can guess location of exception stack(s) or other important data. A local user could
use this flaw to get access to some important data with expected location in memory. (CVE-2023-0597)
- A memory corruption flaw was found in the Linux kernel's human interface device (HID) subsystem in how a
user inserts a malicious USB device. This flaw allows a local user to crash or potentially escalate their
privileges on the system. (CVE-2023-1073)
- A memory leak flaw was found in the Linux kernel's Stream Control Transmission Protocol. This issue may
occur when a user starts a malicious networking service and someone connects to this service. This could
allow a local user to starve resources, causing a denial of service. (CVE-2023-1074)
- A flaw was found in the Linux Kernel. The tls_is_tx_ready() incorrectly checks for list emptiness,
potentially accessing a type confused entry to the list_head, leaking the last byte of the confused field
that overlaps with rec->tx_ready. (CVE-2023-1075)
- A flaw was found in the Linux Kernel. The tun/tap sockets have their socket UID hardcoded to 0 due to a
type confusion in their initialization function. While it will be often correct, as tuntap devices require
CAP_NET_ADMIN, it may not always be the case, e.g., a non-root user only having that capability. This
would make tun/tap sockets being incorrectly treated in filtering/routing decisions, possibly bypassing
network filters. (CVE-2023-1076)
- In the Linux kernel, pick_next_rt_entity() may return a type confused entry, not detected by the BUG_ON
condition, as the confused entry will not be NULL, but list_head.The buggy error condition would lead to a
type confused entry with the list head,which would then be used as a type confused sched_rt_entity,causing
memory corruption. (CVE-2023-1077)
- A flaw use after free in the Linux kernel integrated infrared receiver/transceiver driver was found in the
way user detaching rc device. A local user could use this flaw to crash the system or potentially escalate
their privileges on the system. (CVE-2023-1118)
- Use After Free vulnerability in Linux kernel traffic control index filter (tcindex) allows Privilege
Escalation. The imperfect hash area can be updated while packets are traversing, which will cause a use-
after-free when 'tcf_exts_exec()' is called with the destroyed tcf_ext. A local attacker user can use this
vulnerability to elevate its privileges to root. This issue affects Linux Kernel: from 4.14 before git
commit ee059170b1f7e94e55fa6cadee544e176a6e59c2. (CVE-2023-1281)
- A data race flaw was found in the Linux kernel, between where con is allocated and con->sock is set. This
issue leads to a NULL pointer dereference when accessing con->sock->sk in net/tipc/topsrv.c in the tipc
protocol in the Linux kernel. (CVE-2023-1382)
- A use-after-free vulnerability in the Linux Kernel traffic control index filter (tcindex) can be exploited
to achieve local privilege escalation. The tcindex_delete function which does not properly deactivate
filters in case of a perfect hashes while deleting the underlying structure which can later lead to double
freeing the structure. A local attacker user can use this vulnerability to elevate its privileges to root.
We recommend upgrading past commit 8c710f75256bb3cf05ac7b1672c82b92c43f3d28. (CVE-2023-1829)
- A use-after-free flaw was found in xgene_hwmon_remove in drivers/hwmon/xgene-hwmon.c in the Hardware
Monitoring Linux Kernel Driver (xgene-hwmon). This flaw could allow a local attacker to crash the system
due to a race problem. This vulnerability could even lead to a kernel information leak problem.
(CVE-2023-1855)
- A use-after-free flaw was found in xen_9pfs_front_removet in net/9p/trans_xen.c in Xen transport for 9pfs
in the Linux Kernel. This flaw could allow a local attacker to crash the system due to a race problem,
possibly leading to a kernel information leak. (CVE-2023-1859)
- A use-after-free flaw was found in btsdio_remove in drivers\bluetooth\btsdio.c in the Linux Kernel. In
this flaw, a call to btsdio_remove with an unfinished job, may cause a race problem leading to a UAF on
hdev devices. (CVE-2023-1989)
- The Linux kernel allows userspace processes to enable mitigations by calling prctl with
PR_SET_SPECULATION_CTRL which disables the speculation feature as well as by using seccomp. We had noticed
that on VMs of at least one major cloud provider, the kernel still left the victim process exposed to
attacks in some cases even after enabling the spectre-BTI mitigation with prctl. The same behavior can be
observed on a bare-metal machine when forcing the mitigation to IBRS on boot command line. This happened
because when plain IBRS was enabled (not enhanced IBRS), the kernel had some logic that determined that
STIBP was not needed. The IBRS bit implicitly protects against cross-thread branch target injection.
