Security Advisory for Huawei EulerOS kernel package with multiple CVEs including heap-based buffer overflow, speculative execution, and side-channel attack vulnerabilitie
Reporter | Title | Published | Views | Family All 199 |
Tenable Nessus | EulerOS Virtualization for ARM 64 : kernel (EulerOS-SA-2020-1342) | 2 Apr 202000:00 | – | nessus |
Tenable Nessus | SUSE SLED15 / SLES15 Security Update : kernel (SUSE-SU-2020:0836-1) | 2 Apr 202000:00 | – | nessus |
Tenable Nessus | EulerOS 2.0 SP8 : kernel (EulerOS-SA-2020-1158) | 25 Feb 202000:00 | – | nessus |
Tenable Nessus | NewStart CGSL MAIN 4.05 : kernel Multiple Vulnerabilities (NS-SA-2022-0003) | 10 May 202200:00 | – | nessus |
Tenable Nessus | EulerOS 2.0 SP8 : kernel (EulerOS-SA-2020-1292) | 23 Mar 202000:00 | – | nessus |
Tenable Nessus | SUSE SLES12 Security Update : kernel (SUSE-SU-2020:0204-1) | 23 Jan 202000:00 | – | nessus |
Tenable Nessus | openSUSE Security Update : the Linux Kernel (openSUSE-2020-388) | 30 Mar 202000:00 | – | nessus |
Tenable Nessus | Fedora 31 : kernel (2019-91f6e7bb71) | 3 Dec 201900:00 | – | nessus |
Tenable Nessus | Fedora 30 : kernel (2019-8846a1a5a2) | 3 Dec 201900:00 | – | nessus |
Tenable Nessus | CentOS 7 : kernel-alt (RHSA-2020:1493) | 9 Oct 202400:00 | – | nessus |
Source | Link |
developer | |
# SPDX-FileCopyrightText: 2020 Greenbone AG
# Some text descriptions might be excerpted from (a) referenced
# source(s), and are Copyright (C) by the respective right holder(s).
# SPDX-License-Identifier: GPL-2.0-only
script_cve_id("CVE-2019-11135", "CVE-2019-14895", "CVE-2019-14896", "CVE-2019-14897", "CVE-2019-19332", "CVE-2019-19338", "CVE-2019-19922", "CVE-2019-19947", "CVE-2019-20095", "CVE-2019-20096", "CVE-2019-3016", "CVE-2019-5108", "CVE-2020-8428", "CVE-2020-8647", "CVE-2020-8648", "CVE-2020-8649", "CVE-2020-9383");
script_tag(name:"creation_date", value:"2020-04-01 13:54:05 +0000 (Wed, 01 Apr 2020)");
script_tag(name:"last_modification", value:"2024-02-05 14:36:56 +0000 (Mon, 05 Feb 2024)");
script_tag(name:"cvss_base", value:"10.0");
script_tag(name:"cvss_base_vector", value:"AV:N/AC:L/Au:N/C:C/I:C/A:C");
script_tag(name:"severity_vector", value:"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H");
script_tag(name:"severity_origin", value:"NVD");
script_tag(name:"severity_date", value:"2019-12-10 15:01:42 +0000 (Tue, 10 Dec 2019)");
script_name("Huawei EulerOS: Security Advisory for kernel (EulerOS-SA-2020-1342)");
script_copyright("Copyright (C) 2020 Greenbone AG");
script_family("Huawei EulerOS Local Security Checks");
script_mandatory_keys("ssh/login/euleros", "ssh/login/rpms", re:"ssh/login/release=EULEROSVIRTARM64\-3\.0\.6\.0");
script_xref(name:"Advisory-ID", value:"EulerOS-SA-2020-1342");
script_xref(name:"URL", value:"");
script_tag(name:"summary", value:"The remote host is missing an update for the Huawei EulerOS 'kernel' package(s) announced via the EulerOS-SA-2020-1342 advisory.");
script_tag(name:"vuldetect", value:"Checks if a vulnerable package version is present on the target host.");
script_tag(name:"insight", value:"A heap-based buffer overflow was discovered in the Linux kernel's Marvell WiFi chip driver. The flaw could occur when the station attempts a connection negotiation during the handling of the remote devices country settings. This could allow the remote device to cause a denial of service (system crash) or possibly execute arbitrary code.(CVE-2019-14895)
A flaw was found in the fix for CVE-2019-11135, the way Intel CPUs handle speculative execution of instructions when a TSX Asynchronous Abort (TAA) error occurs. When a guest is running on a host CPU affected by the TAA flaw (TAA_NO=0), but is not affected by the MDS issue (MDS_NO=1), the guest was to clear the affected buffers by using a VERW instruction mechanism. But when the MDS_NO=1 bit was exported to the guests, the guests did not use the VERW mechanism to clear the affected buffers. This issue affects guests running on Cascade Lake CPUs and requires that host has 'TSX' enabled. Confidentiality of data is the highest threat associated with this vulnerability.(CVE-2019-19338)
