**Issue Overview:**
Amazon Linux has been made aware of a potential Branch Target Injection (BTI) issue (sometimes referred to as Spectre variant 2). This is a known cross-domain transient execution attack where a third party may seek to cause a disclosure gadget to be speculatively executed after an indirect branch prediction. Generally, actors who attempt transient execution attacks do not have access to the data on the hosts they attempt to access (e.g. where privilege-level isolation is in place). For such attacks to succeed, actors need to be able to run code on the (virtual) machine hosting the data in which they are interested.
To mitigate this issue, Amazon Linux recommends that customers disable unprivileged eBPF. This configuration, having the unprivileged eBPF disabled, is the current default for most Linux distributions and as of this advisory, is also the default for all Amazon Linux kernels.
Specific mitigations for various CPUs are listed below.
Intel CPUs:
For Intel CPUs, this applies to all instance types that have CPUs with eIBRS support. They are:
*6i* (all sizes), c5d.metal, c5.metal, g4dn.metal, i3en.metal, m5*.metal, r5*.metal
Vectors outside of unprivileged eBPF are not currently known, and Intel recommends disabling unprivileged BPF, as mentioned above. However, optionally enabling "spectre_v2=eibrs,lfence" on Linux kernel command line on the instance types mentioned above, would provide additional protection.
AMD CPUs:
As part of the investigation triggered by this issue, AMD now recommends using a different software mitigation inside the Linux kernel, which the Amazon Linux kernel is enabling by default. This means that the Linux kernel will use the generic retpoline software mitigation, instead of the specialized AMD one, on AMD instances (*5a*). This is done by default, and no administrator action is needed.
ARM CPUs:
The Amazon Linux kernel now enables, by default, a software mitigation for this issue, on all ARM-based EC2 instance types.
A buffer overflow flaw in the Linux kernel BPF subsystem was found in the way users run BPF with long jump over an instruction sequence where inner instructions require substantial expansions into multiple BPF instructions. A local user could use this flaw to crash the system or escalate their privileges on the system. (CVE-2018-25020)
A denial of service flaw was found in fuse_do_getattr in fs/fuse/dir.c in the kernel side of the FUSE filesystem in the Linux kernel. A local user could use this flaw to crash the system. (CVE-2020-36322)
A flaw was found in the hanging of mounts in the Linux kernel's NFS4 subsystem where remote servers are unreachable for the client during migration of data from one server to another (during trunking detection). This flaw allows a remote NFS4 server (if the client is connected) to starve the resources, causing a denial of service. The highest threat from this vulnerability is to system availability. (CVE-2021-38199)
An unprivileged write to the file handler flaw in the Linux kernel's control groups and namespaces subsystem was found in the way users have access to some less privileged process that are controlled by cgroups and have higher privileged parent process. It is actually both for cgroup2 and cgroup1 versions of control groups. A local user could use this flaw to crash the system or escalate their privileges on the system. (CVE-2021-4197)
Non-transparent sharing of branch predictor selectors between contexts in some Intel(R) Processors may allow an authorized user to potentially enable information disclosure. (CVE-2022-0001)
Non-transparent sharing of branch predictor within a context in some Intel(r) Processors may allow an authorized user to potentially enable information disclosure via local access. (CVE-2022-0002)
A random memory access flaw was found in the Linux kernel's GPU i915 kernel driver functionality in the way a user may run malicious code on the GPU. This flaw allows a local user to crash the system or escalate their privileges on the system. (CVE-2022-0330)
A stack overflow flaw was found in the Linux kernel's TIPC protocol functionality in the way a user sends a packet with malicious content where the number of domain member nodes is higher than the 64 allowed. This flaw allows a remote user to crash the system or possibly escalate their privileges if they have access to the TIPC network. (CVE-2022-0435)
A NULL pointer dereference was found in the Linux kernel's UDF file system functionality in the way the user triggers the udf_file_write_iter function for a malicious UDF image. This flaw allows a local user to crash the system. (CVE-2022-0617)
A flaw was found in the Linux kernel. When an application tries to open a directory (using the O_DIRECTORY flag) in a mounted NFS filesystem, a lookup operation is performed. If the NFS server returns a file as a result of the lookup, the NFS filesystem returns an uninitialized file descriptor instead of the expected ENOTDIR value. This flaw leads to the kernel's data leak into the userspace. (CVE-2022-24448)
References to CVE-2021-26401, CVE-2021-26341 and CVE-2022-23960 have been added after the original release of this advisory, however those vulnerabilities were fixed by the packages referenced by this advisory's initial release on 2022-03-07
References to CVE-2022-0847 have been removed after the original release of this advisory, as we have determined that the code within kernel versions prior to 5.8 is not affected by CVE-2022-0847.
**Affected Packages:**
kernel
**Issue Correction:**
Run _yum update kernel_ to update your system.
**New Packages:**
i686:
perf-4.14.268-139.500.amzn1.i686
kernel-debuginfo-4.14.268-139.500.amzn1.i686
kernel-devel-4.14.268-139.500.amzn1.i686
kernel-debuginfo-common-i686-4.14.268-139.500.amzn1.i686
kernel-4.14.268-139.500.amzn1.i686
kernel-tools-debuginfo-4.14.268-139.500.amzn1.i686
kernel-headers-4.14.268-139.500.amzn1.i686
perf-debuginfo-4.14.268-139.500.amzn1.i686
kernel-tools-4.14.268-139.500.amzn1.i686
kernel-tools-devel-4.14.268-139.500.amzn1.i686
src:
kernel-4.14.268-139.500.amzn1.src
x86_64:
kernel-tools-4.14.268-139.500.amzn1.x86_64
kernel-headers-4.14.268-139.500.amzn1.x86_64
kernel-debuginfo-4.14.268-139.500.amzn1.x86_64
perf-debuginfo-4.14.268-139.500.amzn1.x86_64
kernel-4.14.268-139.500.amzn1.x86_64
kernel-tools-debuginfo-4.14.268-139.500.amzn1.x86_64
kernel-tools-devel-4.14.268-139.500.amzn1.x86_64
kernel-debuginfo-common-x86_64-4.14.268-139.500.amzn1.x86_64
perf-4.14.268-139.500.amzn1.x86_64
kernel-devel-4.14.268-139.500.amzn1.x86_64
{"id": "ALAS-2022-1571", "vendorId": null, "type": "amazon", "bulletinFamily": "unix", "title": "Important: kernel", "description": "**Issue Overview:**\n\nAmazon Linux has been made aware of a potential Branch Target Injection (BTI) issue (sometimes referred to as Spectre variant 2). This is a known cross-domain transient execution attack where a third party may seek to cause a disclosure gadget to be speculatively executed after an indirect branch prediction. Generally, actors who attempt transient execution attacks do not have access to the data on the hosts they attempt to access (e.g. where privilege-level isolation is in place). For such attacks to succeed, actors need to be able to run code on the (virtual) machine hosting the data in which they are interested.\n\nTo mitigate this issue, Amazon Linux recommends that customers disable unprivileged eBPF. This configuration, having the unprivileged eBPF disabled, is the current default for most Linux distributions and as of this advisory, is also the default for all Amazon Linux kernels.\n\nSpecific mitigations for various CPUs are listed below.\n\nIntel CPUs: \nFor Intel CPUs, this applies to all instance types that have CPUs with eIBRS support. They are: \n*6i* (all sizes), c5d.metal, c5.metal, g4dn.metal, i3en.metal, m5*.metal, r5*.metal\n\nVectors outside of unprivileged eBPF are not currently known, and Intel recommends disabling unprivileged BPF, as mentioned above. However, optionally enabling \"spectre_v2=eibrs,lfence\" on Linux kernel command line on the instance types mentioned above, would provide additional protection.\n\nAMD CPUs: \nAs part of the investigation triggered by this issue, AMD now recommends using a different software mitigation inside the Linux kernel, which the Amazon Linux kernel is enabling by default. This means that the Linux kernel will use the generic retpoline software mitigation, instead of the specialized AMD one, on AMD instances (*5a*). This is done by default, and no administrator action is needed.\n\nARM CPUs: \nThe Amazon Linux kernel now enables, by default, a software mitigation for this issue, on all ARM-based EC2 instance types.\n\n \nA buffer overflow flaw in the Linux kernel BPF subsystem was found in the way users run BPF with long jump over an instruction sequence where inner instructions require substantial expansions into multiple BPF instructions. A local user could use this flaw to crash the system or escalate their privileges on the system. (CVE-2018-25020)\n\nA denial of service flaw was found in fuse_do_getattr in fs/fuse/dir.c in the kernel side of the FUSE filesystem in the Linux kernel. A local user could use this flaw to crash the system. (CVE-2020-36322)\n\nA flaw was found in the hanging of mounts in the Linux kernel's NFS4 subsystem where remote servers are unreachable for the client during migration of data from one server to another (during trunking detection). This flaw allows a remote NFS4 server (if the client is connected) to starve the resources, causing a denial of service. The highest threat from this vulnerability is to system availability. (CVE-2021-38199)\n\nAn unprivileged write to the file handler flaw in the Linux kernel's control groups and namespaces subsystem was found in the way users have access to some less privileged process that are controlled by cgroups and have higher privileged parent process. It is actually both for cgroup2 and cgroup1 versions of control groups. A local user could use this flaw to crash the system or escalate their privileges on the system. (CVE-2021-4197)\n\nNon-transparent sharing of branch predictor selectors between contexts in some Intel(R) Processors may allow an authorized user to potentially enable information disclosure. (CVE-2022-0001)\n\nNon-transparent sharing of branch predictor within a context in some Intel(r) Processors may allow an authorized user to potentially enable information disclosure via local access. (CVE-2022-0002)\n\nA random memory access flaw was found in the Linux kernel's GPU i915 kernel driver functionality in the way a user may run malicious code on the GPU. This flaw allows a local user to crash the system or escalate their privileges on the system. (CVE-2022-0330)\n\nA stack overflow flaw was found in the Linux kernel's TIPC protocol functionality in the way a user sends a packet with malicious content where the number of domain member nodes is higher than the 64 allowed. This flaw allows a remote user to crash the system or possibly escalate their privileges if they have access to the TIPC network. (CVE-2022-0435)\n\nA NULL pointer dereference was found in the Linux kernel's UDF file system functionality in the way the user triggers the udf_file_write_iter function for a malicious UDF image. This flaw allows a local user to crash the system. (CVE-2022-0617)\n\nA flaw was found in the Linux kernel. When an application tries to open a directory (using the O_DIRECTORY flag) in a mounted NFS filesystem, a lookup operation is performed. If the NFS server returns a file as a result of the lookup, the NFS filesystem returns an uninitialized file descriptor instead of the expected ENOTDIR value. This flaw leads to the kernel's data leak into the userspace. (CVE-2022-24448) \nReferences to CVE-2021-26401, CVE-2021-26341 and CVE-2022-23960 have been added after the original release of this advisory, however those vulnerabilities were fixed by the packages referenced by this advisory's initial release on 2022-03-07\n\nReferences to CVE-2022-0847 have been removed after the original release of this advisory, as we have determined that the code within kernel versions prior to 5.8 is not affected by CVE-2022-0847. \n\n \n**Affected Packages:** \n\n\nkernel\n\n \n**Issue Correction:** \nRun _yum update kernel_ to update your system. \n\n\n \n\n\n**New Packages:**\n \n \n i686: \n \u00a0\u00a0\u00a0 perf-4.14.268-139.500.amzn1.i686 \n \u00a0\u00a0\u00a0 kernel-debuginfo-4.14.268-139.500.amzn1.i686 \n \u00a0\u00a0\u00a0 kernel-devel-4.14.268-139.500.amzn1.i686 \n \u00a0\u00a0\u00a0 kernel-debuginfo-common-i686-4.14.268-139.500.amzn1.i686 \n \u00a0\u00a0\u00a0 kernel-4.14.268-139.500.amzn1.i686 \n \u00a0\u00a0\u00a0 kernel-tools-debuginfo-4.14.268-139.500.amzn1.i686 \n \u00a0\u00a0\u00a0 kernel-headers-4.14.268-139.500.amzn1.i686 \n \u00a0\u00a0\u00a0 perf-debuginfo-4.14.268-139.500.amzn1.i686 \n \u00a0\u00a0\u00a0 kernel-tools-4.14.268-139.500.amzn1.i686 \n \u00a0\u00a0\u00a0 kernel-tools-devel-4.14.268-139.500.amzn1.i686 \n \n src: \n \u00a0\u00a0\u00a0 kernel-4.14.268-139.500.amzn1.src \n \n x86_64: \n \u00a0\u00a0\u00a0 kernel-tools-4.14.268-139.500.amzn1.x86_64 \n \u00a0\u00a0\u00a0 kernel-headers-4.14.268-139.500.amzn1.x86_64 \n \u00a0\u00a0\u00a0 kernel-debuginfo-4.14.268-139.500.amzn1.x86_64 \n \u00a0\u00a0\u00a0 perf-debuginfo-4.14.268-139.500.amzn1.x86_64 \n \u00a0\u00a0\u00a0 kernel-4.14.268-139.500.amzn1.x86_64 \n \u00a0\u00a0\u00a0 kernel-tools-debuginfo-4.14.268-139.500.amzn1.x86_64 \n \u00a0\u00a0\u00a0 kernel-tools-devel-4.14.268-139.500.amzn1.x86_64 \n \u00a0\u00a0\u00a0 kernel-debuginfo-common-x86_64-4.14.268-139.500.amzn1.x86_64 \n \u00a0\u00a0\u00a0 perf-4.14.268-139.500.amzn1.x86_64 \n \u00a0\u00a0\u00a0 kernel-devel-4.14.268-139.500.amzn1.x86_64 \n \n \n", "published": "2022-03-07T23:19:00", "modified": "2022-05-23T21:59:00", "cvss": {"score": 9.0, "vector": "AV:N/AC:L/Au:S/C:C/I:C/A:C"}, "cvss2": {"cvssV2": {"version": "2.0", "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C", "accessVector": "NETWORK", "accessComplexity": "LOW", "authentication": "SINGLE", "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "baseScore": 9.0}, "severity": "HIGH", "exploitabilityScore": 8.0, "impactScore": 10.0, "acInsufInfo": false, "obtainAllPrivilege": false, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}, "cvss3": {"cvssV3": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "LOW", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH"}, "exploitabilityScore": 2.8, "impactScore": 5.9}, "href": "https://alas.aws.amazon.com/ALAS-2022-1571.html", "reporter": "Amazon", "references": [], "cvelist": ["CVE-2018-25020", "CVE-2020-36322", "CVE-2021-26341", "CVE-2021-26401", "CVE-2021-38199", "CVE-2021-4197", "CVE-2022-0001", "CVE-2022-0002", "CVE-2022-0330", "CVE-2022-0435", "CVE-2022-0617", "CVE-2022-0847", "CVE-2022-23960", "CVE-2022-24448"], "immutableFields": [], "lastseen": "2022-05-24T16:24:08", "viewCount": 