Detections
Analytics
NewStart CGSL MAIN 6.06 : kernel Multiple Vulnerabilities (NS-SA-2023-0083)
high Nessus Plugin ID 187326
Synopsis
The remote NewStart CGSL host is affected by multiple vulnerabilities.Description
The remote NewStart CGSL host, running version MAIN 6.06, has kernel packages installed that are affected by multiple vulnerabilities:- There are use-after-free vulnerabilities in the Linux kernel's net/bluetooth/l2cap_core.c's l2cap_connect and l2cap_le_connect_req functions which may allow code execution and leaking kernel memory (respectively) remotely via Bluetooth. A remote attacker could execute code leaking kernel memory via Bluetooth if within proximity of the victim. We recommend upgrading past commit https://www.google.com/url https://github.com/torvalds/linux/commit/711f8c3fb3db61897080468586b970c87c61d9e4 https://www.google.com/url (CVE-2022-42896)
- An issue was discovered in the Linux kernel through 5.18.9. A type confusion bug in nft_set_elem_init (leading to a buffer overflow) could be used by a local attacker to escalate privileges, a different vulnerability than CVE-2022-32250. (The attacker can obtain root access, but must start with an unprivileged user namespace to obtain CAP_NET_ADMIN access.) This can be fixed in nft_setelem_parse_data in net/netfilter/nf_tables_api.c. (CVE-2022-34918)
- When sending malicous data to kernel by ioctl cmd FBIOPUT_VSCREENINFO,kernel will write memory out of bounds. (CVE-2021-33655)
- When setting font with malicous data by ioctl cmd PIO_FONT,kernel will write memory out of bounds.
(CVE-2021-33656)
- A vulnerability was found in the fs/inode.c:inode_init_owner() function logic of the LInux kernel that allows local users to create files for the XFS file-system with an unintended group ownership and with group execution and SGID permission bits set, in a scenario where a directory is SGID and belongs to a certain group and is writable by a user who is not a member of this group. This can lead to excessive permissions granted in case when they should not. This vulnerability is similar to the previous CVE-2018-13405 and adds the missed fix for the XFS. (CVE-2021-4037)
Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.
Solution
Upgrade the vulnerable CGSL kernel packages. Note that updated packages may not be available yet. Please contact ZTE for more information.See Also
https://security.gd-linux.com/notice/NS-SA-2023-0083
https://security.gd-linux.com/info/CVE-2021-4037
https://security.gd-linux.com/info/CVE-2021-33655
https://security.gd-linux.com/info/CVE-2021-33656
https://security.gd-linux.com/info/CVE-2022-0171
https://security.gd-linux.com/info/CVE-2022-0494
https://security.gd-linux.com/info/CVE-2022-0500
https://security.gd-linux.com/info/CVE-2022-0995
https://security.gd-linux.com/info/CVE-2022-1012
https://security.gd-linux.com/info/CVE-2022-1184
https://security.gd-linux.com/info/CVE-2022-1462
https://security.gd-linux.com/info/CVE-2022-1652
https://security.gd-linux.com/info/CVE-2022-1679
https://security.gd-linux.com/info/CVE-2022-1729
https://security.gd-linux.com/info/CVE-2022-1734
https://security.gd-linux.com/info/CVE-2022-1786
https://security.gd-linux.com/info/CVE-2022-1789
https://security.gd-linux.com/info/CVE-2022-1974
https://security.gd-linux.com/info/CVE-2022-1975
