NewStart CGSL CORE 5.04 / MAIN 5.04 : kernel Multiple Vulnerabilities (NS-SA-2023-0030)

high Nessus Plugin ID 174055

Synopsis

The remote NewStart CGSL host is affected by multiple vulnerabilities.

Description

The remote NewStart CGSL host, running version CORE 5.04 / MAIN 5.04, has kernel packages installed that are affected by multiple vulnerabilities:

- A memory leak problem was found in the TCP source port generation algorithm in net/ipv4/tcp.c due to the small table perturb size. This flaw may allow an attacker to information leak and may cause a denial of service problem. (CVE-2022-1012)

- Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none. (CVE-2022-3542)

- A flaw was found in the Linux kernel's networking code. A use-after-free was found in the way the sch_sfb enqueue function used the socket buffer (SKB) cb field after the same SKB had been enqueued (and freed) into a child qdisc. This flaw allows a local, unprivileged user to crash the system, causing a denial of service. (CVE-2022-3586)

- A vulnerability was found in Linux Kernel. It has been declared as problematic. Affected by this vulnerability is the function intr_callback of the file drivers/net/usb/r8152.c of the component BPF. The manipulation leads to logging of excessive data. The attack can be launched remotely. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-211363.
(CVE-2022-3594)

- roccat_report_event in drivers/hid/hid-roccat.c in the Linux kernel through 5.19.12 has a race condition and resultant use-after-free in certain situations where a report is received while copying a report->value is in progress. (CVE-2022-41850)

- drivers/usb/mon/mon_bin.c in usbmon in the Linux kernel before 5.19.15 and 6.x before 6.0.1 allows a user- space client to corrupt the monitor's internal memory. (CVE-2022-43750)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

Solution

Upgrade the vulnerable CGSL kernel packages. Note that updated packages may not be available yet. Please contact ZTE for more information.

See Also

http://security.gd-linux.com/notice/NS-SA-2023-0030

http://security.gd-linux.com/info/CVE-2022-1012

http://security.gd-linux.com/info/CVE-2022-3542

http://security.gd-linux.com/info/CVE-2022-3586

http://security.gd-linux.com/info/CVE-2022-3594

http://security.gd-linux.com/info/CVE-2022-41850

http://security.gd-linux.com/info/CVE-2022-43750

Plugin Details

Severity: High

ID: 174055

File Name: newstart_cgsl_NS-SA-2023-0030_kernel.nasl

Version: 1.1

Type: local

Published: 4/11/2023

Updated: 12/27/2023

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 5.9

CVSS v2

Risk Factor: High

Base Score: 8.5

Temporal Score: 6.3

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:C

CVSS Score Source: CVE-2022-1012

CVSS v3

Risk Factor: High

Base Score: 8.2

Temporal Score: 7.1

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H

Temporal Vector: CVSS:3.0/E:U/RL:O/RC:C

Vulnerability Information

CPE: p-cpe:/a:zte:cgsl_core:kernel-tools-libs, p-cpe:/a:zte:cgsl_main:kernel-debuginfo, p-cpe:/a:zte:cgsl_main:perf, p-cpe:/a:zte:cgsl_core:kernel-debug-devel, p-cpe:/a:zte:cgsl_core:kernel-tools-libs-devel, cpe:/o:zte:cgsl_main:5, p-cpe:/a:zte:cgsl_core:kernel-tools, p-cpe:/a:zte:cgsl_main:kernel, cpe:/o:zte:cgsl_core:5, p-cpe:/a:zte:cgsl_core:perf, p-cpe:/a:zte:cgsl_main:kernel-debug-devel, p-cpe:/a:zte:cgsl_core:kernel-debuginfo-common-x86_64, p-cpe:/a:zte:cgsl_main:python-perf-debuginfo, p-cpe:/a:zte:cgsl_core:kernel-debug-modules, p-cpe:/a:zte:cgsl_main:kernel-debug-debuginfo, p-cpe:/a:zte:cgsl_core:kernel-sign-keys, p-cpe:/a:zte:cgsl_core:kernel-debug-core, p-cpe:/a:zte:cgsl_core:kernel-tools-debuginfo, p-cpe:/a:zte:cgsl_core:kernel-core, p-cpe:/a:zte:cgsl_main:kernel-tools-libs-devel, p-cpe:/a:zte:cgsl_core:kernel-debug-debuginfo, p-cpe:/a:zte:cgsl_main:kernel-tools-debuginfo, p-cpe:/a:zte:cgsl_core:kernel-abi-whitelists, p-cpe:/a:zte:cgsl_core:kernel-debuginfo, p-cpe:/a:zte:cgsl_main:kernel-tools-libs, p-cpe:/a:zte:cgsl_core:kernel-devel, p-cpe:/a:zte:cgsl_core:kernel-headers, p-cpe:/a:zte:cgsl_main:kernel-sign-keys, p-cpe:/a:zte:cgsl_main:kernel-debug, p-cpe:/a:zte:cgsl_main:python-perf, p-cpe:/a:zte:cgsl_main:kernel-tools, p-cpe:/a:zte:cgsl_main:kernel-headers, p-cpe:/a:zte:cgsl_core:perf-debuginfo, p-cpe:/a:zte:cgsl_main:perf-debuginfo, p-cpe:/a:zte:cgsl_core:kernel, p-cpe:/a:zte:cgsl_core:kernel-modules, p-cpe:/a:zte:cgsl_main:kernel-devel, p-cpe:/a:zte:cgsl_main:kernel-debuginfo-common-x86_64, p-cpe:/a:zte:cgsl_main:kernel-abi-whitelists, p-cpe:/a:zte:cgsl_core:python-perf, p-cpe:/a:zte:cgsl_core:python-perf-debuginfo

Required KB Items: Host/local_checks_enabled, Host/ZTE-CGSL/release, Host/ZTE-CGSL/rpm-list, Host/cpu

Exploit Ease: No known exploits are available

Patch Publication Date: 4/11/2023

Vulnerability Publication Date: 6/30/2022

Reference Information

CVE: CVE-2022-1012, CVE-2022-3542, CVE-2022-3586, CVE-2022-3594, CVE-2022-41850, CVE-2022-43750