English | Deutsch | Español
 
Home ▼
Home About Us Contact Us Privacy Partner Programs Testimonials In Press Mailing Lists Abuse Developer APIs
Bookkeeping
Online ▼
Home Free Trial FAQ
Open/Create Company File Accept an Invite Order/Renew
Security
Audits ▼
Home Dedicated audits Advanced audits Standard audits Recurring audits No Risk audits Desktop audits Basic audit Security Seal FAQ Price/Feature Summary Order New Tests All Tests Confidentiality Vulnerability search Run Audit Scheduler IP Permissions Audit Configuration Editor Scan Queue Reminder Notification Schedule Seal Reports Reports Style Editor
Managed
DNS ▼
About Order FAQ Acceptable Use Policy Dynamic DNS Clients
Configure Domains Dyanmic DNS Update Password
Network
Monitor ▼
Enterprise Package Advanced Package Standard Package Free Trial FAQ Price/Feature Summary Order/Renew Examples
Configure/Status Alert Profiles
Research
Reports ▼
Home FAQ Glossary Archive
 Login/Register 
 
 Vulnerability   
Search   		     Search 324607 CVE descriptions
and 145615 test descriptions,
access 10,000+ cross references.
Tests   CVE   All  

Test ID:1.3.6.1.4.1.25623.1.1.2.2023.2315
Category:Huawei EulerOS Local Security Checks
Title:Huawei EulerOS: Security Advisory for kernel (EulerOS-SA-2023-2315)
Summary:The remote host is missing an update for the Huawei EulerOS 'kernel' package(s) announced via the EulerOS-SA-2023-2315 advisory.
Description:Summary:
The remote host is missing an update for the Huawei EulerOS 'kernel' package(s) announced via the EulerOS-SA-2023-2315 advisory.

Vulnerability Insight:
A vulnerability was found in compare_netdev_and_ip in drivers/infiniband/core/cma.c in RDMA in the Linux Kernel. The improper cleanup results in out-of-boundary read, where a local user can utilize this problem to crash the system or escalation of privilege.(CVE-2023-2176)

An issue was discovered in arch/x86/kvm/vmx/nested.c in the Linux kernel before 6.2.8. nVMX on x86_64 lacks consistency checks for CR0 and CR4.(CVE-2023-30456)

An out-of-bounds(OOB) memory access vulnerability was found in vmwgfx driver in drivers/gpu/vmxgfx/vmxgfx_kms.c in GPU component in the Linux kernel with device file '/dev/dri/renderD128 (or Dxxx)'. This flaw allows a local attacker with a user account on the system to gain privilege, causing a denial of service(DoS).(CVE-2022-36280)

A use-after-free flaw was found in vhost_net_set_backend in drivers/vhost/net.c in virtio network subcomponent in the Linux kernel due to a double fget. This flaw could allow a local attacker to crash the system, and could even lead to a kernel information leak problem.(CVE-2023-1838)

CVE-2023-0160 kernel: possibility of deadlock in libbpf function sock_hash_delete_elem.(CVE-2023-0160)

A flaw was found in KVM. When calling the KVM_GET_DEBUGREGS ioctl, on 32-bit systems, there might be some uninitialized portions of the kvm_debugregs structure that could be copied to userspace, causing an information leak.(CVE-2023-1513)

A flaw that boot CPU could be vulnerable for the speculative execution behavior kind of attacks in the Linux kernel X86 CPU Power management options functionality was found in the way user resuming CPU from suspend-to-RAM. A local user could use this flaw to potentially get unauthorized access to some memory of the CPU similar to the speculative execution behavior kind of attacks.(CVE-2023-1637)

Affected Software/OS:
'kernel' package(s) on Huawei EulerOS V2.0SP9(x86_64).

Solution:
Please install the updated package(s).

CVSS Score:
6.8

CVSS Vector:
AV:L/AC:L/Au:S/C:C/I:C/A:C

Cross-Ref: Common Vulnerability Exposure (CVE) ID: CVE-2022-36280
Debian Security Information: DSA-5324 (Google Search)
https://www.debian.org/security/2023/dsa-5324
https://bugzilla.openanolis.cn/show_bug.cgi?id=2071
https://lists.debian.org/debian-lts-announce/2023/03/msg00000.html
https://lists.debian.org/debian-lts-announce/2023/05/msg00006.html
Common Vulnerability Exposure (CVE) ID: CVE-2023-0160
RHBZ#2159764
https://bugzilla.redhat.com/show_bug.cgi?id=2159764
https://access.redhat.com/security/cve/CVE-2023-0160
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=ed17aa92dc56
https://lore.kernel.org/all/CABcoxUayum5oOqFMMqAeWuS8+EzojquSOSyDA3J_2omY=2EeAg@mail.gmail.com/
Common Vulnerability Exposure (CVE) ID: CVE-2023-1513
https://bugzilla.redhat.com/show_bug.cgi?id=2179892
https://github.com/torvalds/linux/commit/2c10b61421a28e95a46ab489fd56c0f442ff6952
https://lore.kernel.org/kvm/20230214103304.3689213-1-gregkh@linuxfoundation.org/
https://lists.debian.org/debian-lts-announce/2023/05/msg00005.html
Common Vulnerability Exposure (CVE) ID: CVE-2023-1637
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=e2a1256b17b16f9b9adf1b6fea56819e7b68e463
https://sourceware.org/bugzilla/show_bug.cgi?id=27398
Common Vulnerability Exposure (CVE) ID: CVE-2023-1838
https://lore.kernel.org/netdev/20220516084213.26854-1-jasowang@redhat.com/T/
Common Vulnerability Exposure (CVE) ID: CVE-2023-2176
https://www.spinics.net/lists/linux-rdma/msg114749.html
Common Vulnerability Exposure (CVE) ID: CVE-2023-30456
http://packetstormsecurity.com/files/173757/Kernel-Live-Patch-Security-Notice-LSN-0096-1.html
https://cdn.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.2.8
https://github.com/torvalds/linux/commit/112e66017bff7f2837030f34c2bc19501e9212d5
CopyrightCopyright (C) 2023 Greenbone AG

This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit.

To run a free test of this vulnerability against your system, register below.



© 1998-2025 E-Soft Inc. All rights reserved.