Detections
Analytics

EulerOS Virtualization 3.0.6.6 : kernel (EulerOS-SA-2023-2444)

critical Nessus Plugin ID 178888

Synopsis

The remote EulerOS Virtualization host is missing multiple security updates.

Description

According to the versions of the kernel packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities :

 roccat_report_event in drivers/hid/hid-roccat.c in the Linux kernel through 5.19.12 has a race condition and resultant use-after-free in certain situations where a report is received while copying a report- value is in progress.(CVE-2022-41850)

 mm/rmap.c in the Linux kernel before 5.19.7 has a use-after-free related to leaf anon_vma double reuse.(CVE-2022-42703)

 A memory leak flaw was found in bnx2x_tpa_stop in drivers et/ethernet/broadcom/bnx2x/bnx2x_cmn.c in the bnx2x sub-component in the Linux Kernel. This flaw may allow a local attacker to cause a denial of service.(CVE-2022-3542)

 A data race problem was found in sk-sk_prot in the network subsystem in ipv6 in the Linux kernel. This issue occurs while some functions access critical data, leading to a denial of service.(CVE-2022-3567)

 A vulnerability was found in the tcp subsystem in the Linux Kernel, due to a data race around icsk- icsk_af_ops. This issue could allow an attacker to leak internal kernel information.(CVE-2022-3566)

 An out-of-bounds memory write flaw in the Linux kernels USB Monitor component was found in how a user with access to the /dev/usbmon can trigger it by an incorrect write to the memory of the usbmon. This flaw allows a local user to crash or potentially escalate their privileges on the system.(CVE-2022-43750)

 A vulnerability was found in area_cache_get in drivers et/ethernet,etronome,fp,fpcore,fp_cppcore.c in the Netronome Flow Processor (NFP) driver in the Linux kernel. This flaw allows a manipulation that may lead to a use-after-free issue.(CVE-2022-3545)

 A memory leak flaw was found in the Linux kernels IPv6 functionality in how a user triggers the setsockopt of the IPV6_ADDRFORM and IPV6_DSTOPTS type. This flaw allows a user to crash the system if the setsockopt function is being called simultaneously with the IPV6_ADDRFORM type and other processes with the IPV6_DSTOPTS type. This issue is unlikely to happen unless a local process triggers IPV6_ADDRFORM.(CVE-2022-3524)

 A use-after-free flaw was found in the Linux kernels L2CAP bluetooth functionality in how a user triggers a race condition by two malicious flows in the L2CAP bluetooth packets. This flaw allows a local or bluetooth connection user to crash the system or potentially escalate privileges.(CVE-2022-3564)

 A flaw was found in the Linux kernels networking code. A use-after-free was found in the way the sch_sfb enqueue function used the socket buffer (SKB) cb field after the same SKB had been enqueued (and freed) into a child qdisc. This flaw allows a local, unprivileged user to to disclose sensitive information or crash the system, causing a denial of service.(CVE-2022-3586)

 A use-after-free flaw was found in the Linux kernels ISDN over IP tunnel functionality in how a local user triggers the release_card() function called from l1oip_cleanup(). This flaw allows a local user to crash or potentially escalate their privileges on the system.(CVE-2022-3565)

 A vulnerability was found in Linux Kernel. It has been declared as problematic. Affected by this vulnerability is the function intr_callback of the file drivers et/usb/r8152.c of the component BPF. The manipulation leads to logging of excessive data. The attack can be launched remotely. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-211363.(CVE-2022-3594)

 A firewall flaw that can bypass the Linux kernels Netfilter functionality was found in how a user handles unencrypted IRC with nf_conntrack_irc configured. This flaw allows a remote user to gain unauthorized access to the system.(CVE-2022-2663)

 roccat_report_event in drivers/hid/hid-roccat.c in the Linux kernel through 5.19.12 has a race condition and resultant use-after-free in certain situations where a report is received while copying a report- value is in progress.(CVE-2022-41850)

 A memory leak flaw with use-after-free capability was found in the Linux kernel. The VMA mm/rmap.c functionality in the is_mergeable_anon_vma() function continuously forks, using memory operations to trigger an incorrect reuse of leaf anon_vma. This issue allows a local attacker to crash the system.(CVE-2022-42703)