8, "enchantments": {"backreferences": {"references": [{"type": "almalinux", "idList": ["ALSA-2022:0825"]}, {"type": "amazon", "idList": ["ALAS2-2022-1761"]}, {"type": "cisa", "idList": ["CISA:36070B40E6791FC966ACFEACAE76F54C"]}, {"type": "cloudfoundry", "idList": ["CFOUNDRY:C1D2F4D8A3F0384C89F6C8D93A4DCF97", "CFOUNDRY:FD7245C3742F24986DE3C2791BDAC899"]}, {"type": "cve", "idList": ["CVE-2020-36322", "CVE-2021-26341", "CVE-2021-26401", "CVE-2022-0001", "CVE-2022-0002"]}, {"type": "debian", "idList": ["DEBIAN:DSA-5092-1:463D4", "DEBIAN:DSA-5095-1:31FF6", "DEBIAN:DSA-5096-1:B47F5"]}, {"type": "debiancve", "idList": ["DEBIANCVE:CVE-2018-25020", "DEBIANCVE:CVE-2020-36322", "DEBIANCVE:CVE-2021-38199", "DEBIANCVE:CVE-2021-4197", "DEBIANCVE:CVE-2022-0001", "DEBIANCVE:CVE-2022-0002", "DEBIANCVE:CVE-2022-0330", "DEBIANCVE:CVE-2022-0435", "DEBIANCVE:CVE-2022-0617", "DEBIANCVE:CVE-2022-0847", "DEBIANCVE:CVE-2022-24448"]}, {"type": "exploitdb", "idList": ["EDB-ID:50808"]}, {"type": "f5", "idList": ["F5:K63603485"]}, {"type": "fedora", "idList": ["FEDORA:2C60130E5BFF", "FEDORA:6CC3030C5A5F"]}, {"type": "githubexploit", "idList": ["05772ECE-A777-5C16-8AE4-25697DCA9E81", "06ADB47C-85A7-55EC-AF1F-B6D385357D51", "086F5A44-8ECA-5D00-9C60-EC88FF0A6024", "1F2532B3-0167-53EA-ACD1-3EC546ACA052", "269A4547-2CD1-5B12-B3D0-9D78BE5431EC", "2C78124E-4C73-5C91-B8BF-5079AC3CDFA1", "32070F43-C6B7-5C66-89ED-2AE2F8A1DD03", "483F1274-762B-571F-949F-1C5067A06733", "4ABDA4BC-28F3-5905-A32E-0ACA0226EDFB", "52F5C576-65D5-5536-996C-AF0A19F01F5B", "564795E6-048F-581C-B600-4CA7B45E1319", "687DFFBC-B653-59B8-BEB3-091905C4B176", "689C5F8A-6D6F-57E5-9B20-4E85EB67AE29", "71F849A9-2312-5FE0-83E4-C6DE378661BA", "8B409CA3-4DAE-57CA-B491-B4590CB1E0FB", "90A1A21C-0BCB-5C0E-AC76-A9EEC30F9907", "9164EE1E-594B-5679-8EF8-6BB9506270D0", "A249241C-8F8A-5640-BDDD-E66E8A9E48B8", "A3B770BE-1A12-5CD4-A06F-EE317094975F", "B534183D-00E6-58F7-BD0F-372BEC91370C", "B573163B-4BBC-5984-8941-EC17F24348B1", "CAF813CE-0A25-5EA7-93B7-BEA8325E0296", "D3E5B654-426C-530F-AD24-9E84C86C623A", "D86EDC54-781B-5FC3-95F4-35B9EB4DFF0B", "DFCB8D82-860E-5D5D-ABA6-50C59B69936B", "E15E347F-A26F-5F55-AA97-650439269AD6", "E486E79A-CFAD-56DE-B622-D64E700A822C", "F68A7C89-1ADB-5CF7-8EAC-4DEA137ED81A"]}, {"type": "hivepro", "idList": ["HIVEPRO:0FD85E9ED6B2DCA44395302577E41C7B"]}, {"type": "ibm", "idList": ["41CD314F34CC21D5DF000017FEA2274687041AD7C28B5D88AAAF2CE43C5EF417"]}, {"type": "malwarebytes", "idList": ["MALWAREBYTES:1A0558E103585383F84E3D6A1AD1518E"]}, {"type": "metasploit", "idList": ["MSF:EXPLOIT/LINUX/LOCAL/CVE_2022_0847_DIRTYPIPE/"]}, {"type": "nessus", "idList": ["AL2_ALAS-2022-1761.NASL", "ALA_ALAS-2022-1571.NASL", "DEBIAN_DSA-4978.NASL", "DEBIAN_DSA-5095.NASL", "DEBIAN_DSA-5096.NASL", "REDHAT-RHSA-2022-0592.NASL", "REDHAT-RHSA-2022-0712.NASL", "REDHAT-RHSA-2022-0718.NASL", "REDHAT-RHSA-2022-0771.NASL", "REDHAT-RHSA-2022-0772.NASL", "REDHAT-RHSA-2022-0777.NASL", "REDHAT-RHSA-2022-0841.NASL", "SUSE_SU-2022-0756-1.NASL", "SUSE_SU-2022-0757-1.NASL", "SUSE_SU-2022-0759-1.NASL", "SUSE_SU-2022-0761-1.NASL", "SUSE_SU-2022-0762-1.NASL", "SUSE_SU-2022-0765-1.NASL", "SUSE_SU-2022-0766-1.NASL", "SUSE_SU-2022-0767-1.NASL", "SUSE_SU-2022-0768-1.NASL", "SUSE_SU-2022-14905-1.NASL", "UBUNTU_USN-5106-1.NASL", "UBUNTU_USN-5317-1.NASL", "UBUNTU_USN-5318-1.NASL", "UBUNTU_USN-5319-1.NASL"]}, {"type": "oraclelinux", "idList": ["ELSA-2022-9210", "ELSA-2022-9211", "ELSA-2022-9212"]}, {"type": "packetstorm", "idList": ["PACKETSTORM:166258"]}, {"type": "photon", "idList": ["PHSA-2021-0325", "PHSA-2022-0160"]}, {"type": "rapid7blog", "idList": ["RAPID7BLOG:5BB9C8859E9D36496DAB6425419453D9", "RAPID7BLOG:C89CBECF94C64F41DF3E509527A73690"]}, {"type": "redhat", "idList": ["RHSA-2022:0236", "RHSA-2022:0712"]}, {"type": "redhatcve", "idList": ["RH:CVE-2021-26341", "RH:CVE-2021-26401", "RH:CVE-2022-0001", "RH:CVE-2022-0002", "RH:CVE-2022-0330", "RH:CVE-2022-0435", "RH:CVE-2022-0847"]}, {"type": "rocky", "idList": ["RLSA-2022:819", "RLSA-2022:825"]}, {"type": "securelist", "idList": ["SECURELIST:895B39A6085B9876A2B776FD85EF2689"]}, {"type": "slackware", "idList": ["SSA-2022-067-01"]}, {"type": "suse", "idList": ["OPENSUSE-SU-2022:0755-1", "OPENSUSE-SU-2022:0760-1", "OPENSUSE-SU-2022:0768-1"]}, {"type": "thn", "idList": ["THN:E1BBDEC03BFACEE731E20A3BE9FFD214"]}, {"type": "threatpost", "idList": ["THREATPOST:932AA74F12B9D2AD0E8589AC1A2C1438"]}, {"type": "ubuntu", "idList": ["USN-5302-1", "USN-5317-1", "USN-5318-1", "USN-5319-1"]}, {"type": "zdt", "idList": ["1337DAY-ID-37460", "1337DAY-ID-37461", "1337DAY-ID-37474"]}]}, "score": {"value": 1.0, "vector": "NONE"}, "dependencies": {"references": [{"type": "almalinux", "idList": ["ALSA-2021:1578", "ALSA-2022:0825", "ALSA-2022:1988"]}, {"type": "amazon", "idList": ["ALAS2-2022-1761"]}, {"type": "amd", "idList": ["AMD-SB-1026", "AMD-SB-1036"]}, {"type": "androidsecurity", "idList": ["ANDROID:2022-05-01"]}, {"type": "attackerkb", "idList": ["AKB:EA31F9B4-91F6-4926-9B68-5F98B55FC0FE"]}, {"type": "centos", "idList": ["CESA-2022:0063", "CESA-2022:0620"]}, {"type": "cisa", "idList": ["CISA:36070B40E6791FC966ACFEACAE76F54C"]}, {"type": "citrix", "idList": ["CTX341586"]}, {"type": "cloudfoundry", "idList": ["CFOUNDRY:1B101FB251EDFB9515B6EABF00F1012E", "CFOUNDRY:5C1685BF1F8BCC0EFD4A80083950136F", "CFOUNDRY:73F8C8B872786F9D1C6842EE16AD1519", "CFOUNDRY:82DF14FC7487619119F0BE4E5983B231", "CFOUNDRY:873D4C50CDC37566272A2CA3925ADB7A", "CFOUNDRY:9170AF39C296B9726CD7B93B3A36EC22", "CFOUNDRY:C1D2F4D8A3F0384C89F6C8D93A4DCF97", "CFOUNDRY:F80B396F2BC116F4085AD8234E752ED0", "CFOUNDRY:FD7245C3742F24986DE3C2791BDAC899"]}, {"type": "cve", "idList": ["CVE-2018-25020", "CVE-2020-36322", "CVE-2021-26341", "CVE-2021-26401", "CVE-2021-38199", "CVE-2021-4197", "CVE-2022-0001", "CVE-2022-0002", "CVE-2022-0330", "CVE-2022-0435", "CVE-2022-0617", "CVE-2022-0847", "CVE-2022-23960", "CVE-2022-24448"]}, {"type": "debian", "idList": ["DEBIAN:DLA-2689-1:31A23", "DEBIAN:DLA-2785-1:A6280", "DEBIAN:DLA-2843-1:AB8E9", "DEBIAN:DLA-2940-1:FB71D", "DEBIAN:DLA-2941-1:96084", "DEBIAN:DLA-3065-1:C1710", "DEBIAN:DSA-4978-1:4EC47", "DEBIAN:DSA-4978-1:98A5E", "DEBIAN:DSA-5092-1:463D4", "DEBIAN:DSA-5095-1:31FF6", "DEBIAN:DSA-5096-1:B47F5", "DEBIAN:DSA-5127-1:B6959", "DEBIAN:DSA-5173-1:5A28E"]}, {"type": "debiancve", "idList": ["DEBIANCVE:CVE-2018-25020", "DEBIANCVE:CVE-2020-36322", "DEBIANCVE:CVE-2021-26401", "DEBIANCVE:CVE-2021-38199", "DEBIANCVE:CVE-2021-4197", "DEBIANCVE:CVE-2022-0001", "DEBIANCVE:CVE-2022-0002", "DEBIANCVE:CVE-2022-0330", "DEBIANCVE:CVE-2022-0435", "DEBIANCVE:CVE-2022-0617", "DEBIANCVE:CVE-2022-0847", "DEBIANCVE:CVE-2022-23960", "DEBIANCVE:CVE-2022-24448"]}, {"type": "exploitdb", "idList": ["EDB-ID:50808"]}, {"type": "f5", "idList": ["F5:K01311152", "F5:K30914425", "F5:K63603485"]}, {"type": "fedora", "idList": ["FEDORA:2C60130E5BFF", "FEDORA:3C62F312AD5B", "FEDORA:47BE23070D89", "FEDORA:5021030569C0", "FEDORA:6CC3030C5A5F", "FEDORA:D3A2830AA053"]}, {"type": "githubexploit", "idList": ["05772ECE-A777-5C16-8AE4-25697DCA9E81", "0661150D-5F5B-5091-9137-D0F74B0B773E", "06ADB47C-85A7-55EC-AF1F-B6D385357D51", "086F5A44-8ECA-5D00-9C60-EC88FF0A6024", "0A92F6C1-7482-5379-9255-395EE9F50C04", "0AB0DD16-3EF1-5D1D-BE61-96FDD1D699D1", "0CEB4629-9B78-506E-A0CF-6E62D3203564", "0F72D810-4FD9-5249-B4EE-C262C0E8E81F", "12570BB6-9BCA-5792-9E08-32A83CFD8209", "12586F18-65D0-56EC-ABDC-A2C75034CF09", "18307056-6D88-5195-8CFA-56E31359A0D0", "1964C242-8B6C-5810-8E68-05612C82FC9C", "1BD47E86-3B10-5D96-B1C1-658AFD757407", "1F2532B3-0167-53EA-ACD1-3EC546ACA052", "269A4547-2CD1-5B12-B3D0-9D78BE5431EC", "2C78124E-4C73-5C91-B8BF-5079AC3CDFA1", "2F7AEDB6-2F5A-5DA7-A85D-746DEA4C7B0B", "32070F43-C6B7-5C66-89ED-2AE2F8A1DD03", "3508DC5C-AD5C-508A-B78C-09B6AAEB232C", "3773C013-3749-58FC-826E-D8D781A68DF0", "38C8D690-B509-5A38-90C0-C9F825598CD9", "3B3DFBBD-2F8E-56CE-B2A4-9D5D4527B2E9", "483F1274-762B-571F-949F-1C5067A06733", "492EFDCD-23F3-59CE-A969-F39D7FDC6A26", "4ABDA4BC-28F3-5905-A32E-0ACA0226EDFB", "52F5C576-65D5-5536-996C-AF0A19F01F5B", "54CB6211-047E-5129-8A15-3E47982A69B7", "564795E6-048F-581C-B600-4CA7B45E1319", "65583195-380B-5F46-A183-7DD135337290", "687DFFBC-B653-59B8-BEB3-091905C4B176", "689C5F8A-6D6F-57E5-9B20-4E85EB67AE29", "68FB3CCC-E98B-5AB8-BB16-9661E947858E", "707C38FA-F0B2-55CC-8D02-98EDBDDA27DB", "71F849A9-2312-5FE0-83E4-C6DE378661BA", "84404A2B-FE32-5957-BBF3-981AF3074BF4", "8B409CA3-4DAE-57CA-B491-B4590CB1E0FB", "90A1A21C-0BCB-5C0E-AC76-A9EEC30F9907", "9164EE1E-594B-5679-8EF8-6BB9506270D0", "91ACFD93-47E2-56B0-A34A-8DC0F7D97A8E", "A171AB83-32C6-5B8D-9F82-F426CC504532", "A249241C-8F8A-5640-BDDD-E66E8A9E48B8", "A3B770BE-1A12-5CD4-A06F-EE317094975F", "A404C02A-61C8-53DD-9BC0-EDE503C19C2C", "A714BDDC-3F3E-5762-8D54-A97B7FAD41C4", "ABF4B7F4-3AAC-58C8-B546-FC4ED5C0827A", "B534183D-00E6-58F7-BD0F-372BEC91370C", "B573163B-4BBC-5984-8941-EC17F24348B1", "BB31C2F4-F061-56B0-A316-953AD0E4E42E", "BC274E1C-826C-5417-953C-082B3ECA17BD", "C9458BBE-5F11-5BB6-BE59-8D6EC5E3D513", "CAF813CE-0A25-5EA7-93B7-BEA8325E0296", "D144D690-C331-5457-B5B3-92AE9A0109D6", "D3E5B654-426C-530F-AD24-9E84C86C623A", "D86EDC54-781B-5FC3-95F4-35B9EB4DFF0B", "DFCB8D82-860E-5D5D-ABA6-50C59B69936B", "DFF99976-FE50-580B-8456-0C46E6F1AA69", "E15E347F-A26F-5F55-AA97-650439269AD6", "E486E79A-CFAD-56DE-B622-D64E700A822C", "E4C46A03-D265-51D4-AF1A-A576FA76B6B3", "ED3ABF40-1012-549B-9D0F-E7434B20E12A", "F68A7C89-1ADB-5CF7-8EAC-4DEA137ED81A", "F6CBF78D-D79C-5DEC-A6E9-A8FC076880BE", "F96353A7-4B24-55A5-94FF-961F6C500826"]}, {"type": "hivepro", "idList": ["HIVEPRO:0FD85E9ED6B2DCA44395302577E41C7B", "HIVEPRO:B25417250BE7F8A7BBB1186F85A865F9"]}, {"type": "ibm", "idList": ["41CD314F34CC21D5DF000017FEA2274687041AD7C28B5D88AAAF2CE43C5EF417", "65AC1B828E41A5505E1A8E4F6E7E2E7A2BE86DE58C539C97379A40C7ED8BBD9F", "72AD5D71FF571D991FCA51BDAC7D0D303109A868FA89340C6F8CD492F9F038E3", "B2EA2FBA4D280351FEA7F9EC1921C448D44F4D9EC613590A87A15467F7D34153", "B315A585CDBD4D516E60AAEBBA49CDD9274D016108F5F855F13CF2FE3AA0F562", "ED670677BEE7F824FAA4922AD08CFBF43478203FCCB636E589E6854737336228"]}, {"type": "ics", "idList": ["ICSA-22-167-09"]}, {"type": "intel", "idList": ["INTEL:INTEL-SA-00598"]}, {"type": "mageia", "idList": ["MGASA-2022-0021", "MGASA-2022-0022", "MGASA-2022-0041", "MGASA-2022-0042", "MGASA-2022-0062", "MGASA-2022-0063", "MGASA-2022-0092", "MGASA-2022-0095", "MGASA-2022-0100", "MGASA-2022-0101"]}, {"type": "malwarebytes", "idList": ["MALWAREBYTES:1A0558E103585383F84E3D6A1AD1518E"]}, {"type": "metasploit", "idList": ["MSF:EXPLOIT-LINUX-LOCAL-CVE_2022_0847_DIRTYPIPE-"]}, {"type": "nessus", "idList": ["AL2_ALAS-2022-1761.NASL", "AL2_ALASKERNEL-5_10-2022-004.NASL", "AL2_ALASKERNEL-5_10-2022-010.NASL", "AL2_ALASKERNEL-5_10-2022-011.NASL", "AL2_ALASKERNEL-5_4-2022-006.NASL", "AL2_ALASKERNEL-5_4-2022-022.NASL", "AL2_ALASKERNEL-5_4-2022-023.NASL", "ALA_ALAS-2022-1571.NASL", "ALMA_LINUX_ALSA-2021-1578.NASL", "ALMA_LINUX_ALSA-2022-1988.NASL", "CENTOS8_RHSA-2021-1578.NASL", "CENTOS8_RHSA-2022-0825.NASL", "CENTOS_RHSA-2022-0063.NASL", "CENTOS_RHSA-2022-0620.NASL", "DEBIAN_DLA-2689.NASL", "DEBIAN_DLA-2843.NASL", "DEBIAN_DLA-3065.NASL", "DEBIAN_DSA-4978.NASL", "DEBIAN_DSA-5092.NASL", "DEBIAN_DSA-5095.NASL", "DEBIAN_DSA-5096.NASL", "DEBIAN_DSA-5127.NASL", "DEBIAN_DSA-5173.NASL", "EULEROS_SA-2021-1967.NASL", "EULEROS_SA-2021-1971.NASL", "EULEROS_SA-2021-1983.NASL", "EULEROS_SA-2021-2051.NASL", "EULEROS_SA-2021-2062.NASL", "EULEROS_SA-2021-2075.NASL", "EULEROS_SA-2021-2336.NASL", "EULEROS_SA-2021-2392.NASL", "EULEROS_SA-2021-2636.NASL", "EULEROS_SA-2021-2688.NASL", "EULEROS_SA-2021-2713.NASL", "EULEROS_SA-2021-2818.NASL", "EULEROS_SA-2021-2934.NASL", "EULEROS_SA-2022-1070.NASL", "EULEROS_SA-2022-1171.NASL", "EULEROS_SA-2022-1366.NASL", "EULEROS_SA-2022-1429.NASL", "EULEROS_SA-2022-1450.NASL", "EULEROS_SA-2022-1489.NASL", "EULEROS_SA-2022-1508.NASL", "EULEROS_SA-2022-1537.NASL", "EULEROS_SA-2022-1607.NASL", "EULEROS_SA-2022-1630.NASL", "EULEROS_SA-2022-1647.NASL", "EULEROS_SA-2022-1661.NASL", "EULEROS_SA-2022-1681.NASL", "EULEROS_SA-2022-1735.NASL", "EULEROS_SA-2022-1779.NASL", "EULEROS_SA-2022-1781.NASL", "EULEROS_SA-2022-1782.NASL", "EULEROS_SA-2022-1868.NASL", "EULEROS_SA-2022-1934.NASL", "EULEROS_SA-2022-1969.NASL", "EULEROS_SA-2022-2026.NASL", "EULEROS_SA-2022-2054.NASL", "EULEROS_SA-2022-2110.NASL", "EULEROS_SA-2022-2159.NASL", "EULEROS_SA-2022-2181.NASL", "EULEROS_SA-2022-2200.NASL", "NEWSTART_CGSL_NS-SA-2022-0074_KERNEL.NASL", "OPENSUSE-2021-1975.NASL", "OPENSUSE-2021-1977.NASL", "OPENSUSE-2021-579.NASL", "OPENSUSE-2022-0169-1.NASL", "OPENSUSE-2022-0198-1.NASL", "OPENSUSE-2022-0363-1.NASL", "OPENSUSE-2022-0366-1.NASL", "OPENSUSE-2022-0370-1.NASL", "OPENSUSE-2022-0755-1.NASL", "OPENSUSE-2022-0760-1.NASL", "OPENSUSE-2022-0768-1.NASL", "OPENSUSE-2022-0940-1.NASL", "OPENSUSE-2022-1037-1.NASL", "OPENSUSE-2022-1039-1.NASL", "ORACLELINUX_ELSA-2021-1578.NASL", "ORACLELINUX_ELSA-2021-9458.NASL", "ORACLELINUX_ELSA-2021-9460.NASL", "ORACLELINUX_ELSA-2021-9485.NASL", "ORACLELINUX_ELSA-2021-9488.NASL", "ORACLELINUX_ELSA-2022-0063.NASL", "ORACLELINUX_ELSA-2022-0620.NASL", "ORACLELINUX_ELSA-2022-0825.NASL", "ORACLELINUX_ELSA-2022-1988.NASL", "ORACLELINUX_ELSA-2022-9141.NASL", "ORACLELINUX_ELSA-2022-9142.NASL", "ORACLELINUX_ELSA-2022-9147.NASL", "ORACLELINUX_ELSA-2022-9148.NASL", "ORACLELINUX_ELSA-2022-9179.NASL", "ORACLELINUX_ELSA-2022-9180.NASL", "ORACLELINUX_ELSA-2022-9198.NASL", "ORACLELINUX_ELSA-2022-9199.NASL", "ORACLELINUX_ELSA-2022-9200.NASL", "ORACLELINUX_ELSA-2022-9201.NASL", "ORACLELINUX_ELSA-2022-9210.NASL", "ORACLELINUX_ELSA-2022-9211.NASL", "ORACLELINUX_ELSA-2022-9212.NASL", "ORACLELINUX_ELSA-2022-9213.NASL", "ORACLELINUX_ELSA-2022-9244.NASL", "ORACLELINUX_ELSA-2022-9245.NASL", "ORACLELINUX_ELSA-2022-9260.NASL", "ORACLELINUX_ELSA-2022-9273.NASL", "ORACLELINUX_ELSA-2022-9274.NASL", "ORACLELINUX_ELSA-2022-9313.NASL", "ORACLELINUX_ELSA-2022-9314.NASL", "ORACLELINUX_ELSA-2022-9348.NASL", "ORACLELINUX_ELSA-2022-9479.NASL", "ORACLELINUX_ELSA-2022-9480.NASL", "ORACLEVM_OVMSA-2022-0011.NASL", "ORACLEVM_OVMSA-2022-0014.NASL", "REDHAT-RHSA-2021-1578.NASL", "REDHAT-RHSA-2022-0063.NASL", "REDHAT-RHSA-2022-0065.NASL", "REDHAT-RHSA-2022-0072.NASL", "REDHAT-RHSA-2022-0078.NASL", "REDHAT-RHSA-2022-0592.NASL", "REDHAT-RHSA-2022-0620.NASL", "REDHAT-RHSA-2022-0622.NASL", "REDHAT-RHSA-2022-0712.NASL", "REDHAT-RHSA-2022-0718.NASL", "REDHAT-RHSA-2022-0771.NASL", "REDHAT-RHSA-2022-0772.NASL", "REDHAT-RHSA-2022-0777.NASL", "REDHAT-RHSA-2022-0819.NASL", "REDHAT-RHSA-2022-0820.NASL", "REDHAT-RHSA-2022-0821.NASL", "REDHAT-RHSA-2022-0822.NASL", "REDHAT-RHSA-2022-0823.NASL", "REDHAT-RHSA-2022-0825.NASL", "REDHAT-RHSA-2022-0831.NASL", "REDHAT-RHSA-2022-0841.NASL", "REDHAT-RHSA-2022-0849.NASL", "REDHAT-RHSA-2022-0851.NASL", "REDHAT-RHSA-2022-0925.NASL", "REDHAT-RHSA-2022-0958.NASL", "REDHAT-RHSA-2022-1103.NASL", "REDHAT-RHSA-2022-1104.NASL", "REDHAT-RHSA-2022-1106.NASL", "REDHAT-RHSA-2022-1107.NASL", "REDHAT-RHSA-2022-1186.NASL", "REDHAT-RHSA-2022-1209.NASL", "REDHAT-RHSA-2022-1213.NASL", "REDHAT-RHSA-2022-1263.NASL", "REDHAT-RHSA-2022-1589.NASL", "REDHAT-RHSA-2022-1619.NASL", "REDHAT-RHSA-2022-1975.NASL", "REDHAT-RHSA-2022-1988.NASL", "REDHAT-RHSA-2022-5626.NASL", "REDHAT-RHSA-2022-5633.NASL", "ROCKY_LINUX_RLSA-2022-819.NASL", "ROCKY_LINUX_RLSA-2022-825.NASL", "SLACKWARE_SSA_2022-031-01.NASL", "SLACKWARE_SSA_2022-067-01.NASL", "SLACKWARE_SSA_2022-129-01.NASL", "SL_20220114_KERNEL_ON_SL7_X.NASL", "SL_20220223_KERNEL_ON_SL7_X.NASL", "SUSE_SU-2021-1238-1.NASL", "SUSE_SU-2021-14724-1.NASL", "SUSE_SU-2021-1572-1.NASL", "SUSE_SU-2021-1573-1.NASL", "SUSE_SU-2021-1595-1.NASL", "SUSE_SU-2021-1596-1.NASL", "SUSE_SU-2021-1617-1.NASL", "SUSE_SU-2021-1623-1.NASL", "SUSE_SU-2021-1624-1.NASL", "SUSE_SU-2021-1865-1.NASL", "SUSE_SU-2021-1870-1.NASL", "SUSE_SU-2021-1975-1.NASL", "SUSE_SU-2021-1977-1.NASL", "SUSE_SU-2021-2198-1.NASL", "SUSE_SU-2021-2577-1.NASL", "SUSE_SU-2022-0068-1.NASL", "SUSE_SU-2022-0080-1.NASL", "SUSE_SU-2022-0169-1.NASL", "SUSE_SU-2022-0197-1.NASL", "SUSE_SU-2022-0198-1.NASL", "SUSE_SU-2022-0237-1.NASL", "SUSE_SU-2022-0243-1.NASL", "SUSE_SU-2022-0245-1.NASL", "SUSE_SU-2022-0255-1.NASL", "SUSE_SU-2022-0288-1.NASL", "SUSE_SU-2022-0289-1.NASL", "SUSE_SU-2022-0296-1.NASL", "SUSE_SU-2022-0298-1.NASL", "SUSE_SU-2022-0325-1.NASL", "SUSE_SU-2022-0327-1.NASL", "SUSE_SU-2022-0328-1.NASL", "SUSE_SU-2022-0329-1.NASL", "SUSE_SU-2022-0362-1.NASL", "SUSE_SU-2022-0363-1.NASL", "SUSE_SU-2022-0364-1.NASL", "SUSE_SU-2022-0365-1.NASL", "SUSE_SU-2022-0366-1.NASL", "SUSE_SU-2022-0367-1.NASL", "SUSE_SU-2022-0370-1.NASL", "SUSE_SU-2022-0371-1.NASL", "SUSE_SU-2022-0372-1.NASL", "SUSE_SU-2022-0418-1.NASL", "SUSE_SU-2022-0429-1.NASL", "SUSE_SU-2022-0436-1.NASL", "SUSE_SU-2022-0463-1.NASL", "SUSE_SU-2022-0477-1.NASL", "SUSE_SU-2022-0543-1.NASL", "SUSE_SU-2022-0544-1.NASL", "SUSE_SU-2022-0555-1.NASL", "SUSE_SU-2022-0755-1.NASL", "SUSE_SU-2022-0756-1.NASL", "SUSE_SU-2022-0757-1.NASL", "SUSE_SU-2022-0759-1.NASL", "SUSE_SU-2022-0760-1.NASL", "SUSE_SU-2022-0761-1.NASL", "SUSE_SU-2022-0762-1.NASL", "SUSE_SU-2022-0763-1.NASL", "SUSE_SU-2022-0764-1.NASL", "SUSE_SU-2022-0765-1.NASL", "SUSE_SU-2022-0766-1.NASL", "SUSE_SU-2022-0767-1.NASL", "SUSE_SU-2022-0768-1.NASL", "SUSE_SU-2022-0931-1.NASL", "SUSE_SU-2022-0939-1.NASL", "SUSE_SU-2022-0940-1.NASL", "SUSE_SU-2022-1037-1.NASL", "SUSE_SU-2022-1038-1.NASL", "SUSE_SU-2022-1039-1.NASL", "SUSE_SU-2022-1196-1.NASL", "SUSE_SU-2022-1257-1.NASL", "SUSE_SU-2022-1285-1.NASL", "SUSE_SU-2022-1300-1.NASL", "SUSE_SU-2022-1359-1.NASL", "SUSE_SU-2022-1375-1.NASL", "SUSE_SU-2022-1408-1.NASL", "SUSE_SU-2022-14905-1.NASL", "SUSE_SU-2022-1569-1.NASL", "SUSE_SU-2022-1575-1.NASL", "SUSE_SU-2022-1580-1.NASL", "SUSE_SU-2022-1589-1.NASL", "SUSE_SU-2022-1591-1.NASL", "SUSE_SU-2022-1605-1.NASL", "SUSE_SU-2022-1637-1.NASL", "SUSE_SU-2022-1640-1.NASL", "SUSE_SU-2022-1651-1.NASL", "SUSE_SU-2022-2079-1.NASL", "SUSE_SU-2022-2080-1.NASL", "SUSE_SU-2022-2376-1.NASL", "SUSE_SU-2022-2379-1.NASL", "SUSE_SU-2022-2393-1.NASL", "SUSE_SU-2022-2407-1.NASL", "SUSE_SU-2022-2411-1.NASL", "SUSE_SU-2022-2422-1.NASL", "SUSE_SU-2022-2423-1.NASL", "SUSE_SU-2022-2424-1.NASL", "SUSE_SU-2022-2478-1.NASL", "SUSE_SU-2022-2520-1.NASL", "SUSE_SU-2022-2549-1.NASL", "SUSE_SU-2022-2615-1.NASL", "SUSE_SU-2022-2629-1.NASL", "UBUNTU_USN-5091-1.NASL", "UBUNTU_USN-5091-2.NASL", "UBUNTU_USN-5092-1.NASL", "UBUNTU_USN-5092-2.NASL", "UBUNTU_USN-5096-1.NASL", "UBUNTU_USN-5106-1.NASL", "UBUNTU_USN-5120-1.NASL", "UBUNTU_USN-5136-1.NASL", "UBUNTU_USN-5278-1.NASL", "UBUNTU_USN-5294-1.NASL", "UBUNTU_USN-5294-2.NASL", "UBUNTU_USN-5295-1.NASL", "UBUNTU_USN-5295-2.NASL", "UBUNTU_USN-5297-1.NASL", "UBUNTU_USN-5298-1.NASL", "UBUNTU_USN-5302-1.NASL", "UBUNTU_USN-5317-1.NASL", "UBUNTU_USN-5318-1.NASL", "UBUNTU_USN-5319-1.NASL", "UBUNTU_USN-5337-1.NASL", "UBUNTU_USN-5338-1.NASL", "UBUNTU_USN-5339-1.NASL", "UBUNTU_USN-5343-1.NASL", "UBUNTU_USN-5362-1.NASL", "UBUNTU_USN-5368-1.NASL", "UBUNTU_USN-5377-1.NASL", "UBUNTU_USN-5383-1.NASL", "UBUNTU_USN-5384-1.NASL", "UBUNTU_USN-5385-1.NASL", "UBUNTU_USN-5415-1.NASL", "UBUNTU_USN-5417-1.NASL", "UBUNTU_USN-5418-1.NASL", "UBUNTU_USN-5467-1.NASL", "UBUNTU_USN-5500-1.NASL", "UBUNTU_USN-5505-1.NASL", "UBUNTU_USN-5515-1.NASL", "UBUNTU_USN-5541-1.NASL"]}, {"type": "oracle", "idList": ["ORACLE:CPUJUL2022"]}, {"type": "oraclelinux", "idList": ["ELSA-2021-1578", "ELSA-2021-9458", "ELSA-2021-9460", "ELSA-2021-9485", "ELSA-2021-9488", "ELSA-2022-0063", "ELSA-2022-0620", "ELSA-2022-0825", "ELSA-2022-1988", "ELSA-2022-9198", "ELSA-2022-9199", "ELSA-2022-9200", "ELSA-2022-9201", "ELSA-2022-9210", "ELSA-2022-9211", "ELSA-2022-9212", "ELSA-2022-9213", "ELSA-2022-9244", "ELSA-2022-9245", "ELSA-2022-9260", "ELSA-2022-9273", "ELSA-2022-9274", "ELSA-2022-9313", "ELSA-2022-9314", "ELSA-2022-9348", "ELSA-2022-9479", "ELSA-2022-9480"]}, {"type": "osv", "idList": ["OSV:DLA-2689-1", "OSV:DLA-2785-1", "OSV:DLA-2843-1", "OSV:DLA-2940-1", "OSV:DLA-2941-1", "OSV:DLA-3065-1", "OSV:DSA-4978-1", "OSV:DSA-5092-1", "OSV:DSA-5095-1", "OSV:DSA-5096-1", "OSV:DSA-5127-1", "OSV:DSA-5173-1"]}, {"type": "packetstorm", "idList": ["PACKETSTORM:166258"]}, {"type": "photon", "idList": ["PHSA-2021-0278", "PHSA-2021-0410", "PHSA-2021-0415", "PHSA-2021-0447", "PHSA-2021-0449", "PHSA-2021-1.0-0448", "PHSA-2022-0148", "PHSA-2022-0152", "PHSA-2022-0160", "PHSA-2022-0201", "PHSA-2022-0356", "PHSA-2022-0361", "PHSA-2022-0393", "PHSA-2022-0429", "PHSA-2022-0433", "PHSA-2022-0440", "PHSA-2022-0449", "PHSA-2022-0464"]}, {"type": "rapid7blog", "idList": ["RAPID7BLOG:02EDDA927928C11A6D10A4A0D17823AF", "RAPID7BLOG:07CA09B4E3B3835E096AA56546C43E8E", "RAPID7BLOG:5BB9C8859E9D36496DAB6425419453D9", "RAPID7BLOG:C89CBECF94C64F41DF3E509527A73690"]}, {"type": "redhat", "idList": ["RHSA-2021:1578", "RHSA-2021:2121", "RHSA-2021:2136", "RHSA-2022:0063", "RHSA-2022:0065", "RHSA-2022:0072", "RHSA-2022:0078", "RHSA-2022:0181", "RHSA-2022:0236", "RHSA-2022:0592", "RHSA-2022:0595", "RHSA-2022:0620", "RHSA-2022:0622", "RHSA-2022:0712", "RHSA-2022:0718", "RHSA-2022:0771", "RHSA-2022:0772", "RHSA-2022:0777", "RHSA-2022:0819", "RHSA-2022:0820", "RHSA-2022:0821", "RHSA-2022:0822", "RHSA-2022:0823", "RHSA-2022:0825", "RHSA-2022:0831", "RHSA-2022:0841", "RHSA-2022:0849", "RHSA-2022:0851", "RHSA-2022:0856", "RHSA-2022:0925", "RHSA-2022:0958", "RHSA-2022:1083", "RHSA-2022:1103", "RHSA-2022:1104", "RHSA-2022:1106", "RHSA-2022:1107", "RHSA-2022:1186", "RHSA-2022:1209", "RHSA-2022:1213", "RHSA-2022:1263", "RHSA-2022:1396", "RHSA-2022:1476", "RHSA-2022:1589", "RHSA-2022:1619", "RHSA-2022:1622", "RHSA-2022:1975", "RHSA-2022:1988", "RHSA-2022:4814", "RHSA-2022:4956", "RHSA-2022:5201", "RHSA-2022:5392", "RHSA-2022:5483", "RHSA-2022:5626", "RHSA-2022:5633", "RHSA-2022:5730"]}, {"type": "redhatcve", "idList": ["RH:CVE-2018-25020", "RH:CVE-2020-36322", "RH:CVE-2021-26341", "RH:CVE-2021-26401", "RH:CVE-2021-38199", "RH:CVE-2021-4197", "RH:CVE-2022-0001", "RH:CVE-2022-0002", "RH:CVE-2022-0330", "RH:CVE-2022-0435", "RH:CVE-2022-0617", "RH:CVE-2022-0847", "RH:CVE-2022-23960", "RH:CVE-2022-24448"]}, {"type": "rocky", "idList": ["RLSA-2022:819", "RLSA-2022:825"]}, {"type": "securelist", "idList": ["SECURELIST:11665FFD7075FB9D59316195101DE894", "SECURELIST:895B39A6085B9876A2B776FD85EF2689"]}, {"type": "slackware", "idList": ["SSA-2022-031-01", "SSA-2022-067-01", "SSA-2022-129-01"]}, {"type": "suse", "idList": ["OPENSUSE-SU-2021:0579-1", "OPENSUSE-SU-2021:1975-1", "OPENSUSE-SU-2021:1977-1", "OPENSUSE-SU-2022:0169-1", "OPENSUSE-SU-2022:0198-1", "OPENSUSE-SU-2022:0363-1", "OPENSUSE-SU-2022:0366-1", "OPENSUSE-SU-2022:0370-1", "OPENSUSE-SU-2022:0755-1", "OPENSUSE-SU-2022:0760-1", "OPENSUSE-SU-2022:0768-1", "OPENSUSE-SU-2022:0940-1", "OPENSUSE-SU-2022:1037-1", "OPENSUSE-SU-2022:1039-1", "SUSE-SU-2022:2079-1", "SUSE-SU-2022:2376-1", "SUSE-SU-2022:2411-1", "SUSE-SU-2022:2422-1", "SUSE-SU-2022:2520-1", "SUSE-SU-2022:2549-1", "SUSE-SU-2022:2615-1"]}, {"type": "thn", "idList": ["THN:8198C407B889F0B459BC5B078A2D620C", "THN:938E26EF0D2BCE29F29F40BEEB9944AB", "THN:E1BBDEC03BFACEE731E20A3BE9FFD214"]}, {"type": "threatpost", "idList": ["THREATPOST:1A553B57472BB0EB8D69F573B510FDE6", "THREATPOST:932AA74F12B9D2AD0E8589AC1A2C1438"]}, {"type": "trendmicroblog", "idList": ["TRENDMICROBLOG:0C2FF089C7ACB1C778D7B5AC05563AA6"]}, {"type": "ubuntu", "idList": ["LSN-0083-1", "USN-5091-1", "USN-5091-2", "USN-5091-3", "USN-5092-1", "USN-5092-2", "USN-5092-3", "USN-5096-1", "USN-5106-1", "USN-5120-1", "USN-5136-1", "USN-5278-1", "USN-5294-1", "USN-5294-2", "USN-5295-1", "USN-5295-2", "USN-5297-1", "USN-5298-1", "USN-5302-1", "USN-5317-1", "USN-5318-1", "USN-5319-1", "USN-5337-1", "USN-5338-1", "USN-5339-1", "USN-5343-1", "USN-5362-1", "USN-5368-1", "USN-5377-1", "USN-5383-1", "USN-5384-1", "USN-5385-1", "USN-5415-1", "USN-5417-1", "USN-5418-1", "USN-5467-1", "USN-5500-1", "USN-5505-1", "USN-5513-1", "USN-5515-1", "USN-5541-1"]}, {"type": "ubuntucve", "idList": ["UB:CVE-2018-25020", "UB:CVE-2020-36322", "UB:CVE-2021-26401", "UB:CVE-2021-38199", "UB:CVE-2021-4197", "UB:CVE-2022-0001", "UB:CVE-2022-0002", "UB:CVE-2022-0330", "UB:CVE-2022-0435", "UB:CVE-2022-0617", "UB:CVE-2022-0847", "UB:CVE-2022-23960", "UB:CVE-2022-24448"]}, {"type": "veracode", "idList": ["VERACODE:30595", "VERACODE:32329", "VERACODE:34346", "VERACODE:34616", "VERACODE:34843", "VERACODE:35280", "VERACODE:35281", "VERACODE:35289", "VERACODE:36060", "VERACODE:36099"]}, {"type": "xen", "idList": ["XSA-398"]}, {"type": "zdt", "idList": ["1337DAY-ID-37458", "1337DAY-ID-37460", "1337DAY-ID-37461", "1337DAY-ID-37474"]}]}, "vulnersScore": 1.0}, "_state": {"dependencies": 1660032824, "score": 1660033602}, "_internal": {"score_hash": "69c20ee702f7b69ba5b49ce17c3d72fe"}, "affectedPackage": [{"OS": "Amazon Linux", "OSVersion": "1", "packageFilename": "perf-4.14.268-139.500.amzn1.i686.rpm", "arch": "i686", "packageVersion": "4.14.268-139.500.amzn1", "operator": "lt", "packageName": "perf"}, {"OS": "Amazon Linux", "OSVersion": "1", "packageFilename": "kernel-debuginfo-4.14.268-139.500.amzn1.i686.rpm", "arch": "i686", "packageVersion": "4.14.268-139.500.amzn1", "operator": "lt", "packageName": "kernel-debuginfo"}, {"OS": "Amazon Linux", "OSVersion": "1", "packageFilename": "kernel-devel-4.14.268-139.500.amzn1.i686.rpm", "arch": "i686", "packageVersion": "4.14.268-139.500.amzn1", "operator": "lt", "packageName": "kernel-devel"}, {"OS": "Amazon Linux", "OSVersion": "1", "packageFilename": "kernel-debuginfo-common-i686-4.14.268-139.500.amzn1.i686.rpm", "arch": "i686", "packageVersion": "4.14.268-139.500.amzn1", "operator": "lt", "packageName": "kernel-debuginfo-common-i686"}, {"OS": "Amazon Linux", "OSVersion": "1", "packageFilename": "kernel-4.14.268-139.500.amzn1.i686.rpm", "arch": "i686", "packageVersion": "4.14.268-139.500.amzn1", "operator": "lt", "packageName": "kernel"}, {"OS": "Amazon Linux", "OSVersion": "1", "packageFilename": "kernel-tools-debuginfo-4.14.268-139.500.amzn1.i686.rpm", "arch": "i686", "packageVersion": "4.14.268-139.500.amzn1", "operator": "lt", "packageName": "kernel-tools-debuginfo"}, {"OS": "Amazon Linux", "OSVersion": "1", "packageFilename": "kernel-headers-4.14.268-139.500.amzn1.i686.rpm", "arch": "i686", "packageVersion": "4.14.268-139.500.amzn1", "operator": "lt", "packageName": "kernel-headers"}, {"OS": "Amazon Linux", "OSVersion": "1", "packageFilename": "perf-debuginfo-4.14.268-139.500.amzn1.i686.rpm", "arch": "i686", "packageVersion": "4.14.268-139.500.amzn1", "operator": "lt", "packageName": "perf-debuginfo"}, {"OS": "Amazon Linux", "OSVersion": "1", "packageFilename": "kernel-tools-4.14.268-139.500.amzn1.i686.rpm", "arch": "i686", "packageVersion": "4.14.268-139.500.amzn1", "operator": "lt", "packageName": "kernel-tools"}, {"OS": "Amazon Linux", "OSVersion": "1", "packageFilename": "kernel-tools-devel-4.14.268-139.500.amzn1.i686.rpm", "arch": "i686", "packageVersion": "4.14.268-139.500.amzn1", "operator": "lt", "packageName": "kernel-tools-devel"}, {"OS": "Amazon Linux", "OSVersion": "1", "packageFilename": "kernel-4.14.268-139.500.amzn1.src.rpm", "arch": "src", "packageVersion": "4.14.268-139.500.amzn1", "operator": "lt", "packageName": "kernel"}, {"OS": "Amazon Linux", "OSVersion": "1", "packageFilename": "kernel-tools-4.14.268-139.500.amzn1.x86_64.rpm", "arch": "x86_64", "packageVersion": "4.14.268-139.500.amzn1", "operator": "lt", "packageName": "kernel-tools"}, {"OS": "Amazon Linux", "OSVersion": "1", "packageFilename": "kernel-headers-4.14.268-139.500.amzn1.x86_64.rpm", "arch": "x86_64", "packageVersion": "4.14.268-139.500.amzn1", "operator": "lt", "packageName": "kernel-headers"}, {"OS": "Amazon Linux", "OSVersion": "1", "packageFilename": "kernel-debuginfo-4.14.268-139.500.amzn1.x86_64.rpm", "arch": "x86_64", "packageVersion": "4.14.268-139.500.amzn1", "operator": "lt", "packageName": "kernel-debuginfo"}, {"OS": "Amazon Linux", "OSVersion": "1", "packageFilename": "perf-debuginfo-4.14.268-139.500.amzn1.x86_64.rpm", "arch": "x86_64", "packageVersion": "4.14.268-139.500.amzn1", "operator": "lt", "packageName": "perf-debuginfo"}, {"OS": "Amazon Linux", "OSVersion": "1", "packageFilename": "kernel-4.14.268-139.500.amzn1.x86_64.rpm", "arch": "x86_64", "packageVersion": "4.14.268-139.500.amzn1", "operator": "lt", "packageName": "kernel"}, {"OS": "Amazon Linux", "OSVersion": "1", "packageFilename": "kernel-tools-debuginfo-4.14.268-139.500.amzn1.x86_64.rpm", "arch": "x86_64", "packageVersion": "4.14.268-139.500.amzn1", "operator": "lt", "packageName": "kernel-tools-debuginfo"}, {"OS": "Amazon Linux", "OSVersion": "1", "packageFilename": "kernel-tools-devel-4.14.268-139.500.amzn1.x86_64.rpm", "arch": "x86_64", "packageVersion": "4.14.268-139.500.amzn1", "operator": "lt", "packageName": "kernel-tools-devel"}, {"OS": "Amazon Linux", "OSVersion": "1", "packageFilename": "kernel-debuginfo-common-x86_64-4.14.268-139.500.amzn1.x86_64.rpm", "arch": "x86_64", "packageVersion": "4.14.268-139.500.amzn1", "operator": "lt", "packageName": "kernel-debuginfo-common-x86_64"}, {"OS": "Amazon Linux", "OSVersion": "1", "packageFilename": "perf-4.14.268-139.500.amzn1.x86_64.rpm", "arch": "x86_64", "packageVersion": "4.14.268-139.500.amzn1", "operator": "lt", "packageName": "perf"}, {"OS": "Amazon Linux", "OSVersion": "1", "packageFilename": "kernel-devel-4.14.268-139.500.amzn1.x86_64.rpm", "arch": "x86_64", "packageVersion": "4.14.268-139.500.amzn1", "operator": "lt", "packageName": "kernel-devel"}]}
