 |
Inicial ▼ Bookkeeping
Online ▼ Auditorias ▼
DNS
Administrado ▼
Acerca de DNS
Ordenar/Renovar
Preguntas Frecuentes
AUP
Dynamic DNS Clients
Configurar Dominios Dynamic DNS Update Password Monitoreo
de Redes ▼
Enterprise
Avanzado
Estándarr
Prueba
Preguntas Frecuentes
Resumen de Precio/Funciones
Ordenar
Muestras
Configure/Status Alert Profiles | ||
| ID de Prueba: | 1.3.6.1.4.1.25623.1.1.2.2019.2081 |
| Categoría: | Huawei EulerOS Local Security Checks |
| Título: | Huawei EulerOS: Security Advisory for kernel (EulerOS-SA-2019-2081) |
| Resumen: | The remote host is missing an update for the Huawei EulerOS 'kernel' package(s) announced via the EulerOS-SA-2019-2081 advisory. |
| Descripción: | Summary: The remote host is missing an update for the Huawei EulerOS 'kernel' package(s) announced via the EulerOS-SA-2019-2081 advisory. Vulnerability Insight: An issue was discovered in the Linux kernel before 5.1.8. There is a double-free caused by a malicious USB device in the drivers/usb/misc/rio500.c driver.(CVE-2019-15212) An issue was discovered in the Linux kernel before 5.2.3. There is a use-after-free caused by a malicious USB device in the drivers/media/usb/dvb-usb/dvb-usb-init.c driver.(CVE-2019-15213) An issue was discovered in the Linux kernel before 5.2.6. There is a use-after-free caused by a malicious USB device in the drivers/media/usb/cpia2/cpia2_usb.c driver.(CVE-2019-15215) An issue was discovered in the Linux kernel before 5.0.14. There is a NULL pointer dereference caused by a malicious USB device in the drivers/usb/misc/yurex.c driver.(CVE-2019-15216) An issue was discovered in the Linux kernel before 5.2.3. There is a NULL pointer dereference caused by a malicious USB device in the drivers/media/usb/zr364xx/zr364xx.c driver.(CVE-2019-15217) An issue was discovered in drivers/scsi/qedi/qedi_dbg.c in the Linux kernel before 5.1.12. In the qedi_dbg_* family of functions, there is an out-of-bounds read.(CVE-2019-15090) In the Linux kernel through 5.2.14 on the powerpc platform, a local user can read vector registers of other users' processes via a Facility Unavailable exception. To exploit the venerability, a local user starts a transaction (via the hardware transactional memory instruction tbegin) and then accesses vector registers. At some point, the vector registers will be corrupted with the values from a different local Linux process because of a missing arch/powerpc/kernel/process.c check.(CVE-2019-15030) In the Linux kernel through 5.2.14 on the powerpc platform, a local user can read vector registers of other users' processes via an interrupt. To exploit the venerability, a local user starts a transaction (via the hardware transactional memory instruction tbegin) and then accesses vector registers. At some point, the vector registers will be corrupted with the values from a different local Linux process, because MSR_TM_ACTIVE is misused in arch/powerpc/kernel/process.c.(CVE-2019-15031) An out-of-bounds access issue was found in the Linux kernel, all versions through 5.3, in the way Linux kernel's KVM hypervisor implements the Coalesced MMIO write operation. It operates on an MMIO ring buffer 'struct kvm_coalesced_mmio' object, wherein write indices 'ring->first' and 'ring->last' value could be supplied by a host user-space process. An unprivileged host user or process with access to '/dev/kvm' device could use this flaw to crash the host kernel, resulting in a denial of service or potentially escalating privileges on the system.(CVE-2019-14821) A buffer overflow flaw was found, in versions from 2.6.34 to 5.2.x, in the way Linux kernel's vhost functionality that translates virtqueue buffers to IOVs, logged the buffer descriptors during migration. A privileged guest user able to pass ... [Please see the references for more information on the vulnerabilities] Affected Software/OS: 'kernel' package(s) on Huawei EulerOS V2.0SP8. Solution: Please install the updated package(s). CVSS Score: 9.4 CVSS Vector: AV:N/AC:L/Au:N/C:C/I:N/A:C |
| Referencia Cruzada: |
Common Vulnerability Exposure (CVE) ID: CVE-2019-13648 Common Vulnerability Exposure (CVE) ID: CVE-2019-14284 Common Vulnerability Exposure (CVE) ID: CVE-2019-14821 Common Vulnerability Exposure (CVE) ID: CVE-2019-14835 Common Vulnerability Exposure (CVE) ID: CVE-2019-15030 Common Vulnerability Exposure (CVE) ID: CVE-2019-15031 Common Vulnerability Exposure (CVE) ID: CVE-2019-15090 Common Vulnerability Exposure (CVE) ID: CVE-2019-15117 Common Vulnerability Exposure (CVE) ID: CVE-2019-15212 Common Vulnerability Exposure (CVE) ID: CVE-2019-15213 Common Vulnerability Exposure (CVE) ID: CVE-2019-15215 Common Vulnerability Exposure (CVE) ID: CVE-2019-15216 Common Vulnerability Exposure (CVE) ID: CVE-2019-15217 Common Vulnerability Exposure (CVE) ID: CVE-2019-15918 Common Vulnerability Exposure (CVE) ID: CVE-2019-15922 Common Vulnerability Exposure (CVE) ID: CVE-2019-15923 Common Vulnerability Exposure (CVE) ID: CVE-2019-15924 Common Vulnerability Exposure (CVE) ID: CVE-2019-15926 |
| Copyright | Copyright (C) 2020 Greenbone Networks GmbH |
| Esta es sólo una de 99761 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa. Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora. |