 A flaw was found in the Linux kernel. There is a possible use after free due to improper locking. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.(CVE-2020-27066)

 Dm-verity is used for extending root-of-trust to root filesystems. LoadPin builds on this property to restrict module/firmware loads to just the trusted root filesystem. Device-mapper table reloads currently allow users with root privileges to switch out the target with an equivalent dm-linear target and bypass verification till reboot. This allows root to bypass LoadPin and can be used to load untrusted and unverified kernel modules and firmware, which implies arbitrary kernel execution and persistence for peripherals that do not verify firmware updates. We recommend upgrading past commit 4caae58406f8ceb741603eee460d79bacca9b1b5(CVE-2022-2503)

 A flaw was found in the Linux kernels driver for the ASIX AX88179_178A-based USB 2.0/3.0 Gigabit Ethernet Devices. The vulnerability contains multiple out-of-bounds reads and possible out-of-bounds writes.(CVE-2022-2964)

 A flaw was found in the Linux kernel. This flaw allows an attacker who can modify the MTU of a virtualized PCIe device (in a guest, for example) to crash the host systems kernel if they set the MTU of the VF device to an unsupported value.(CVE-2021-33098)

 In gadget_dev_desc_UDC_show of configfs.c, there is a possible disclosure of kernel heap memory due to a race condition. This could lead to local information disclosure with System execution privileges needed.
 User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID:
 A-160822094References: Upstream kernel(CVE-2021-39648)

 A vulnerability was found in the fs/inode.c:inode_init_owner() function logic of the LInux kernel that allows local users to create files for the XFS file-system with an unintended group ownership and with group execution and SGID permission bits set, in a scenario where a directory is SGID and belongs to a certain group and is writable by a user who is not a member of this group. This can lead to excessive permissions granted in case when they should not. This vulnerability is similar to the previous CVE-2018-13405 and adds the missed fix for the XFS.(CVE-2021-4037)

 A data leak flaw was found in the way XFS_IOC_ALLOCSP IOCTL in the XFS filesystem allowed for size increase of files with unaligned size. A local attacker could use this flaw to leak data on the XFS filesystem otherwise not accessible to them.(CVE-2021-4155)

 ** DISPUTED ** __btrfs_free_extent in fs/btrfs/extent-tree.c in the Linux kernel through 5.3.12 calls btrfs_print_leaf in a certain ENOENT case, which allows local users to obtain potentially sensitive information about register values via the dmesg program. NOTE: The BTRFS development team disputes this issues as not being a vulnerability because 1) The kernel provide facilities to restrict access to dmesg - dmesg_restrict=1 sysctl option. So it's really up to the system administrator to judge whether dmesg access shall be disallowed or not. 2) WARN/WARN_ON are widely used macros in the linux kernel. If this CVE is considered valid this would mean there are literally thousands CVE lurking in the kernel - something which clearly is not the case.(CVE-2019-19039)

 An issue was discovered in xfs_agf_verify in fs/xfs/libxfs/xfs_alloc.c in the Linux kernel through 5.6.10.
 Attackers may trigger a sync of excessive duration via an XFS v5 image with crafted metadata, aka CID-d0c7feaf8767.(CVE-2020-12655)

 In the netlink driver, there is a possible out of bounds write due to a race condition. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-65025077(CVE-2020-0066)

 In the Android kernel in sync debug fs driver there is a kernel pointer leak due to the usage of printf with %p. This could lead to local information disclosure with system execution privileges needed. User interaction is not needed for exploitation.(CVE-2019-9444)

 A flaw was found in the Linux kernel implementation of proxied virtualized TPM devices. On a system where virtualized TPM devices are configured (this is not the default) a local attacker can create a use-after- free and create a situation where it may be possible to escalate privileges on the system.(CVE-2022-2977)

 A race condition was found in the Linux kernel's IP framework for transforming packets (XFRM subsystem) when multiple calls to xfrm_probe_algs occurred simultaneously. This flaw could allow a local attacker to potentially trigger an out-of-bounds write or leak kernel heap memory by performing an out-of-bounds read and copying it into a socket.(CVE-2022-3028)