https://security.gd-linux.com/info/CVE-2022-2078
https://security.gd-linux.com/info/CVE-2022-2153
https://security.gd-linux.com/info/CVE-2022-2318
https://security.gd-linux.com/info/CVE-2022-2503
https://security.gd-linux.com/info/CVE-2022-2585
https://security.gd-linux.com/info/CVE-2022-2586
https://security.gd-linux.com/info/CVE-2022-2588
https://security.gd-linux.com/info/CVE-2022-2602
https://security.gd-linux.com/info/CVE-2022-2639
https://security.gd-linux.com/info/CVE-2022-2663
https://security.gd-linux.com/info/CVE-2022-2905
https://security.gd-linux.com/info/CVE-2022-2959
https://security.gd-linux.com/info/CVE-2022-2978
https://security.gd-linux.com/info/CVE-2022-3028
https://security.gd-linux.com/info/CVE-2022-3061
https://security.gd-linux.com/info/CVE-2022-3169
https://security.gd-linux.com/info/CVE-2022-3176
https://security.gd-linux.com/info/CVE-2022-3435
https://security.gd-linux.com/info/CVE-2022-3521
https://security.gd-linux.com/info/CVE-2022-3524
https://security.gd-linux.com/info/CVE-2022-3534
https://security.gd-linux.com/info/CVE-2022-3545
https://security.gd-linux.com/info/CVE-2022-3564
https://security.gd-linux.com/info/CVE-2022-3565
https://security.gd-linux.com/info/CVE-2022-3566
https://security.gd-linux.com/info/CVE-2022-3567
https://security.gd-linux.com/info/CVE-2022-3586
https://security.gd-linux.com/info/CVE-2022-3594
https://security.gd-linux.com/info/CVE-2022-3621
https://security.gd-linux.com/info/CVE-2022-3623
https://security.gd-linux.com/info/CVE-2022-3625
https://security.gd-linux.com/info/CVE-2022-3628
https://security.gd-linux.com/info/CVE-2022-3629
https://security.gd-linux.com/info/CVE-2022-3633
https://security.gd-linux.com/info/CVE-2022-3635
https://security.gd-linux.com/info/CVE-2022-3646
https://security.gd-linux.com/info/CVE-2022-3649
https://security.gd-linux.com/info/CVE-2022-4378
https://security.gd-linux.com/info/CVE-2022-4696
https://security.gd-linux.com/info/CVE-2022-21123
https://security.gd-linux.com/info/CVE-2022-21125
https://security.gd-linux.com/info/CVE-2022-21166
https://security.gd-linux.com/info/CVE-2022-21499
https://security.gd-linux.com/info/CVE-2022-21505
https://security.gd-linux.com/info/CVE-2022-26365
https://security.gd-linux.com/info/CVE-2022-26373
https://security.gd-linux.com/info/CVE-2022-28893
https://security.gd-linux.com/info/CVE-2022-29581
https://security.gd-linux.com/info/CVE-2022-29900
https://security.gd-linux.com/info/CVE-2022-29901
https://security.gd-linux.com/info/CVE-2022-32250
https://security.gd-linux.com/info/CVE-2022-32296
https://security.gd-linux.com/info/CVE-2022-32981
https://security.gd-linux.com/info/CVE-2022-33740
https://security.gd-linux.com/info/CVE-2022-33741
https://security.gd-linux.com/info/CVE-2022-33742
https://security.gd-linux.com/info/CVE-2022-33743
https://security.gd-linux.com/info/CVE-2022-33744
https://security.gd-linux.com/info/CVE-2022-34918
https://security.gd-linux.com/info/CVE-2022-36123
https://security.gd-linux.com/info/CVE-2022-36879
https://security.gd-linux.com/info/CVE-2022-36946
https://security.gd-linux.com/info/CVE-2022-39189
https://security.gd-linux.com/info/CVE-2022-39190
https://security.gd-linux.com/info/CVE-2022-39842
https://security.gd-linux.com/info/CVE-2022-40307
https://security.gd-linux.com/info/CVE-2022-40768