However, with legacy IBRS, the IBRS bit was cleared on returning to userspace, due to performance reasons,
which disabled the implicit STIBP and left userspace threads vulnerable to cross-thread branch target
injection against which STIBP protects. (CVE-2023-1998)
- A race condition was found in the Linux kernel's RxRPC network protocol, within the processing of RxRPC
bundles. This issue results from the lack of proper locking when performing operations on an object. This
may allow an attacker to escalate privileges and execute arbitrary code in the context of the kernel.
(CVE-2023-2006)
- The specific flaw exists within the DPT I2O Controller driver. The issue results from the lack of proper
locking when performing operations on an object. An attacker can leverage this in conjunction with other
vulnerabilities to escalate privileges and execute arbitrary code in the context of the kernel.
(CVE-2023-2007)
- An out-of-bounds memory access flaw was found in the Linux kernel's XFS file system in how a user restores
an XFS image after failure (with a dirty log journal). This flaw allows a local user to crash or
potentially escalate their privileges on the system. (CVE-2023-2124)
- A use-after-free vulnerability was found in iscsi_sw_tcp_session_create in drivers/scsi/iscsi_tcp.c in
SCSI sub-component in the Linux Kernel. In this flaw an attacker could leak kernel internal information.
(CVE-2023-2162)
- A null pointer dereference issue was found in the sctp network protocol in net/sctp/stream_sched.c in
Linux Kernel. If stream_in allocation is failed, stream_out is freed which would further be accessed. A
local user could use this flaw to crash the system or potentially cause a denial of service.
(CVE-2023-2177)
- A use-after-free vulnerability in the Linux Kernel Performance Events system can be exploited to achieve
local privilege escalation. The perf_group_detach function did not check the event's siblings'
attach_state before calling add_event_to_groups(), but remove_on_exec made it possible to call
list_del_event() on before detaching from their group, making it possible to use a dangling pointer
causing a use-after-free vulnerability. We recommend upgrading past commit
fd0815f632c24878e325821943edccc7fde947a2. (CVE-2023-2235)
- A denial of service problem was found, due to a possible recursive locking scenario, resulting in a
deadlock in table_clear in drivers/md/dm-ioctl.c in the Linux Kernel Device Mapper-Multipathing sub-
component. (CVE-2023-2269)
- In the Linux kernel before 5.17, drivers/phy/tegra/xusb.c mishandles the tegra_xusb_find_port_node return
value. Callers expect NULL in the error case, but an error pointer is used. (CVE-2023-23000)
- In the Linux kernel before 5.19, drivers/gpu/drm/arm/malidp_planes.c misinterprets the get_sg_table return
value (expects it to be NULL in the error case, whereas it is actually an error pointer). (CVE-2023-23004)
- cbq_classify in net/sched/sch_cbq.c in the Linux kernel through 6.1.4 allows attackers to cause a denial
of service (slab-out-of-bounds read) because of type confusion (non-negative numbers can sometimes
indicate a TC_ACT_SHOT condition rather than valid classification results). (CVE-2023-23454)
- atm_tc_enqueue in net/sched/sch_atm.c in the Linux kernel through 6.1.4 allows attackers to cause a denial
of service because of type confusion (non-negative numbers can sometimes indicate a TC_ACT_SHOT condition
rather than valid classification results). (CVE-2023-23455)
- In rndis_query_oid in drivers/net/wireless/rndis_wlan.c in the Linux kernel through 6.1.5, there is an
integer overflow in an addition. (CVE-2023-23559)
- The Linux kernel through 6.1.9 has a Use-After-Free in bigben_remove in drivers/hid/hid-bigbenff.c via a
crafted USB device because the LED controllers remain registered for too long. (CVE-2023-25012)
- In the Linux kernel before 6.1.13, there is a double free in net/mpls/af_mpls.c upon an allocation failure
(for registering the sysctl table under a new location) during the renaming of a device. (CVE-2023-26545)
- In the Linux kernel 6.0.8, there is an out-of-bounds read in ntfs_attr_find in fs/ntfs/attrib.c.
