Lucene search
This script is Copyright (C) 2022-2023 and is owned by Tenable, Inc. or an Affiliate thereof.NEWSTART_CGSL_NS-SA-2022-0078_KERNEL.NASLHistoryNov 15, 2022 - 12:00 a.m.
NewStart CGSL CORE 5.04 / MAIN 5.04 : kernel Multiple Vulnerabilities (NS-SA-2022-0078)
2022-11-1500:00:00
This script is Copyright (C) 2022-2023 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
21
newstart cgsl
core 5.04
main 5.04
kernel
multiple vulnerabilities
voice over ip
h.323
ipv6
use-after-free
bpf jit compilers
routing decision classifier
traffic control networking
cgroup_release_agent_write
CVSS2
8.3
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
COMPLETE
AV:N/AC:M/Au:N/C:P/I:P/A:C
CVSS3
8.1
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
AI Score
8.2
Confidence
High
EPSS
0.095
Percentile
94.8%
The remote NewStart CGSL host, running version CORE 5.04 / MAIN 5.04, has kernel packages installed that are affected by multiple vulnerabilities:
-
An out-of-bounds memory write flaw was found in how the Linux kernel’s Voice Over IP H.323 connection tracking functionality handled connections on ipv6 port 1720. This flaw allows an unauthenticated remote user to crash the system, causing a denial of service. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability. (CVE-2020-14305)
-
There is a use-after-free vulnerability in the Linux kernel through 5.5.2 in the n_tty_receive_buf_common function in drivers/tty/n_tty.c. (CVE-2020-8648)
-
BPF JIT compilers in the Linux kernel through 5.11.12 have incorrect computation of branch displacements, allowing them to execute arbitrary code within the kernel context. This affects arch/x86/net/bpf_jit_comp.c and arch/x86/net/bpf_jit_comp32.c. (CVE-2021-29154)
-
A flaw was found in the Routing decision classifier in the Linux kernel’s Traffic Control networking subsystem in the way it handled changing of classification filters, leading to a use-after-free condition.
This flaw allows unprivileged local users to escalate their privileges on the system. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability. (CVE-2021-3715) -
A vulnerability was found in the Linux kernel’s cgroup_release_agent_write in the kernel/cgroup/cgroup-v1.c function. This flaw, under certain circumstances, allows the use of the cgroups v1 release_agent feature to escalate privileges and bypass the namespace isolation unexpectedly.
(CVE-2022-0492)
Note that Nessus has not tested for these issues but has instead relied only on the application’s self-reported version number.
#%NASL_MIN_LEVEL 80900
##
# (C) Tenable, Inc.
#
# The descriptive text and package checks in this plugin were
# extracted from ZTE advisory NS-SA-2022-0078. The text
# itself is copyright (C) ZTE, Inc.
##
include('compat.inc');
if (description)
{
script_id(167477);
script_version("1.4");
script_set_attribute(attribute:"plugin_modification_date", value:"2023/12/07");
script_cve_id(
"CVE-2020-8648",
"CVE-2020-14305",
"CVE-2021-3715",
"CVE-2021-29154",
"CVE-2022-0492"
);
script_name(english:"NewStart CGSL CORE 5.04 / MAIN 5.04 : kernel Multiple Vulnerabilities (NS-SA-2022-0078)");
script_set_attribute(attribute:"synopsis", value:
"The remote NewStart CGSL host is affected by multiple vulnerabilities.");
script_set_attribute(attribute:"description", value:
"The remote NewStart CGSL host, running version CORE 5.04 / MAIN 5.04, has kernel packages installed that are affected by
multiple vulnerabilities:
- An out-of-bounds memory write flaw was found in how the Linux kernel's Voice Over IP H.323 connection
tracking functionality handled connections on ipv6 port 1720. This flaw allows an unauthenticated remote
user to crash the system, causing a denial of service. The highest threat from this vulnerability is to
confidentiality, integrity, as well as system availability. (CVE-2020-14305)
- There is a use-after-free vulnerability in the Linux kernel through 5.5.2 in the n_tty_receive_buf_common
function in drivers/tty/n_tty.c. (CVE-2020-8648)
- BPF JIT compilers in the Linux kernel through 5.11.12 have incorrect computation of branch displacements,
allowing them to execute arbitrary code within the kernel context. This affects
arch/x86/net/bpf_jit_comp.c and arch/x86/net/bpf_jit_comp32.c. (CVE-2021-29154)
- A flaw was found in the Routing decision classifier in the Linux kernel's Traffic Control networking
subsystem in the way it handled changing of classification filters, leading to a use-after-free condition.