 A use-after-free flaw was found in the Linux kernels Atheros wireless adapter driver in the way a user forces the ath9k_htc_wait_for_target function to fail with some input messages. This flaw allows a local user to crash or potentially escalate their privileges on the system.(CVE-2022-1679)

 An information leak flaw was found in NFS over RDMA in the net/sunrpc/xprtrdma/rpc_rdma.c in the Linux Kernel. This flaw allows an attacker with normal user privileges to leak kernel information.(CVE-2022-0812)

 An out-of-bounds access issue was found in the Linux kernel networking subsystem in the way raw packet sockets (AF_PACKET) used PACKET_COPY_THRESH and mmap operations. A local attacker with CAP_NET_RAW capability could use this flaw to trigger a buffer overflow resulting in a system crash or privilege escalation.(CVE-2022-20368)

 A memory corruption flaw was found in the Linux kernels Netfilter subsystem in the way a local user uses the libnetfilter_queue when analyzing a corrupted network packet. This flaw allows a local user to crash the system or a remote user to crash the system when the libnetfilter_queue is used by a local user.(CVE-2022-36946)

 A memory access flaw was found in the Linux kernels XEN hypervisor for the virtual machine. This flaw allows a local user to crash the system or potentially escalate their privileges on the system.(CVE-2022-36123)

 A use-after-free flaw was found in route4_change in the net/sched/cls_route.c filter implementation in the Linux kernel. This flaw allows a local user to crash the system and possibly lead to a local privilege escalation problem.(CVE-2022-2588)

 A flaw was found in the Linux kernels IP framework for transforming packets (XFRM subsystem). An error while resolving policies in xfrm_bundle_lookup causes the refcount to drop twice, leading to a possible crash and a denial of service.(CVE-2022-36879)

 A heap buffer overflow flaw was found in the Linux kernels Netfilter subsystem in the way a user provides incorrect input of the NFT_DATA_VERDICT type. This flaw allows a local user to crash or potentially escalate their privileges on the system.(CVE-2022-34918)

 The Linux kernel before 5.17.9 allows TCP servers to identify clients by observing what source ports are used. This occurs because of use of Algorithm 4 ('Double-Hash Port Selection Algorithm') of RFC 6056.(CVE-2022-32296)

 A use-after-free flaw was found in u32_change in net/sched/cls_u32.c in the network subcomponent of the Linux kernel. This flaw allows a local attacker to crash the system, cause a privilege escalation, and leak kernel information.(CVE-2022-29581)

 IBM Power9 (AIX 7.1, 7.2, and VIOS 3.1) processors could allow a local user to obtain sensitive information from the data in the L1 cache under extenuating circumstances. IBM X-Force ID:
 189296.(CVE-2020-4788)

 A memory leak vulnerability was found in Linux kernel in llcp_sock_connect(CVE-2020-25672)

 In drivers/target/target_core_xcopy.c in the Linux kernel before 5.10.7, insufficient identifier checking in the LIO SCSI target code can be used by remote attackers to read or write files via directory traversal in an XCOPY request, aka CID-2896c93811e3. For example, an attack can occur over a network if the attacker has access to one iSCSI LUN. The attacker gains control over file access because I/O operations are proxied via an attacker-selected backstore.(CVE-2020-28374)

 In blk_mq_queue_tag_busy_iter of blk-mq-tag.c, there is a possible use after free due to improper locking.
 This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID:
 A-151939299(CVE-2020-0433)

 In uvc_scan_chain_forward of uvc_driver.c, there is a possible linked list corruption due to an unusual root cause. This could lead to local escalation of privilege in the kernel with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-111893654References: Upstream kernel(CVE-2020-0404)

 A flaw was discovered in the way that the KVM hypervisor handled instruction emulation for an L2 guest when nested virtualisation is enabled. Under some circumstances, an L2 guest may trick the L0 guest into accessing sensitive L1 resources that should be inaccessible to the L2 guest.(CVE-2020-2732)

 In create_pinctrl of core.c, there is a possible out of bounds read due to a use after free. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-140550171(CVE-2020-0427)