(CVE-2023-26607)
- A NULL pointer dereference flaw was found in the UNIX protocol in net/unix/diag.c In unix_diag_get_exact
in the Linux Kernel. The newly allocated skb does not have sk, leading to a NULL pointer. This flaw allows
a local user to crash or potentially cause a denial of service. (CVE-2023-28327)
- A NULL pointer dereference flaw was found in the az6027 driver in drivers/media/usb/dev-usb/az6027.c in
the Linux Kernel. The message from user space is not checked properly before transferring into the device.
This flaw allows a local user to crash the system or potentially cause a denial of service.
(CVE-2023-28328)
- do_tls_getsockopt in net/tls/tls_main.c in the Linux kernel through 6.2.6 lacks a lock_sock call, leading
to a race condition (with a resultant use-after-free or NULL pointer dereference). (CVE-2023-28466)
- There is a null-pointer-dereference flaw found in f2fs_write_end_io in fs/f2fs/data.c in the Linux kernel.
This flaw allows a local privileged user to cause a denial of service problem. (CVE-2023-2898)
- An issue was discovered in arch/x86/kvm/vmx/nested.c in the Linux kernel before 6.2.8. nVMX on x86_64
lacks consistency checks for CR0 and CR4. (CVE-2023-30456)
- qfq_change_class in net/sched/sch_qfq.c in the Linux kernel before 6.2.13 allows an out-of-bounds write
because lmax can exceed QFQ_MIN_LMAX. (CVE-2023-31436)
- In the Linux kernel through 6.3.1, a use-after-free in Netfilter nf_tables when processing batch requests
can be abused to perform arbitrary read and write operations on kernel memory. Unprivileged local users
can obtain root privileges. This occurs because anonymous sets are mishandled. (CVE-2023-32233)
- An issue was discovered in the Linux kernel before 6.1.11. In net/netrom/af_netrom.c, there is a use-
after-free because accept is also allowed for a successfully connected AF_NETROM socket. However, in order
for an attacker to exploit this, the system must have netrom routing configured or the attacker must have
the CAP_NET_ADMIN capability. (CVE-2023-32269)
- A use-after-free vulnerability was found in the cxgb4 driver in the Linux kernel. The bug occurs when the
cxgb4 device is detaching due to a possible rearming of the flower_stats_timer from the work queue. This
flaw allows a local user to crash the system, causing a denial of service condition. (CVE-2023-4133)
Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version
number.");
script_set_attribute(attribute:"see_also", value:"https://security.gd-linux.com/notice/NS-SA-2023-0142");
script_set_attribute(attribute:"see_also", value:"https://security.gd-linux.com/info/CVE-2018-1118");
script_set_attribute(attribute:"see_also", value:"https://security.gd-linux.com/info/CVE-2018-7191");
script_set_attribute(attribute:"see_also", value:"https://security.gd-linux.com/info/CVE-2019-16089");
script_set_attribute(attribute:"see_also", value:"https://security.gd-linux.com/info/CVE-2020-36694");
script_set_attribute(attribute:"see_also", value:"https://security.gd-linux.com/info/CVE-2021-29648");
script_set_attribute(attribute:"see_also", value:"https://security.gd-linux.com/info/CVE-2021-30178");
script_set_attribute(attribute:"see_also", value:"https://security.gd-linux.com/info/CVE-2021-32078");
script_set_attribute(attribute:"see_also", value:"https://security.gd-linux.com/info/CVE-2021-33061");
script_set_attribute(attribute:"see_also", value:"https://security.gd-linux.com/info/CVE-2021-3759");
script_set_attribute(attribute:"see_also", value:"https://security.gd-linux.com/info/CVE-2022-1184");
script_set_attribute(attribute:"see_also", value:"https://security.gd-linux.com/info/CVE-2022-2196");
script_set_attribute(attribute:"see_also", value:"https://security.gd-linux.com/info/CVE-2022-2590");
script_set_attribute(attribute:"see_also", value:"https://security.gd-linux.com/info/CVE-2022-3108");
script_set_attribute(attribute:"see_also", value:"https://security.gd-linux.com/info/CVE-2022-3303");
script_set_attribute(attribute:"see_also", value:"https://security.gd-linux.com/info/CVE-2022-3344");
script_set_attribute(attribute:"see_also", value:"https://security.gd-linux.com/info/CVE-2022-3424");
script_set_attribute(attribute:"see_also", value:"https://security.gd-linux.com/info/CVE-2022-3523");
script_set_attribute(attribute:"see_also", value:"https://security.gd-linux.com/info/CVE-2022-3595");
script_set_attribute(attribute:"see_also", value:"https://security.gd-linux.com/info/CVE-2022-3606");
script_set_attribute(attribute:"see_also", value:"https://security.gd-linux.com/info/CVE-2022-36280");
script_set_attribute(attribute:"see_also", value:"https://security.gd-linux.com/info/CVE-2022-3643");