This flaw allows unprivileged local users to escalate their privileges on the system. The highest threat
from this vulnerability is to confidentiality, integrity, as well as system availability. (CVE-2021-3715)
- A vulnerability was found in the Linux kernel's cgroup_release_agent_write in the
kernel/cgroup/cgroup-v1.c function. This flaw, under certain circumstances, allows the use of the cgroups
v1 release_agent feature to escalate privileges and bypass the namespace isolation unexpectedly.
(CVE-2022-0492)
Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version
number.");
script_set_attribute(attribute:"see_also", value:"http://security.gd-linux.com/notice/NS-SA-2022-0078");
script_set_attribute(attribute:"see_also", value:"http://security.gd-linux.com/info/CVE-2020-14305");
script_set_attribute(attribute:"see_also", value:"http://security.gd-linux.com/info/CVE-2020-8648");
script_set_attribute(attribute:"see_also", value:"http://security.gd-linux.com/info/CVE-2021-29154");
script_set_attribute(attribute:"see_also", value:"http://security.gd-linux.com/info/CVE-2021-3715");
script_set_attribute(attribute:"see_also", value:"http://security.gd-linux.com/info/CVE-2022-0492");
script_set_attribute(attribute:"solution", value:
"Upgrade the vulnerable CGSL kernel packages. Note that updated packages may not be available yet. Please contact ZTE for
more information.");
script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:C");
script_set_cvss_temporal_vector("CVSS2#E:F/RL:OF/RC:C");
script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H");
script_set_cvss3_temporal_vector("CVSS:3.0/E:F/RL:O/RC:C");
script_set_attribute(attribute:"cvss_score_source", value:"CVE-2020-14305");
script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
script_set_attribute(attribute:"exploit_available", value:"true");
script_set_attribute(attribute:"metasploit_name", value:'Docker cgroups Container Escape');
script_set_attribute(attribute:"exploit_framework_metasploit", value:"true");
script_set_attribute(attribute:"vuln_publication_date", value:"2020/02/06");
script_set_attribute(attribute:"patch_publication_date", value:"2022/11/09");
script_set_attribute(attribute:"plugin_publication_date", value:"2022/11/15");
script_set_attribute(attribute:"plugin_type", value:"local");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:zte:cgsl_core:kernel");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:zte:cgsl_core:kernel-abi-whitelists");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:zte:cgsl_core:kernel-core");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:zte:cgsl_core:kernel-debug-core");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:zte:cgsl_core:kernel-debug-debuginfo");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:zte:cgsl_core:kernel-debug-devel");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:zte:cgsl_core:kernel-debug-modules");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:zte:cgsl_core:kernel-debuginfo");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:zte:cgsl_core:kernel-debuginfo-common-x86_64");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:zte:cgsl_core:kernel-devel");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:zte:cgsl_core:kernel-headers");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:zte:cgsl_core:kernel-modules");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:zte:cgsl_core:kernel-sign-keys");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:zte:cgsl_core:kernel-tools");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:zte:cgsl_core:kernel-tools-debuginfo");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