{"amazon": [{"lastseen": "2022-05-24T17:25:53", "description": "**Issue Overview:**\n\nAmazon Linux has been made aware of a potential Branch Target Injection (BTI) issue (sometimes referred to as Spectre variant 2). This is a known cross-domain transient execution attack where a third party may seek to cause a disclosure gadget to be speculatively executed after an indirect branch prediction. Generally, actors who attempt transient execution attacks do not have access to the data on the hosts they attempt to access (e.g. where privilege-level isolation is in place). For such attacks to succeed, actors need to be able to run code on the (virtual) machine hosting the data in which they are interested.\n\nTo mitigate this issue, Amazon Linux recommends that customers disable unprivileged eBPF. This configuration, having the unprivileged eBPF disabled, is the current default for most Linux distributions and as of this advisory, is also the default for all Amazon Linux kernels.\n\nSpecific mitigations for various CPUs are listed below.\n\nIntel CPUs: \nFor Intel CPUs, this applies to all instance types that have CPUs with eIBRS support. They are: \n*6i* (all sizes), c5d.metal, c5.metal, g4dn.metal, i3en.metal, m5*.metal, r5*.metal\n\nVectors outside of unprivileged eBPF are not currently known, and Intel recommends disabling unprivileged BPF, as mentioned above. However, optionally enabling \"spectre_v2=eibrs,lfence\" on Linux kernel command line on the instance types mentioned above, would provide additional protection.\n\nAMD CPUs: \nAs part of the investigation triggered by this issue, AMD now recommends using a different software mitigation inside the Linux kernel, which the Amazon Linux kernel is enabling by default. This means that the Linux kernel will use the generic retpoline software mitigation, instead of the specialized AMD one, on AMD instances (*5a*). This is done by default, and no administrator action is needed.\n\nARM CPUs: \nThe Amazon Linux kernel now enables, by default, a software mitigation for this issue, on all ARM-based EC2 instance types.\n\n \nA buffer overflow flaw in the Linux kernel BPF subsystem was found in the way users run BPF with long jump over an instruction sequence where inner instructions require substantial expansions into multiple BPF instructions. A local user could use this flaw to crash the system or escalate their privileges on the system. (CVE-2018-25020)\n\nA denial of service flaw was found in fuse_do_getattr in fs/fuse/dir.c in the kernel side of the FUSE filesystem in the Linux kernel. A local user could use this flaw to crash the system. (CVE-2020-36322)\n\nA flaw was found in the hanging of mounts in the Linux kernel's NFS4 subsystem where remote servers are unreachable for the client during migration of data from one server to another (during trunking detection). This flaw allows a remote NFS4 server (if the client is connected) to starve the resources, causing a denial of service. The highest threat from this vulnerability is to system availability. (CVE-2021-38199)\n\nAn unprivileged write to the file handler flaw in the Linux kernel's control groups and namespaces subsystem was found in the way users have access to some less privileged process that are controlled by cgroups and have higher privileged parent process. It is actually both for cgroup2 and cgroup1 versions of control groups. A local user could use this flaw to crash the system or escalate their privileges on the system. (CVE-2021-4197)\n\nNon-transparent sharing of branch predictor selectors between contexts in some Intel(R) Processors may allow an authorized user to potentially enable information disclosure. (CVE-2022-0001)\n\nNon-transparent sharing of branch predictor within a context in some Intel(r) Processors may allow an authorized user to potentially enable information disclosure via local access. (CVE-2022-0002)\n\nA random memory access flaw was found in the Linux kernel's GPU i915 kernel driver functionality in the way a user may run malicious code on the GPU. This flaw allows a local user to crash the system or escalate their privileges on the system. (CVE-2022-0330)\n\nA stack overflow flaw was found in the Linux kernel's TIPC protocol functionality in the way a user sends a packet with malicious content where the number of domain member nodes is higher than the 64 allowed. This flaw allows a remote user to crash the system or possibly escalate their privileges if they have access to the TIPC network. (CVE-2022-0435)\n\nA NULL pointer dereference was found in the Linux kernel's UDF file system functionality in the way the user triggers the udf_file_write_iter function for a malicious UDF image. This flaw allows a local user to crash the system. (CVE-2022-0617)\n\nA flaw was found in the Linux kernel. When an application tries to open a directory (using the O_DIRECTORY flag) in a mounted NFS filesystem, a lookup operation is performed. If the NFS server returns a file as a result of the lookup, the NFS filesystem returns an uninitialized file descriptor instead of the expected ENOTDIR value. This flaw leads to the kernel's data leak into the userspace. (CVE-2022-24448) \nReferences to CVE-2021-26401, CVE-2021-26341 and CVE-2022-23960 have been added after the original release of this advisory, however those vulnerabilities were fixed by the packages referenced by this advisory's initial release on 2022-03-07\n\nReferences to CVE-2022-0847 have been removed after the original release of this advisory, as we have determined that the code within kernel versions prior to 5.8 is not affected by CVE-2022-0847.\n\n \n**Affected Packages:** \n\n\nkernel\n\n \n**Issue Correction:** \nRun _yum update kernel_ to update your system. \n\n\n \n\n\n**New Packages:**\n \n \n aarch64: \n \u00a0\u00a0\u00a0 kernel-4.14.268-205.500.amzn2.aarch64 \n \u00a0\u00a0\u00a0 kernel-headers-4.14.268-205.500.amzn2.aarch64 \n \u00a0\u00a0\u00a0 kernel-debuginfo-common-aarch64-4.14.268-205.500.amzn2.aarch64 \n \u00a0\u00a0\u00a0 perf-4.14.268-205.500.amzn2.aarch64 \n \u00a0\u00a0\u00a0 perf-debuginfo-4.14.268-205.500.amzn2.aarch64 \n \u00a0\u00a0\u00a0 python-perf-4.14.268-205.500.amzn2.aarch64 \n \u00a0\u00a0\u00a0 python-perf-debuginfo-4.14.268-205.500.amzn2.aarch64 \n \u00a0\u00a0\u00a0 kernel-tools-4.14.268-205.500.amzn2.aarch64 \n \u00a0\u00a0\u00a0 kernel-tools-devel-4.14.268-205.500.amzn2.aarch64 \n \u00a0\u00a0\u00a0 kernel-tools-debuginfo-4.14.268-205.500.amzn2.aarch64 \n \u00a0\u00a0\u00a0 kernel-devel-4.14.268-205.500.amzn2.aarch64 \n \u00a0\u00a0\u00a0 kernel-debuginfo-4.14.268-205.500.amzn2.aarch64 \n \n i686: \n \u00a0\u00a0\u00a0 kernel-headers-4.14.268-205.500.amzn2.i686 \n \n src: \n \u00a0\u00a0\u00a0 kernel-4.14.268-205.500.amzn2.src \n \n x86_64: \n \u00a0\u00a0\u00a0 kernel-4.14.268-205.500.amzn2.x86_64 \n \u00a0\u00a0\u00a0 kernel-headers-4.14.268-205.500.amzn2.x86_64 \n \u00a0\u00a0\u00a0 kernel-debuginfo-common-x86_64-4.14.268-205.500.amzn2.x86_64 \n \u00a0\u00a0\u00a0 perf-4.14.268-205.500.amzn2.x86_64 \n \u00a0\u00a0\u00a0 perf-debuginfo-4.14.268-205.500.amzn2.x86_64 \n \u00a0\u00a0\u00a0 python-perf-4.14.268-205.500.amzn2.x86_64 \n \u00a0\u00a0\u00a0 python-perf-debuginfo-4.14.268-205.500.amzn2.x86_64 \n \u00a0\u00a0\u00a0 kernel-tools-4.14.268-205.500.amzn2.x86_64 \n \u00a0\u00a0\u00a0 kernel-tools-devel-4.14.268-205.500.amzn2.x86_64 \n \u00a0\u00a0\u00a0 kernel-tools-debuginfo-4.14.268-205.500.amzn2.x86_64 \n \u00a0\u00a0\u00a0 kernel-devel-4.14.268-205.500.amzn2.x86_64 \n \u00a0\u00a0\u00a0 kernel-debuginfo-4.14.268-205.500.amzn2.x86_64 \n \u00a0\u00a0\u00a0 kernel-livepatch-4.14.268-205.500-1.0-0.amzn2.x86_64 \n \n \n", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-03-07T23:32:00", "type": "amazon", "title": "Important: kernel", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.0, "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-25020", "CVE-2020-36322", "CVE-2021-26341", "CVE-2021-26401", "CVE-2021-38199", "CVE-2021-4197", "CVE-2022-0001", "CVE-2022-0002", "CVE-2022-0330", "CVE-2022-0435", "CVE-2022-0617", "CVE-2022-0847", "CVE-2022-23960", "CVE-2022-24448"], "modified": "2022-05-23T21:55:00", "id": "ALAS2-2022-1761", "href": "https://alas.aws.amazon.com/AL2/ALAS-2022-1761.html", "cvss": {"score": 9.0, "vector": "AV:N/AC:L/Au:S/C:C/I:C/A:C"}}], "nessus": [{"lastseen": "2022-08-12T15:24:26", "description": "The version of kernel installed on the remote host is prior to 4.14.268-139.500. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS-2022-1571 advisory.\n\n - The BPF subsystem in the Linux kernel before 4.17 mishandles situations with a long jump over an instruction sequence where inner instructions require substantial expansions into multiple BPF instructions, leading to an overflow. This affects kernel/bpf/core.c and net/core/filter.c.\n (CVE-2018-25020)\n\n - An issue was discovered in the FUSE filesystem implementation in the Linux kernel before 5.10.6, aka CID-5d069dbe8aaf. fuse_do_getattr() calls make_bad_inode() in inappropriate situations, causing a system crash. NOTE: the original fix for this vulnerability was incomplete, and its incompleteness is tracked as CVE-2021-28950. (CVE-2020-36322)\n\n - fs/nfs/nfs4client.c in the Linux kernel before 5.13.4 has incorrect connection-setup ordering, which allows operators of remote NFSv4 servers to cause a denial of service (hanging of mounts) by arranging for those servers to be unreachable during trunking detection. (CVE-2021-38199)\n\n - A flaw null pointer dereference in the Linux kernel UDF file system functionality was found in the way user triggers udf_file_write_iter function for the malicious UDF image. A local user could use this flaw to crash the system. Actual from Linux kernel 4.2-rc1 till 5.17-rc2. (CVE-2022-0617)\n\n - An issue was discovered in fs/nfs/dir.c in the Linux kernel before 5.16.5. If an application sets the O_DIRECTORY flag, and tries to open a regular file, nfs_atomic_open() performs a regular lookup. If a regular file is found, ENOTDIR should occur, but the server instead returns uninitialized data in the file descriptor. (CVE-2022-24448)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {"score": 8.8, "vector": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"}, "published": "2022-03-08T00:00:00", "type": "nessus", "title": "Amazon Linux AMI : kernel (ALAS-2022-1571)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2018-25020", "CVE-2020-36322", "CVE-2021-26341", "CVE-2021-26401", "CVE-2021-28950", "CVE-2021-38199", "CVE-2021-4197", "CVE-2022-0001", "CVE-2022-0002", "CVE-2022-0330", "CVE-2022-0435", "CVE-2022-0617", "CVE-2022-23960", "CVE-2022-24448"], "modified": "2022-07-08T00:00:00", "cpe": ["p-cpe:/a:amazon:linux:kernel", "p-cpe:/a:amazon:linux:kernel-debuginfo", "p-cpe:/a:amazon:linux:kernel-debuginfo-common-i686", "p-cpe:/a:amazon:linux:kernel-debuginfo-common-x86_64", "p-cpe:/a:amazon:linux:kernel-devel", "p-cpe:/a:amazon:linux:kernel-headers", "p-cpe:/a:amazon:linux:kernel-tools", "p-cpe:/a:amazon:linux:kernel-tools-debuginfo", "p-cpe:/a:amazon:linux:kernel-tools-devel", "p-cpe:/a:amazon:linux:perf", "p-cpe:/a:amazon:linux:perf-debuginfo", "cpe:/o:amazon:linux"], "id": "ALA_ALAS-2022-1571.NASL", "href": "https://www.tenable.com/plugins/nessus/158697", "sourceData": "#%NASL_MIN_LEVEL 70300\n##\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Amazon Linux AMI Security Advisory ALAS-2022-1571.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(158697);\n script_version(\"1.9\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/07/08\");\n\n script_cve_id(\n \"CVE-2018-25020\",\n \"CVE-2020-36322\",\n \"CVE-2021-4197\",\n \"CVE-2021-26341\",\n \"CVE-2021-26401\",\n \"CVE-2021-38199\",\n \"CVE-2022-0001\",\n \"CVE-2022-0002\",\n \"CVE-2022-0330\",\n \"CVE-2022-0435\",\n \"CVE-2022-0617\",\n \"CVE-2022-23960\",\n \"CVE-2022-24448\"\n );\n script_xref(name:\"ALAS\", value:\"2022-1571\");\n \n script_name(english:\"Amazon Linux AMI : kernel (ALAS-2022-1571)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Amazon Linux AMI host is missing a security update.\");\n script_set_attribute(attribute:\"description\", value:\n\"The version of kernel installed on the remote host is prior to 4.14.268-139.500. It is, therefore, affected by multiple\nvulnerabilities as referenced in the ALAS-2022-1571 advisory.\n\n - The BPF subsystem in the Linux kernel before 4.17 mishandles situations with a long jump over an\n instruction sequence where inner instructions require substantial expansions into multiple BPF\n instructions, leading to an overflow. This affects kernel/bpf/core.c and net/core/filter.c.\n (CVE-2018-25020)\n\n - An issue was discovered in the FUSE filesystem implementation in the Linux kernel before 5.10.6, aka\n CID-5d069dbe8aaf. fuse_do_getattr() calls make_bad_inode() in inappropriate situations, causing a system\n crash. NOTE: the original fix for this vulnerability was incomplete, and its incompleteness is tracked as\n CVE-2021-28950. (CVE-2020-36322)\n\n - fs/nfs/nfs4client.c in the Linux kernel before 5.13.4 has incorrect connection-setup ordering, which\n allows operators of remote NFSv4 servers to cause a denial of service (hanging of mounts) by arranging for\n those servers to be unreachable during trunking detection. (CVE-2021-38199)\n\n - A flaw null pointer dereference in the Linux kernel UDF file system functionality was found in the way\n user triggers udf_file_write_iter function for the malicious UDF image. A local user could use this flaw\n to crash the system. Actual from Linux kernel 4.2-rc1 till 5.17-rc2. (CVE-2022-0617)\n\n - An issue was discovered in fs/nfs/dir.c in the Linux kernel before 5.16.5. If an application sets the\n O_DIRECTORY flag, and tries to open a regular file, nfs_atomic_open() performs a regular lookup. If a\n regular file is found, ENOTDIR should occur, but the server instead returns uninitialized data in the file\n descriptor. (CVE-2022-24448)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://alas.aws.amazon.com/ALAS-2022-1571.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://alas.aws.amazon.com/cve/html/CVE-2018-25020.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://alas.aws.amazon.com/cve/html/CVE-2020-36322.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://alas.aws.amazon.com/cve/html/CVE-2021-38199.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://alas.aws.amazon.com/cve/html/CVE-2021-4197.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://alas.aws.amazon.com/cve/html/CVE-2022-0001.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://alas.aws.amazon.com/cve/html/CVE-2022-0002.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://alas.aws.amazon.com/cve/html/CVE-2022-0330.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://alas.aws.amazon.com/cve/html/CVE-2022-0435.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://alas.aws.amazon.com/cve/html/CVE-2022-0617.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://alas.aws.amazon.com/cve/html/CVE-2022-24448.html\");\n script_set_attribute(attribute:\"solution\", value:\n\"Run 'yum update kernel' to update your system.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:S/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2022-0435\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2021/04/14\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2022/03/07\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/03/08\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:kernel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:kernel-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:kernel-debuginfo-common-i686\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:kernel-debuginfo-common-x86_64\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:kernel-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:kernel-headers\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:kernel-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:kernel-tools-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:kernel-tools-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:perf\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:perf-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:amazon:linux\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Amazon Linux Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/AmazonLinux/release\", \"Host/AmazonLinux/rpm-list\");\n\n exit(0);\n}\n\ninclude('rpm.inc');\ninclude('hotfixes.inc');\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nvar release = get_kb_item(\"Host/AmazonLinux/release\");\nif (isnull(release) || !strlen(release)) audit(AUDIT_OS_NOT, \"Amazon Linux\");\nvar os_ver = pregmatch(pattern: \"^AL(A|\\d)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Amazon Linux\");\nvar os_ver = os_ver[1];\nif (os_ver != \"A\")\n{\n if (os_ver == 'A') os_ver = 'AMI';\n audit(AUDIT_OS_NOT, \"Amazon Linux AMI\", \"Amazon Linux \" + os_ver);\n}\n\nif (!get_kb_item(\"Host/AmazonLinux/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nif (get_one_kb_item(\"Host/kpatch/kernel-cves\"))\n{\n set_hotfix_type(\"kpatch\");\n var cve_list = make_list(\"CVE-2018-25020\", \"CVE-2020-36322\", \"CVE-2021-4197\", \"CVE-2021-38199\", \"CVE-2022-0001\", \"CVE-2022-0002\", \"CVE-2022-0330\", \"CVE-2022-0435\", \"CVE-2022-0617\", \"CVE-2022-24448\");\n if (hotfix_cves_check(cve_list))\n {\n audit(AUDIT_PATCH_INSTALLED, \"kpatch hotfix for ALAS-2022-1571\");\n }\n else\n {\n __rpm_report = hotfix_reporting_text();\n }\n}\nvar pkgs = [\n {'reference':'kernel-4.14.268-139.500.amzn1', 'cpu':'i686', 'release':'ALA', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-4.14.268-139.500.amzn1', 'cpu':'x86_64', 