 |
Home ▼ Bookkeeping
Online ▼ Security
Audits ▼
Managed
DNS ▼
About
Order
FAQ
Acceptable Use Policy
Dynamic DNS Clients
Configure Domains Dyanmic DNS Update Password Network
Monitor ▼
Enterprise Package
Advanced Package
Standard Package
Free Trial
FAQ
Price/Feature Summary
Order/Renew
Examples
Configure/Status Alert Profiles | ||
| Test ID: | 1.3.6.1.4.1.25623.1.1.2.2022.1508 |
| Category: | Huawei EulerOS Local Security Checks |
| Title: | Huawei EulerOS: Security Advisory for kernel (EulerOS-SA-2022-1508) |
| Summary: | The remote host is missing an update for the Huawei EulerOS 'kernel' package(s) announced via the EulerOS-SA-2022-1508 advisory. |
| Description: | Summary: The remote host is missing an update for the Huawei EulerOS 'kernel' package(s) announced via the EulerOS-SA-2022-1508 advisory. Vulnerability Insight: A flaw was found in the sctp_make_strreset_req function in net/sctp/sm_make_chunk.c in the SCTP network protocol in the Linux kernel with a local user privilege access. In this flaw, an attempt to use more buffer than is allocated triggers a BUG_ON issue, leading to a denial of service (DOS).(CVE-2022-0322) An issue was discovered in the Linux kernel through 5.10.1, as used with Xen through 4.14.x. The Linux kernel PV block backend expects the kernel thread handler to reset ring->xenblkd to NULL when stopped. However, the handler may not have time to run if the frontend quickly toggles between the states connect and disconnect. As a consequence, the block backend may re-use a pointer after it was freed. A misbehaving guest can trigger a dom0 crash by continuously connecting / disconnecting a block frontend. Privilege escalation and information leaks cannot be ruled out. This only affects systems with a Linux blkback.(CVE-2020-29569) Improper input validation in the Intel(R) Ethernet ixgbe driver for Linux before version 3.17.3 may allow an authenticated user to potentially enable denial of service via local access.(CVE-2021-33098) In the IPv6 implementation in the Linux kernel before 5.13.3, net/ipv6/output_core.c has an information leak because of certain use of a hash table which, although big, doesn't properly consider that IPv6-based attackers can typically choose among many IPv6 source addresses.(CVE-2021-45485) A use-after-free read flaw was found in sock_getsockopt() in net/core/sock.c due to SO_PEERCRED and SO_PEERGROUPS race with listen() (and connect()) in the Linux kernel. In this flaw, an attacker with a user privileges may crash the system or leak internal kernel information.(CVE-2021-4203) A data leak flaw was found in the way XFS_IOC_ALLOCSP IOCTL in the XFS filesystem allowed for size increase of files with unaligned size. A local attacker could use this flaw to leak data on the XFS filesystem otherwise not accessible to them.(CVE-2021-4155) Rogue backends can cause DoS of guests via high frequency events [This CNA information record relates to multiple CVEs, the text explains which aspects/vulnerabilities correspond to which CVE.] Xen offers the ability to run PV backends in regular unprivileged guests, typically referred to as 'driver domains'. Running PV backends in driver domains has one primary security advantage: if a driver domain gets compromised, it doesn't have the privileges to take over the system. However, a malicious driver domain could try to attack other guests via sending events at a high frequency leading to a Denial of Service in the guest due to trying to service interrupts for elongated amounts of time. There are three affected backends: * blkfront patch 1, CVE-2021-28711 * netfront patch 2, CVE-2021-28712 * hvc_xen (console) patch 3, CVE-2021-28713(CVE-2021-28713) Rogue backends can cause DoS of guests via high frequency ... [Please see the references for more information on the vulnerabilities] Affected Software/OS: 'kernel' package(s) on Huawei EulerOS V2.0SP10(x86_64). Solution: Please install the updated package(s). CVSS Score: 7.2 CVSS Vector: AV:L/AC:L/Au:N/C:C/I:C/A:C |
