NewStart CGSL MAIN 6.06 : kernel Multiple Vulnerabilities (NS-SA-2025-0206)

high Nessus Plugin ID 266227

Synopsis

The remote NewStart CGSL host is affected by multiple vulnerabilities.

Description

The remote NewStart CGSL host, running version MAIN 6.06, has kernel packages installed that are affected by multiple vulnerabilities:

- A stack overflow flaw was found in the Linux kernel's TIPC protocol functionality in the way a user sends a packet with malicious content where the number of domain member nodes is higher than the 64 allowed.
This flaw allows a remote user to crash the system or possibly escalate their privileges if they have access to the TIPC network. (CVE-2022-0435)

- An issue was discovered in the Linux kernel through 5.16.11. The mixed IPID assignment method with the hash-based IPID assignment policy allows an off-path attacker to inject data into a victim's TCP session or terminate that session. (CVE-2020-36516)

- A double free bug in packet_set_ring() in net/packet/af_packet.c can be exploited by a local user through crafted syscalls to escalate privileges or deny service. We recommend upgrading kernel past the effected versions or rebuilding past ec6af094ea28f0f2dda1a6a33b14cd57e36a9755 (CVE-2021-22600)

- A memory leak vulnerability was found in the Linux kernel's eBPF for the Simulated networking device driver in the way user uses BPF for the device such that function nsim_map_alloc_elem being called. A local user could use this flaw to get unauthorized access to some data. (CVE-2021-4135)

- An unprivileged write to the file handler flaw in the Linux kernel's control groups and namespaces subsystem was found in the way users have access to some less privileged process that are controlled by cgroups and have higher privileged parent process. It is actually both for cgroup2 and cgroup1 versions of control groups. A local user could use this flaw to crash the system or escalate their privileges on the system. (CVE-2021-4197)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

Solution

Upgrade the vulnerable CGSL kernel packages. Note that updated packages may not be available yet. Please contact ZTE for more information.

See Also

https://security.gd-linux.com/notice/NS-SA-2025-0206

https://security.gd-linux.com/info/CVE-2020-36516

https://security.gd-linux.com/info/CVE-2021-22600

https://security.gd-linux.com/info/CVE-2021-4135

https://security.gd-linux.com/info/CVE-2021-4197

https://security.gd-linux.com/info/CVE-2021-4204

https://security.gd-linux.com/info/CVE-2021-44879

https://security.gd-linux.com/info/CVE-2021-45402

https://security.gd-linux.com/info/CVE-2022-0185

https://security.gd-linux.com/info/CVE-2022-0330

https://security.gd-linux.com/info/CVE-2022-0435

https://security.gd-linux.com/info/CVE-2022-0492

https://security.gd-linux.com/info/CVE-2022-0847

https://security.gd-linux.com/info/CVE-2022-1011

https://security.gd-linux.com/info/CVE-2022-1016

https://security.gd-linux.com/info/CVE-2022-22942

https://security.gd-linux.com/info/CVE-2022-23222

https://security.gd-linux.com/info/CVE-2022-24448

https://security.gd-linux.com/info/CVE-2022-25636

https://security.gd-linux.com/info/CVE-2022-27666

https://security.gd-linux.com/info/CVE-2022-45919

Plugin Details

Severity: High

ID: 266227

File Name: newstart_cgsl_NS-SA-2025-0206_kernel.nasl

Version: 1.1

Type: local

Published: 9/30/2025

Updated: 9/30/2025

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: Critical

Score: 9.8

CVSS v2

Risk Factor: High

Base Score: 9

Temporal Score: 7.8

Vector: CVSS2#AV:N/AC:L/Au:S/C:C/I:C/A:C

CVSS Score Source: CVE-2022-0435

CVSS v3

Risk Factor: High

Base Score: 8.8

Temporal Score: 8.4

Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Temporal Vector: CVSS:3.0/E:H/RL:O/RC:C

Vulnerability Information

CPE: p-cpe:/a:zte:cgsl_main:kernel, cpe:/o:zte:cgsl_main:6, p-cpe:/a:zte:cgsl_main:kernel-modules, p-cpe:/a:zte:cgsl_main:kata-linux-container, p-cpe:/a:zte:cgsl_main:kernel-devel, p-cpe:/a:zte:cgsl_main:kernel-headers, p-cpe:/a:zte:cgsl_main:kernel-tools, p-cpe:/a:zte:cgsl_main:kernel-tools-libs, p-cpe:/a:zte:cgsl_main:perf, p-cpe:/a:zte:cgsl_main:bpftool, p-cpe:/a:zte:cgsl_main:kernel-core, p-cpe:/a:zte:cgsl_main:kernel-modules-extra, p-cpe:/a:zte:cgsl_main:python3-perf

Required KB Items: Host/local_checks_enabled, Host/cpu, Host/ZTE-CGSL/release, Host/ZTE-CGSL/rpm-list

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 9/30/2025

Vulnerability Publication Date: 7/21/2021

CISA Known Exploited Vulnerability Due Dates: 5/2/2022, 5/16/2022, 9/11/2024

Reference Information

CVE: CVE-2020-36516, CVE-2021-22600, CVE-2021-4135, CVE-2021-4197, CVE-2021-4204, CVE-2021-44879, CVE-2021-45402, CVE-2022-0185, CVE-2022-0330, CVE-2022-0435, CVE-2022-0492, CVE-2022-0847, CVE-2022-1011, CVE-2022-1016, CVE-2022-22942, CVE-2022-23222, CVE-2022-24448, CVE-2022-25636, CVE-2022-27666, CVE-2022-45919