The remote NewStart CGSL host, running version MAIN 6.06, has kernel packages installed that are affected by multiple vulnerabilities:

  - There are use-after-free vulnerabilities in the Linux kernel's net/bluetooth/l2cap_core.c's l2cap_connect     and l2cap_le_connect_req functions which may allow code execution and leaking kernel memory (respectively)     remotely via Bluetooth. A remote attacker could execute code leaking kernel memory via Bluetooth if within     proximity of the victim. We recommend upgrading past commit https://www.google.com/url     https://github.com/torvalds/linux/commit/711f8c3fb3db61897080468586b970c87c61d9e4     https://www.google.com/url (CVE-2022-42896)

  - An issue was discovered in the Linux kernel through 5.18.9. A type confusion bug in nft_set_elem_init     (leading to a buffer overflow) could be used by a local attacker to escalate privileges, a different     vulnerability than CVE-2022-32250. (The attacker can obtain root access, but must start with an     unprivileged user namespace to obtain CAP_NET_ADMIN access.) This can be fixed in nft_setelem_parse_data     in net/netfilter/nf_tables_api.c. (CVE-2022-34918)

  - When sending malicous data to kernel by ioctl cmd FBIOPUT_VSCREENINFO,kernel will write memory out of     bounds. (CVE-2021-33655)

  - When setting font with malicous data by ioctl cmd PIO_FONT,kernel will write memory out of bounds.
    (CVE-2021-33656)

  - A vulnerability was found in the fs/inode.c:inode_init_owner() function logic of the LInux kernel that     allows local users to create files for the XFS file-system with an unintended group ownership and with     group execution and SGID permission bits set, in a scenario where a directory is SGID and belongs to a     certain group and is writable by a user who is not a member of this group. This can lead to excessive     permissions granted in case when they should not. This vulnerability is similar to the previous     CVE-2018-13405 and adds the missed fix for the XFS. (CVE-2021-4037)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

Detections

Analytics

NewStart CGSL MAIN 6.06 : kernel Multiple Vulnerabilities (NS-SA-2023-0083)

high Nessus Plugin ID 187326

Version 1.5