Huawei EulerOS: Security Advisory for kernel (EulerOS-SA-2021-2392)

Published: 2021-09-15 02:24:22
CVE Author: NIST National Vulnerability Database

CVSS Base Vector:
AV:N/AC:M/Au:N/C:C/I:C/A:C

severity_vector=CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

severity_origin=NVD

severity_date=2018-08-24 10:29:00 +0000 (Fri, 24 Aug 2018)

Summary:
The remote host is missing an update for the Huawei EulerOS 'kernel' Linux Distribution Package(s) announced via the EulerOS-SA-2021-2392 advisory.

Detection Method:
Checks if a vulnerable Linux Distribution Package version is present on the target host.

Technical Details:
In do_epoll_ctl and ep_loop_check_proc of eventpoll.c, there is a possible use after free due to a logic error. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.(CVE-2020-0466) fs/nfsd/nfs3xdr.c in the Linux kernel through 5.10.8, when there is an NFS export of a subdirectory of a filesystem, allows remote attackers to traverse to other parts of the filesystem via READDIRPLUS. NOTE: some parties argue that such a subdirectory export is not intended to prevent this attack, see also the exports(5) no_subtree_check default behavior.(CVE-2021-3178) An issue was discovered in the Linux kernel through 5.11.3. A kernel pointer leak can be used to determine the address of the iscsi_transport structure. When an iSCSI transport is registered with the iSCSI subsystem, the transport's handle is available to unprivileged users via the sysfs file system, at /sys/class/iscsi_transport/$TRANSPORT_NAME/handle. When read, the show_transport_handle function (in drivers/scsi/scsi_transport_iscsi.c) is called, which leaks the handle. This handle is actually the pointer to an iscsi_transport struct in the kernel module's global variables.(CVE-2021-27363) An issue was discovered in the Linux kernel through 5.11.3. drivers/scsi/scsi_transport_iscsi.c is adversely affected by the ability of an unprivileged user to craft Netlink messages.(CVE-2021-27364) A race condition was found in the Linux kernels implementation of the floppy disk drive controller driver software. The impact of this issue is lessened by the fact that the default permissions on the floppy device (/dev/fd0) are restricted to root. If the permissions on the device have changed the impact changes greatly. In the default configuration root (or equivalent) permissions are required to attack this flaw.(CVE-2021-20261) In fs/ocfs2/cluster/nodemanager.c in the Linux kernel before 4.15, local users can cause a denial of service (NULL pointer dereference and BUG) because a required mutex is not used.(CVE-2017-18216) The omninet_open function in drivers/usb/serial/omninet.c in the Linux kernel before 4.10.4 allows local users to cause a denial of service (tty exhaustion) by leveraging reference count mishandling.(CVE-2017-8925) A flaw was found in the way memory resources were freed in the unix_stream_recvmsg function in the Linux kernel when a signal was pending. This flaw allows an unprivileged local user to crash the system by exhausting available memory. The highest threat from this vulnerability is to system availability.(CVE-2021-20265) A flaw was found in the JFS filesystem code in the Linux Kernel which allows a local attacker with the ability to set extended attributes to panic the system, causing memory corruption or escalating privileges. The highest threat from this vulnerability is to confidentiality, integrity, as well as ... [Please see the references for more information on the vulnerabilities]

Affected Versions:
'kernel' Linux Distribution Package(s) on Huawei EulerOS V2.0SP2.

Recommendations:
Please install the updated Linux Distribution Package(s).

Solution Type:
Vendor Patch

Detection Type:
Linux Distribution Package

NIST (National Institute of Standards and Technology) NVD (National Vulnerability Database)

