Detections
Analytics

NewStart CGSL CORE 5.04 / MAIN 5.04 : kernel Multiple Vulnerabilities (NS-SA-2024-0017)

high Nessus Plugin ID 193543

Synopsis

The remote NewStart CGSL host is affected by multiple vulnerabilities.

Description

The remote NewStart CGSL host, running version CORE 5.04 / MAIN 5.04, has kernel packages installed that are affected by multiple vulnerabilities:

 - qfq_change_class in net/sched/sch_qfq.c in the Linux kernel before 6.2.13 allows an out-of-bounds write because lmax can exceed QFQ_MIN_LMAX. (CVE-2023-31436)

 - Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority because it was the duplicate of CVE-2023-31436. (CVE-2023-2248)

 - A flaw was found in the Linux kernel's driver for the ASIX AX88179_178A-based USB 2.0/3.0 Gigabit Ethernet Devices. The vulnerability contains multiple out-of-bounds reads and possible out-of-bounds writes.
 (CVE-2022-2964)

 - A stack overflow flaw was found in the Linux kernel's SYSCTL subsystem in how a user changes certain kernel parameters and variables. This flaw allows a local user to crash or potentially escalate their privileges on the system. (CVE-2022-4378)

 - A speculative pointer dereference problem exists in the Linux Kernel on the do_prlimit() function. The resource argument value is controlled and is used in pointer arithmetic for the 'rlim' variable and can be used to leak the contents. We recommend upgrading past version 6.1.8 or commit 739790605705ddcf18f21782b9c99ad7d53a8c11 (CVE-2023-0458)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

Solution

Upgrade the vulnerable CGSL kernel packages. Note that updated packages may not be available yet. Please contact ZTE for more information.

See Also

https://security.gd-linux.com/notice/NS-SA-2024-0017

https://security.gd-linux.com/info/CVE-2022-2964

https://security.gd-linux.com/info/CVE-2022-4378

https://security.gd-linux.com/info/CVE-2023-0458

https://security.gd-linux.com/info/CVE-2023-0590

https://security.gd-linux.com/info/CVE-2023-1829

https://security.gd-linux.com/info/CVE-2023-1989

https://security.gd-linux.com/info/CVE-2023-2162

https://security.gd-linux.com/info/CVE-2023-28327

https://security.gd-linux.com/info/CVE-2023-28328

https://security.gd-linux.com/info/CVE-2023-31436

https://security.gd-linux.com/info/CVE-2023-32269

Plugin Details

Severity: High

ID: 193543

File Name: newstart_cgsl_NS-SA-2024-0017_kernel.nasl

Version: 1.1

Type: local

Published: 4/18/2024

Updated: 9/24/2025

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 6.7

CVSS v2

Risk Factor: Medium

Base Score: 6.8

Temporal Score: 5

Vector: CVSS2#AV:L/AC:L/Au:S/C:C/I:C/A:C

CVSS Score Source: CVE-2023-31436

CVSS v3

Risk Factor: High

Base Score: 7.8

Temporal Score: 6.8

Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Temporal Vector: CVSS:3.0/E:U/RL:O/RC:C

Vulnerability Information

CPE: p-cpe:/a:zte:cgsl_main:kernel-tools-debuginfo, p-cpe:/a:zte:cgsl_main:kernel-tools-libs, p-cpe:/a:zte:cgsl_core:kernel-headers, p-cpe:/a:zte:cgsl_core:kernel-abi-whitelists, p-cpe:/a:zte:cgsl_core:kernel-devel, p-cpe:/a:zte:cgsl_main:kernel-abi-whitelists, p-cpe:/a:zte:cgsl_main:kernel, p-cpe:/a:zte:cgsl_main:kernel-debug, p-cpe:/a:zte:cgsl_main:kernel-headers, cpe:/o:zte:cgsl_main:5, p-cpe:/a:zte:cgsl_core:kernel-debuginfo-common-x86_64, p-cpe:/a:zte:cgsl_core:kernel-debuginfo, p-cpe:/a:zte:cgsl_main:kernel-debug-devel, p-cpe:/a:zte:cgsl_core:kernel-debug-modules, p-cpe:/a:zte:cgsl_main:kernel-tools-libs-devel, p-cpe:/a:zte:cgsl_core:kernel-tools-debuginfo, p-cpe:/a:zte:cgsl_core:kernel-debug-debuginfo, p-cpe:/a:zte:cgsl_main:kernel-debuginfo-common-x86_64, p-cpe:/a:zte:cgsl_core:kernel-tools-libs-devel, p-cpe:/a:zte:cgsl_core:kernel-tools, p-cpe:/a:zte:cgsl_core:kernel, p-cpe:/a:zte:cgsl_main:kernel-debuginfo, cpe:/o:zte:cgsl_core:5, p-cpe:/a:zte:cgsl_main:kernel-debug-debuginfo, p-cpe:/a:zte:cgsl_main:python-perf, p-cpe:/a:zte:cgsl_main:perf-debuginfo, p-cpe:/a:zte:cgsl_core:python-perf, p-cpe:/a:zte:cgsl_core:kernel-sign-keys, p-cpe:/a:zte:cgsl_core:perf-debuginfo, p-cpe:/a:zte:cgsl_main:perf, p-cpe:/a:zte:cgsl_core:python-perf-debuginfo, p-cpe:/a:zte:cgsl_core:kernel-core, p-cpe:/a:zte:cgsl_main:kernel-sign-keys, p-cpe:/a:zte:cgsl_core:kernel-modules, p-cpe:/a:zte:cgsl_core:kernel-debug-core, p-cpe:/a:zte:cgsl_main:kernel-devel, p-cpe:/a:zte:cgsl_core:perf, p-cpe:/a:zte:cgsl_core:kernel-debug-devel, p-cpe:/a:zte:cgsl_core:kernel-tools-libs, p-cpe:/a:zte:cgsl_main:python-perf-debuginfo, p-cpe:/a:zte:cgsl_main:kernel-tools

Required KB Items: Host/local_checks_enabled, Host/cpu, Host/ZTE-CGSL/release, Host/ZTE-CGSL/rpm-list

Exploit Ease: No known exploits are available

Patch Publication Date: 4/12/2024

Vulnerability Publication Date: 3/7/2022

Reference Information

CVE: CVE-2022-2964, CVE-2022-4378, CVE-2023-0458, CVE-2023-0590, CVE-2023-1829, CVE-2023-1989, CVE-2023-2162, CVE-2023-28327, CVE-2023-28328, CVE-2023-31436, CVE-2023-32269