:zte:cgsl_core:kernel-tools-libs");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:zte:cgsl_core:kernel-tools-libs-devel");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:zte:cgsl_core:perf");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:zte:cgsl_core:perf-debuginfo");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:zte:cgsl_core:python-perf");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:zte:cgsl_core:python-perf-debuginfo");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:zte:cgsl_main:kernel");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:zte:cgsl_main:kernel-abi-whitelists");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:zte:cgsl_main:kernel-debug");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:zte:cgsl_main:kernel-debug-debuginfo");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:zte:cgsl_main:kernel-debug-devel");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:zte:cgsl_main:kernel-debuginfo");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:zte:cgsl_main:kernel-debuginfo-common-x86_64");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:zte:cgsl_main:kernel-devel");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:zte:cgsl_main:kernel-headers");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:zte:cgsl_main:kernel-sign-keys");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:zte:cgsl_main:kernel-tools");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:zte:cgsl_main:kernel-tools-debuginfo");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:zte:cgsl_main:kernel-tools-libs");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:zte:cgsl_main:kernel-tools-libs-devel");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:zte:cgsl_main:perf");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:zte:cgsl_main:perf-debuginfo");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:zte:cgsl_main:python-perf");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:zte:cgsl_main:python-perf-debuginfo");
script_set_attribute(attribute:"cpe", value:"cpe:/o:zte:cgsl_core:5");
script_set_attribute(attribute:"cpe", value:"cpe:/o:zte:cgsl_main:5");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_family(english:"NewStart CGSL Local Security Checks");
script_copyright(english:"This script is Copyright (C) 2022-2023 and is owned by Tenable, Inc. or an Affiliate thereof.");
script_dependencies("ssh_get_info.nasl");
script_require_keys("Host/local_checks_enabled", "Host/ZTE-CGSL/release", "Host/ZTE-CGSL/rpm-list", "Host/cpu");
exit(0);
}
include('rpm.inc');
if (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
var os_release = get_kb_item('Host/ZTE-CGSL/release');
if (isnull(os_release) || os_release !~ "^CGSL (MAIN|CORE)") audit(AUDIT_OS_NOT, 'NewStart Carrier Grade Server Linux');
if (os_release !~ "CGSL CORE 5.04" &&
os_release !~ "CGSL MAIN 5.04")
audit(AUDIT_OS_NOT, 'NewStart CGSL CORE 5.04 / NewStart CGSL MAIN 5.04');
if (!get_kb_item('Host/ZTE-CGSL/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);
var cpu = get_kb_item('Host/cpu');
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if ('x86_64' >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'NewStart Carrier Grade Server Linux', cpu);
var flag = 0;
var pkgs = {
'CGSL CORE 5.04': [
'kernel-3.10.0-693.21.1.el7.cgslv5_4.57.1044.gba9071a.lite',
'kernel-abi-whitelists-3.10.0-693.21.1.el7.cgslv5_4.57.1044.gba9071a.lite',
'kernel-core-3.10.0-693.21.1.el7.cgslv5_4.57.1044.gba9071a.lite',
'kernel-debug-core-3.10.0-693.21.1.el7.cgslv5_4.57.1044.gba9071a.lite',
'kernel-debug-debuginfo-3.10.0-693.21.1.el7.cgslv5_4.57.1044.gba9071a.lite',
