EulerOS Virtualization for ARM 64 184.108.40.206 : kernel (EulerOS-SA-2019-1493)
High Nessus Plugin ID 124817
SynopsisThe remote EulerOS Virtualization for ARM 64 host is missing multiple security updates.
DescriptionAccording to the versions of the kernel packages installed, the EulerOS Virtualization for ARM 64 installation on the remote host is affected by the following vulnerabilities :
- In the Linux kernel through 4.14.13, the rds_message_alloc_sgs() function does not validate a value that is used during DMA page allocation, leading to a heap-based out-of-bounds write (related to the rds_rdma_extra_size function in net/rds/rdma.c).(CVE-2018-5332i1/4%0
- The fib6_add function in net/ipv6/ip6_fib.c in the Linux kernel before 3.11.5 does not properly implement error-code encoding, which allows local users to cause a denial of service (NULL pointer dereference and system crash) by leveraging the CAP_NET_ADMIN capability for an IPv6 SIOCADDRT ioctl call.(CVE-2013-6431i1/4%0
- A flaw was discovered in the F2FS filesystem code in fs/f2fs/super.c in the Linux kernel. An out-of-bounds read or a divide-by-zero error for an incorrect user_block_count in a corrupted f2fs image can lead to a denial of service.(CVE-2018-13097i1/4%0
Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
SolutionUpdate the affected kernel packages.