|Category:||Huawei EulerOS Local Security Checks|
|Title:||Huawei EulerOS: Security Advisory for kernel (EulerOS-SA-2020-2303)|
|Summary:||The remote host is missing an update for the Huawei EulerOS; 'kernel' package(s) announced via the EulerOS-SA-2020-2303 advisory.|
The remote host is missing an update for the Huawei EulerOS
'kernel' package(s) announced via the EulerOS-SA-2020-2303 advisory.
A TOCTOU mismatch in the NFS client code in the Linux kernel before 5.8.3 could be used by local attackers to corrupt memory or possibly have unspecified other impact because a size check is in fs/nfs/nfs4proc.c instead of fs/nfs/nfs4xdr.c, aka CID-b4487b935452.(CVE-2020-25212)
In the Linux kernel through 5.8.7, local attackers able to inject conntrack netlink configuration could overflow a local buffer, causing crashes or triggering use of incorrect protocol numbers in ctnetlink_parse_tuple_filter in net/netfilter/nf_conntrack_netlink.c, aka CID-1cc5ef91d2ff.(CVE-2020-25211)
In the Linux kernel before 5.7.8, fs/nfsd/vfs.c (in the NFS server) can set incorrect permissions on new filesystem objects when the filesystem lacks ACL support, aka CID-22cf8419f131. This occurs because the current umask is not considered.(CVE-2020-24394)
A flaw was found in the Linux kernels implementation of the invert video code on VGA consoles when a local attacker attempts to resize the console, calling an ioctl VT_RESIZE, which causes an out-of-bounds write to occur. This flaw allows a local user with access to the VGA console to crash the system, potentially escalating their privileges on the system. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.(CVE-2020-14331)
'kernel' package(s) on Huawei EulerOS V2.0SP5.
Please install the updated package(s).
Common Vulnerability Exposure (CVE) ID: CVE-2020-14331|
Common Vulnerability Exposure (CVE) ID: CVE-2020-24394
Common Vulnerability Exposure (CVE) ID: CVE-2020-25211
Common Vulnerability Exposure (CVE) ID: CVE-2020-25212
|Copyright||Copyright (C) 2020 Greenbone Networks GmbH|
|This is only one of 86218 vulnerability tests in our test suite. Find out more about running a complete security audit.|
To run a free test of this vulnerability against your system, register below.