'release':'ALA', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-debuginfo-4.14.268-139.500.amzn1', 'cpu':'i686', 'release':'ALA', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-debuginfo-4.14.268-139.500.amzn1', 'cpu':'x86_64', 'release':'ALA', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-debuginfo-common-i686-4.14.268-139.500.amzn1', 'cpu':'i686', 'release':'ALA', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-debuginfo-common-x86_64-4.14.268-139.500.amzn1', 'cpu':'x86_64', 'release':'ALA', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-devel-4.14.268-139.500.amzn1', 'cpu':'i686', 'release':'ALA', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-devel-4.14.268-139.500.amzn1', 'cpu':'x86_64', 'release':'ALA', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-headers-4.14.268-139.500.amzn1', 'cpu':'i686', 'release':'ALA', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-headers-4.14.268-139.500.amzn1', 'cpu':'x86_64', 'release':'ALA', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-tools-4.14.268-139.500.amzn1', 'cpu':'i686', 'release':'ALA', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-tools-4.14.268-139.500.amzn1', 'cpu':'x86_64', 'release':'ALA', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-tools-debuginfo-4.14.268-139.500.amzn1', 'cpu':'i686', 'release':'ALA', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-tools-debuginfo-4.14.268-139.500.amzn1', 'cpu':'x86_64', 'release':'ALA', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-tools-devel-4.14.268-139.500.amzn1', 'cpu':'i686', 'release':'ALA', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-tools-devel-4.14.268-139.500.amzn1', 'cpu':'x86_64', 'release':'ALA', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'perf-4.14.268-139.500.amzn1', 'cpu':'i686', 'release':'ALA', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'perf-4.14.268-139.500.amzn1', 'cpu':'x86_64', 'release':'ALA', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'perf-debuginfo-4.14.268-139.500.amzn1', 'cpu':'i686', 'release':'ALA', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'perf-debuginfo-4.14.268-139.500.amzn1', 'cpu':'x86_64', 'release':'ALA', 'rpm_spec_vers_cmp':TRUE}\n];\n\nvar flag = 0;\nforeach package_array ( pkgs ) {\n var reference = NULL;\n var release = NULL;\n var cpu = NULL;\n var el_string = NULL;\n var rpm_spec_vers_cmp = NULL;\n var allowmaj = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) release = package_array['release'];\n if (!empty_or_null(package_array['cpu'])) cpu = package_array['cpu'];\n if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (!empty_or_null(package_array['allowmaj'])) allowmaj = package_array['allowmaj'];\n if (reference && release) {\n if (rpm_check(release:release, cpu:cpu, reference:reference, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"kernel / kernel-debuginfo / kernel-debuginfo-common-x86_64 / etc\");\n}", "cvss": {"score": 9, "vector": "AV:N/AC:L/Au:S/C:C/I:C/A:C"}}, {"lastseen": "2022-08-12T15:23:27", "description": "The version of kernel installed on the remote host is prior to 4.14.268-205.500. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2-2022-1761 advisory.\n\n - The BPF subsystem in the Linux kernel before 4.17 mishandles situations with a long jump over an instruction sequence where inner instructions require substantial expansions into multiple BPF instructions, leading to an overflow. This affects kernel/bpf/core.c and net/core/filter.c.\n (CVE-2018-25020)\n\n - An issue was discovered in the FUSE filesystem implementation in the Linux kernel before 5.10.6, aka CID-5d069dbe8aaf. fuse_do_getattr() calls make_bad_inode() in inappropriate situations, causing a system crash. NOTE: the original fix for this vulnerability was incomplete, and its incompleteness is tracked as CVE-2021-28950. (CVE-2020-36322)\n\n - fs/nfs/nfs4client.c in the Linux kernel before 5.13.4 has incorrect connection-setup ordering, which allows operators of remote NFSv4 servers to cause a denial of service (hanging of mounts) by arranging for those servers to be unreachable during trunking detection. (CVE-2021-38199)\n\n - A flaw null pointer dereference in the Linux kernel UDF file system functionality was found in the way user triggers udf_file_write_iter function for the malicious UDF image. A local user could use this flaw to crash the system. Actual from Linux kernel 4.2-rc1 till 5.17-rc2. (CVE-2022-0617)\n\n - An issue was discovered in fs/nfs/dir.c in the Linux kernel before 5.16.5. If an application sets the O_DIRECTORY flag, and tries to open a regular file, nfs_atomic_open() performs a regular lookup. If a regular file is found, ENOTDIR should occur, but the server instead returns uninitialized data in the file descriptor. (CVE-2022-24448)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {"score": 8.8, "vector": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"}, "published": "2022-03-08T00:00:00", "type": "nessus", "title": "Amazon Linux 2 : kernel (ALAS-2022-1761)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2018-25020", "CVE-2020-36322", "CVE-2021-26341", "CVE-2021-26401", "CVE-2021-28950", "CVE-2021-38199", "CVE-2021-4197", "CVE-2022-0001", "CVE-2022-0002", "CVE-2022-0330", "CVE-2022-0435", "CVE-2022-0617", "CVE-2022-23960", "CVE-2022-24448"], "modified": "2022-07-08T00:00:00", "cpe": ["p-cpe:/a:amazon:linux:kernel", "p-cpe:/a:amazon:linux:kernel-debuginfo", "p-cpe:/a:amazon:linux:kernel-debuginfo-common-aarch64", "p-cpe:/a:amazon:linux:kernel-debuginfo-common-x86_64", "p-cpe:/a:amazon:linux:kernel-devel", "p-cpe:/a:amazon:linux:kernel-headers", "p-cpe:/a:amazon:linux:kernel-livepatch-4.14.268-205.500", "p-cpe:/a:amazon:linux:kernel-tools", "p-cpe:/a:amazon:linux:kernel-tools-debuginfo", "p-cpe:/a:amazon:linux:kernel-tools-devel", "p-cpe:/a:amazon:linux:perf", "p-cpe:/a:amazon:linux:perf-debuginfo", "p-cpe:/a:amazon:linux:python-perf", "p-cpe:/a:amazon:linux:python-perf-debuginfo", "cpe:/o:amazon:linux:2"], "id": "AL2_ALAS-2022-1761.NASL", "href": "https://www.tenable.com/plugins/nessus/158720", "sourceData": "#%NASL_MIN_LEVEL 70300\n##\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Amazon Linux 2 Security Advisory ALAS-2022-1761.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(158720);\n script_version(\"1.9\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/07/08\");\n\n script_cve_id(\n \"CVE-2018-25020\",\n \"CVE-2020-36322\",\n \"CVE-2021-4197\",\n \"CVE-2021-26341\",\n \"CVE-2021-26401\",\n \"CVE-2021-38199\",\n \"CVE-2022-0001\",\n \"CVE-2022-0002\",\n \"CVE-2022-0330\",\n \"CVE-2022-0435\",\n \"CVE-2022-0617\",\n \"CVE-2022-23960\",\n \"CVE-2022-24448\"\n );\n script_xref(name:\"ALAS\", value:\"2022-1761\");\n \n script_name(english:\"Amazon Linux 2 : kernel (ALAS-2022-1761)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Amazon Linux 2 host is missing a security update.\");\n script_set_attribute(attribute:\"description\", value:\n\"The version of kernel installed on the remote host is prior to 4.14.268-205.500. It is, therefore, affected by multiple\nvulnerabilities as referenced in the ALAS2-2022-1761 advisory.\n\n - The BPF subsystem in the Linux kernel before 4.17 mishandles situations with a long jump over an\n instruction sequence where inner instructions require substantial expansions into multiple BPF\n instructions, leading to an overflow. This affects kernel/bpf/core.c and net/core/filter.c.\n (CVE-2018-25020)\n\n - An issue was discovered in the FUSE filesystem implementation in the Linux kernel before 5.10.6, aka\n CID-5d069dbe8aaf. fuse_do_getattr() calls make_bad_inode() in inappropriate situations, causing a system\n crash. NOTE: the original fix for this vulnerability was incomplete, and its incompleteness is tracked as\n CVE-2021-28950. (CVE-2020-36322)\n\n - fs/nfs/nfs4client.c in the Linux kernel before 5.13.4 has incorrect connection-setup ordering, which\n allows operators of remote NFSv4 servers to cause a denial of service (hanging of mounts) by arranging for\n those servers to be unreachable during trunking detection. (CVE-2021-38199)\n\n - A flaw null pointer dereference in the Linux kernel UDF file system functionality was found in the way\n user triggers udf_file_write_iter function for the malicious UDF image. A local user could use this flaw\n to crash the system. Actual from Linux kernel 4.2-rc1 till 5.17-rc2. (CVE-2022-0617)\n\n - An issue was discovered in fs/nfs/dir.c in the Linux kernel before 5.16.5. If an application sets the\n O_DIRECTORY flag, and tries to open a regular file, nfs_atomic_open() performs a regular lookup. If a\n regular file is found, ENOTDIR should occur, but the server instead returns uninitialized data in the file\n descriptor. (CVE-2022-24448)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://alas.aws.amazon.com/AL2/ALAS-2022-1761.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://alas.aws.amazon.com/cve/html/CVE-2018-25020.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://alas.aws.amazon.com/cve/html/CVE-2020-36322.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://alas.aws.amazon.com/cve/html/CVE-2021-38199.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://alas.aws.amazon.com/cve/html/CVE-2021-4197.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://alas.aws.amazon.com/cve/html/CVE-2022-0001.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://alas.aws.amazon.com/cve/html/CVE-2022-0002.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://alas.aws.amazon.com/cve/html/CVE-2022-0330.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://alas.aws.amazon.com/cve/html/CVE-2022-0435.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://alas.aws.amazon.com/cve/html/CVE-2022-0617.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://alas.aws.amazon.com/cve/html/CVE-2022-24448.html\");\n script_set_attribute(attribute:\"solution\", value:\n\"Run 'yum update kernel' to update your system.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:S/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2022-0435\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2021/04/14\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2022/03/07\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/03/08\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:kernel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:kernel-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:kernel-debuginfo-common-aarch64\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:kernel-debuginfo-common-x86_64\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:kernel-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:kernel-headers\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:kernel-livepatch-4.14.268-205.500\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:kernel-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:kernel-tools-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:kernel-tools-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:perf\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:perf-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:python-perf\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:python-perf-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:amazon:linux:2\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Amazon Linux Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/AmazonLinux/release\", \"Host/AmazonLinux/rpm-list\");\n\n exit(0);\n}\n\ninclude('rpm.inc');\ninclude('hotfixes.inc');\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nvar release = get_kb_item(\"Host/AmazonLinux/release\");\nif (isnull(release) || !strlen(release)) audit(AUDIT_OS_NOT, \"Amazon Linux\");\nvar os_ver = pregmatch(pattern: \"^AL(A|\\d)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Amazon Linux\");\nvar os_ver = os_ver[1];\nif (os_ver != \"2\")\n{\n if (os_ver == 'A') os_ver = 'AMI';\n audit(AUDIT_OS_NOT, \"Amazon Linux 2\", \"Amazon Linux \" + os_ver);\n}\n\nif (!get_kb_item(\"Host/AmazonLinux/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nif (get_one_kb_item(\"Host/kpatch/kernel-cves\"))\n{\n set_hotfix_type(\"kpatch\");\n var cve_list = make_list(\"CVE-2018-25020\", \"CVE-2020-36322\", \"CVE-2021-4197\", \"CVE-2021-38199\", \"CVE-2022-0001\", \"CVE-2022-0002\", \"CVE-2022-0330\", \"CVE-2022-0435\", \"CVE-2022-0617\", \"CVE-2022-24448\");\n if (hotfix_cves_check(cve_list))\n {\n audit(AUDIT_PATCH_INSTALLED, \"kpatch hotfix for ALAS-2022-1761\");\n }\n else\n {\n __rpm_report = hotfix_reporting_text();\n }\n}\nvar pkgs = [\n {'reference':'kernel-4.14.268-205.500.amzn2', 'cpu':'aarch64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-4.14.268-205.500.amzn2', 'cpu':'x86_64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-debuginfo-4.14.268-205.500.amzn2', 'cpu':'aarch64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-debuginfo-4.14.268-205.500.amzn2', 'cpu':'x86_64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-debuginfo-common-aarch64-4.14.268-205.500.amzn2', 'cpu':'aarch64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-debuginfo-common-x86_64-4.14.268-205.500.amzn2', 'cpu':'x86_64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-devel-4.14.268-205.500.amzn2', 'cpu':'aarch64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-devel-4.14.268-205.500.amzn2', 'cpu':'x86_64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-headers-4.14.268-205.500.amzn2', 'cpu':'aarch64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-headers-4.14.268-205.500.amzn2', 'cpu':'i686', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-headers-4.14.268-205.500.amzn2', 'cpu':'x86_64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-livepatch-4.14.268-205.500-1.0-0.amzn2', 'cpu':'x86_64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-tools-4.14.268-205.500.amzn2', 'cpu':'aarch64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-tools-4.14.268-205.500.amzn2', 'cpu':'x86_64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-tools-debuginfo-4.14.268-205.500.amzn2', 'cpu':'aarch64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-tools-debuginfo-4.14.268-205.500.amzn2', 'cpu':'x86_64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-tools-devel-4.14.268-205.500.amzn2', 'cpu':'aarch64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-tools-devel-4.14.268-205.500.amzn2', 'cpu':'x86_64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'perf-4.14.268-205.500.amzn2', 'cpu':'aarch64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'perf-4.14.268-205.500.amzn2', 'cpu':'x86_64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'perf-debuginfo-4.14.268-205.500.amzn2', 'cpu':'aarch64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'perf-debuginfo-4.14.268-205.500.amzn2', 'cpu':'x86_64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'python-perf-4.14.268-205.500.amzn2', 'cpu':'aarch64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'python-perf-4.14.268-205.500.amzn2', 'cpu':'x86_64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'python-perf-debuginfo-4.14.268-205.500.amzn2', 'cpu':'aarch64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'python-perf-debuginfo-4.14.268-205.500.amzn2', 'cpu':'x86_64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE}\n];\n\nvar flag = 0;\nforeach package_array ( pkgs ) {\n var reference = NULL;\n var release = NULL;\n var cpu = NULL;\n var el_string = NULL;\n var rpm_spec_vers_cmp = NULL;\n var allowmaj = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) release = package_array['release'];\n if (!empty_or_null(package_array['cpu'])) cpu = package_array['cpu'];\n if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (!empty_or_null(package_array['allowmaj'])) allowmaj = package_array['allowmaj'];\n if (reference && release) {\n if (rpm_check(release:release, cpu:cpu, reference:reference, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"kernel / kernel-debuginfo / kernel-debuginfo-common-x86_64 / etc\");\n}", "cvss": {"score": 9, "vector": "AV:N/AC:L/Au:S/C:C/I:C/A:C"}}, {"lastseen": "2022-08-12T12:52:58", "description": "The version of kernel installed on the remote host is prior to 5.4.181-99.354. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2KERNEL-5.4-2022-023 advisory.\n\n - Some AMD CPUs may transiently execute beyond unconditional direct branches, which may potentially result in data leakage. (CVE-2021-26341)\n\n - LFENCE/JMP (mitigation V2-2) may not sufficiently mitigate CVE-2017-5715 on some AMD CPUs.\n (CVE-2021-26401)\n\n - An unprivileged write to the file handler flaw in the Linux kernel's control groups and namespaces subsystem was found in the way users have access to some less privileged process that are controlled by cgroups and have higher privileged parent process. It is actually both for cgroup2 and cgroup1 versions of control groups. A local user could use this flaw to crash the system or escalate their privileges on the system. (CVE-2021-4197)\n\n - Non-transparent sharing of branch predictor selectors between contexts in some Intel(R) Processors may allow an authorized user to potentially enable information disclosure via local access. (CVE-2022-0001)\n\n - Non-transparent sharing of branch predictor within a context in some Intel(R) Processors may allow an authorized user to potentially enable information disclosure via local access. (CVE-2022-0002)\n\n - A stack overflow flaw was found in the Linux kernel's TIPC protocol functionality in the way a user sends a packet with malicious content where the number of domain member nodes is higher than the 64 allowed.\n This flaw allows a remote user to crash the system or possibly escalate their privileges if they have access to the TIPC network. (CVE-2022-0435)\n\n - Certain Arm Cortex and Neoverse processors through 2022-03-08 do not properly restrict cache speculation, aka Spectre-BHB. An attacker can leverage the shared branch history in the Branch History Buffer (BHB) to influence mispredicted branches. Then, cache allocation can allow the attacker to obtain sensitive information. (CVE-2022-23960)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {"score": 8.8, "vector": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"}, "published": "2022-05-24T00:00:00", "type": "nessus", "title": "Amazon Linux 2 : kernel (ALASKERNEL-5.4-2022-023)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-5715", "CVE-2021-26341", "CVE-2021-26401", "CVE-2021-4197", "CVE-2022-0001", "CVE-2022-0002", "CVE-2022-0435", "CVE-2022-23960"], "modified": "2022-07-08T00:00:00", "cpe": ["p-cpe:/a:amazon:linux:bpftool", "p-cpe:/a:amazon:linux:bpftool-debuginfo", "p-cpe:/a:amazon:linux:kernel", "p-cpe:/a:amazon:linux:kernel-debuginfo", "p-cpe:/a:amazon:linux:kernel-debuginfo-common-aarch64", "p-cpe:/a:amazon:linux:kernel-debuginfo-common-x86_64", "p-cpe:/a:amazon:linux:kernel-devel", "p-cpe:/a:amazon:linux:kernel-headers", "p-cpe:/a:amazon:linux:kernel-tools", "p-cpe:/a:amazon:linux:kernel-tools-debuginfo", "p-cpe:/a:amazon:linux:kernel-tools-devel", "p-cpe:/a:amazon:linux:perf", "p-cpe:/a:amazon:linux:perf-debuginfo", "p-cpe:/a:amazon:linux:python-perf", "p-cpe:/a:amazon:linux:python-perf-debuginfo", "cpe:/o:amazon:linux:2"], "id": "AL2_ALASKERNEL-5_4-2022-023.NASL", "href": "https://www.tenable.com/plugins/nessus/161456", "sourceData": "##\n# (C) Tenable, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Amazon Linux 2 Security Advisory ALASKERNEL-5.4-2022-023.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(161456);\n script_version(\"1.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/07/08\");\n\n script_cve_id(\n \"CVE-2021-4197\",\n \"CVE-2021-26341\",\n \"CVE-2021-26401\",\n \"CVE-2022-0001\",\n \"CVE-2022-0002\",\n \"CVE-2022-0435\",\n \"CVE-2022-23960\"\n );\n\n script_name(english:\"Amazon Linux 2 : kernel (ALASKERNEL-5.4-2022-023)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Amazon Linux 2 host is missing a security update.\");\n script_set_attribute(attribute:\"description\", value:\n\"The version of kernel installed on the remote host is prior to 5.4.181-99.354. It is, therefore, affected by multiple\nvulnerabilities as referenced in the ALAS2KERNEL-5.4-2022-023 advisory.\n\n - Some AMD CPUs may transiently execute beyond unconditional direct branches, which may potentially result\n in data leakage. (CVE-2021-26341)\n\n - LFENCE/JMP (mitigation V2-2) may not sufficiently mitigate CVE-2017-5715 on some AMD CPUs.\n (CVE-2021-26401)\n\n - An unprivileged write to the file handler flaw in the Linux kernel's control groups and namespaces\n subsystem was found in the way users have access to some less privileged process that are controlled by\n cgroups and have higher privileged parent process. It is actually both for cgroup2 and cgroup1 versions of\n control groups. A local user could use this flaw to crash the system or escalate their privileges on the\n system. (CVE-2021-4197)\n\n - Non-transparent sharing of branch predictor selectors between contexts in some Intel(R) Processors may\n allow an authorized user to potentially enable information disclosure via local access. (CVE-2022-0001)\n\n - Non-transparent sharing of branch predictor within a context in some Intel(R) Processors may allow an\n authorized user to potentially enable information disclosure via local access. (CVE-2022-0002)\n\n - A stack overflow flaw was found in the Linux kernel's TIPC protocol functionality in the way a user sends\n a packet with malicious content where the number of domain member nodes is higher than the 64 allowed.\n This flaw allows a remote user to crash the system or possibly escalate their privileges if they have\n access to the TIPC network. (CVE-2022-0435)\n\n - Certain Arm Cortex and Neoverse processors through 2022-03-08 do not properly restrict cache speculation,\n aka Spectre-BHB. An attacker can leverage the shared branch history in the Branch History Buffer (BHB) to\n influence mispredicted branches. Then, cache allocation can allow the attacker to obtain sensitive\n information. (CVE-2022-23960)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://alas.aws.amazon.com/AL2/ALASKERNEL-5.4-2022-023.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://alas.aws.amazon.com/cve/html/CVE-2021-26341.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://alas.aws.amazon.com/cve/html/CVE-2021-26401.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://alas.aws.amazon.com/cve/html/CVE-2021-4197.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://alas.aws.amazon.com/cve/html/CVE-2022-0001.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://alas.aws.amazon.com/cve/html/CVE-2022-0002.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://alas.aws.amazon.com/cve/html/CVE-2022-0435.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://alas.aws.amazon.com/cve/html/CVE-2022-23960.html\");\n script_set_attribute(attribute:\"solution\", value:\n\"Run 'yum update kernel' to update your system.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:S/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2022-0435\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2022/03/07\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2022/03/07\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/05/24\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:bpftool\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:bpftool-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:kernel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:kernel-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:kernel-debuginfo-common-aarch64\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:kernel-debuginfo-common-x86_64\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:kernel-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:kernel-headers\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:kernel-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:kernel-tools-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:kernel-tools-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:perf\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:perf-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:python-perf\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:python-perf-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:amazon:linux:2\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Amazon Linux Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/AmazonLinux/release\", \"Host/AmazonLinux/rpm-list\");\n\n exit(0);\n}\n\ninclude('rpm.inc');\ninclude('hotfixes.inc');\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nvar release = get_kb_item(\"Host/AmazonLinux/release\");\nif (isnull(release) || !strlen(release)) audit(AUDIT_OS_NOT, \"Amazon Linux\");\nvar os_ver = pregmatch(pattern: \"^AL(A|\\d)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Amazon Linux\");\nvar os_ver = os_ver[1];\nif (os_ver != \"2\")\n{\n if (os_ver == 'A') os_ver = 'AMI';\n audit(AUDIT_OS_NOT, \"Amazon Linux 2\", \"Amazon Linux \" + os_ver);\n}\n\nif (!get_kb_item(\"Host/AmazonLinux/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nif (get_one_kb_item(\"Host/kpatch/kernel-cves\"))\n{\n set_hotfix_type(\"kpatch\");\n var cve_list = make_list(\"CVE-2021-4197\", \"CVE-2021-26341\", \"CVE-2021-26401\", \"CVE-2022-0001\", \"CVE-2022-0002\", \"CVE-2022-0435\", \"CVE-2022-23960\");\n if (hotfix_cves_check(cve_list))\n {\n audit(AUDIT_PATCH_INSTALLED, \"kpatch hotfix for ALASKERNEL-5.4-2022-023\");\n }\n else\n {\n __rpm_report = hotfix_reporting_text();\n }\n}\nvar pkgs = [\n {'reference':'bpftool-5.4.181-99.354.amzn2', 'cpu':'aarch64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-5.4'},\n {'reference':'bpftool-5.4.181-99.354.amzn2', 'cpu':'x86_64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-5.4'},\n {'reference':'bpftool-debuginfo-5.4.181-99.354.amzn2', 'cpu':'aarch64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-5.4'},\n {'reference':'bpftool-debuginfo-5.4.181-99.354.amzn2', 'cpu':'x86_64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-5.4'},\n {'reference':'kernel-5.4.181-99.354.amzn2', 'cpu':'aarch64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-5.4'},\n {'reference':'kernel-5.4.181-99.354.amzn2', 'cpu':'x86_64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-5.4'},\n {'reference':'kernel-debuginfo-5.4.181-99.354.amzn2', 'cpu':'aarch64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-5.4'},\n {'reference':'kernel-debuginfo-5.4.181-99.354.amzn2', 'cpu':'x86_64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-5.4'},\n {'reference':'kernel-debuginfo-common-aarch64-5.4.181-99.354.amzn2', 'cpu':'aarch64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-5.4'},\n {'reference':'kernel-debuginfo-common-x86_64-5.4.181-99.354.amzn2', 'cpu':'x86_64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-5.4'},\n {'reference':'kernel-devel-5.4.181-99.354.amzn2', 'cpu':'aarch64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-5.4'},\n {'reference':'kernel-devel-5.4.181-99.354.amzn2', 'cpu':'x86_64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-5.4'},\n {'reference':'kernel-headers-5.4.181-99.354.amzn2', 'cpu':'aarch64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-5.4'},\n {'reference':'kernel-headers-5.4.181-99.354.amzn2', 'cpu':'i686', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-5.4'},\n {'reference':'kernel-headers-5.4.181-99.354.amzn2', 'cpu':'x86_64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-5.4'},\n {'reference':'kernel-tools-5.4.181-99.354.amzn2', 'cpu':'aarch64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-5.4'},\n {'reference':'kernel-tools-5.4.181-99.354.amzn2', 'cpu':'x86_64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-5.4'},\n {'reference':'kernel-tools-debuginfo-5.4.181-99.354.amzn2', 'cpu':'aarch64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-5.4'},\n {'reference':'kernel-tools-debuginfo-5.4.181-99.354.amzn2', 'cpu':'x86_64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-5.4'},\n {'reference':'kernel-tools-devel-5.4.181-99.354.amzn2', 'cpu':'aarch64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-5.4'},\n {'reference':'kernel-tools-devel-5.4.181-99.354.amzn2', 'cpu':'x86_64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-5.4'},\n {'reference':'perf-5.4.181-99.354.amzn2', 'cpu':'aarch64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-5.4'},\n {'reference':'perf-5.4.181-99.354.amzn2', 'cpu':'x86_64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-5.4'},\n {'reference':'perf-debuginfo-5.4.181-99.354.amzn2', 'cpu':'aarch64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-5.4'},\n {'reference':'perf-debuginfo-5.4.181-99.354.amzn2', 'cpu':'x86_64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-5.4'},\n {'reference':'python-perf-5.4.181-99.354.amzn2', 'cpu':'aarch64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-5.4'},\n {'reference':'python-perf-5.4.181-99.354.amzn2', 'cpu':'x86_64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-5.4'},\n {'reference':'python-perf-debuginfo-5.4.181-99.354.amzn2', 'cpu':'aarch64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-5.4'},\n {'reference':'python-perf-debuginfo-5.4.181-99.354.amzn2', 'cpu':'x86_64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-5.4'}\n];\n\nvar flag = 0;\nforeach var package_array ( pkgs ) {\n var reference = NULL;\n var release = NULL;\n var sp = NULL;\n var cpu = NULL;\n var el_string = NULL;\n var rpm_spec_vers_cmp = NULL;\n var epoch = NULL;\n var allowmaj = NULL;\n var exists_check = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) release = package_array['release'];\n if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) cpu = package_array['cpu'];\n if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (!empty_or_null(package_array['epoch'])) epoch = package_array['epoch'];\n if (!empty_or_null(package_array['allowmaj'])) allowmaj = package_array['allowmaj'];\n if (!empty_or_null(package_array['exists_check'])) exists_check = package_array['exists_check'];\n if (reference && release && (!exists_check || rpm_exists(release:release, rpm:exists_check))) {\n if (rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"bpftool / bpftool-debuginfo / kernel / etc\");\n}", "cvss": {"score": 9, "vector": "AV:N/AC:L/Au:S/C:C/I:C/A:C"}}, {"lastseen": "2022-08-12T18:22:45", "description": "The version of kernel installed on the remote host is prior to 5.10.102-99.473. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2KERNEL-5.10-2022-011 advisory.\n\n - Some AMD CPUs may transiently execute beyond unconditional direct branches, which may potentially result in data leakage. (CVE-2021-26341)\n\n - LFENCE/JMP (mitigation V2-2) may not sufficiently mitigate CVE-2017-5715 on some AMD CPUs.