script_set_attribute(attribute:"see_also", value:"https://security.gd-linux.com/info/CVE-2022-3707");
script_set_attribute(attribute:"see_also", value:"https://security.gd-linux.com/info/CVE-2022-3903");
script_set_attribute(attribute:"see_also", value:"https://security.gd-linux.com/info/CVE-2022-4095");
script_set_attribute(attribute:"see_also", value:"https://security.gd-linux.com/info/CVE-2022-41218");
script_set_attribute(attribute:"see_also", value:"https://security.gd-linux.com/info/CVE-2022-4129");
script_set_attribute(attribute:"see_also", value:"https://security.gd-linux.com/info/CVE-2022-41849");
script_set_attribute(attribute:"see_also", value:"https://security.gd-linux.com/info/CVE-2022-41850");
script_set_attribute(attribute:"see_also", value:"https://security.gd-linux.com/info/CVE-2022-42328");
script_set_attribute(attribute:"see_also", value:"https://security.gd-linux.com/info/CVE-2022-42329");
script_set_attribute(attribute:"see_also", value:"https://security.gd-linux.com/info/CVE-2022-42432");
script_set_attribute(attribute:"see_also", value:"https://security.gd-linux.com/info/CVE-2022-42703");
script_set_attribute(attribute:"see_also", value:"https://security.gd-linux.com/info/CVE-2022-4379");
script_set_attribute(attribute:"see_also", value:"https://security.gd-linux.com/info/CVE-2022-4382");
script_set_attribute(attribute:"see_also", value:"https://security.gd-linux.com/info/CVE-2022-45884");
script_set_attribute(attribute:"see_also", value:"https://security.gd-linux.com/info/CVE-2022-45885");
script_set_attribute(attribute:"see_also", value:"https://security.gd-linux.com/info/CVE-2022-45886");
script_set_attribute(attribute:"see_also", value:"https://security.gd-linux.com/info/CVE-2022-45887");
script_set_attribute(attribute:"see_also", value:"https://security.gd-linux.com/info/CVE-2022-45934");
script_set_attribute(attribute:"see_also", value:"https://security.gd-linux.com/info/CVE-2022-4662");
script_set_attribute(attribute:"see_also", value:"https://security.gd-linux.com/info/CVE-2022-4744");
script_set_attribute(attribute:"see_also", value:"https://security.gd-linux.com/info/CVE-2022-47518");
script_set_attribute(attribute:"see_also", value:"https://security.gd-linux.com/info/CVE-2022-47519");
script_set_attribute(attribute:"see_also", value:"https://security.gd-linux.com/info/CVE-2022-47520");
script_set_attribute(attribute:"see_also", value:"https://security.gd-linux.com/info/CVE-2022-47521");
script_set_attribute(attribute:"see_also", value:"https://security.gd-linux.com/info/CVE-2022-47929");
script_set_attribute(attribute:"see_also", value:"https://security.gd-linux.com/info/CVE-2022-47946");
script_set_attribute(attribute:"see_also", value:"https://security.gd-linux.com/info/CVE-2023-0179");
script_set_attribute(attribute:"see_also", value:"https://security.gd-linux.com/info/CVE-2023-0266");
script_set_attribute(attribute:"see_also", value:"https://security.gd-linux.com/info/CVE-2023-0386");
script_set_attribute(attribute:"see_also", value:"https://security.gd-linux.com/info/CVE-2023-0394");
script_set_attribute(attribute:"see_also", value:"https://security.gd-linux.com/info/CVE-2023-0458");
script_set_attribute(attribute:"see_also", value:"https://security.gd-linux.com/info/CVE-2023-0459");
script_set_attribute(attribute:"see_also", value:"https://security.gd-linux.com/info/CVE-2023-0461");
script_set_attribute(attribute:"see_also", value:"https://security.gd-linux.com/info/CVE-2023-0590");
script_set_attribute(attribute:"see_also", value:"https://security.gd-linux.com/info/CVE-2023-0597");
script_set_attribute(attribute:"see_also", value:"https://security.gd-linux.com/info/CVE-2023-1073");
script_set_attribute(attribute:"see_also", value:"https://security.gd-linux.com/info/CVE-2023-1074");
script_set_attribute(attribute:"see_also", value:"https://security.gd-linux.com/info/CVE-2023-1075");
script_set_attribute(attribute:"see_also", value:"https://security.gd-linux.com/info/CVE-2023-1076");
script_set_attribute(attribute:"see_also", value:"https://security.gd-linux.com/info/CVE-2023-1077");
script_set_attribute(attribute:"see_also", value:"https://security.gd-linux.com/info/CVE-2023-1118");
script_set_attribute(attribute:"see_also", value:"https://security.gd-linux.com/info/CVE-2023-1281");
script_set_attribute(attribute:"see_also", value:"https://security.gd-linux.com/info/CVE-2023-1382");
script_set_attribute(attribute:"see_also", value:"https://security.gd-linux.com/info/CVE-2023-1829");
script_set_attribute(attribute:"see_also", value:"https://security.gd-linux.com/info/CVE-2023-1855");