https://nvd.nist.gov/vuln/detail/CVE-2017-17741
https://nvd.nist.gov/vuln/detail/CVE-2017-18216
https://nvd.nist.gov/vuln/detail/CVE-2017-5549
https://nvd.nist.gov/vuln/detail/CVE-2017-5897
https://nvd.nist.gov/vuln/detail/CVE-2017-7346
https://nvd.nist.gov/vuln/detail/CVE-2017-7482
https://nvd.nist.gov/vuln/detail/CVE-2017-8069
https://nvd.nist.gov/vuln/detail/CVE-2017-8925
https://nvd.nist.gov/vuln/detail/CVE-2017-9725
https://nvd.nist.gov/vuln/detail/CVE-2018-13095
https://nvd.nist.gov/vuln/detail/CVE-2018-13406
https://nvd.nist.gov/vuln/detail/CVE-2018-14609
https://nvd.nist.gov/vuln/detail/CVE-2019-6974
https://nvd.nist.gov/vuln/detail/CVE-2020-0404
https://nvd.nist.gov/vuln/detail/CVE-2020-0427
https://nvd.nist.gov/vuln/detail/CVE-2020-0431
https://nvd.nist.gov/vuln/detail/CVE-2020-0433
https://nvd.nist.gov/vuln/detail/CVE-2020-0465
https://nvd.nist.gov/vuln/detail/CVE-2020-0466
https://nvd.nist.gov/vuln/detail/CVE-2020-25669
https://nvd.nist.gov/vuln/detail/CVE-2020-25670
https://nvd.nist.gov/vuln/detail/CVE-2020-25671
https://nvd.nist.gov/vuln/detail/CVE-2020-25672
https://nvd.nist.gov/vuln/detail/CVE-2020-25673
https://nvd.nist.gov/vuln/detail/CVE-2020-27815
https://nvd.nist.gov/vuln/detail/CVE-2020-35519
https://nvd.nist.gov/vuln/detail/CVE-2020-36322
https://nvd.nist.gov/vuln/detail/CVE-2021-20261
https://nvd.nist.gov/vuln/detail/CVE-2021-20265
https://nvd.nist.gov/vuln/detail/CVE-2021-20292
https://nvd.nist.gov/vuln/detail/CVE-2021-23134
https://nvd.nist.gov/vuln/detail/CVE-2021-27363
https://nvd.nist.gov/vuln/detail/CVE-2021-27364
https://nvd.nist.gov/vuln/detail/CVE-2021-27365
https://nvd.nist.gov/vuln/detail/CVE-2021-28964
https://nvd.nist.gov/vuln/detail/CVE-2021-28972
https://nvd.nist.gov/vuln/detail/CVE-2021-29154
https://nvd.nist.gov/vuln/detail/CVE-2021-29265
https://nvd.nist.gov/vuln/detail/CVE-2021-30002
https://nvd.nist.gov/vuln/detail/CVE-2021-3178
https://nvd.nist.gov/vuln/detail/CVE-2021-31916
https://nvd.nist.gov/vuln/detail/CVE-2021-32078
https://nvd.nist.gov/vuln/detail/CVE-2021-32399
https://nvd.nist.gov/vuln/detail/CVE-2021-33033
https://nvd.nist.gov/vuln/detail/CVE-2021-3347
https://nvd.nist.gov/vuln/detail/CVE-2021-3483
https://nvd.nist.gov/vuln/detail/CVE-2021-3564
https://nvd.nist.gov/vuln/detail/CVE-2021-3573
https://nvd.nist.gov/vuln/detail/CVE-2021-3609

References:


https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2021-2392

Severity
High
CVSS Score
9.3
Published
2021-09-15
Modified
2021-09-15
Category
Huawei EulerOS Local Security Checks

Free Vulnerability Scanning, Assessment and Management

Mageni's Platform is packed with all the features you need to scan, assess and manage vulnerabilities like this - it is free, open source, lightning fast, reliable and scalable.

Router
Servers
Laptop
Database
Group
Cloud

Frequently Asked Questions

No, you can scan concurrently as many assets as you want. Please note that you must be aware of the hardware requeriments of the platform to ensure a good performance.

No, you can add as many assest as you want. It doesn't matters if you have millions of assets, we won't charge you for that.

No. The software is completely free. We have no intention to charge you to use the software, in fact - it completely goes against our beliefs and business model.

A vulnerability is defined in the ISO 27002 standard as “A weakness of an asset or group of assets that can be exploited by one or more threats” (International Organization for Standardization, 2005)

We generate revenue by providing support and other services for customers that require a subscription so they get guaranteed support and enterprise services. To use Mageni's Platform is completely free, with no limits at all.

Yes. Mageni understands that there are professionals and businesses that need commercial support so Mageni provides an active support subscription with everything needed to run Mageni's Platform reliably and securely. More than software, it's access to security experts, knowledge resources, security updates, and support tools you can't get anywhere else. The subscription includes:

  • Ongoing delivery
    • Patches
    • Bug fixes
    • Updates
    • Upgrades
  • Technical support
    • 24/7 availability
    • Unlimited Incidents
    • Specialty-based routing
    • Multi-Channel
  • Commitments
    • Software certifications
    • Software assurance
    • SLA

No, we don't store the information of your vulnerabilities in our servers.

Vulnerability management is the process in which vulnerabilities in IT are identified and the risks of these vulnerabilities are evaluated. This evaluation leads to correcting the vulnerabilities and removing the risk or a formal risk acceptance by the management of an organization. The term vulnerability management is often confused with vulnerability scanning. Despite the fact both are related, there is an important difference between the two. Vulnerability scanning consists of using a computer program to identify vulnerabilities in networks, computer infrastructure or applications. Vulnerability management is the process surrounding vulnerability scanning, also taking into account other aspects such as risk acceptance, remediation etc. Source: "Implementing a Vulnerability Management Process". SANS Institute.

I am ready to start scanning for vulnerabilities