Detections
Analytics

EulerOS 2.0 SP12 : kernel (EulerOS-SA-2024-2923)

high Nessus Plugin ID 211811

Synopsis

The remote EulerOS host is missing multiple security updates.

Description

According to the versions of the kernel packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities :

 RDMA/ib_srp: Fix a deadlock(CVE-2022-48930)

 netfilter: fix use-after-free in __nf_register_net_hook()(CVE-2022-48912)

 protect the fetch of -fd[fd] in do_dup2() from mispredictions(CVE-2024-42265)

 io_uring: add a schedule point in io_add_buffers()(CVE-2022-48937)

 ext4: check dot and dotdot of dx_root before making dir indexed(CVE-2024-42305)

 netfilter: nf_queue: fix possible use-after-free(CVE-2022-48911)

 cgroup/cpuset: Prevent UAF in proc_cpuset_show()(CVE-2024-43853)

 net: ipv6: ensure we call ipv6_mc_down() at most once(CVE-2022-48910)

 netfilter: nf_tables: fix memory leak during stateful obj update(CVE-2022-48933)

 netfilter: nf_tables: unregister flowtable hooks on netns exit(CVE-2022-48935)

 thermal: int340x: fix memory leak in int3400_notify()(CVE-2022-48924)

 scsi: qla2xxx: During vport delete send async logout explicitly(CVE-2024-42289)

 udf: Avoid using corrupted block bitmap buffer(CVE-2024-42306)

 lib: objagg: Fix general protection fault(CVE-2024-43846)

 net/mlx5: Always drain health in shutdown callback(CVE-2024-43866)

 exec: Fix ToCToU between perm check and set-uid/gid usage(CVE-2024-43882)

 net: usb: qmi_wwan: fix memory leak for not ip packets(CVE-2024-43861)

 io_uring: lock overflowing for IOPOLL(CVE-2023-52903)

 drm/virtio: Fix GEM handle creation UAF(CVE-2022-48899)

 xhci: Fix null pointer dereference when host dies(CVE-2023-52898)

 nvme: fix a possible use-after-free in controller reset during load(CVE-2022-48790)

 drm/ nouveau/dispnv04: fix null pointer dereference in nv17_tv_get_hd_modes(CVE-2024-41089)

 ipvs: properly dereference pe in ip_vs_add_service(CVE-2024-42322)

 bpf, arm64: Fix trampoline for BPF_TRAMP_F_CALL_ORIG(CVE-2024-43840)

 net: flow_dissector: use DEBUG_NET_WARN_ON_ONCE(CVE-2024-42321)

 RDMA/iwcm: Fix a use-after-free related to destroying CM IDs(CVE-2024-42285)

 tipc: Return non-zero value from tipc_udp_addr2str() on error(CVE-2024-42284)

 ext4: fix infinite loop when replaying fast_commit(CVE-2024-43828)

 ext4: make sure the first directory block is not a hole(CVE-2024-42304)

 PCI/DPC: Fix use-after-free on concurrent DPC and hot-removal(CVE-2024-42302)

 net: nexthop: Initialize all fields in dumped nexthops(CVE-2024-42283)

 leds: trigger: Unregister sysfs attributes before calling deactivate()(CVE-2024-43830)

 IB/core: Implement a limit on UMAD receive List(CVE-2024-42145)

 NFSD: Fix ia_size underflow(CVE-2022-48828)

 netfilter: nf_tables: prefer nft_chain_validate(CVE-2024-41042)

 HID: core: remove unnecessary WARN_ON() in implement()(CVE-2024-39509)

 USB: core: Fix duplicate endpoint bug by clearing reserved bits in the descriptor(CVE-2024-41035)

 tty: add the option to have a tty reject a new ldisc(CVE-2024-40966)

 libceph: fix race between delayed_work() and ceph_monc_stop()(CVE-2024-42232)

 ata: libata-core: Fix null pointer dereference on error(CVE-2024-41098)

 USB: serial: mos7840: fix crash on resume(CVE-2024-42244)

 ata: libata-core: Fix double free on error(CVE-2024-41087)

 scsi: mpt3sas: Avoid test/set_bit() operating in non-allocated memory(CVE-2024-40901)

Tenable has extracted the preceding description block directly from the EulerOS kernel security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

Solution

Update the affected kernel packages.

See Also

http://www.nessus.org/u?28cf03a9

Plugin Details

Severity: High

ID: 211811

File Name: EulerOS_SA-2024-2923.nasl

Version: 1.1

Type: local

Published: 11/25/2024

Updated: 11/25/2024

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 6.7

CVSS v2

Risk Factor: Medium

Base Score: 6.8

Temporal Score: 5

Vector: CVSS2#AV:L/AC:L/Au:S/C:C/I:C/A:C

CVSS Score Source: CVE-2024-42302

CVSS v3

Risk Factor: High

Base Score: 7.8

Temporal Score: 6.8

Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Temporal Vector: CVSS:3.0/E:U/RL:O/RC:C

Vulnerability Information

CPE: p-cpe:/a:huawei:euleros:kernel-tools-libs, p-cpe:/a:huawei:euleros:bpftool, p-cpe:/a:huawei:euleros:kernel-tools, p-cpe:/a:huawei:euleros:kernel, p-cpe:/a:huawei:euleros:python3-perf, p-cpe:/a:huawei:euleros:kernel-abi-stablelists, cpe:/o:huawei:euleros:2.0

Required KB Items: Host/local_checks_enabled, Host/cpu, Host/EulerOS/release, Host/EulerOS/rpm-list, Host/EulerOS/sp

Excluded KB Items: Host/EulerOS/uvp_version

Exploit Ease: No known exploits are available

Patch Publication Date: 11/25/2024

Vulnerability Publication Date: 3/7/2022

Reference Information

CVE: CVE-2022-48790, CVE-2022-48828, CVE-2022-48899, CVE-2022-48910, CVE-2022-48911, CVE-2022-48912, CVE-2022-48924, CVE-2022-48930, CVE-2022-48933, CVE-2022-48935, CVE-2022-48937, CVE-2023-52898, CVE-2023-52903, CVE-2024-39509, CVE-2024-40901, CVE-2024-40966, CVE-2024-41035, CVE-2024-41042, CVE-2024-41087, CVE-2024-41089, CVE-2024-41098, CVE-2024-42145, CVE-2024-42232, CVE-2024-42244, CVE-2024-42265, CVE-2024-42283, CVE-2024-42284, CVE-2024-42285, CVE-2024-42289, CVE-2024-42302, CVE-2024-42304, CVE-2024-42305, CVE-2024-42306, CVE-2024-42321, CVE-2024-42322, CVE-2024-43828, CVE-2024-43830, CVE-2024-43840, CVE-2024-43846, CVE-2024-43853, CVE-2024-43861, CVE-2024-43866, CVE-2024-43882