 A locking issue was discovered in the tty subsystem of the Linux kernel through 5.9.13.
 drivers/tty/tty_jobctrl.c allows a use-after-free attack against TIOCSPGRP, aka CID-54ffccbf053b.(CVE-2020-29661)

 A locking inconsistency issue was discovered in the tty subsystem of the Linux kernel through 5.9.13.
 drivers/tty/tty_io.c and drivers/tty/tty_jobctrl.c may allow a read-after-free attack against TIOCGSID, aka CID-c8bcd9c5be24.(CVE-2020-29660)

 This vulnerability has been modified since it was last analyzed by the NVD. It is awaiting reanalysis which may result in further changes to the information provided.(CVE-2020-25670)

 Vulnerability Summary for CVE-2022-20565(CVE-2022-20565)

 An issue was discovered in the FUSE filesystem implementation in the Linux kernel before 5.10.6, aka CID-5d069dbe8aaf. fuse_do_getattr() calls make_bad_inode() in inappropriate situations, causing a system crash. NOTE: the original fix for this vulnerability was incomplete, and its incompleteness is tracked as CVE-2021-28950.(CVE-2020-36322)

 In the Linux kernel before 5.4.16, a race condition in tty-disc_data handling in the slip and slcan line discipline could lead to a use-after-free, aka CID-0ace17d56824. This affects drivers et/slip/slip.c and drivers et/can/slcan.c.(CVE-2020-14416)

 A heap out-of-bounds write affecting Linux since v2.6.19-rc1 was discovered in net etfilter/x_tables.c. This allows an attacker to gain privileges or cause a DoS (via heap memory corruption) through user name space(CVE-2021-22555)

 A flaw was found in the 'Routing decision' classifier in the Linux kernel's Traffic Control networking subsystem in the way it handled changing of classification filters, leading to a use-after-free condition.
 This flaw allows unprivileged local users to escalate their privileges on the system. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability.(CVE-2021-3715)

 A vulnerability was found in Linux kernel where non-blocking socket in llcp_sock_connect() leads to leak and eventually hanging-up the system.(CVE-2020-25673 )

 Improper access control in BlueZ may allow an authenticated user to potentially enable information disclosure via adjacent access.(CVE-2021-0129 )

 A flaw double-free memory corruption in the Linux kernel HCI device initialization subsystem was found in the way user attach malicious HCI TTY Bluetooth device. A local user could use this flaw to crash the system. This flaw affects all the Linux kernel versions starting from 3.13.(CVE-2021-3564)

 It was found that cephx authentication protocol did not verify ceph clients correctly and was vulnerable to replay attack. Any attacker having access to ceph cluster network who is able to sniff packets on network can use this vulnerability to authenticate with ceph service and perform actions allowed by ceph service. Ceph branches master, mimic, luminous and jewel are believed to be vulnerable.(CVE-2018-1128)

 A heap-based buffer overflow vulnerability was found in the Linux kernel, version kernel-2.6.32, in Marvell WiFi chip driver. A remote attacker could cause a denial of service (system crash) or, possibly execute arbitrary code, when the lbs_ibss_join_existing function is called after a STA connects to an AP.(CVE-2019-14896)

 A stack-based buffer overflow was found in the Linux kernel, version kernel-2.6.32, in Marvell WiFi chip driver. An attacker is able to cause a denial of service (system crash) or, possibly execute arbitrary code, when a STA works in IBSS mode (allows connecting stations together without the use of an AP) and connects to another STA.(CVE-2019-14897)

 The rbd block device driver in drivers/block/rbd.c in the Linux kernel through 5.8.9 used incomplete permission checking for access to rbd devices, which could be leveraged by local attackers to map or unmap rbd block devices, aka CID-f44d04e696fe.(CVE-2020-25284 )

 The VFIO PCI driver in the Linux kernel through 5.6.13 mishandles attempts to access disabled memory space.(CVE-2020-12888)

 fs/btrfs/volumes.c in the Linux kernel before 5.1 allows a btrfs_verify_dev_extents NULL pointer dereference via a crafted btrfs image because fs_devices-devices is mishandled within find_device, aka CID-09ba3bc9dd15.(CVE-2019-18885)