script_set_attribute(attribute:"see_also", value:"https://security.gd-linux.com/info/CVE-2023-1859");
script_set_attribute(attribute:"see_also", value:"https://security.gd-linux.com/info/CVE-2023-1989");
script_set_attribute(attribute:"see_also", value:"https://security.gd-linux.com/info/CVE-2023-1998");
script_set_attribute(attribute:"see_also", value:"https://security.gd-linux.com/info/CVE-2023-2006");
script_set_attribute(attribute:"see_also", value:"https://security.gd-linux.com/info/CVE-2023-2007");
script_set_attribute(attribute:"see_also", value:"https://security.gd-linux.com/info/CVE-2023-2124");
script_set_attribute(attribute:"see_also", value:"https://security.gd-linux.com/info/CVE-2023-2162");
script_set_attribute(attribute:"see_also", value:"https://security.gd-linux.com/info/CVE-2023-2177");
script_set_attribute(attribute:"see_also", value:"https://security.gd-linux.com/info/CVE-2023-2235");
script_set_attribute(attribute:"see_also", value:"https://security.gd-linux.com/info/CVE-2023-2269");
script_set_attribute(attribute:"see_also", value:"https://security.gd-linux.com/info/CVE-2023-23000");
script_set_attribute(attribute:"see_also", value:"https://security.gd-linux.com/info/CVE-2023-23004");
script_set_attribute(attribute:"see_also", value:"https://security.gd-linux.com/info/CVE-2023-23454");
script_set_attribute(attribute:"see_also", value:"https://security.gd-linux.com/info/CVE-2023-23455");
script_set_attribute(attribute:"see_also", value:"https://security.gd-linux.com/info/CVE-2023-23559");
script_set_attribute(attribute:"see_also", value:"https://security.gd-linux.com/info/CVE-2023-25012");
script_set_attribute(attribute:"see_also", value:"https://security.gd-linux.com/info/CVE-2023-26545");
script_set_attribute(attribute:"see_also", value:"https://security.gd-linux.com/info/CVE-2023-26607");
script_set_attribute(attribute:"see_also", value:"https://security.gd-linux.com/info/CVE-2023-28327");
script_set_attribute(attribute:"see_also", value:"https://security.gd-linux.com/info/CVE-2023-28328");
script_set_attribute(attribute:"see_also", value:"https://security.gd-linux.com/info/CVE-2023-28466");
script_set_attribute(attribute:"see_also", value:"https://security.gd-linux.com/info/CVE-2023-2898");
script_set_attribute(attribute:"see_also", value:"https://security.gd-linux.com/info/CVE-2023-30456");
script_set_attribute(attribute:"see_also", value:"https://security.gd-linux.com/info/CVE-2023-31436");
script_set_attribute(attribute:"see_also", value:"https://security.gd-linux.com/info/CVE-2023-32233");
script_set_attribute(attribute:"see_also", value:"https://security.gd-linux.com/info/CVE-2023-32269");
script_set_attribute(attribute:"see_also", value:"https://security.gd-linux.com/info/CVE-2023-4133");
script_set_attribute(attribute:"solution", value:
"Upgrade the vulnerable CGSL kernel packages. Note that updated packages may not be available yet. Please contact ZTE for
more information.");
script_set_cvss_base_vector("CVSS2#AV:L/AC:L/Au:N/C:C/I:N/A:C");
script_set_cvss_temporal_vector("CVSS2#E:H/RL:OF/RC:C");
script_set_cvss3_base_vector("CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H");
script_set_cvss3_temporal_vector("CVSS:3.0/E:H/RL:O/RC:C");
script_set_attribute(attribute:"cvss_score_source", value:"CVE-2021-32078");
script_set_attribute(attribute:"cvss3_score_source", value:"CVE-2022-2196");
script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
script_set_attribute(attribute:"exploit_available", value:"true");
script_set_attribute(attribute:"exploit_framework_core", value:"true");
script_set_attribute(attribute:"exploited_by_malware", value:"true");
script_set_attribute(attribute:"vuln_publication_date", value:"2018/04/23");
script_set_attribute(attribute:"patch_publication_date", value:"2023/11/03");
script_set_attribute(attribute:"plugin_publication_date", value:"2023/11/09");
script_set_attribute(attribute:"plugin_type", value:"local");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:zte:cgsl_main:bpftool");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:zte:cgsl_main:kata-linux-container");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:zte:cgsl_main:kernel");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:zte:cgsl_main:kernel-core");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:zte:cgsl_main:kernel-debug");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:zte:cgsl_main:kernel-debug-core");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:zte:cgsl_main:kernel-debug-devel");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:zte:cgsl_main:kernel-debug-modules");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