'kernel-debug-devel-3.10.0-693.21.1.el7.cgslv5_4.57.1044.gba9071a.lite',
'kernel-debug-modules-3.10.0-693.21.1.el7.cgslv5_4.57.1044.gba9071a.lite',
'kernel-debuginfo-3.10.0-693.21.1.el7.cgslv5_4.57.1044.gba9071a.lite',
'kernel-debuginfo-common-x86_64-3.10.0-693.21.1.el7.cgslv5_4.57.1044.gba9071a.lite',
'kernel-devel-3.10.0-693.21.1.el7.cgslv5_4.57.1044.gba9071a.lite',
'kernel-headers-3.10.0-693.21.1.el7.cgslv5_4.57.1044.gba9071a.lite',
'kernel-modules-3.10.0-693.21.1.el7.cgslv5_4.57.1044.gba9071a.lite',
'kernel-sign-keys-3.10.0-693.21.1.el7.cgslv5_4.57.1044.gba9071a.lite',
'kernel-tools-3.10.0-693.21.1.el7.cgslv5_4.57.1044.gba9071a.lite',
'kernel-tools-debuginfo-3.10.0-693.21.1.el7.cgslv5_4.57.1044.gba9071a.lite',
'kernel-tools-libs-3.10.0-693.21.1.el7.cgslv5_4.57.1044.gba9071a.lite',
'kernel-tools-libs-devel-3.10.0-693.21.1.el7.cgslv5_4.57.1044.gba9071a.lite',
'perf-3.10.0-693.21.1.el7.cgslv5_4.57.1044.gba9071a.lite',
'perf-debuginfo-3.10.0-693.21.1.el7.cgslv5_4.57.1044.gba9071a.lite',
'python-perf-3.10.0-693.21.1.el7.cgslv5_4.57.1044.gba9071a.lite',
'python-perf-debuginfo-3.10.0-693.21.1.el7.cgslv5_4.57.1044.gba9071a.lite'
],
'CGSL MAIN 5.04': [
'kernel-3.10.0-693.21.1.el7.cgslv5_4.55.1133.g3e8f9d6',
'kernel-abi-whitelists-3.10.0-693.21.1.el7.cgslv5_4.55.1133.g3e8f9d6',
'kernel-debug-3.10.0-693.21.1.el7.cgslv5_4.55.1133.g3e8f9d6',
'kernel-debug-debuginfo-3.10.0-693.21.1.el7.cgslv5_4.55.1133.g3e8f9d6',
'kernel-debug-devel-3.10.0-693.21.1.el7.cgslv5_4.55.1133.g3e8f9d6',
'kernel-debuginfo-3.10.0-693.21.1.el7.cgslv5_4.55.1133.g3e8f9d6',
'kernel-debuginfo-common-x86_64-3.10.0-693.21.1.el7.cgslv5_4.55.1133.g3e8f9d6',
'kernel-devel-3.10.0-693.21.1.el7.cgslv5_4.55.1133.g3e8f9d6',
'kernel-headers-3.10.0-693.21.1.el7.cgslv5_4.55.1133.g3e8f9d6',
'kernel-sign-keys-3.10.0-693.21.1.el7.cgslv5_4.55.1133.g3e8f9d6',
'kernel-tools-3.10.0-693.21.1.el7.cgslv5_4.55.1133.g3e8f9d6',
'kernel-tools-debuginfo-3.10.0-693.21.1.el7.cgslv5_4.55.1133.g3e8f9d6',
'kernel-tools-libs-3.10.0-693.21.1.el7.cgslv5_4.55.1133.g3e8f9d6',
'kernel-tools-libs-devel-3.10.0-693.21.1.el7.cgslv5_4.55.1133.g3e8f9d6',
'perf-3.10.0-693.21.1.el7.cgslv5_4.55.1133.g3e8f9d6',
'perf-debuginfo-3.10.0-693.21.1.el7.cgslv5_4.55.1133.g3e8f9d6',
'python-perf-3.10.0-693.21.1.el7.cgslv5_4.55.1133.g3e8f9d6',
'python-perf-debuginfo-3.10.0-693.21.1.el7.cgslv5_4.55.1133.g3e8f9d6'
]
};
var pkg_list = pkgs[os_release];
foreach (pkg in pkg_list)
if (rpm_check(release:'ZTE ' + os_release, reference:pkg)) flag++;
if (flag)
{
security_report_v4(
port : 0,
severity : SECURITY_HOLE,
extra : rpm_report_get()
);
exit(0);
}
else
{
var tested = pkg_tests_get();
if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'kernel');
}
References
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14305
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8648
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-29154
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3715
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0492
security.gd-linux.com/info/CVE-2020-14305
security.gd-linux.com/info/CVE-2020-8648
security.gd-linux.com/info/CVE-2021-29154
security.gd-linux.com/info/CVE-2021-3715
security.gd-linux.com/info/CVE-2022-0492
security.gd-linux.com/notice/NS-SA-2022-0078
Related
veracode
veracode
Denial Of Service (DoS)
2020-10-01 03:52:15
Denial Of Service (DoS)
2020-11-05 03:09:53
Privilege Escalation
2021-09-09 16:22:24
ubuntucve
ubuntucve
redhatcve
redhatcve
debiancve
debiancve
cve
cve
osv
osv
prion
prion
Design/Logic Flaw
2020-12-02 01:15:00
Design/Logic Flaw
2020-02-06 01:15:00
Design/Logic Flaw
2021-04-08 21:15:00
f5
f5
K00194184 : Linux kernel Voice Over IP H.323 vulnerability CVE-2020-14305