 A use-after-free flaw was found in fs/ext4 amei.c:dx_insert_block() in the Linux kernels filesystem sub-component. This flaw allows a local attacker with a user privilege to cause a denial of service.(CVE-2022-1184)

 drivers/scsi/stex.c in the Linux kernel through 5.19.9 allows local users to obtain sensitive information from kernel memory because stex_queuecommand_lck lacks a memset for the PASSTHRU_CMD case.(CVE-2022-40768)

 A use after free vulnerability exists in the ALSA PCM package in the Linux Kernel.
 SNDRV_CTL_IOCTL_ELEM_{READ|WRITE}32 is missing locks that can be used in a use-after-free that can result in a priviledge escalation to gain ring0 access from the system user. We recommend upgrading past commit 56b88b50565cd8b946a2d00b0c83927b7ebb055e(CVE-2023-0266)

 A buffer overflow flaw was found in the Linux kernel Broadcom Full MAC Wi-Fi driver. This issue occurs when a user connects to a malicious USB device. This can allow a local user to crash the system or escalate their privileges.(CVE-2022-3628)

 A vulnerability was found in Linux Kernel. It has been declared as problematic. This vulnerability affects the function vsock_connect of the file net/vmw_vsock/af_vsock.c. The manipulation leads to memory leak. It is recommended to apply a patch to fix this issue. VDB-211930 is the identifier assigned to this vulnerability.(CVE-2022-3629)

 In __hidinput_change_resolution_multipliers of hid-input.c, there is a possible out of bounds write due to a heap buffer overflow. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-173843328References: Upstream kernel(CVE-2021-0512)

 In fs/eventpoll.c, there is a possible use after free. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product:
 AndroidVersions: Android kernelAndroid ID: A-204450605References: Upstream kernel(CVE-2021-39634)

 When sending malicous data to kernel by ioctl cmd FBIOPUT_VSCREENINFO,kernel will write memory out of bounds.(CVE-2021-33655)

 An incorrect access control flaw was found in the Linux kernel USB core subsystem. When attaching a malicious usb device, the recursive locking violation in usb-storage can cause the kernel to deadlock.
 This issue could allow a local user to crash the system.(CVE-2022-4662)

 A flaw was found in the Linux kernel's Layer 2 Tunneling Protocol (L2TP). A missing lock when clearing sk_user_data can lead to a race condition and NULL pointer dereference. A local user could use this flaw to potentially crash the system causing a denial of service.(CVE-2022-4129)

 When setting font with malicous data by ioctl cmd PIO_FONT,kernel will write memory out of bounds.(CVE-2021-33656)

 An issue was discovered in include/asm-generic/tlb.h in the Linux kernel before 5.19. Because of a race condition (unmap_mapping_range versus munmap), a device driver can free a page while it still has stale TLB entries. This only occurs in situations with VM_PFNMAP VMAs.(CVE-2022-39188)

 A use-after-free flaw was found in fs/ext4 amei.c:dx_insert_block() in the Linux kernels filesystem sub-component. This flaw allows a local attacker with a user privilege to cause a denial of service.(CVE-2022-20166)

 An incorrect read request flaw was found in the Infrared Transceiver USB driver in the Linux kernel. This issue occurs when a user attaches a malicious USB device. A local user could use this flaw to starve the resources, causing denial of service or potentially crashing the system.(CVE-2022-3903)

 cbq_classify in net/sched/sch_cbq.c in the Linux kernel through 6.1.4 allows attackers to cause a denial of service (slab-out-of-bounds read) because of type confusion (non-negative numbers can sometimes indicate a TC_ACT_SHOT condition rather than valid classification results).(CVE-2023-23454)

 In drivers/media/dvb-core/dmxdev.c in the Linux kernel through 5.19.10, there is a use-after-free caused by refcount races, affecting dvb_demux_open and dvb_dmxdev_release.(CVE-2022-41218)

 An out-of-bounds memory access flaw was found in the Linux kernel Intels iSMT SMBus host controller driver in the way a user triggers the I2C_SMBUS_BLOCK_DATA (with the ioctl I2C_SMBUS) with malicious input data. This flaw allows a local user to crash the system.(CVE-2022-2873)