\n (CVE-2021-26401)\n\n - An unprivileged write to the file handler flaw in the Linux kernel's control groups and namespaces subsystem was found in the way users have access to some less privileged process that are controlled by cgroups and have higher privileged parent process. It is actually both for cgroup2 and cgroup1 versions of control groups. A local user could use this flaw to crash the system or escalate their privileges on the system. (CVE-2021-4197)\n\n - Non-transparent sharing of branch predictor selectors between contexts in some Intel(R) Processors may allow an authorized user to potentially enable information disclosure via local access. (CVE-2022-0001)\n\n - Non-transparent sharing of branch predictor within a context in some Intel(R) Processors may allow an authorized user to potentially enable information disclosure via local access. (CVE-2022-0002)\n\n - A stack overflow flaw was found in the Linux kernel's TIPC protocol functionality in the way a user sends a packet with malicious content where the number of domain member nodes is higher than the 64 allowed.\n This flaw allows a remote user to crash the system or possibly escalate their privileges if they have access to the TIPC network. (CVE-2022-0435)\n\n - A flaw was found in the way the flags member of the new pipe buffer structure was lacking proper initialization in copy_page_to_iter_pipe and push_pipe functions in the Linux kernel and could thus contain stale values. An unprivileged local user could use this flaw to write to pages in the page cache backed by read only files and as such escalate their privileges on the system. (CVE-2022-0847)\n\n - A use-after-free exists in the Linux Kernel in tc_new_tfilter that could allow a local attacker to gain privilege escalation. The exploit requires unprivileged user namespaces. We recommend upgrading past commit 04c2a47ffb13c29778e2a14e414ad4cb5a5db4b5 (CVE-2022-1055)\n\n - Certain Arm Cortex and Neoverse processors through 2022-03-08 do not properly restrict cache speculation, aka Spectre-BHB. An attacker can leverage the shared branch history in the Branch History Buffer (BHB) to influence mispredicted branches. Then, cache allocation can allow the attacker to obtain sensitive information. (CVE-2022-23960)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {"score": 8.8, "vector": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"}, "published": "2022-05-02T00:00:00", "type": "nessus", "title": "Amazon Linux 2 : kernel (ALASKERNEL-5.10-2022-011)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-5715", "CVE-2021-26341", "CVE-2021-26401", "CVE-2021-4197", "CVE-2022-0001", "CVE-2022-0002", "CVE-2022-0435", "CVE-2022-0847", "CVE-2022-1055", "CVE-2022-23960"], "modified": "2022-08-12T00:00:00", "cpe": ["cpe:2.3:o:amazon:linux:2:*:*:*:*:*:*:*", "p-cpe:2.3:a:amazon:linux:bpftool-debuginfo:*:*:*:*:*:*:*", "p-cpe:2.3:a:amazon:linux:kernel-debuginfo-common-aarch64:*:*:*:*:*:*:*", "p-cpe:2.3:a:amazon:linux:kernel-tools-devel:*:*:*:*:*:*:*", "p-cpe:2.3:a:amazon:linux:kernel-tools-debuginfo:*:*:*:*:*:*:*", "p-cpe:2.3:a:amazon:linux:python-perf-debuginfo:*:*:*:*:*:*:*", "p-cpe:2.3:a:amazon:linux:perf-debuginfo:*:*:*:*:*:*:*", "p-cpe:2.3:a:amazon:linux:kernel:*:*:*:*:*:*:*", "p-cpe:2.3:a:amazon:linux:kernel-livepatch-5.10.102-99.473:*:*:*:*:*:*:*", "p-cpe:2.3:a:amazon:linux:python-perf:*:*:*:*:*:*:*", "p-cpe:2.3:a:amazon:linux:kernel-tools:*:*:*:*:*:*:*", "p-cpe:2.3:a:amazon:linux:kernel-debuginfo:*:*:*:*:*:*:*", "p-cpe:2.3:a:amazon:linux:perf:*:*:*:*:*:*:*", "p-cpe:2.3:a:amazon:linux:kernel-headers:*:*:*:*:*:*:*", "p-cpe:2.3:a:amazon:linux:kernel-devel:*:*:*:*:*:*:*", "p-cpe:2.3:a:amazon:linux:bpftool:*:*:*:*:*:*:*", "p-cpe:2.3:a:amazon:linux:kernel-debuginfo-common-x86_64:*:*:*:*:*:*:*"], "id": "AL2_ALASKERNEL-5_10-2022-011.NASL", "href": "https://www.tenable.com/plugins/nessus/160425", "sourceData": "##\n# (C) Tenable, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Amazon Linux 2 Security Advisory ALASKERNEL-5.10-2022-011.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(160425);\n script_version(\"1.8\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/08/12\");\n\n script_cve_id(\n \"CVE-2021-4197\",\n \"CVE-2021-26341\",\n \"CVE-2021-26401\",\n \"CVE-2022-0001\",\n \"CVE-2022-0002\",\n \"CVE-2022-0435\",\n \"CVE-2022-0847\",\n \"CVE-2022-1055\",\n \"CVE-2022-23960\"\n );\n script_xref(name:\"CISA-KNOWN-EXPLOITED\", value:\"2022/05/16\");\n\n script_name(english:\"Amazon Linux 2 : kernel (ALASKERNEL-5.10-2022-011)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Amazon Linux 2 host is missing a security update.\");\n script_set_attribute(attribute:\"description\", value:\n\"The version of kernel installed on the remote host is prior to 5.10.102-99.473. It is, therefore, affected by multiple\nvulnerabilities as referenced in the ALAS2KERNEL-5.10-2022-011 advisory.\n\n - Some AMD CPUs may transiently execute beyond unconditional direct branches, which may potentially result\n in data leakage. (CVE-2021-26341)\n\n - LFENCE/JMP (mitigation V2-2) may not sufficiently mitigate CVE-2017-5715 on some AMD CPUs.\n (CVE-2021-26401)\n\n - An unprivileged write to the file handler flaw in the Linux kernel's control groups and namespaces\n subsystem was found in the way users have access to some less privileged process that are controlled by\n cgroups and have higher privileged parent process. It is actually both for cgroup2 and cgroup1 versions of\n control groups. A local user could use this flaw to crash the system or escalate their privileges on the\n system. (CVE-2021-4197)\n\n - Non-transparent sharing of branch predictor selectors between contexts in some Intel(R) Processors may\n allow an authorized user to potentially enable information disclosure via local access. (CVE-2022-0001)\n\n - Non-transparent sharing of branch predictor within a context in some Intel(R) Processors may allow an\n authorized user to potentially enable information disclosure via local access. (CVE-2022-0002)\n\n - A stack overflow flaw was found in the Linux kernel's TIPC protocol functionality in the way a user sends\n a packet with malicious content where the number of domain member nodes is higher than the 64 allowed.\n This flaw allows a remote user to crash the system or possibly escalate their privileges if they have\n access to the TIPC network. (CVE-2022-0435)\n\n - A flaw was found in the way the flags member of the new pipe buffer structure was lacking proper\n initialization in copy_page_to_iter_pipe and push_pipe functions in the Linux kernel and could thus\n contain stale values. An unprivileged local user could use this flaw to write to pages in the page cache\n backed by read only files and as such escalate their privileges on the system. (CVE-2022-0847)\n\n - A use-after-free exists in the Linux Kernel in tc_new_tfilter that could allow a local attacker to gain\n privilege escalation. The exploit requires unprivileged user namespaces. We recommend upgrading past\n commit 04c2a47ffb13c29778e2a14e414ad4cb5a5db4b5 (CVE-2022-1055)\n\n - Certain Arm Cortex and Neoverse processors through 2022-03-08 do not properly restrict cache speculation,\n aka Spectre-BHB. An attacker can leverage the shared branch history in the Branch History Buffer (BHB) to\n influence mispredicted branches. Then, cache allocation can allow the attacker to obtain sensitive\n information. (CVE-2022-23960)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://alas.aws.amazon.com/AL2/ALASKERNEL-5.10-2022-011.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://alas.aws.amazon.com/cve/html/CVE-2021-26341.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://alas.aws.amazon.com/cve/html/CVE-2021-26401.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://alas.aws.amazon.com/cve/html/CVE-2021-4197.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://alas.aws.amazon.com/cve/html/CVE-2022-0001.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://alas.aws.amazon.com/cve/html/CVE-2022-0002.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://alas.aws.amazon.com/cve/html/CVE-2022-0435.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://alas.aws.amazon.com/cve/html/CVE-2022-0847.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://alas.aws.amazon.com/cve/html/CVE-2022-1055.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://alas.aws.amazon.com/cve/html/CVE-2022-23960.html\");\n script_set_attribute(attribute:\"solution\", value:\n\"Run 'yum update kernel' to update your system.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:S/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2022-0435\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'Dirty Pipe Local Privilege Escalation via CVE-2022-0847');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_canvas\", value:\"true\");\n script_set_attribute(attribute:\"canvas_package\", value:\"CANVAS\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2022/03/07\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2022/03/07\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/05/02\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:2.3:o:amazon:linux:2:*:*:*:*:*:*:*\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:2.3:a:amazon:linux:bpftool-debuginfo:*:*:*:*:*:*:*\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:2.3:a:amazon:linux:kernel-debuginfo-common-aarch64:*:*:*:*:*:*:*\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:2.3:a:amazon:linux:kernel-tools-devel:*:*:*:*:*:*:*\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:2.3:a:amazon:linux:kernel-tools-debuginfo:*:*:*:*:*:*:*\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:2.3:a:amazon:linux:python-perf-debuginfo:*:*:*:*:*:*:*\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:2.3:a:amazon:linux:perf-debuginfo:*:*:*:*:*:*:*\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:2.3:a:amazon:linux:kernel:*:*:*:*:*:*:*\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:2.3:a:amazon:linux:kernel-livepatch-5.10.102-99.473:*:*:*:*:*:*:*\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:2.3:a:amazon:linux:python-perf:*:*:*:*:*:*:*\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:2.3:a:amazon:linux:kernel-tools:*:*:*:*:*:*:*\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:2.3:a:amazon:linux:kernel-debuginfo:*:*:*:*:*:*:*\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:2.3:a:amazon:linux:perf:*:*:*:*:*:*:*\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:2.3:a:amazon:linux:kernel-headers:*:*:*:*:*:*:*\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:2.3:a:amazon:linux:kernel-devel:*:*:*:*:*:*:*\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:2.3:a:amazon:linux:bpftool:*:*:*:*:*:*:*\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:2.3:a:amazon:linux:kernel-debuginfo-common-x86_64:*:*:*:*:*:*:*\");\n script_set_attribute(attribute:\"thorough_tests\", value:\"false\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Amazon Linux Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/AmazonLinux/release\", \"Host/AmazonLinux/rpm-list\");\n\n exit(0);\n}\n\ninclude(\"rpm.inc\");\ninclude(\"hotfixes.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nvar release = get_kb_item(\"Host/AmazonLinux/release\");\nif (isnull(release) || !strlen(release)) audit(AUDIT_OS_NOT, \"Amazon Linux\");\nvar os_ver = pregmatch(pattern: \"^AL(A|\\d)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Amazon Linux\");\nvar os_ver = os_ver[1];\nif (os_ver != \"2\")\n{\n if (os_ver == 'A') os_ver = 'AMI';\n audit(AUDIT_OS_NOT, \"Amazon Linux 2\", \"Amazon Linux \" + os_ver);\n}\n\nif (!get_kb_item(\"Host/AmazonLinux/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nif (get_one_kb_item(\"Host/kpatch/kernel-cves\"))\n{\n set_hotfix_type(\"kpatch\");\n var cve_list = make_list(\"CVE-2021-4197\", \"CVE-2021-26341\", \"CVE-2021-26401\", \"CVE-2022-0001\", \"CVE-2022-0002\", \"CVE-2022-0435\", \"CVE-2022-0847\", \"CVE-2022-1055\", \"CVE-2022-23960\");\n if (hotfix_cves_check(cve_list))\n {\n audit(AUDIT_PATCH_INSTALLED, \"kpatch hotfix for ALASKERNEL-5.10-2022-011\");\n }\n else\n {\n __rpm_report = hotfix_reporting_text();\n }\n}\nvar pkgs = [\n {'reference':'bpftool-5.10.102-99.473.amzn2', 'cpu':'aarch64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-5.10'},\n {'reference':'bpftool-5.10.102-99.473.amzn2', 'cpu':'x86_64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-5.10'},\n {'reference':'bpftool-debuginfo-5.10.102-99.473.amzn2', 'cpu':'aarch64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-5.10'},\n {'reference':'bpftool-debuginfo-5.10.102-99.473.amzn2', 'cpu':'x86_64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-5.10'},\n {'reference':'kernel-5.10.102-99.473.amzn2', 'cpu':'aarch64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-5.10'},\n {'reference':'kernel-5.10.102-99.473.amzn2', 'cpu':'x86_64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-5.10'},\n {'reference':'kernel-debuginfo-5.10.102-99.473.amzn2', 'cpu':'aarch64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-5.10'},\n {'reference':'kernel-debuginfo-5.10.102-99.473.amzn2', 'cpu':'x86_64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-5.10'},\n {'reference':'kernel-debuginfo-common-aarch64-5.10.102-99.473.amzn2', 'cpu':'aarch64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-5.10'},\n {'reference':'kernel-debuginfo-common-x86_64-5.10.102-99.473.amzn2', 'cpu':'x86_64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-5.10'},\n {'reference':'kernel-devel-5.10.102-99.473.amzn2', 'cpu':'aarch64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-5.10'},\n {'reference':'kernel-devel-5.10.102-99.473.amzn2', 'cpu':'x86_64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-5.10'},\n {'reference':'kernel-headers-5.10.102-99.473.amzn2', 'cpu':'aarch64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-5.10'},\n {'reference':'kernel-headers-5.10.102-99.473.amzn2', 'cpu':'i686', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-5.10'},\n {'reference':'kernel-headers-5.10.102-99.473.amzn2', 'cpu':'x86_64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-5.10'},\n {'reference':'kernel-livepatch-5.10.102-99.473-1.0-0.amzn2', 'cpu':'aarch64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-5.10'},\n {'reference':'kernel-livepatch-5.10.102-99.473-1.0-0.amzn2', 'cpu':'x86_64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-5.10'},\n {'reference':'kernel-tools-5.10.102-99.473.amzn2', 'cpu':'aarch64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-5.10'},\n {'reference':'kernel-tools-5.10.102-99.473.amzn2', 'cpu':'x86_64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-5.10'},\n {'reference':'kernel-tools-debuginfo-5.10.102-99.473.amzn2', 'cpu':'aarch64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-5.10'},\n {'reference':'kernel-tools-debuginfo-5.10.102-99.473.amzn2', 'cpu':'x86_64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-5.10'},\n {'reference':'kernel-tools-devel-5.10.102-99.473.amzn2', 'cpu':'aarch64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-5.10'},\n {'reference':'kernel-tools-devel-5.10.102-99.473.amzn2', 'cpu':'x86_64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-5.10'},\n {'reference':'perf-5.10.102-99.473.amzn2', 'cpu':'aarch64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-5.10'},\n {'reference':'perf-5.10.102-99.473.amzn2', 'cpu':'x86_64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-5.10'},\n {'reference':'perf-debuginfo-5.10.102-99.473.amzn2', 'cpu':'aarch64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-5.10'},\n {'reference':'perf-debuginfo-5.10.102-99.473.amzn2', 'cpu':'x86_64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-5.10'},\n {'reference':'python-perf-5.10.102-99.473.amzn2', 'cpu':'aarch64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-5.10'},\n {'reference':'python-perf-5.10.102-99.473.amzn2', 'cpu':'x86_64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-5.10'},\n {'reference':'python-perf-debuginfo-5.10.102-99.473.amzn2', 'cpu':'aarch64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-5.10'},\n {'reference':'python-perf-debuginfo-5.10.102-99.473.amzn2', 'cpu':'x86_64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-5.10'}\n];\n\nvar flag = 0;\nforeach var package_array ( pkgs ) {\n var reference = NULL;\n var release = NULL;\n var sp = NULL;\n var cpu = NULL;\n var el_string = NULL;\n var rpm_spec_vers_cmp = NULL;\n var epoch = NULL;\n var allowmaj = NULL;\n var exists_check = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) release = package_array['release'];\n if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) cpu = package_array['cpu'];\n if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (!empty_or_null(package_array['epoch'])) epoch = package_array['epoch'];\n if (!empty_or_null(package_array['allowmaj'])) allowmaj = package_array['allowmaj'];\n if (!empty_or_null(package_array['exists_check'])) exists_check = package_array['exists_check'];\n if (reference && release && (!exists_check || rpm_exists(release:release, rpm:exists_check))) {\n if (rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"bpftool / bpftool-debuginfo / kernel / etc\");\n}", "cvss": {"score": 9, "vector": "AV:N/AC:L/Au:S/C:C/I:C/A:C"}}, {"lastseen": "2022-08-12T18:18:48", "description": "The remote Ubuntu 20.04 LTS / 21.10 host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-5317-1 advisory.