EulerOS 2.0 SP9 : kernel (EulerOS-SA-2024-2832)

high Nessus Plugin ID 210654

Synopsis

The remote EulerOS host is missing multiple security updates.

Description

According to the versions of the kernel packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities :

media: dvbdev: Fix memory leak in dvb_media_device_free()(CVE-2020-36777)

Drivers: hv: vmbus: Use after free in __vmbus_open()(CVE-2021-47049)

KVM: PPC: Fix kvm_arch_vcpu_ioctl vcpu_load leak(CVE-2021-47296)

nvme-rdma: destroy cm id before destroy qp to avoid use after free(CVE-2021-47378)

tty: Fix out-of-bound vmalloc access in imageblit(CVE-2021-47383)

kernel:RDMA/cma: Ensure rdma_addr_cancel() happens before issuing more requests(CVE-2021-47391)

kernel: netfilter: conntrack: serialize hash resizes and cleanups(CVE-2021-47408)

mISDN: Fix memory leak in dsp_pipeline_build()(CVE-2022-48863)

netfilter: fix use-after-free in __nf_register_net_hook()(CVE-2022-48912)

thermal: int340x: fix memory leak in int3400_notify()(CVE-2022-48924)

RDMA/ib_srp: Fix a deadlock(CVE-2022-48930)

KVM: x86/mmu: make apf token non-zero to fix bug(CVE-2022-48943)

SUNRPC: Fix UAF in svc_tcp_listen_data_ready()(CVE-2023-52885)

xhci: Fix null pointer dereference when host dies(CVE-2023-52898)

media: dvb-usb-v2: af9035: Fix null-ptr-deref in af9035_i2c_master_xfer(CVE-2023-52915)

A race condition was found in the Linux kernel's media/xc4000 device driver in xc4000 xc4000_get_frequency() function. This can result in return value overflow issue, possibly leading to malfunction or denial of service issue.(CVE-2024-24861)

create_empty_lvol in drivers/mtd/ubi/vtbl.c in the Linux kernel through 6.7.4 can attempt to allocate zero bytes, and crash, because of a missing check for ubi-leb_size.(CVE-2024-25739)

kernel:kprobes: Fix possible use-after-free issue on kprobe registration(CVE-2024-35955)

enic: Validate length of nl attributes in enic_set_vf_port(CVE-2024-38659)

HID: core: remove unnecessary WARN_ON() in implement()(CVE-2024-39509)

KVM: Fix a data race on last_boosted_vcpu in kvm_vcpu_on_spin()(CVE-2024-40953)

xfrm6: check ip6_dst_idev() return value in xfrm6_get_saddr()(CVE-2024-40959)

filelock: Remove locks reliably when fcntl/close race is detected(CVE-2024-41012)

xfs: add bounds checking to xlog_recover_process_data(CVE-2024-41014)

filelock: Fix fcntl/close race recovery compat path(CVE-2024-41020)

USB: core: Fix duplicate endpoint bug by clearing reserved bits in the descriptor(CVE-2024-41035)

udp: Set SOCK_RCU_FREE earlier in udp_lib_get_port().(CVE-2024-41041)

ppp: reject claimed-as-LCP but actually malformed packets(CVE-2024-41044)

ASoC: topology: Fix references to freed memory(CVE-2024-41069)

ata: libata-core: Fix double free on error(CVE-2024-41087)

tap: add missing verification for short frame(CVE-2024-41090)

tun: add missing verification for short frame(CVE-2024-41091)

netfilter: nf_tables: fully validate NFT_DATA_VALUE on store to data registers(CVE-2024-42070)

ftruncate: pass a signed offset(CVE-2024-42084)

x86: stop playing stack games in profile_pc()(CVE-2024-42096)

Revert 'mm/writeback: fix possible divide-by-zero in wb_dirty_limits(), again'(CVE-2024-42102)

mm: avoid overflows in dirty throttling logic(CVE-2024-42131)

IB/core: Implement a limit on UMAD receive List(CVE-2024-42145)

bnx2x: Fix multiple UBSAN array-index-out-of-bounds(CVE-2024-42148)

tcp_metrics: validate source addr length(CVE-2024-42154)

media: dvb-frontends: tda10048: Fix integer overflow(CVE-2024-42223)

crypto: aead,cipher - zeroize key buffer after use(CVE-2024-42229)

libceph: fix race between delayed_work() and ceph_monc_stop()(CVE-2024-42232)

USB: serial: mos7840: fix crash on resume(CVE-2024-42244)

protect the fetch of -fd[fd] in do_dup2() from mispredictions(CVE-2024-42265)

mISDN: Fix a use after free in hfcmulti_tx()(CVE-2024-42280)

tipc: Return non-zero value from tipc_udp_addr2str() on error(CVE-2024-42284)

