English | Deutsch | Español
 
Startseite ▼
Startseite Über uns Kontact Datenschutz Partnerprogramme Zeugnisse In der Presse Mailinglisten Missbrauch Developer APIs
Bookkeeping
Online ▼
Home Free Trial FAQ
Open/Create Company File Accept an Invite Order/Renew
Sicherheits
Überprüfungs ▼
Home Dediziert Erweitert Standard Wiederkehrend Risikolos Desktop Basis Sicherheits Segal FAQ Preis/Funktionszusammenfassung Bestellen Neue Anfälligkeiten Alle Anfälligkeiten Vertraulichkeit Anfälligkeiten Suche Durchführen Terminkalender IP Permissions Maßgeschneidert Warteschlange Erinnerer Siegel Berichte Berichts Stil
Verwaltetes
DNS ▼
Info Bestellen/Erneuern FAQ AUP Dynamic DNS Clients
Domaine konfigurieren Dyanmic DNS Update Password
Netzwerk
Überwachung ▼
Enterprise Erweiterte Standard Gratis Test FAQ Preis/Funktionszusammenfassung Bestellen Beispiele
Konfigurieren/Status Alarm Profile
Recherce
Berichte ▼
Home FAQ Glossary Archive
 Anmeldung/Registrierung 
 
 Anfälligkeitssuche        Suche in 219043 CVE Beschreibungen
und 99761 Test Beschreibungen,
Zugriff auf 10,000+ Quellverweise.
Tests   CVE   Alle  

Test Kennung:1.3.6.1.4.1.25623.1.1.2.2020.1342
Kategorie:Huawei EulerOS Local Security Checks
Titel:Huawei EulerOS: Security Advisory for kernel (EulerOS-SA-2020-1342)
Zusammenfassung:The remote host is missing an update for the Huawei EulerOS 'kernel' package(s) announced via the EulerOS-SA-2020-1342 advisory.
Beschreibung:Summary:
The remote host is missing an update for the Huawei EulerOS 'kernel' package(s) announced via the EulerOS-SA-2020-1342 advisory.

Vulnerability Insight:
A heap-based buffer overflow was discovered in the Linux kernel's Marvell WiFi chip driver. The flaw could occur when the station attempts a connection negotiation during the handling of the remote devices country settings. This could allow the remote device to cause a denial of service (system crash) or possibly execute arbitrary code.(CVE-2019-14895)

A flaw was found in the fix for CVE-2019-11135, the way Intel CPUs handle speculative execution of instructions when a TSX Asynchronous Abort (TAA) error occurs. When a guest is running on a host CPU affected by the TAA flaw (TAA_NO=0), but is not affected by the MDS issue (MDS_NO=1), the guest was to clear the affected buffers by using a VERW instruction mechanism. But when the MDS_NO=1 bit was exported to the guests, the guests did not use the VERW mechanism to clear the affected buffers. This issue affects guests running on Cascade Lake CPUs and requires that host has 'TSX' enabled. Confidentiality of data is the highest threat associated with this vulnerability.(CVE-2019-19338)

A flaw was found in the way Intel CPUs handle speculative execution of instructions when the TSX Asynchronous Abort (TAA) error occurs. A local authenticated attacker with the ability to monitor execution times could infer the TSX memory state by comparing abort execution times. This could allow information disclosure via this observed side-channel for any TSX transaction being executed while an attacker is able to observe abort timing. Intel's Transactional Synchronisation Extensions (TSX) are set of instructions which enable transactional memory support to improve performance of the multi-threaded applications, in the lock-protected critical sections. The CPU executes instructions in the critical-sections as transactions, while ensuring their atomic state. When such transaction execution is unsuccessful, the processor cannot ensure atomic updates to the transaction memory, so the processor rolls back or aborts such transaction execution. While TSX Asynchronous Abort (TAA) is pending, CPU may continue to read data from architectural buffers and pass it to the dependent speculative operations. This may cause information leakage via speculative side-channel means, which is quite similar to the Microarchitectural Data Sampling (MDS) issue.(CVE-2019-11135)

An out-of-bounds memory write issue was found in the way the Linux kernel's KVM hypervisor handled the 'KVM_GET_EMULATED_CPUID' ioctl(2) request to get CPUID features emulated by the KVM hypervisor. A user or process able to access the '/dev/kvm' device could use this flaw to crash the system, resulting in a denial of service.(CVE-2019-19332)

A flaw was found in the Linux kernel's scheduler, where it can allow attackers to cause a denial of service against non-CPU-bound applications by generating a workload that triggers unwanted scheduling slice expiration. A local attacker who can trigger a ... [Please see the references for more information on the vulnerabilities]

Affected Software/OS:
'kernel' package(s) on Huawei EulerOS Virtualization for ARM 64 3.0.6.0.

