NewStart CGSL MAIN 6.02 : kernel Multiple Vulnerabilities (NS-SA-2024-0056)

high Nessus Plugin ID 206835

Synopsis

The remote NewStart CGSL host is affected by multiple vulnerabilities.

Description

The remote NewStart CGSL host, running version MAIN 6.02, has kernel packages installed that are affected by multiple vulnerabilities:

- A flaw was found in the Linux kernel. An integer overflow in the firmware for some Intel(R) Graphics Drivers may allow a privileged user to potentially enable an escalation of privilege via local access. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability. (CVE-2020-12362)

- A use-after-free flaw was found in usb_sg_cancel in drivers/usb/core/message.c in the USB core subsystem.
This flaw allows a local attacker with a special user or root privileges to crash the system due to a race problem in the scatter-gather cancellation and transfer completion in usb_sg_wait. This vulnerability can also lead to a leak of internal kernel information. (CVE-2020-12464)

- A flaw was found in the Linux kernels implementation of wifi fragmentation handling. An attacker with the ability to transmit within the wireless transmission range of an access point can abuse a flaw where previous contents of wifi fragments can be unintentionally transmitted to another device. (CVE-2020-24586)

- A flaw was found in the Linux kernel's WiFi implementation. An attacker within the wireless range can abuse a logic flaw in the WiFi implementation by reassembling packets from multiple fragments under different keys, treating them as valid. This flaw allows an attacker to send a fragment under an incorrect key, treating them as a valid fragment under the new key. The highest threat from this vulnerability is to confidentiality. (CVE-2020-24587)

- A flaw was found in the Linux kernels wifi implementation. An attacker within wireless broadcast range can inject custom data into the wireless communication circumventing checks on the data. This can cause the frame to pass checks and be considered a valid frame of a different type. (CVE-2020-24588)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

Solution

Upgrade the vulnerable CGSL kernel packages. Note that updated packages may not be available yet. Please contact ZTE for more information.

Plugin Details

Severity: High

ID: 206835

File Name: newstart_cgsl_NS-SA-2024-0056_kernel.nasl

Version: 1.1

Type: local

Family: NewStart CGSL Local Security Checks

Published: 9/10/2024

Updated: 9/10/2024

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 6.7

CVSS v2

Risk Factor: High

Base Score: 7.2

Temporal Score: 5.6

Vector: CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C

CVSS Score Source: CVE-2020-36158

CVSS v3

Risk Factor: High

Base Score: 7.8

Temporal Score: 7

Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Temporal Vector: CVSS:3.0/E:P/RL:O/RC:C

CVSS Score Source: CVE-2023-4921

Vulnerability Information

CPE: p-cpe:/a:zte:cgsl_main:bpftool, p-cpe:/a:zte:cgsl_main:kernel-tools, p-cpe:/a:zte:cgsl_main:perf, cpe:/o:zte:cgsl_main:6, p-cpe:/a:zte:cgsl_main:kernel-headers, p-cpe:/a:zte:cgsl_main:kernel, p-cpe:/a:zte:cgsl_main:kernel-tools-libs, p-cpe:/a:zte:cgsl_main:kernel-devel, p-cpe:/a:zte:cgsl_main:kernel-core, p-cpe:/a:zte:cgsl_main:kernel-modules, p-cpe:/a:zte:cgsl_main:python3-perf, p-cpe:/a:zte:cgsl_main:kernel-modules-extra

Required KB Items: Host/local_checks_enabled, Host/cpu, Host/ZTE-CGSL/release, Host/ZTE-CGSL/rpm-list

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 9/3/2024

Vulnerability Publication Date: 4/29/2020

Reference Information

CVE: CVE-2020-12362, CVE-2020-12464, CVE-2020-24586, CVE-2020-24587, CVE-2020-24588, CVE-2020-25670, CVE-2020-25671, CVE-2020-26139, CVE-2020-26141, CVE-2020-26143, CVE-2020-26144, CVE-2020-26145, CVE-2020-26147, CVE-2020-29660, CVE-2020-36158, CVE-2021-20194, CVE-2021-23134, CVE-2021-28971, CVE-2021-29650, CVE-2021-31829, CVE-2021-3564, CVE-2021-3573, CVE-2021-3600, CVE-2021-3679, CVE-2021-3732, CVE-2023-1206, CVE-2023-2860, CVE-2023-3358, CVE-2023-35827, CVE-2023-3609, CVE-2023-3611, CVE-2023-3776, CVE-2023-3812, CVE-2023-3863, CVE-2023-39193, CVE-2023-4004, CVE-2023-40283, CVE-2023-4128, CVE-2023-4132, CVE-2023-4206, CVE-2023-4207, CVE-2023-4208, CVE-2023-4387, CVE-2023-4459, CVE-2023-4622, CVE-2023-4921

Detections

Analytics