RDMA/iwcm: Fix a use-after-free related to destroying CM IDs(CVE-2024-42285)

scsi: qla2xxx: validate nvme_local_port correctly(CVE-2024-42286)

scsi: qla2xxx: Fix for possible memory corruption(CVE-2024-42288)

scsi: qla2xxx: During vport delete send async logout explicitly(CVE-2024-42289)

kobject_uevent: Fix OOB access within zap_modalias_env()(CVE-2024-42292)

dev/parport: fix the array out-of-bounds risk(CVE-2024-42301)

ext4: check dot and dotdot of dx_root before making dir indexed(CVE-2024-42305)

sysctl: always initialize i_uid/i_gid(CVE-2024-42312)

cgroup/cpuset: Prevent UAF in proc_cpuset_show()(CVE-2024-43853)

dma: fix call order in dmam_free_coherent(CVE-2024-43856)

devres: Fix memory leakage caused by driver API devm_free_percpu()(CVE-2024-43871)

exec: Fix ToCToU between perm check and set-uid/gid usage(CVE-2024-43882)

tracing: Fix overflow in get_free_elt()(CVE-2024-43890)

memcg: protect concurrent access to mem_cgroup_idr(CVE-2024-43892)

serial: core: check uartclk for zero to avoid divide by zero(CVE-2024-43893)

media: xc2028: avoid use-after-free in load_firmware_cb()(CVE-2024-43900)

md/raid5: avoid BUG_ON() while continue reshape after reassembling(CVE-2024-43914)

x86/mtrr: Check if fixed MTRRs exist before saving them(CVE-2024-44948)

ipv6: prevent UAF in ip6_send_skb()(CVE-2024-44987)

xhci: Fix Panther point NULL pointer deref at full-speed re-enumeration(CVE-2024-45006)

VMCI: Fix use-after-free when removing resource in vmci_resource_remove()(CVE-2024-46738)

sch/ netem: fix use after free in netem_dequeue(CVE-2024-46800)

Tenable has extracted the preceding description block directly from the EulerOS kernel security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

Solution

Update the affected kernel packages.

See Also

http://www.nessus.org/u?1878344c

Plugin Details

Severity: High

ID: 210654

File Name: EulerOS_SA-2024-2832.nasl

Version: 1.1

Type: local

Published: 11/8/2024

Updated: 11/8/2024

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: High

Score: 7.4

CVSS v2

Risk Factor: Medium

Base Score: 6.8

Temporal Score: 5.3

Vector: CVSS2#AV:L/AC:L/Au:S/C:C/I:C/A:C

CVSS Score Source: CVE-2024-46800

CVSS v3

Risk Factor: High

Base Score: 7.8

Temporal Score: 7

Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Temporal Vector: CVSS:3.0/E:P/RL:O/RC:C

Vulnerability Information

CPE: p-cpe:/a:huawei:euleros:kernel-tools-libs, p-cpe:/a:huawei:euleros:kernel-tools, p-cpe:/a:huawei:euleros:python3-perf, p-cpe:/a:huawei:euleros:kernel, cpe:/o:huawei:euleros:2.0

Required KB Items: Host/local_checks_enabled, Host/cpu, Host/EulerOS/release, Host/EulerOS/rpm-list, Host/EulerOS/sp

Excluded KB Items: Host/EulerOS/uvp_version

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 11/8/2024

Vulnerability Publication Date: 4/4/2022

Reference Information

CVE: CVE-2020-36777, CVE-2021-47049, CVE-2021-47296, CVE-2021-47378, CVE-2021-47383, CVE-2021-47391, CVE-2021-47408, CVE-2022-48863, CVE-2022-48912, CVE-2022-48924, CVE-2022-48930, CVE-2022-48943, CVE-2023-52885, CVE-2023-52898, CVE-2023-52915, CVE-2024-24861, CVE-2024-25739, CVE-2024-35955, CVE-2024-38659, CVE-2024-39509, CVE-2024-40953, CVE-2024-40959, CVE-2024-41012, CVE-2024-41014, CVE-2024-41020, CVE-2024-41035, CVE-2024-41041, CVE-2024-41044, CVE-2024-41069, CVE-2024-41087, CVE-2024-41090, CVE-2024-41091, CVE-2024-42070, CVE-2024-42084, CVE-2024-42096, CVE-2024-42102, CVE-2024-42131, CVE-2024-42145, CVE-2024-42148, CVE-2024-42154, CVE-2024-42223, CVE-2024-42229, CVE-2024-42232, CVE-2024-42244, CVE-2024-42265, CVE-2024-42280, CVE-2024-42284, CVE-2024-42285, CVE-2024-42286, CVE-2024-42288, CVE-2024-42289, CVE-2024-42292, CVE-2024-42301, CVE-2024-42305, CVE-2024-42312, CVE-2024-43853, CVE-2024-43856, CVE-2024-43871, CVE-2024-43882, CVE-2024-43890, CVE-2024-43892, CVE-2024-43893, CVE-2024-43900, CVE-2024-43914, CVE-2024-44948, CVE-2024-44987, CVE-2024-45006, CVE-2024-46738, CVE-2024-46800