Detections
Analytics

NewStart CGSL MAIN 7.02 : kernel-modules-sub Multiple Vulnerabilities (NS-SA-2025-0250)

high Nessus Plugin ID 271290

Synopsis

The remote NewStart CGSL host is affected by multiple vulnerabilities.

Description

The remote NewStart CGSL host, running version MAIN 7.02, has kernel-modules-sub packages installed that are affected by multiple vulnerabilities:

 - BlueZ HID over GATT Profile Improper Access Control Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of BlueZ. Authentication is not required to exploit this vulnerability. The specific flaw exists within the implementation of the HID over GATT Profile. The issue results from the lack of authorization prior to allowing access to functionality. An attacker can leverage this vulnerability to execute code in the context of the current user. Was ZDI-CAN-25177. (CVE-2024-8805)

 - In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Fix slab-use-after- free on hdcp_work [Why] A slab-use-after-free is reported when HDCP is destroyed but the property_validate_dwork queue is still running. [How] Cancel the delayed work when destroying workqueue.
 (cherry picked from commit 725a04ba5a95e89c89633d4322430cfbca7ce128) (CVE-2025-21968)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

Solution

Upgrade the vulnerable CGSL kernel-modules-sub packages. Note that updated packages may not be available yet. Please contact ZTE for more information.

See Also

https://security.gd-linux.com/notice/NS-SA-2025-0250

https://security.gd-linux.com/info/CVE-2024-8805

https://security.gd-linux.com/info/CVE-2025-21968

Plugin Details

Severity: High

ID: 271290

File Name: newstart_cgsl_NS-SA-2025-0250_kernel-modules-sub.nasl

Version: 1.1

Type: local

Published: 10/24/2025

Updated: 10/24/2025

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 6.7

CVSS v2

Risk Factor: High

Base Score: 8.3

Temporal Score: 6.1

Vector: CVSS2#AV:A/AC:L/Au:N/C:C/I:C/A:C

CVSS Score Source: CVE-2024-8805

CVSS v3

Risk Factor: High

Base Score: 8.8

Temporal Score: 7.7

Vector: CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Temporal Vector: CVSS:3.0/E:U/RL:O/RC:C

Vulnerability Information

CPE: p-cpe:/a:zte:cgsl_main:kernel-modules-sub, cpe:/o:zte:cgsl_main:7

Required KB Items: Host/local_checks_enabled, Host/ZTE-CGSL/release, Host/ZTE-CGSL/rpm-list, Host/cpu

Exploit Ease: No known exploits are available

Patch Publication Date: 10/23/2025

Vulnerability Publication Date: 11/22/2024

Reference Information

CVE: CVE-2024-8805, CVE-2025-21968