 A NULL pointer dereference flaw was found in rawv6_push_pending_frames in net/ipv6/raw.c in the network subcomponent in the Linux kernel. This flaw causes the system to crash.(CVE-2023-0394)

 atm_tc_enqueue in net/sched/sch_atm.c in the Linux kernel through 6.1.4 allows attackers to cause a denial of service because of type confusion (non-negative numbers can sometimes indicate a TC_ACT_SHOT condition rather than valid classification results).(CVE-2023-23455)

 In the Linux kernel before 6.1.6, a NULL pointer dereference bug in the traffic control subsystem allows an unprivileged user to trigger a denial of service (system crash) via a crafted traffic control configuration that is set up with 'tc qdisc' and 'tc class' commands. This affects qdisc_graft in net/sched/sch_api.c.(CVE-2022-47929)

 A use-after-free flaw was found in the Linux kernels SGI GRU driver in the way the first gru_file_unlocked_ioctl function is called by the user, where a fail pass occurs in the gru_check_chiplet_assignment function. This flaw allows a local user to crash or potentially escalate their privileges on the system.(CVE-2022-3424)

 A flaw was found in the Linux kernel Traffic Control (TC) subsystem. Using a specific networking configuration (redirecting egress packets to ingress using TC action 'mirred') a local unprivileged user could trigger a CPU soft lockup (ABBA deadlock) when the transport protocol in use (TCP or SCTP) does a retransmission, resulting in a denial of service condition.(CVE-2022-4269)

 A use-after-free vulnerability was found in the traffic control index filter (tcindex) in the Linux kernel. The imperfect hash area can be updated while packets are traversing. This issue could allow a local attacker to cause a use-after-free problem, leading to privilege escalation.(CVE-2023-1281)

 An issue was discovered in the Linux kernel before 5.13.3. lib/seq_buf.c has a seq_buf_putmem_hex buffer overflow.(CVE-2023-28772)

 In nf_tables_updtable, if nf_tables_table_enable returns an error, nft_trans_destroy is called to free the transaction object. nft_trans_destroy() calls list_del(), but the transaction was never placed on a list
 -- the list head is all zeroes, this results in a NULL pointer dereference.(CVE-2023-1095)

 A memory corruption flaw was found in the Linux kernels human interface device (HID) subsystem in how a user inserts a malicious USB device. This flaw allows a local user to crash or potentially escalate their privileges on the system.(CVE-2023-1073)

 A memory leak flaw was found in the Linux kernel's Stream Control Transmission Protocol. This issue may occur when a user starts a malicious networking service and someone connects to this service. This could allow a local user to starve resources, causing a denial of service.(CVE-2023-1074)

 A slab-out-of-bound read problem was found in brcmf_get_assoc_ies in drivers et/wireless/broadcom/brcm80211/brcmfmac/cfg80211.c in the Linux Kernel. This issue could occur when assoc_info-req_len data is bigger than the size of the buffer, defined as WL_EXTRA_BUF_MAX, leading to a denial of service.(CVE-2023-1380)

 A flaw was found in the Linux kernel's implementation of RDMA over infiniband. An attacker with a privileged local account can leak kernel stack information when issuing commands to the /dev/infiniband/rdma_cm device node. While this access is unlikely to leak sensitive user information, it can be further used to defeat existing kernel protection mechanisms.(CVE-2021-3923)

 A data race flaw was found in the Linux kernel, between where con is allocated and con-sock is set.
 This issue leads to a NULL pointer dereference when accessing con-sock-sk in net/tipc/topsrv.c in the tipc protocol in the Linux kernel.(CVE-2023-1382)

 A use-after-free flaw was found in the Linux kernel's integrated infrared receiver/transceiver driver.
 This issue occurs when a user detaches a rc device. This could allow a local user to crash the system or potentially escalate their privileges on the system.(CVE-2023-1118)

 A NULL pointer dereference flaw was found in the az6027 driver in drivers/media/usb/dev-usb/az6027.c in the Linux Kernel. The message from user space is not checked properly before transfe ...

 Please note that the description has been truncated due to length. Please refer to vendor advisory for the full description.

