NewStart CGSL MAIN 6.02 : kernel Multiple Vulnerabilities (NS-SA-2024-0056)

critical Nessus Plugin ID 206835

Synopsis

The remote NewStart CGSL host is affected by multiple vulnerabilities.

Description

The remote NewStart CGSL host, running version MAIN 6.02, has kernel packages installed that are affected by multiple vulnerabilities:

- A flaw was found in the Linux kernel. An integer overflow in the firmware for some Intel(R) Graphics Drivers may allow a privileged user to potentially enable an escalation of privilege via local access. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability. (CVE-2020-12362)

- A use-after-free flaw was found in usb_sg_cancel in drivers/usb/core/message.c in the USB core subsystem.
This flaw allows a local attacker with a special user or root privileges to crash the system due to a race problem in the scatter-gather cancellation and transfer completion in usb_sg_wait. This vulnerability can also lead to a leak of internal kernel information. (CVE-2020-12464)

- A flaw was found in the Linux kernels implementation of wifi fragmentation handling. An attacker with the ability to transmit within the wireless transmission range of an access point can abuse a flaw where previous contents of wifi fragments can be unintentionally transmitted to another device. (CVE-2020-24586)

- A flaw was found in the Linux kernel's WiFi implementation. An attacker within the wireless range can abuse a logic flaw in the WiFi implementation by reassembling packets from multiple fragments under different keys, treating them as valid. This flaw allows an attacker to send a fragment under an incorrect key, treating them as a valid fragment under the new key. The highest threat from this vulnerability is to confidentiality. (CVE-2020-24587)

- A flaw was found in the Linux kernels wifi implementation. An attacker within wireless broadcast range can inject custom data into the wireless communication circumventing checks on the data. This can cause the frame to pass checks and be considered a valid frame of a different type. (CVE-2020-24588)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

Solution

Upgrade the vulnerable CGSL kernel packages. Note that updated packages may not be available yet. Please contact ZTE for more information.