:zte:cgsl_main:kernel-debug-modules-extra");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:zte:cgsl_main:kernel-debug-modules-internal");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:zte:cgsl_main:kernel-devel");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:zte:cgsl_main:kernel-headers");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:zte:cgsl_main:kernel-modules");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:zte:cgsl_main:kernel-modules-extra");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:zte:cgsl_main:kernel-modules-internal");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:zte:cgsl_main:kernel-sign-keys");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:zte:cgsl_main:kernel-tools");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:zte:cgsl_main:kernel-tools-libs");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:zte:cgsl_main:kernel-tools-libs-devel");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:zte:cgsl_main:kernel-virt-core");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:zte:cgsl_main:perf");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:zte:cgsl_main:python3-perf");
script_set_attribute(attribute:"cpe", value:"cpe:/o:zte:cgsl_main:6");
script_set_attribute(attribute:"generated_plugin", value:"current");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_family(english:"NewStart CGSL Local Security Checks");
script_copyright(english:"This script is Copyright (C) 2023 and is owned by Tenable, Inc. or an Affiliate thereof.");
script_dependencies("ssh_get_info.nasl");
script_require_keys("Host/local_checks_enabled", "Host/ZTE-CGSL/release", "Host/ZTE-CGSL/rpm-list", "Host/cpu");
exit(0);
}
include('rpm.inc');
if (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
var os_release = get_kb_item('Host/ZTE-CGSL/release');
if (isnull(os_release) || os_release !~ "^CGSL (MAIN|CORE)") audit(AUDIT_OS_NOT, 'NewStart Carrier Grade Server Linux');
if (os_release !~ "CGSL MAIN 6.06")
audit(AUDIT_OS_NOT, 'NewStart CGSL MAIN 6.06');
if (!get_kb_item('Host/ZTE-CGSL/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);
var cpu = get_kb_item('Host/cpu');
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if ('x86_64' >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'NewStart Carrier Grade Server Linux', cpu);
var flag = 0;
var pkgs = {
'CGSL MAIN 6.06': [
'bpftool-5.10.134-14.zncgsl6.tm13.0',
'kata-linux-container-5.10.134-14.zncgsl6kata',
'kernel-5.10.134-14.zncgsl6.tm13.0',
'kernel-core-5.10.134-14.zncgsl6.tm13.0',
'kernel-debug-5.10.134-14.zncgsl6.tm13.0',
'kernel-debug-core-5.10.134-14.zncgsl6.tm13.0',
'kernel-debug-devel-5.10.134-14.zncgsl6.tm13.0',
'kernel-debug-modules-5.10.134-14.zncgsl6.tm13.0',
'kernel-debug-modules-extra-5.10.134-14.zncgsl6.tm13.0',
'kernel-debug-modules-internal-5.10.134-14.zncgsl6.tm13.0',
'kernel-devel-5.10.134-14.zncgsl6.tm13.0',
'kernel-headers-5.10.134-14.zncgsl6.tm13.0',
'kernel-modules-5.10.134-14.zncgsl6.tm13.0',
'kernel-modules-extra-5.10.134-14.zncgsl6.tm13.0',
'kernel-modules-internal-5.10.134-14.zncgsl6.tm13.0',
'kernel-sign-keys-5.10.134-14.zncgsl6.tm13.0',
'kernel-tools-5.10.134-14.zncgsl6.tm13.0',
'kernel-tools-libs-5.10.134-14.zncgsl6.tm13.0',
'kernel-tools-libs-devel-5.10.134-14.zncgsl6.tm13.0',
'kernel-virt-core-5.10.134-14.zncgsl6.tm13.0',
'perf-5.10.134-14.zncgsl6.tm13.0',
'python3-perf-5.10.134-14.zncgsl6.tm13.0'
]
};
var pkg_list = pkgs[os_release];
foreach (pkg in pkg_list)
if (rpm_check(release:'ZTE ' + os_release, reference:pkg)) flag++;
if (flag)
{
security_report_v4(
port : 0,
severity : SECURITY_WARNING,
extra : rpm_report_get()
);
exit(0);
}
else
{
var tested = pkg_tests_get();
if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'kernel');
}
Vendor | Product | Version | CPE |
---|---|---|---|
zte | cgsl_main | kernel-tools-libs | p-cpe:/a:zte:cgsl_main:kernel-tools-libs |
zte | cgsl_main | kernel-modules-extra | p-cpe:/a:zte:cgsl_main:kernel-modules-extra |
zte | cgsl_main | bpftool | p-cpe:/a:zte:cgsl_main:bpftool |
zte | cgsl_main | kernel | p-cpe:/a:zte:cgsl_main:kernel |
zte | cgsl_main | kernel-debug | p-cpe:/a:zte:cgsl_main:kernel-debug |
zte | cgsl_main | kernel-headers | p-cpe:/a:zte:cgsl_main:kernel-headers |
zte | cgsl_main | kernel-debug-devel | p-cpe:/a:zte:cgsl_main:kernel-debug-devel |
zte | cgsl_main | kernel-tools-libs-devel | p-cpe:/a:zte:cgsl_main:kernel-tools-libs-devel |
zte | cgsl_main | kernel-modules-internal | p-cpe:/a:zte:cgsl_main:kernel-modules-internal |
zte | cgsl_main | 6 | cpe:/o:zte:cgsl_main:6 |
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1118