2021-11-02 00:00:00
K72118410 : Linux kernel vulnerability CVE-2021-29154
2021-06-18 00:00:00
K03674368 : Linux kernel vulnerability CVE-2021-3715
2022-03-28 00:00:00
nvd
nvd
cvelist
cvelist
cbl_mariner
cbl_mariner
CVE-2020-8648 affecting package kernel 5.4.91-6
2021-04-06 23:51:14
CVE-2021-29154 affecting package kernel for versions less than 5.10.78.1-1
2022-04-09 06:52:47
CVE-2021-29154 affecting package kernel 5.10.167.1-1
2021-09-09 15:03:26
nessus
nessus
NewStart CGSL MAIN 5.04 : kernel Multiple Vulnerabilities (NS-SA-2023-0057)
2023-12-27 00:00:00
Scientific Linux Security Update : kernel on SL7.x x86_64 (2021:3438)
2021-09-09 00:00:00
Photon OS 1.0: Linux PHSA-2021-1.0-0382
2021-04-20 00:00:00
redhat
redhat
(RHSA-2021:3438) Moderate: kernel security and bug fix update
2021-09-07 14:01:22
(RHSA-2021:3441) Moderate: kpatch-patch security update
2021-09-07 14:23:03
(RHSA-2021:3439) Moderate: kernel-rt security and bug fix update
2021-09-07 14:07:48
photon
photon
Home
Download Photon OS
User Documentation
FAQ
Security Advisories
Related Information
Lightwave - PHSA-2021-1.0-0382
2021-04-19 00:00:00
Important Photon OS Security Update - PHSA-2021-0011
2021-04-20 00:00:00
Important Photon OS Security Update - PHSA-2022-0151
2022-02-05 00:00:00
openvas
openvas
CentOS: Security Advisory for bpftool (CESA-2021:3438)
2021-09-28 00:00:00
SUSE: Security Advisory (SUSE-SU-2022:1036-1)
2022-03-31 00:00:00
CentOS: Security Advisory for bpftool (CESA-2022:4642)
2022-05-20 00:00:00
ibm
ibm
oraclelinux
oraclelinux
kernel security and bug fix update
2021-09-07 00:00:00
Unbreakable Enterprise kernel-container security update
2022-02-09 00:00:00
Unbreakable Enterprise kernel-container security update
2022-02-28 00:00:00
centos
centos
bpftool, kernel, perf, python security update
2021-09-27 14:14:52
bpftool, kernel, perf, python security update
2022-05-19 15:09:15
githubexploit
githubexploit
Exploit for Missing Authorization in Linux Linux Kernel
2022-03-11 08:02:46
Exploit for Missing Authorization in Linux Linux Kernel
2022-05-09 13:20:03
Exploit for Missing Authorization in Linux Linux Kernel
2022-02-28 01:25:26
packetstorm
packetstorm
Docker cgroups Container Escape
2023-12-07 00:00:00
cnvd
cnvd
Linux kernel authorization issue vulnerability
2022-02-09 00:00:00
virtuozzo
virtuozzo
hivepro
hivepro
Linux Distributions affected by a privilege escalation vulnerability
2022-03-08 08:30:44
metasploit
metasploit
Docker cgroups Container Escape
2023-11-28 18:44:08
redos
redos
ROS-20220324-01
2022-03-24 00:00:00
thn
thn
New Linux Kernel cgroups Vulnerability Could Let Attackers Escape Container
2022-03-05 08:43:00
zdt
zdt
Docker cgroups Container Escape Exploit
2023-12-07 00:00:00
ubuntu
ubuntu
Kernel Live Patch Security Notice
2021-05-03 00:00:00
Linux kernel regression
2021-04-22 00:00:00
Linux kernel vulnerabilities
2021-04-15 00:00:00
fedora
fedora
[SECURITY] Fedora 33 Update: kernel-5.11.13-200.fc33
2021-04-14 14:43:50
cloudfoundry
cloudfoundry
USN-4916-1: Linux kernel vulnerabilities | Cloud Foundry
2021-04-29 00:00:00
ics
ics
Hitachi Energy APM Edge
2022-09-27 12:00:00
amazon
amazon
Important: kernel
2020-03-23 16:25:00
mageia
mageia
Updated kernel packages fix security vulnerabilities
2022-02-15 23:50:31
threatpost
threatpost
Bug in the Linux Kernel Allows Privilege Escalation, Container Escape
2022-03-08 14:52:05
CVSS2
8.3
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
COMPLETE
AV:N/AC:M/Au:N/C:P/I:P/A:C
CVSS3
8.1
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
AI Score
8.2
Confidence
High
EPSS
0.095
Percentile
94.8%
Related for NEWSTART_CGSL_NS-SA-2022-0078_KERNEL.NASL