NewStart CGSL MAIN 4.05 : kernel Multiple Vulnerabilities (NS-SA-2022-0002)

high Nessus Plugin ID 160830

Synopsis

The remote NewStart CGSL host is affected by multiple vulnerabilities.

Description

The remote NewStart CGSL host, running version MAIN 4.05, has kernel packages installed that are affected by multiple vulnerabilities:

- The Linux kernel before 5.1-rc5 allows page->_refcount reference count overflow, with resultant use-after- free issues, if about 140 GiB of RAM exists. This is related to fs/fuse/dev.c, fs/pipe.c, fs/splice.c, include/linux/mm.h, include/linux/pipe_fs_i.h, kernel/trace/trace.c, mm/gup.c, and mm/hugetlb.c. It can occur with FUSE requests. (CVE-2019-11487)

- rtl_p2p_noa_ie in drivers/net/wireless/realtek/rtlwifi/ps.c in the Linux kernel through 5.3.6 lacks a certain upper-bound check, leading to a buffer overflow. (CVE-2019-17666)

- A locking issue was discovered in the tty subsystem of the Linux kernel through 5.9.13.
drivers/tty/tty_jobctrl.c allows a use-after-free attack against TIOCSPGRP, aka CID-54ffccbf053b.
(CVE-2020-29661)

- An issue was discovered in the Linux kernel through 5.11.3. drivers/scsi/scsi_transport_iscsi.c is adversely affected by the ability of an unprivileged user to craft Netlink messages. (CVE-2021-27364)

- An issue was discovered in the Linux kernel through 5.11.3. Certain iSCSI data structures do not have appropriate length constraints or checks, and can exceed the PAGE_SIZE value. An unprivileged user can send a Netlink message that is associated with iSCSI, and has a length up to the maximum length of a Netlink message. (CVE-2021-27365)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

Solution

Upgrade the vulnerable CGSL kernel packages. Note that updated packages may not be available yet. Please contact ZTE for more information.

See Also

http://security.gd-linux.com/notice/NS-SA-2022-0002

http://security.gd-linux.com/info/CVE-2019-11487

http://security.gd-linux.com/info/CVE-2019-17666

http://security.gd-linux.com/info/CVE-2020-29661

http://security.gd-linux.com/info/CVE-2021-27364

http://security.gd-linux.com/info/CVE-2021-27365

Plugin Details

Severity: High

ID: 160830

File Name: newstart_cgsl_NS-SA-2022-0002_kernel.nasl

Version: 1.3

Type: local

Published: 5/10/2022

Updated: 5/10/2022

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 6.7

CVSS v2

Risk Factor: High

Base Score: 8.3

Temporal Score: 6.5

Vector: CVSS2#AV:A/AC:L/Au:N/C:C/I:C/A:C

CVSS Score Source: CVE-2019-17666

CVSS v3

Risk Factor: High

Base Score: 8.8

Temporal Score: 7.9

Vector: CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Temporal Vector: CVSS:3.0/E:P/RL:O/RC:C

Vulnerability Information

CPE: p-cpe:/a:zte:cgsl_main:python-perf, p-cpe:/a:zte:cgsl_main:kernel-debuginfo, p-cpe:/a:zte:cgsl_main:perf, p-cpe:/a:zte:cgsl_main:kernel-headers, cpe:/o:zte:cgsl_main:4, p-cpe:/a:zte:cgsl_main:kernel, p-cpe:/a:zte:cgsl_main:perf-debuginfo, p-cpe:/a:zte:cgsl_main:kernel-devel, p-cpe:/a:zte:cgsl_main:kernel-debuginfo-common-x86_64, p-cpe:/a:zte:cgsl_main:python-perf-debuginfo

Required KB Items: Host/local_checks_enabled, Host/cpu, Host/ZTE-CGSL/release, Host/ZTE-CGSL/rpm-list

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 5/7/2022

Vulnerability Publication Date: 4/23/2019

Reference Information

CVE: CVE-2019-11487, CVE-2019-17666, CVE-2020-29661, CVE-2021-27364, CVE-2021-27365