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-7191
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-16089
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-36694
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-29648
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30178
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-32078
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-33061
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3759
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1184
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2196
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2590
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3108
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3303
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3344
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3424
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3523
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3595
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3606
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-36280
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3643
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3707
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3903
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-4095
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41218
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-4129
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41849
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41850
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-42328
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-42329
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-42432
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-42703
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-4379
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-4382
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-45884
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-45885
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-45886
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-45887
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-45934
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-4662
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-4744
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-47518
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-47519
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-47520
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-47521
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-47929
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-47946
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0179
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0266
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0386
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0394
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0458
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0459
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0461
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0590
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0597
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1073
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1074
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1075
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1076
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1077
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1118
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1281
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1382
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1829
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1855
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1859
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1989
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1998
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-2006
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-2007
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-2124
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-2162
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-2177
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-2235
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-2269
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-23000
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-23004
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-23454
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-23455
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-23559
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-25012
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-26545
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-26607
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-28327
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-28328
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-28466
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-2898
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-30456
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-31436
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-32233
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-32269
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-4133
security.gd-linux.com/info/CVE-2018-1118
security.gd-linux.com/info/CVE-2018-7191
security.gd-linux.com/info/CVE-2019-16089
security.gd-linux.com/info/CVE-2020-36694
security.gd-linux.com/info/CVE-2021-29648
security.gd-linux.com/info/CVE-2021-30178
security.gd-linux.com/info/CVE-2021-32078
security.gd-linux.com/info/CVE-2021-33061
security.gd-linux.com/info/CVE-2021-3759
security.gd-linux.com/info/CVE-2022-1184
security.gd-linux.com/info/CVE-2022-2196
security.gd-linux.com/info/CVE-2022-2590
security.gd-linux.com/info/CVE-2022-3108
security.gd-linux.com/info/CVE-2022-3303
security.gd-linux.com/info/CVE-2022-3344
security.gd-linux.com/info/CVE-2022-3424
security.gd-linux.com/info/CVE-2022-3523
security.gd-linux.com/info/CVE-2022-3595
security.gd-linux.com/info/CVE-2022-3606
security.gd-linux.com/info/CVE-2022-36280
security.gd-linux.com/info/CVE-2022-3643
security.gd-linux.com/info/CVE-2022-3707
security.gd-linux.com/info/CVE-2022-3903
security.gd-linux.com/info/CVE-2022-4095
security.gd-linux.com/info/CVE-2022-41218
security.gd-linux.com/info/CVE-2022-4129
security.gd-linux.com/info/CVE-2022-41849
security.gd-linux.com/info/CVE-2022-41850
security.gd-linux.com/info/CVE-2022-42328
security.gd-linux.com/info/CVE-2022-42329
security.gd-linux.com/info/CVE-2022-42432
security.gd-linux.com/info/CVE-2022-42703
security.gd-linux.com/info/CVE-2022-4379
security.gd-linux.com/info/CVE-2022-4382
security.gd-linux.com/info/CVE-2022-45884
security.gd-linux.com/info/CVE-2022-45885
security.gd-linux.com/info/CVE-2022-45886
security.gd-linux.com/info/CVE-2022-45887
security.gd-linux.com/info/CVE-2022-45934
security.gd-linux.com/info/CVE-2022-4662
security.gd-linux.com/info/CVE-2022-4744
security.gd-linux.com/info/CVE-2022-47518
security.gd-linux.com/info/CVE-2022-47519
security.gd-linux.com/info/CVE-2022-47520
security.gd-linux.com/info/CVE-2022-47521
security.gd-linux.com/info/CVE-2022-47929
security.gd-linux.com/info/CVE-2022-47946
security.gd-linux.com/info/CVE-2023-0179
security.gd-linux.com/info/CVE-2023-0266
security.gd-linux.com/info/CVE-2023-0386
security.gd-linux.com/info/CVE-2023-0394
security.gd-linux.com/info/CVE-2023-0458
security.gd-linux.com/info/CVE-2023-0459
security.gd-linux.com/info/CVE-2023-0461
security.gd-linux.com/info/CVE-2023-0590
security.gd-linux.com/info/CVE-2023-0597
security.gd-linux.com/info/CVE-2023-1073
security.gd-linux.com/info/CVE-2023-1074
security.gd-linux.com/info/CVE-2023-1075
security.gd-linux.com/info/CVE-2023-1076
security.gd-linux.com/info/CVE-2023-1077
security.gd-linux.com/info/CVE-2023-1118
security.gd-linux.com/info/CVE-2023-1281
security.gd-linux.com/info/CVE-2023-1382
security.gd-linux.com/info/CVE-2023-1829
security.gd-linux.com/info/CVE-2023-1855
security.gd-linux.com/info/CVE-2023-1859
security.gd-linux.com/info/CVE-2023-1989
security.gd-linux.com/info/CVE-2023-1998
security.gd-linux.com/info/CVE-2023-2006
security.gd-linux.com/info/CVE-2023-2007
security.gd-linux.com/info/CVE-2023-2124
security.gd-linux.com/info/CVE-2023-2162
security.gd-linux.com/info/CVE-2023-2177
security.gd-linux.com/info/CVE-2023-2235
security.gd-linux.com/info/CVE-2023-2269
security.gd-linux.com/info/CVE-2023-23000
security.gd-linux.com/info/CVE-2023-23004
security.gd-linux.com/info/CVE-2023-23454
security.gd-linux.com/info/CVE-2023-23455
security.gd-linux.com/info/CVE-2023-23559
security.gd-linux.com/info/CVE-2023-25012
security.gd-linux.com/info/CVE-2023-26545
security.gd-linux.com/info/CVE-2023-26607
security.gd-linux.com/info/CVE-2023-28327
security.gd-linux.com/info/CVE-2023-28328
security.gd-linux.com/info/CVE-2023-28466
security.gd-linux.com/info/CVE-2023-2898
security.gd-linux.com/info/CVE-2023-30456
security.gd-linux.com/info/CVE-2023-31436
security.gd-linux.com/info/CVE-2023-32233
security.gd-linux.com/info/CVE-2023-32269
security.gd-linux.com/info/CVE-2023-4133
security.gd-linux.com/notice/NS-SA-2023-0142