Solution:
Please install the updated package(s).

CVSS Score:
10.0

CVSS Vector:
AV:N/AC:L/Au:N/C:C/I:C/A:C

Querverweis: Common Vulnerability Exposure (CVE) ID: CVE-2019-3016
Debian Security Information: DSA-4699 (Google Search)
https://www.debian.org/security/2020/dsa-4699
http://packetstormsecurity.com/files/157233/Kernel-Live-Patch-Security-Notice-LSN-0065-1.html
http://www.openwall.com/lists/oss-security/2020/01/30/4
https://usn.ubuntu.com/4300-1/
https://usn.ubuntu.com/4301-1/
Common Vulnerability Exposure (CVE) ID: CVE-2019-5108
https://security.netapp.com/advisory/ntap-20200204-0002/
Debian Security Information: DSA-4698 (Google Search)
https://www.debian.org/security/2020/dsa-4698
http://packetstormsecurity.com/files/156455/Kernel-Live-Patch-Security-Notice-LSN-0063-1.html
https://git.kernel.org/linus/3e493173b7841259a08c5c8e5cbe90adb349da7e
https://talosintelligence.com/vulnerability_reports/TALOS-2019-0900
https://www.oracle.com/security-alerts/cpuApr2021.html
https://lists.debian.org/debian-lts-announce/2020/06/msg00011.html
https://lists.debian.org/debian-lts-announce/2020/06/msg00013.html
https://lists.debian.org/debian-lts-announce/2020/06/msg00012.html
https://usn.ubuntu.com/4285-1/
https://usn.ubuntu.com/4286-1/
https://usn.ubuntu.com/4286-2/
https://usn.ubuntu.com/4287-1/
https://usn.ubuntu.com/4287-2/
Common Vulnerability Exposure (CVE) ID: CVE-2020-8428
Debian Security Information: DSA-4667 (Google Search)
https://www.debian.org/security/2020/dsa-4667
https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=d0cb50185ae942b03c4327be322055d622dc79f6
https://github.com/torvalds/linux/commit/d0cb50185ae942b03c4327be322055d622dc79f6
https://www.openwall.com/lists/oss-security/2020/01/28/2
http://www.openwall.com/lists/oss-security/2020/01/28/4
http://www.openwall.com/lists/oss-security/2020/02/02/1
SuSE Security Announcement: openSUSE-SU-2020:0336 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00021.html
https://usn.ubuntu.com/4318-1/
https://usn.ubuntu.com/4319-1/
https://usn.ubuntu.com/4320-1/
https://usn.ubuntu.com/4324-1/
https://usn.ubuntu.com/4325-1/
Common Vulnerability Exposure (CVE) ID: CVE-2020-8647
https://bugzilla.kernel.org/show_bug.cgi?id=206359
SuSE Security Announcement: openSUSE-SU-2020:0388 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00039.html
Common Vulnerability Exposure (CVE) ID: CVE-2020-8648
https://bugzilla.kernel.org/show_bug.cgi?id=206361
https://usn.ubuntu.com/4342-1/
https://usn.ubuntu.com/4344-1/
https://usn.ubuntu.com/4345-1/
https://usn.ubuntu.com/4346-1/
Common Vulnerability Exposure (CVE) ID: CVE-2020-8649
https://bugzilla.kernel.org/show_bug.cgi?id=206357
Common Vulnerability Exposure (CVE) ID: CVE-2020-9383
https://git.kernel.org/pub/scm/linux/kernel/git/tip/tip.git/commit/?id=2f9ac30a54dc0181ddac3705cdcf4775d863c530
https://github.com/torvalds/linux/commit/2e90ca68b0d2f5548804f22f0dd61145516171e3
CopyrightCopyright (C) 2020 Greenbone Networks GmbH

Dies ist nur einer von 99761 Anfälligkeitstests in unserem Testpaket. Finden Sie mehr über unsere vollständigen Sicherheitsüberprüfungen heraus.

Um einen gratis Test für diese Anfälligkeit auf Ihrem System durchlaufen zu lassen, registrieren Sie sich bitte unten.



© 1998-2024 E-Soft Inc. Alle Rechte vorbehalten.