Detections
Analytics

EulerOS 2.0 SP10 : kernel (EulerOS-SA-2022-1475)

high Nessus Plugin ID 160035

Synopsis

The remote EulerOS host is missing multiple security updates.

Description

According to the versions of the kernel packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities :

 - An out of memory bounds write flaw (1 or 2 bytes of memory) in the Linux kernel NFS subsystem was found in the way users use mirroring (replication of files with NFS). A user, having access to the NFS mount, could potentially use this flaw to crash the system or escalate privileges on the system. (CVE-2021-4157)

 - In unix_scm_to_skb of af_unix.c, there is a possible use after free bug due to a race condition. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-196926917References:
 Upstream kernel (CVE-2021-0920)

 - In bpf_skb_change_head of filter.c, there is a possible out of bounds read due to a use after free. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-154177719References:
 Upstream kernel (CVE-2021-0941)

 - A memory leak flaw in the Linux kernel's hugetlbfs memory usage was found in the way the user maps some regions of memory twice using shmget() which are aligned to PUD alignment with the fault of some of the memory pages. A local user could use this flaw to get unauthorized access to some data. (CVE-2021-4002)

 - A read-after-free memory flaw was found in the Linux kernel's garbage collection for Unix domain socket file handlers in the way users call close() and fget() simultaneously and can potentially trigger a race condition. This flaw allows a local user to crash the system or escalate their privileges on the system.
 This flaw affects Linux kernel versions prior to 5.16-rc4. (CVE-2021-4083)

Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

Solution

Update the affected kernel packages.

See Also

http://www.nessus.org/u?5e659817

Plugin Details

Severity: High

ID: 160035

File Name: EulerOS_SA-2022-1475.nasl

Version: 1.7

Type: local

Published: 4/21/2022

Updated: 4/25/2023

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: High

Score: 7.4

CVSS v2

Risk Factor: High

Base Score: 7.4

Temporal Score: 6.1

Vector: CVSS2#AV:A/AC:M/Au:S/C:C/I:C/A:C

CVSS Score Source: CVE-2021-4157

CVSS v3

Risk Factor: High

Base Score: 8

Temporal Score: 7.4

Vector: CVSS:3.0/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Temporal Vector: CVSS:3.0/E:F/RL:O/RC:C

Vulnerability Information

CPE: p-cpe:/a:huawei:euleros:kernel, p-cpe:/a:huawei:euleros:kernel-abi-stablelists, p-cpe:/a:huawei:euleros:kernel-tools, p-cpe:/a:huawei:euleros:kernel-tools-libs, p-cpe:/a:huawei:euleros:python3-perf, cpe:/o:huawei:euleros:2.0

Required KB Items: Host/local_checks_enabled, Host/cpu, Host/EulerOS/release, Host/EulerOS/rpm-list, Host/EulerOS/sp

Excluded KB Items: Host/EulerOS/uvp_version

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 4/20/2022

Vulnerability Publication Date: 10/25/2021

CISA Known Exploited Vulnerability Due Dates: 6/13/2022

Reference Information

CVE: CVE-2021-0920, CVE-2021-0941, CVE-2021-4002, CVE-2021-4037, CVE-2021-4083, CVE-2021-4135, CVE-2021-4157