See Also

https://security.gd-linux.com/notice/NS-SA-2024-0056

https://security.gd-linux.com/info/CVE-2020-12362

https://security.gd-linux.com/info/CVE-2020-12464

https://security.gd-linux.com/info/CVE-2020-24586

https://security.gd-linux.com/info/CVE-2020-24587

https://security.gd-linux.com/info/CVE-2020-24588

https://security.gd-linux.com/info/CVE-2020-25670

https://security.gd-linux.com/info/CVE-2020-25671

https://security.gd-linux.com/info/CVE-2020-26139

https://security.gd-linux.com/info/CVE-2020-26141

https://security.gd-linux.com/info/CVE-2020-26143

https://security.gd-linux.com/info/CVE-2020-26144

https://security.gd-linux.com/info/CVE-2020-26145

https://security.gd-linux.com/info/CVE-2020-26147

https://security.gd-linux.com/info/CVE-2020-29660

https://security.gd-linux.com/info/CVE-2020-36158

https://security.gd-linux.com/info/CVE-2021-20194

https://security.gd-linux.com/info/CVE-2021-23134

https://security.gd-linux.com/info/CVE-2021-28971

https://security.gd-linux.com/info/CVE-2021-29650

https://security.gd-linux.com/info/CVE-2021-31829

https://security.gd-linux.com/info/CVE-2021-3564

https://security.gd-linux.com/info/CVE-2021-3573

https://security.gd-linux.com/info/CVE-2021-3600

https://security.gd-linux.com/info/CVE-2021-3679

https://security.gd-linux.com/info/CVE-2021-3732

https://security.gd-linux.com/info/CVE-2023-1206

https://security.gd-linux.com/info/CVE-2023-2860

https://security.gd-linux.com/info/CVE-2023-3358

https://security.gd-linux.com/info/CVE-2023-35827

https://security.gd-linux.com/info/CVE-2023-3609

https://security.gd-linux.com/info/CVE-2023-3611

https://security.gd-linux.com/info/CVE-2023-3776

https://security.gd-linux.com/info/CVE-2023-3812

https://security.gd-linux.com/info/CVE-2023-3863

https://security.gd-linux.com/info/CVE-2023-39193

https://security.gd-linux.com/info/CVE-2023-4004

https://security.gd-linux.com/info/CVE-2023-40283

https://security.gd-linux.com/info/CVE-2023-4128

https://security.gd-linux.com/info/CVE-2023-4132

https://security.gd-linux.com/info/CVE-2023-4206

https://security.gd-linux.com/info/CVE-2023-4207

https://security.gd-linux.com/info/CVE-2023-4208

https://security.gd-linux.com/info/CVE-2023-4387

https://security.gd-linux.com/info/CVE-2023-4459

https://security.gd-linux.com/info/CVE-2023-4622

https://security.gd-linux.com/info/CVE-2023-4921

Plugin Details

Severity: Critical

ID: 206835

File Name: newstart_cgsl_NS-SA-2024-0056_kernel.nasl

Version: 1.2

Type: local

Published: 9/10/2024

Updated: 9/18/2024

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 6.7

CVSS v2

Risk Factor: High

Base Score: 7.2

Temporal Score: 5.6

Vector: CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C

CVSS Score Source: CVE-2020-36158

CVSS v3

Risk Factor: High

Base Score: 7.8

Temporal Score: 7

Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Temporal Vector: CVSS:3.0/E:P/RL:O/RC:C

CVSS Score Source: CVE-2023-4921

CVSS v4

Risk Factor: Critical

Base Score: 9.3

Threat Score: 8.5

Threat Vector: CVSS:4.0/E:P

Vector: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H

CVSS Score Source: CVE-2023-4004

Vulnerability Information

CPE: p-cpe:/a:zte:cgsl_main:kernel-tools-libs, p-cpe:/a:zte:cgsl_main:bpftool, p-cpe:/a:zte:cgsl_main:kernel-headers, p-cpe:/a:zte:cgsl_main:kernel, p-cpe:/a:zte:cgsl_main:kernel-modules-extra, cpe:/o:zte:cgsl_main:6, p-cpe:/a:zte:cgsl_main:kernel-modules, p-cpe:/a:zte:cgsl_main:kernel-tools, p-cpe:/a:zte:cgsl_main:python3-perf, p-cpe:/a:zte:cgsl_main:perf, p-cpe:/a:zte:cgsl_main:kernel-devel, p-cpe:/a:zte:cgsl_main:kernel-core

Required KB Items: Host/local_checks_enabled, Host/ZTE-CGSL/release, Host/ZTE-CGSL/rpm-list, Host/cpu

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 9/3/2024

Vulnerability Publication Date: 4/29/2020

Reference Information

CVE: CVE-2020-12362, CVE-2020-12464, CVE-2020-24586, CVE-2020-24587, CVE-2020-24588, CVE-2020-25670, CVE-2020-25671, CVE-2020-26139, CVE-2020-26141, CVE-2020-26143, CVE-2020-26144, CVE-2020-26145, CVE-2020-26147, CVE-2020-29660, CVE-2020-36158, CVE-2021-20194, CVE-2021-23134, CVE-2021-28971, CVE-2021-29650, CVE-2021-31829, CVE-2021-3564, CVE-2021-3573, CVE-2021-3600, CVE-2021-3679, CVE-2021-3732, CVE-2023-1206, CVE-2023-2860, CVE-2023-3358, CVE-2023-35827, CVE-2023-3609, CVE-2023-3611, CVE-2023-3776, CVE-2023-3812, CVE-2023-3863, CVE-2023-39193, CVE-2023-4004, CVE-2023-40283, CVE-2023-4128, CVE-2023-4132, CVE-2023-4206, CVE-2023-4207, CVE-2023-4208, CVE-2023-4387, CVE-2023-4459, CVE-2023-4622, CVE-2023-4921