Tenable has extracted the preceding description block directly from the EulerOS Virtualization kernel security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

Solution

Update the affected kernel packages.

See Also

http://www.nessus.org/u?478d07aa

Plugin Details

Severity: Critical

ID: 178888

File Name: EulerOS_SA-2023-2444.nasl

Version: 1.6

Type: local

Published: 7/26/2023

Updated: 10/7/2025

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: Critical

Score: 9.7

CVSS v2

Risk Factor: Critical

Base Score: 10

Temporal Score: 8.7

Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C

CVSS Score Source: CVE-2019-14896

CVSS v3

Risk Factor: Critical

Base Score: 9.8

Temporal Score: 9.4

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Temporal Vector: CVSS:3.0/E:H/RL:O/RC:C

CVSS Score Source: CVE-2019-14897

Vulnerability Information

CPE: p-cpe:/a:huawei:euleros:kernel, p-cpe:/a:huawei:euleros:kernel-tools-libs-devel, p-cpe:/a:huawei:euleros:kernel-devel, p-cpe:/a:huawei:euleros:kernel-headers, p-cpe:/a:huawei:euleros:kernel-tools, p-cpe:/a:huawei:euleros:kernel-tools-libs, cpe:/o:huawei:euleros:uvp:3.0.6.6

Required KB Items: Host/local_checks_enabled, Host/cpu, Host/EulerOS/release, Host/EulerOS/rpm-list, Host/EulerOS/uvp_version

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 7/25/2023

Vulnerability Publication Date: 7/10/2018

CISA Known Exploited Vulnerability Due Dates: 4/20/2023, 10/27/2025

Exploitable With

CANVAS (CANVAS)

Core Impact

Metasploit (Netfilter x_tables Heap OOB Write Privilege Escalation)

Reference Information

CVE: CVE-2018-1128, CVE-2019-14896, CVE-2019-14897, CVE-2019-18885, CVE-2019-19039, CVE-2019-9444, CVE-2020-0066, CVE-2020-0404, CVE-2020-0427, CVE-2020-0433, CVE-2020-12655, CVE-2020-12888, CVE-2020-14416, CVE-2020-25284, CVE-2020-25670, CVE-2020-25672, CVE-2020-25673, CVE-2020-27066, CVE-2020-2732, CVE-2020-28374, CVE-2020-29660, CVE-2020-29661, CVE-2020-36322, CVE-2020-36557, CVE-2020-36558, CVE-2020-4788, CVE-2021-0129, CVE-2021-0512, CVE-2021-22555, CVE-2021-33098, CVE-2021-33655, CVE-2021-33656, CVE-2021-3564, CVE-2021-3715, CVE-2021-3923, CVE-2021-39634, CVE-2021-39648, CVE-2021-4037, CVE-2021-4155, CVE-2022-0812, CVE-2022-1184, CVE-2022-1679, CVE-2022-20166, CVE-2022-20368, CVE-2022-20565, CVE-2022-20572, CVE-2022-2503, CVE-2022-2588, CVE-2022-2663, CVE-2022-2873, CVE-2022-29581, CVE-2022-2964, CVE-2022-2977, CVE-2022-3028, CVE-2022-32296, CVE-2022-3424, CVE-2022-34918, CVE-2022-3524, CVE-2022-3545, CVE-2022-3564, CVE-2022-3565, CVE-2022-3566, CVE-2022-3567, CVE-2022-3586, CVE-2022-3594, CVE-2022-36123, CVE-2022-3628, CVE-2022-3629, CVE-2022-36879, CVE-2022-36946, CVE-2022-3903, CVE-2022-39188, CVE-2022-40768, CVE-2022-41218, CVE-2022-4129, CVE-2022-41850, CVE-2022-4269, CVE-2022-42703, CVE-2022-43750, CVE-2022-4662, CVE-2022-47929, CVE-2023-0266, CVE-2023-0394, CVE-2023-1073, CVE-2023-1074, CVE-2023-1095, CVE-2023-1118, CVE-2023-1281, CVE-2023-1380, CVE-2023-1382, CVE-2023-23454, CVE-2023-23455, CVE-2023-28328, CVE-2023-28772