Home ▼ Bookkeeping
Online ▼ Security
Audits ▼
Managed
DNS ▼
About
Order
FAQ
Acceptable Use Policy
Dynamic DNS Clients
Configure Domains Dyanmic DNS Update Password Network
Monitor ▼
Enterprise Package
Advanced Package
Standard Package
Free Trial
FAQ
Price/Feature Summary
Order/Renew
Examples
Configure/Status Alert Profiles | |||
Test ID: | 1.3.6.1.4.1.25623.1.1.2.2021.1200 |
Category: | Huawei EulerOS Local Security Checks |
Title: | Huawei EulerOS: Security Advisory for kernel (EulerOS-SA-2021-1200) |
Summary: | The remote host is missing an update for the Huawei EulerOS 'kernel' package(s) announced via the EulerOS-SA-2021-1200 advisory. |
Description: | Summary: The remote host is missing an update for the Huawei EulerOS 'kernel' package(s) announced via the EulerOS-SA-2021-1200 advisory. Vulnerability Insight: A flaw was found in the Linux kernel. A use-after-free was found in the way the console subsystem was using ioctls KDGKBSENT and KDSKBSENT. A local user could use this flaw to get read memory access out of bounds. The highest threat from this vulnerability is to data confidentiality.(CVE-2020-25656) The time subsystem in the Linux kernel through 4.9.9, when CONFIG_TIMER_STATS is enabled, allows local users to discover real PID values (as distinguished from PID values inside a PID namespace) by reading the /proc/timer_list file, related to the print_timer function in kernel/time/timer_list.c and the __timer_stats_timer_set_start_info function in kernel/time/timer.c.(CVE-2017-5967) A flaw in the way reply ICMP packets are limited in the Linux kernel functionality was found that allows to quickly scan open UDP ports. This flaw allows an off-path remote user to effectively bypassing source port UDP randomization. The highest threat from this vulnerability is to confidentiality and possibly integrity, because software that relies on UDP source port randomization are indirectly affected as well. Kernel versions before 5.10 may be vulnerable to this issue.(CVE-2020-25705) In cdev_get of char_dev.c, there is a possible use-after-free due to a race condition. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10Android ID: A-153467744(CVE-2020-0305) In create_pinctrl of core.c, there is a possible out of bounds read due to a use after free. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-140550171(CVE-2020-0427) A flaw was discovered in the way that the KVM hypervisor handled instruction emulation for an L2 guest when nested virtualisation is enabled. Under some circumstances, an L2 guest may trick the L0 guest into accessing sensitive L1 resources that should be inaccessible to the L2 guest.(CVE-2020-2732) In uvc_scan_chain_forward of uvc_driver.c, there is a possible linked list corruption due to an unusual root cause. This could lead to local escalation of privilege in the kernel with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-111893654References: Upstream kernel(CVE-2020-0404) A stack information leak flaw was found in s390/s390x in the Linux kernel's memory manager functionality, where it incorrectly writes to the /proc/sys/vm/cmm_timeout file. This flaw allows a local user to see the kernel data.(CVE-2020-10773) Improper access control in BlueZ may allow an unauthenticated user to potentially enable information disclosure via adjacent access.(CVE-2020-12352) A flaw was found in the Linux kernel. A ... [Please see the references for more information on the vulnerabilities] Affected Software/OS: 'kernel' package(s) on Huawei EulerOS V2.0SP5. Solution: Please install the updated package(s). CVSS Score: 7.5 CVSS Vector: AV:N/AC:M/Au:S/C:P/I:P/A:C |
Cross-Ref: |
Common Vulnerability Exposure (CVE) ID: CVE-2017-5967 BugTraq ID: 96271 http://www.securityfocus.com/bid/96271 https://bugzilla.kernel.org/show_bug.cgi?id=193921 Common Vulnerability Exposure (CVE) ID: CVE-2020-0305 https://source.android.com/security/bulletin/pixel/2020-06-01 SuSE Security Announcement: openSUSE-SU-2020:1153 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00009.html SuSE Security Announcement: openSUSE-SU-2020:1236 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00047.html Common Vulnerability Exposure (CVE) ID: CVE-2020-0404 https://source.android.com/security/bulletin/2020-09-01 SuSE Security Announcement: openSUSE-SU-2020:1586 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00001.html SuSE Security Announcement: openSUSE-SU-2020:1655 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00021.html Common Vulnerability Exposure (CVE) ID: CVE-2020-0427 http://packetstormsecurity.com/files/161229/Kernel-Live-Patch-Security-Notice-LSN-0074-1.html https://source.android.com/security/bulletin/pixel/2020-09-01 https://lists.debian.org/debian-lts-announce/2020/12/msg00027.html Common Vulnerability Exposure (CVE) ID: CVE-2020-0431 Common Vulnerability Exposure (CVE) ID: CVE-2020-0433 Common Vulnerability Exposure (CVE) ID: CVE-2020-2732 Debian Security Information: DSA-4667 (Google Search) https://www.debian.org/security/2020/dsa-4667 Debian Security Information: DSA-4698 (Google Search) https://www.debian.org/security/2020/dsa-4698 https://bugzilla.redhat.com/show_bug.cgi?id=1805135 https://git.kernel.org/linus/07721feee46b4b248402133228235318199b05ec https://git.kernel.org/linus/35a571346a94fb93b5b3b6a599675ef3384bc75c https://git.kernel.org/linus/e71237d3ff1abf9f3388337cfebf53b96df2020d https://linux.oracle.com/errata/ELSA-2020-5540.html https://linux.oracle.com/errata/ELSA-2020-5542.html https://linux.oracle.com/errata/ELSA-2020-5543.html https://www.openwall.com/lists/oss-security/2020/02/25/3 https://www.spinics.net/lists/kvm/msg208259.html https://lists.debian.org/debian-lts-announce/2020/06/msg00011.html https://lists.debian.org/debian-lts-announce/2020/06/msg00013.html https://lists.debian.org/debian-lts-announce/2020/06/msg00012.html |
Copyright | Copyright (C) 2021 Greenbone Networks GmbH |
This is only one of 99761 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below. |