A flaw was found in the way Intel CPUs handle speculative execution of instructions when the TSX Asynchronous Abort (TAA) error occurs. A local authenticated attacker with the ability to monitor execution times could infer the TSX memory state by comparing abort execution times. This could allow information disclosure via this observed side-channel for any TSX transaction being executed while an attacker is able to observe abort timing. Intel's Transactional Synchronisation Extensions (TSX) are set of instructions which enable transactional memory support to improve performance of the multi-threaded applications, in the lock-protected critical sections. The CPU executes instructions in the critical-sections as transactions, while ensuring their atomic state. When such transaction execution is unsuccessful, the processor cannot ensure atomic updates to the transaction memory, so the processor rolls back or aborts such transaction execution. While TSX Asynchronous Abort (TAA) is pending, CPU may continue to read data from architectural buffers and pass it to the dependent speculative operations. This may cause information leakage via speculative side-channel means, which is quite similar to the Microarchitectural Data Sampling (MDS) issue.(CVE-2019-11135)
An out-of-bounds memory write issue was found in the way the Linux kernel's KVM hypervisor handled the 'KVM_GET_EMULATED_CPUID' ioctl(2) request to get CPUID features emulated by the KVM hypervisor. A user or process able to access the '/dev/kvm' device could use this flaw to crash the system, resulting in a denial of service.(CVE-2019-19332)
A flaw was found in the Linux kernel's scheduler, where it can allow attackers to cause a denial of service against non-CPU-bound applications by generating a workload that triggers unwanted scheduling slice expiration. A local attacker who can trigger a ... [Please see the references for more information on the vulnerabilities]");
script_tag(name:"affected", value:"'kernel' package(s) on Huawei EulerOS Virtualization for ARM 64");
script_tag(name:"solution", value:"Please install the updated package(s).");
script_tag(name:"solution_type", value:"VendorFix");
script_tag(name:"qod_type", value:"package");
release = rpm_get_ssh_release();
res = "";
report = "";
if(release == "EULEROSVIRTARM64-") {
if(!isnull(res = isrpmvuln(pkg:"kernel", rpm:"kernel~4.19.36~vhulk1907.1.0.h697.eulerosv2r8", rls:"EULEROSVIRTARM64-"))) {
report += res;
if(!isnull(res = isrpmvuln(pkg:"kernel-devel", rpm:"kernel-devel~4.19.36~vhulk1907.1.0.h697.eulerosv2r8", rls:"EULEROSVIRTARM64-"))) {
report += res;
if(!isnull(res = isrpmvuln(pkg:"kernel-headers", rpm:"kernel-headers~4.19.36~vhulk1907.1.0.h697.eulerosv2r8", rls:"EULEROSVIRTARM64-"))) {
report += res;
if(!isnull(res = isrpmvuln(pkg:"kernel-tools", rpm:"kernel-tools~4.19.36~vhulk1907.1.0.h697.eulerosv2r8", rls:"EULEROSVIRTARM64-"))) {
report += res;
if(!isnull(res = isrpmvuln(pkg:"kernel-tools-libs", rpm:"kernel-tools-libs~4.19.36~vhulk1907.1.0.h697.eulerosv2r8", rls:"EULEROSVIRTARM64-"))) {
report += res;
if(!isnull(res = isrpmvuln(pkg:"kernel-tools-libs-devel", rpm:"kernel-tools-libs-devel~4.19.36~vhulk1907.1.0.h697.eulerosv2r8", rls:"EULEROSVIRTARM64-"))) {
report += res;
if(!isnull(res = isrpmvuln(pkg:"perf", rpm:"perf~4.19.36~vhulk1907.1.0.h697.eulerosv2r8", rls:"EULEROSVIRTARM64-"))) {
report += res;
if(!isnull(res = isrpmvuln(pkg:"python-perf", rpm:"python-perf~4.19.36~vhulk1907.1.0.h697.eulerosv2r8", rls:"EULEROSVIRTARM64-"))) {
report += res;
if(!isnull(res = isrpmvuln(pkg:"python3-perf", rpm:"python3-perf~4.19.36~vhulk1907.1.0.h697.eulerosv2r8", rls:"EULEROSVIRTARM64-"))) {
report += res;
if(report != "") {
} else if(__pkg_match) {
Transform Your Security Services
Elevate your offerings with Vulners' advanced Vulnerability Intelligence. Contact us for a demo and discover the difference comprehensive, actionable intelligence can make in your security strategy.
Book a live demo