EulerOS 2.0 SP10 : kernel (EulerOS-SA-2024-2888)

high Nessus Plugin ID 210643

Synopsis

The remote EulerOS host is missing multiple security updates.

Description

According to the versions of the kernel packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities :

scsi: qedi: Fix crash while reading debugfs attribute(CVE-2024-40978)

drm/ nouveau/dispnv04: fix null pointer dereference in nv17_tv_get_ld_modes(CVE-2024-41095)

drm/ nouveau/debugfs: fix file release memory leak(CVE-2021-47423)

USB: serial: mos7840: fix crash on resume(CVE-2024-42244)

NFSD: Fix ia_size underflow(CVE-2022-48828)

xhci: Fix command ring pointer corruption while aborting a command(CVE-2021-47434)

ata: libata-core: Fix double free on error(CVE-2024-41087)

xfs: add bounds checking to xlog_recover_process_data(CVE-2024-41014)

ftruncate: pass a signed offset(CVE-2024-42084)

ext4: check dot and dotdot of dx_root before making dir indexed(CVE-2024-42305)

ext4: make sure the first directory block is not a hole(CVE-2024-42304)

leds: trigger: Unregister sysfs attributes before calling deactivate()(CVE-2024-43830)

Revert 'mm/writeback: fix possible divide-by-zero in wb_dirty_limits(), again'(CVE-2024-42102)

filelock: Remove locks reliably when fcntl/close race is detected(CVE-2024-41012)

filelock: Fix fcntl/close race recovery compat path(CVE-2024-41020)

protect the fetch of -fd[fd] in do_dup2() from mispredictions(CVE-2024-42265)

scsi: qla2xxx: During vport delete send async logout explicitly(CVE-2024-42289)

exec: Fix ToCToU between perm check and set-uid/gid usage(CVE-2024-43882)

tracing: Fix overflow in get_free_elt()(CVE-2024-43890)

USB: core: Fix duplicate endpoint bug by clearing reserved bits in the descriptor(CVE-2024-41035)

xhci: Fix null pointer dereference when host dies(CVE-2023-52898)

mm: avoid overflows in dirty throttling logic(CVE-2024-42131)

kobject_uevent: Fix OOB access within zap_modalias_env()(CVE-2024-42292)

sysctl: always initialize i_uid/i_gid(CVE-2024-42312)

scsi: qla2xxx: validate nvme_local_port correctly(CVE-2024-42286)

serial: core: check uartclk for zero to avoid divide by zero(CVE-2024-43893)

tty: n_gsm: require CAP_NET_ADMIN to attach N_GSM0710 ldisc(CVE-2023-52880)

memcg: protect concurrent access to mem_cgroup_idr(CVE-2024-43892)

dma: fix call order in dmam_free_coherent(CVE-2024-43856)

drm/ nouveau: fix off by one in BIOS boundary checking(CVE-2022-48732)

IB/core: Implement a limit on UMAD receive List(CVE-2024-42145)

drm/virtio: Fix GEM handle creation UAF(CVE-2022-48899)

cgroup/cpuset: Prevent UAF in proc_cpuset_show()(CVE-2024-43853)

net: usb: qmi_wwan: fix memory leak for not ip packets(CVE-2024-43861)

md/raid5: avoid BUG_ON() while continue reshape after reassembling(CVE-2024-43914)

netfilter: ctnetlink: use helper function to calculate expect ID(CVE-2024-44944)

RDMA/iwcm: Fix a use-after-free related to destroying CM IDs(CVE-2024-42285)

KVM: x86/mmu: make apf token non-zero to fix bug(CVE-2022-48943)

efi: fix NULL-deref in init error path(CVE-2022-48879)

nvme-rdma: fix possible use-after-free in transport error_recovery work(CVE-2022-48788)

devres: Fix memory leakage caused by driver API devm_free_percpu()(CVE-2024-43871)

netfilter: nf_tables: fully validate NFT_DATA_VALUE on store to data registers(CVE-2024-42070)

xfrm6: check ip6_dst_idev() return value in xfrm6_get_saddr()(CVE-2024-40959)

xhci: Fix Panther point NULL pointer deref at full-speed re-enumeration(CVE-2024-45006)

tcp_metrics: validate source addr length(CVE-2024-42154)

inet: inet_defrag: prevent sk release while still in use(CVE-2024-26921)

net: hns3: do not allow call hns3_nic_net_open repeatedly(CVE-2021-47400)

net/ipv6: avoid possible UAF in ip6_route_mpath_notify()(CVE-2024-26852)

ipv6: prevent UAF in ip6_send_skb()(CVE-2024-44987)

sch/ netem: fix use after free in netem_dequeue(CVE-2024-46800)

Tenable has extracted the preceding description block directly from the EulerOS kernel security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

Solution

Update the affected kernel packages.

See Also

http://www.nessus.org/u?b74d2ddd

Plugin Details

Severity: High

ID: 210643

File Name: EulerOS_SA-2024-2888.nasl

Version: 1.1

Type: local

Published: 11/8/2024

Updated: 11/8/2024

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: High

Score: 7.4

CVSS v2

Risk Factor: Medium

Base Score: 6.8

Temporal Score: 5.3

Vector: CVSS2#AV:L/AC:L/Au:S/C:C/I:C/A:C

CVSS Score Source: CVE-2024-46800

CVSS v3

Risk Factor: High

Base Score: 7.8

Temporal Score: 7

Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Temporal Vector: CVSS:3.0/E:P/RL:O/RC:C

Vulnerability Information

CPE: p-cpe:/a:huawei:euleros:kernel-tools-libs, p-cpe:/a:huawei:euleros:kernel-tools, p-cpe:/a:huawei:euleros:python3-perf, p-cpe:/a:huawei:euleros:kernel, p-cpe:/a:huawei:euleros:kernel-abi-stablelists, cpe:/o:huawei:euleros:2.0

Required KB Items: Host/local_checks_enabled, Host/cpu, Host/EulerOS/release, Host/EulerOS/rpm-list, Host/EulerOS/sp

Excluded KB Items: Host/EulerOS/uvp_version

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 11/8/2024

Vulnerability Publication Date: 3/7/2022

Reference Information

CVE: CVE-2021-47400, CVE-2021-47423, CVE-2021-47434, CVE-2022-48732, CVE-2022-48788, CVE-2022-48828, CVE-2022-48879, CVE-2022-48899, CVE-2022-48943, CVE-2023-52880, CVE-2023-52898, CVE-2024-26852, CVE-2024-26921, CVE-2024-40959, CVE-2024-40978, CVE-2024-41012, CVE-2024-41014, CVE-2024-41020, CVE-2024-41035, CVE-2024-41087, CVE-2024-41095, CVE-2024-42070, CVE-2024-42084, CVE-2024-42102, CVE-2024-42131, CVE-2024-42145, CVE-2024-42154, CVE-2024-42244, CVE-2024-42265, CVE-2024-42285, CVE-2024-42286, CVE-2024-42289, CVE-2024-42292, CVE-2024-42304, CVE-2024-42305, CVE-2024-42312, CVE-2024-43830, CVE-2024-43853, CVE-2024-43856, CVE-2024-43861, CVE-2024-43871, CVE-2024-43882, CVE-2024-43890, CVE-2024-43892, CVE-2024-43893, CVE-2024-43914, CVE-2024-44944, CVE-2024-44987, CVE-2024-45006, CVE-2024-46800