https://security.gd-linux.com/info/CVE-2022-41222
https://security.gd-linux.com/info/CVE-2022-41674
https://security.gd-linux.com/info/CVE-2022-42719
https://security.gd-linux.com/info/CVE-2022-42720
https://security.gd-linux.com/info/CVE-2022-42721
https://security.gd-linux.com/info/CVE-2022-42722
https://security.gd-linux.com/info/CVE-2022-42895
Plugin Details
Severity: High
ID: 187326
File Name: newstart_cgsl_NS-SA-2023-0083_kernel.nasl
Version: 1.5
Type: local
Published: 12/27/2023
Updated: 9/25/2025
Supported Sensors: Nessus
Risk Information
VPR
Risk Factor: Critical
Score: 9.6
CVSS v2
Risk Factor: High
Base Score: 7.2
Temporal Score: 6.3
Vector: CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C
CVSS Score Source: CVE-2022-34918
CVSS v3
Risk Factor: High
Base Score: 8.8
Temporal Score: 8.4
Vector: CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Temporal Vector: CVSS:3.0/E:H/RL:O/RC:C
CVSS Score Source: CVE-2022-42896
Vulnerability Information
CPE: p-cpe:/a:zte:cgsl_main:kernel-tools-libs, p-cpe:/a:zte:cgsl_main:bpftool, p-cpe:/a:zte:cgsl_main:kernel-headers, p-cpe:/a:zte:cgsl_main:kernel, p-cpe:/a:zte:cgsl_main:kernel-modules-extra, cpe:/o:zte:cgsl_main:6, p-cpe:/a:zte:cgsl_main:kata-linux-container, p-cpe:/a:zte:cgsl_main:kernel-modules, p-cpe:/a:zte:cgsl_main:perf, p-cpe:/a:zte:cgsl_main:kernel-devel, p-cpe:/a:zte:cgsl_main:kernel-core, p-cpe:/a:zte:cgsl_main:kernel-tools, p-cpe:/a:zte:cgsl_main:python3-perf
Required KB Items: Host/local_checks_enabled, Host/cpu, Host/ZTE-CGSL/release, Host/ZTE-CGSL/rpm-list
Exploit Available: true
Exploit Ease: Exploits are available
Patch Publication Date: 5/30/2023
Vulnerability Publication Date: 3/25/2022
CISA Known Exploited Vulnerability Due Dates: 7/17/2024
Exploitable With
Core Impact
Metasploit (Watch Queue Out of Bounds Write)
Reference Information
CVE: CVE-2021-33655, CVE-2021-33656, CVE-2021-4037, CVE-2022-0171, CVE-2022-0494, CVE-2022-0500, CVE-2022-0995, CVE-2022-1012, CVE-2022-1184, CVE-2022-1462, CVE-2022-1652, CVE-2022-1679, CVE-2022-1729, CVE-2022-1734, CVE-2022-1786, CVE-2022-1789, CVE-2022-1974, CVE-2022-1975, CVE-2022-2078, CVE-2022-21123, CVE-2022-21125, CVE-2022-21166, CVE-2022-21499, CVE-2022-21505, CVE-2022-2153, CVE-2022-2318, CVE-2022-2503, CVE-2022-2585, CVE-2022-2586, CVE-2022-2588, CVE-2022-2602, CVE-2022-26365, CVE-2022-26373, CVE-2022-2639, CVE-2022-2663, CVE-2022-28893, CVE-2022-2905, CVE-2022-29581, CVE-2022-2959, CVE-2022-2978, CVE-2022-29900, CVE-2022-29901, CVE-2022-3028, CVE-2022-3061, CVE-2022-3169, CVE-2022-3176, CVE-2022-32250, CVE-2022-32296, CVE-2022-32981, CVE-2022-33740, CVE-2022-33741, CVE-2022-33742, CVE-2022-33743, CVE-2022-33744, CVE-2022-3435, CVE-2022-34918, CVE-2022-3521, CVE-2022-3524, CVE-2022-3534, CVE-2022-3545, CVE-2022-3564, CVE-2022-3565, CVE-2022-3566, CVE-2022-3567, CVE-2022-3586, CVE-2022-3594, CVE-2022-36123, CVE-2022-3621, CVE-2022-3623, CVE-2022-3625, CVE-2022-3628, CVE-2022-3629, CVE-2022-3633, CVE-2022-3635, CVE-2022-3646, CVE-2022-3649, CVE-2022-36879, CVE-2022-36946, CVE-2022-39189, CVE-2022-39190, CVE-2022-39842, CVE-2022-40307, CVE-2022-40768, CVE-2022-41222, CVE-2022-41674, CVE-2022-42719, CVE-2022-42720, CVE-2022-42721, CVE-2022-42722, CVE-2022-42895, CVE-2022-42896, CVE-2022-43750, CVE-2022-4378, CVE-2022-4696