| Cross-Ref: |
Common Vulnerability Exposure (CVE) ID: CVE-2020-29569 Debian Security Information: DSA-4843 (Google Search) https://www.debian.org/security/2021/dsa-4843 https://security.gentoo.org/glsa/202107-30 https://xenbits.xenproject.org/xsa/advisory-350.html https://lists.debian.org/debian-lts-announce/2021/02/msg00018.html https://lists.debian.org/debian-lts-announce/2021/03/msg00010.html Common Vulnerability Exposure (CVE) ID: CVE-2021-28711 Debian Security Information: DSA-5050 (Google Search) https://www.debian.org/security/2022/dsa-5050 Debian Security Information: DSA-5096 (Google Search) https://www.debian.org/security/2022/dsa-5096 https://xenbits.xenproject.org/xsa/advisory-391.txt https://lists.debian.org/debian-lts-announce/2022/03/msg00011.html https://lists.debian.org/debian-lts-announce/2022/03/msg00012.html Common Vulnerability Exposure (CVE) ID: CVE-2021-28712 Common Vulnerability Exposure (CVE) ID: CVE-2021-28713 Common Vulnerability Exposure (CVE) ID: CVE-2021-33098 https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00555.html Common Vulnerability Exposure (CVE) ID: CVE-2021-39633 https://source.android.com/security/bulletin/2022-01-01 Common Vulnerability Exposure (CVE) ID: CVE-2021-39685 https://source.android.com/security/bulletin/2022-03-01 Common Vulnerability Exposure (CVE) ID: CVE-2021-4155 https://access.redhat.com/security/cve/CVE-2021-4155 https://bugzilla.redhat.com/show_bug.cgi?id=2034813 https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=983d8e60f50806f90534cc5373d0ce867e5aaf79 https://security-tracker.debian.org/tracker/CVE-2021-4155 https://www.openwall.com/lists/oss-security/2022/01/10/1 Common Vulnerability Exposure (CVE) ID: CVE-2021-4197 https://security.netapp.com/advisory/ntap-20220602-0006/ Debian Security Information: DSA-5127 (Google Search) https://www.debian.org/security/2022/dsa-5127 Debian Security Information: DSA-5173 (Google Search) https://www.debian.org/security/2022/dsa-5173 https://bugzilla.redhat.com/show_bug.cgi?id=2035652 https://lore.kernel.org/lkml/20211209214707.805617-1-tj@kernel.org/T/ https://www.oracle.com/security-alerts/cpujul2022.html Common Vulnerability Exposure (CVE) ID: CVE-2021-4203 https://bugs.chromium.org/p/project-zero/issues/detail?id=2230&can=7&q=modified-after%3Atoday-30&sort=-modified&colspec=ID%20Type%20Status%20Priority%20Milestone%20Owner%20Summary%20Modified%20Cve&cells=tiles&redir=1 https://bugzilla.redhat.com/show_bug.cgi?id=2036934 https://git.kernel.org/pub/scm/linux/kernel/git/netdev/net.git/commit/?id=35306eb23814 https://lore.kernel.org/netdev/20210929225750.2548112-1-eric.dumazet@gmail.com/T/ Common Vulnerability Exposure (CVE) ID: CVE-2021-44733 https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=dfd0743f1d9ea76931510ed150334d571fbab49d https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/log/drivers/tee/tee_shm.c https://github.com/pjlantz/optee-qemu/blob/main/README.md https://lore.kernel.org/lkml/20211215092501.1861229-1-jens.wiklander@linaro.org/ Common Vulnerability Exposure (CVE) ID: CVE-2021-45485 https://security.netapp.com/advisory/ntap-20220121-0001/ https://arxiv.org/pdf/2112.09604.pdf https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.13.3 https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=62f20e068ccc50d6ab66fdb72ba90da2b9418c99 Common Vulnerability Exposure (CVE) ID: CVE-2022-0322 https://bugzilla.redhat.com/show_bug.cgi?id=2042822 https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=a2d859e3fc97e79d907761550dbc03ff1b36479c |
| Copyright | Copyright (C) 2022 Greenbone AG |
| This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below. |