\n\n - A flaw was found in the way the flags member of the new pipe buffer structure was lacking proper initialization in copy_page_to_iter_pipe and push_pipe functions in the Linux kernel and could thus contain stale values. An unprivileged local user could use this flaw to write to pages in the page cache backed by read only files and as such escalate their privileges on the system. (CVE-2022-0847)\n\n - Non-transparent sharing of branch predictor selectors between contexts in some Intel(R) Processors may allow an authorized user to potentially enable information disclosure via local access. (CVE-2022-0001)\n\n - Non-transparent sharing of branch predictor within a context in some Intel(R) Processors may allow an authorized user to potentially enable information disclosure via local access. (CVE-2022-0002)\n\n - Certain Arm Cortex and Neoverse processors through 2022-03-08 do not properly restrict cache speculation, aka Spectre-BHB. An attacker can leverage the shared branch history in the Branch History Buffer (BHB) to influence mispredicted branches. Then, cache allocation can allow the attacker to obtain sensitive information. (CVE-2022-23960)\n\n - net/netfilter/nf_dup_netdev.c in the Linux kernel 5.4 through 5.6.10 allows local users to gain privileges because of a heap out-of-bounds write. This is related to nf_tables_offload. (CVE-2022-25636)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {"score": 7.8, "vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"}, "published": "2022-03-09T00:00:00", "type": "nessus", "title": "Ubuntu 20.04 LTS / 21.10 : Linux kernel vulnerabilities (USN-5317-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2022-0001", "CVE-2022-0002", "CVE-2022-0847", "CVE-2022-23960", "CVE-2022-25636"], "modified": "2022-08-12T00:00:00", "cpe": ["p-cpe:2.3:a:canonical:ubuntu_linux:linux-generic-64k-hwe-20.04:*:*:*:*:*:*:*", "p-cpe:2.3:a:canonical:ubuntu_linux:linux-image-extra-virtual-hwe-20.04-edge:*:*:*:*:*:*:*", "p-cpe:2.3:a:canonical:ubuntu_linux:linux-cloud-tools-5.13.0-1017-azure:*:*:*:*:*:*:*", "p-cpe:2.3:a:canonical:ubuntu_linux:linux-image-generic-lpae:*:*:*:*:*:*:*", "p-cpe:2.3:a:canonical:ubuntu_linux:linux-image-generic-hwe-20.04:*:*:*:*:*:*:*", "p-cpe:2.3:a:canonical:ubuntu_linux:linux-cloud-tools-generic-hwe-20.04-edge:*:*:*:*:*:*:*", "p-cpe:2.3:a:canonical:ubuntu_linux:linux-image-5.13.0-35-generic-64k:*:*:*:*:*:*:*", "p-cpe:2.3:a:canonical:ubuntu_linux:linux-headers-kvm:*:*:*:*:*:*:*", "p-cpe:2.3:a:canonical:ubuntu_linux:linux-tools-gke:*:*:*:*:*:*:*", "p-cpe:2.3:a:canonical:ubuntu_linux:linux-headers-5.13.0-1020-raspi:*:*:*:*:*:*:*", "p-cpe:2.3:a:canonical:ubuntu_linux:linux-tools-5.13.0-35:*:*:*:*:*:*:*", "p-cpe:2.3:a:canonical:ubuntu_linux:linux-gcp-headers-5.13.0-1019:*:*:*:*:*:*:*", "p-cpe:2.3:a:canonical:ubuntu_linux:linux-tools-5.13.0-35-lowlatency:*:*:*:*:*:*:*", "p-cpe:2.3:a:canonical:ubuntu_linux:linux-aws-cloud-tools-5.13.0-1017:*:*:*:*:*:*:*", "p-cpe:2.3:a:canonical:ubuntu_linux:linux-tools-aws:*:*:*:*:*:*:*", "p-cpe:2.3:a:canonical:ubuntu_linux:linux-azure:*:*:*:*:*:*:*", "p-cpe:2.3:a:canonical:ubuntu_linux:linux-hwe-5.13-source-5.13.0:*:*:*:*:*:*:*", "p-cpe:2.3:a:canonical:ubuntu_linux:linux-headers-5.13.0-1017-aws:*:*:*:*:*:*:*", "p-cpe:2.3:a:canonical:ubuntu_linux:linux-image-virtual:*:*:*:*:*:*:*", "p-cpe:2.3:a:canonical:ubuntu_linux:linux-headers-lowlatency-hwe-20.04-edge:*:*:*:*:*:*:*", "p-cpe:2.3:a:canonical:ubuntu_linux:linux-image-extra-virtual-hwe-20.04:*:*:*:*:*:*:*", "p-cpe:2.3:a:canonical:ubuntu_linux:linux-tools-5.13.0-1016-kvm:*:*:*:*:*:*:*", "p-cpe:2.3:a:canonical:ubuntu_linux:linux-headers-virtual-hwe-20.04:*:*:*:*:*:*:*", "p-cpe:2.3:a:canonical:ubuntu_linux:linux-headers-5.14.0-1027-oem:*:*:*:*:*:*:*", "p-cpe:2.3:a:canonical:ubuntu_linux:linux-tools-5.14.0-1027-oem:*:*:*:*:*:*:*", "p-cpe:2.3:a:canonical:ubuntu_linux:linux-image-kvm:*:*:*:*:*:*:*", "p-cpe:2.3:a:canonical:ubuntu_linux:linux-tools-virtual:*:*:*:*:*:*:*", "p-cpe:2.3:a:canonical:ubuntu_linux:linux-modules-5.13.0-35-generic:*:*:*:*:*:*:*", "p-cpe:2.3:a:canonical:ubuntu_linux:linux-buildinfo-5.13.0-1019-gcp:*:*:*:*:*:*:*", "p-cpe:2.3:a:canonical:ubuntu_linux:linux-cloud-tools-common:*:*:*:*:*:*:*", "p-cpe:2.3:a:canonical:ubuntu_linux:linux-cloud-tools-generic:*:*:*:*:*:*:*", "p-cpe:2.3:a:canonical:ubuntu_linux:linux-oem-20.04b:*:*:*:*:*:*:*", "p-cpe:2.3:a:canonical:ubuntu_linux:linux-cloud-tools-5.13.0-35:*:*:*:*:*:*:*", "p-cpe:2.3:a:canonical:ubuntu_linux:linux-image-5.13.0-35-generic-lpae:*:*:*:*:*:*:*", "p-cpe:2.3:a:canonical:ubuntu_linux:linux-image-5.13.0-35-lowlatency:*:*:*:*:*:*:*", "p-cpe:2.3:a:canonical:ubuntu_linux:linux-image-virtual-hwe-20.04:*:*:*:*:*:*:*", "p-cpe:2.3:a:canonical:ubuntu_linux:linux-cloud-tools-lowlatency-hwe-20.04:*:*:*:*:*:*:*", "p-cpe:2.3:a:canonical:ubuntu_linux:linux-buildinfo-5.13.0-1017-azure:*:*:*:*:*:*:*", "p-cpe:2.3:a:canonical:ubuntu_linux:linux-modules-extra-5.13.0-1017-azure:*:*:*:*:*:*:*", "p-cpe:2.3:a:canonical:ubuntu_linux:linux-modules-extra-5.13.0-1020-raspi-nolpae:*:*:*:*:*:*:*", "p-cpe:2.3:a:canonical:ubuntu_linux:linux-image-generic-lpae-hwe-20.04-edge:*:*:*:*:*:*:*", "p-cpe:2.3:a:canonical:ubuntu_linux:linux-modules-5.14.0-1027-oem:*:*:*:*:*:*:*", "p-cpe:2.3:a:canonical:ubuntu_linux:linux-headers-oracle-edge:*:*:*:*:*:*:*", "p-cpe:2.3:a:canonical:ubuntu_linux:linux-tools-generic-hwe-20.04:*:*:*:*:*:*:*", "p-cpe:2.3:a:canonical:ubuntu_linux:linux-tools-generic-lpae:*:*:*:*:*:*:*", "p-cpe:2.3:a:canonical:ubuntu_linux:linux-raspi-headers-5.13.0-1020:*:*:*:*:*:*:*", "p-cpe:2.3:a:canonical:ubuntu_linux:linux-cloud-tools-5.13.0-35-lowlatency:*:*:*:*:*:*:*", "p-cpe:2.3:a:canonical:ubuntu_linux:linux-cloud-tools-5.13.0-35-generic:*:*:*:*:*:*:*", "p-cpe:2.3:a:canonical:ubuntu_linux:linux-image-extra-virtual:*:*:*:*:*:*:*", "p-cpe:2.3:a:canonical:ubuntu_linux:linux-tools-generic-64k-hwe-20.04-edge:*:*:*:*:*:*:*", "p-cpe:2.3:a:canonical:ubuntu_linux:linux-image-raspi:*:*:*:*:*:*:*", "p-cpe:2.3:a:canonical:ubuntu_linux:linux-image-aws-edge:*:*:*:*:*:*:*", "p-cpe:2.3:a:canonical:ubuntu_linux:linux-tools-virtual-hwe-20.04-edge:*:*:*:*:*:*:*", "p-cpe:2.3:a:canonical:ubuntu_linux:linux-buildinfo-5.13.0-1016-kvm:*:*:*:*:*:*:*", "p-cpe:2.3:a:canonical:ubuntu_linux:linux-tools-5.13.0-1017-azure:*:*:*:*:*:*:*", "p-cpe:2.3:a:canonical:ubuntu_linux:linux-headers-generic-lpae-hwe-20.04-edge:*:*:*:*:*:*:*", "p-cpe:2.3:a:canonical:ubuntu_linux:linux-tools-lowlatency-hwe-20.04:*:*:*:*:*:*:*", "p-cpe:2.3:a:canonical:ubuntu_linux:linux-libc-dev:*:*:*:*:*:*:*", "p-cpe:2.3:a:canonical:ubuntu_linux:linux-image-unsigned-5.14.0-1027-oem:*:*:*:*:*:*:*", "p-cpe:2.3:a:canonical:ubuntu_linux:linux-image-raspi-nolpae:*:*:*:*:*:*:*", "p-cpe:2.3:a:canonical:ubuntu_linux:linux-virtual-hwe-20.04-edge:*:*:*:*:*:*:*", "p-cpe:2.3:a:canonical:ubuntu_linux:linux-headers-5.13.0-35-lowlatency:*:*:*:*:*:*:*", "p-cpe:2.3:a:canonical:ubuntu_linux:linux-generic-lpae-hwe-20.04:*:*:*:*:*:*:*", "p-cpe:2.3:a:canonical:ubuntu_linux:linux-image-oracle:*:*:*:*:*:*:*", "p-cpe:2.3:a:canonical:ubuntu_linux:linux-image-azure-edge:*:*:*:*:*:*:*", "p-cpe:2.3:a:canonical:ubuntu_linux:linux-headers-generic-64k-hwe-20.04-edge:*:*:*:*:*:*:*", "p-cpe:2.3:a:canonical:ubuntu_linux:linux-tools-generic-lpae-hwe-20.04-edge:*:*:*:*:*:*:*", "p-cpe:2.3:a:canonical:ubuntu_linux:linux-tools-oem-20.04:*:*:*:*:*:*:*", "p-cpe:2.3:a:canonical:ubuntu_linux:linux-oracle-edge:*:*:*:*:*:*:*", "p-cpe:2.3:a:canonical:ubuntu_linux:linux-headers-5.13.0-1019-gcp:*:*:*:*:*:*:*", "p-cpe:2.3:a:canonical:ubuntu_linux:linux-modules-5.13.0-1020-raspi-nolpae:*:*:*:*:*:*:*", "p-cpe:2.3:a:canonical:ubuntu_linux:linux-cloud-tools-virtual:*:*:*:*:*:*:*", "p-cpe:2.3:a:canonical:ubuntu_linux:linux-generic-64k:*:*:*:*:*:*:*", "p-cpe:2.3:a:canonical:ubuntu_linux:linux-modules-5.13.0-1021-oracle:*:*:*:*:*:*:*", "p-cpe:2.3:a:canonical:ubuntu_linux:linux-headers-lowlatency:*:*:*:*:*:*:*", "p-cpe:2.3:a:canonical:ubuntu_linux:linux-modules-extra-aws:*:*:*:*:*:*:*", "p-cpe:2.3:a:canonical:ubuntu_linux:linux-oem-20.04:*:*:*:*:*:*:*", "p-cpe:2.3:a:canonical:ubuntu_linux:linux-azure-headers-5.13.0-1017:*:*:*:*:*:*:*", "p-cpe:2.3:a:canonical:ubuntu_linux:linux-kvm:*:*:*:*:*:*:*", "p-cpe:2.3:a:canonical:ubuntu_linux:linux-modules-extra-azure:*:*:*:*:*:*:*", "p-cpe:2.3:a:canonical:ubuntu_linux:linux-hwe-5.13-cloud-tools-common:*:*:*:*:*:*:*", "p-cpe:2.3:a:canonical:ubuntu_linux:linux-modules-5.13.0-1019-gcp:*:*:*:*:*:*:*", "p-cpe:2.3:a:canonical:ubuntu_linux:linux-aws-headers-5.13.0-1017:*:*:*:*:*:*:*", "p-cpe:2.3:a:canonical:ubuntu_linux:linux-azure-tools-5.13.0-1017:*:*:*:*:*:*:*", "p-cpe:2.3:a:canonical:ubuntu_linux:linux-buildinfo-5.13.0-35-lowlatency:*:*:*:*:*:*:*", "p-cpe:2.3:a:canonical:ubuntu_linux:linux-headers-5.13.0-1021-oracle:*:*:*:*:*:*:*", "p-cpe:2.3:a:canonical:ubuntu_linux:linux-gcp:*:*:*:*:*:*:*", "p-cpe:2.3:a:canonical:ubuntu_linux:linux-tools-lowlatency-hwe-20.04-edge:*:*:*:*:*:*:*", "p-cpe:2.3:a:canonical:ubuntu_linux:linux-oem-20.04c:*:*:*:*:*:*:*", "p-cpe:2.3:a:canonical:ubuntu_linux:linux-headers-generic-hwe-20.04-edge:*:*:*:*:*:*:*", "p-cpe:2.3:a:canonical:ubuntu_linux:linux-headers-generic-hwe-20.04:*:*:*:*:*:*:*", "p-cpe:2.3:a:canonical:ubuntu_linux:linux-lowlatency-hwe-20.04:*:*:*:*:*:*:*", "p-cpe:2.3:a:canonical:ubuntu_linux:linux-image-unsigned-5.13.0-1016-kvm:*:*:*:*:*:*:*", "p-cpe:2.3:a:canonical:ubuntu_linux:linux-image-generic-64k-hwe-20.04:*:*:*:*:*:*:*", "p-cpe:2.3:a:canonical:ubuntu_linux:linux-tools-kvm:*:*:*:*:*:*:*", "p-cpe:2.3:a:canonical:ubuntu_linux:linux-buildinfo-5.13.0-35-generic-64k:*:*:*:*:*:*:*", "p-cpe:2.3:a:canonical:ubuntu_linux:linux-tools-aws-edge:*:*:*:*:*:*:*", "p-cpe:2.3:a:canonical:ubuntu_linux:linux-image-5.13.0-1021-oracle:*:*:*:*:*:*:*", "p-cpe:2.3:a:canonical:ubuntu_linux:linux-buildinfo-5.13.0-35-generic-lpae:*:*:*:*:*:*:*", "p-cpe:2.3:a:canonical:ubuntu_linux:linux-headers-5.13.0-35-generic-64k:*:*:*:*:*:*:*", "p-cpe:2.3:a:canonical:ubuntu_linux:linux-cloud-tools-virtual-hwe-20.04-edge:*:*:*:*:*:*:*", "p-cpe:2.3:a:canonical:ubuntu_linux:linux-headers-raspi-nolpae:*:*:*:*:*:*:*", "p-cpe:2.3:a:canonical:ubuntu_linux:linux-azure-5.13-tools-5.13.0-1017:*:*:*:*:*:*:*", "p-cpe:2.3:a:canonical:ubuntu_linux:linux-hwe-5.13-tools-5.13.0-35:*:*:*:*:*:*:*", "p-cpe:2.3:a:canonical:ubuntu_linux:linux-tools-5.13.0-35-generic:*:*:*:*:*:*:*", "p-cpe:2.3:a:canonical:ubuntu_linux:linux-gcp-5.13-headers-5.13.0-1019:*:*:*:*:*:*:*", "p-cpe:2.3:a:canonical:ubuntu_linux:linux-oracle-headers-5.13.0-1021:*:*:*:*:*:*:*", "p-cpe:2.3:a:canonical:ubuntu_linux:linux-virtual-hwe-20.04:*:*:*:*:*:*:*", "p-cpe:2.3:a:canonical:ubuntu_linux:linux-image-oem-20.04d:*:*:*:*:*:*:*", "p-cpe:2.3:a:canonical:ubuntu_linux:linux-aws-5.13-headers-5.13.0-1017:*:*:*:*:*:*:*", "p-cpe:2.3:a:canonical:ubuntu_linux:linux-generic-lpae:*:*:*:*:*:*:*", "p-cpe:2.3:a:canonical:ubuntu_linux:linux-modules-5.13.0-35-generic-lpae:*:*:*:*:*:*:*", "p-cpe:2.3:a:canonical:ubuntu_linux:linux-modules-extra-5.13.0-1020-raspi:*:*:*:*:*:*:*", "p-cpe:2.3:a:canonical:ubuntu_linux:linux-image-generic-64k-hwe-20.04-edge:*:*:*:*:*:*:*", "p-cpe:2.3:a:canonical:ubuntu_linux:linux-aws-5.13-cloud-tools-5.13.0-1017:*:*:*:*:*:*:*", "p-cpe:2.3:a:canonical:ubuntu_linux:linux-modules-extra-raspi:*:*:*:*:*:*:*", "p-cpe:2.3:a:canonical:ubuntu_linux:linux-headers-5.13.0-35-generic-lpae:*:*:*:*:*:*:*", "p-cpe:2.3:a:canonical:ubuntu_linux:linux-modules-5.13.0-35-lowlatency:*:*:*:*:*:*:*", "p-cpe:2.3:a:canonical:ubuntu_linux:linux-image-5.13.0-35-generic:*:*:*:*:*:*:*", "p-cpe:2.3:a:canonical:ubuntu_linux:linux-modules-5.13.0-1020-raspi:*:*:*:*:*:*:*", "p-cpe:2.3:a:canonical:ubuntu_linux:linux-modules-extra-5.13.0-1021-oracle:*:*:*:*:*:*:*", "p-cpe:2.3:a:canonical:ubuntu_linux:linux-oracle-5.13-tools-5.13.0-1021:*:*:*:*:*:*:*", "p-cpe:2.3:a:canonical:ubuntu_linux:linux-headers-5.13.0-35:*:*:*:*:*:*:*", "p-cpe:2.3:a:canonical:ubuntu_linux:linux-hwe-5.13-headers-5.13.0-35:*:*:*:*:*:*:*", "p-cpe:2.3:a:canonical:ubuntu_linux:linux-tools-generic-lpae-hwe-20.04:*:*:*:*:*:*:*", "p-cpe:2.3:a:canonical:ubuntu_linux:linux-tools-5.13.0-35-generic-64k:*:*:*:*:*:*:*", "p-cpe:2.3:a:canonical:ubuntu_linux:linux-tools-generic-hwe-20.04-edge:*:*:*:*:*:*:*", "p-cpe:2.3:a:canonical:ubuntu_linux:linux-image-unsigned-5.13.0-1017-azure:*:*:*:*:*:*:*", "p-cpe:2.3:a:canonical:ubuntu_linux:linux-image-gke:*:*:*:*:*:*:*", "p-cpe:2.3:a:canonical:ubuntu_linux:linux-headers-generic-64k:*:*:*:*:*:*:*", "p-cpe:2.3:a:canonical:ubuntu_linux:linux-headers-generic-64k-hwe-20.04:*:*:*:*:*:*:*", "p-cpe:2.3:a:canonical:ubuntu_linux:linux-azure-cloud-tools-5.13.0-1017:*:*:*:*:*:*:*", "p-cpe:2.3:a:canonical:ubuntu_linux:linux-image-unsigned-5.13.0-1021-oracle:*:*:*:*:*:*:*", "p-cpe:2.3:a:canonical:ubuntu_linux:linux-image-generic-64k:*:*:*:*:*:*:*", "p-cpe:2.3:a:canonical:ubuntu_linux:linux-tools-oracle-edge:*:*:*:*:*:*:*", "p-cpe:2.3:a:canonical:ubuntu_linux:linux-tools-common:*:*:*:*:*:*:*", "p-cpe:2.3:a:canonical:ubuntu_linux:linux-generic-lpae-hwe-20.04-edge:*:*:*:*:*:*:*", "p-cpe:2.3:a:canonical:ubuntu_linux:linux-headers-virtual-hwe-20.04-edge:*:*:*:*:*:*:*", "p-cpe:2.3:a:canonical:ubuntu_linux:linux-headers-5.13.0-35-generic:*:*:*:*:*:*:*", "p-cpe:2.3:a:canonical:ubuntu_linux:linux-image-5.13.0-1016-kvm:*:*:*:*:*:*:*", "cpe:2.3:o:canonical:ubuntu_linux:20.04:-:lts:*:*:*:*:*", "p-cpe:2.3:a:canonical:ubuntu_linux:linux-image-oem-20.04:*:*:*:*:*:*:*", "p-cpe:2.3:a:canonical:ubuntu_linux:linux-image-oem-20.04b:*:*:*:*:*:*:*", "cpe:2.3:o:canonical:ubuntu_linux:21.10:*:*:*:*:*:*:*", "p-cpe:2.3:a:canonical:ubuntu_linux:linux-azure-5.13-headers-5.13.0-1017:*:*:*:*:*:*:*", "p-cpe:2.3:a:canonical:ubuntu_linux:linux-image-unsigned-5.13.0-1017-aws:*:*:*:*:*:*:*", "p-cpe:2.3:a:canonical:ubuntu_linux:linux-image-lowlatency-hwe-20.04:*:*:*:*:*:*:*", "p-cpe:2.3:a:canonical:ubuntu_linux:linux-tools-host:*:*:*:*:*:*:*", "p-cpe:2.3:a:canonical:ubuntu_linux:linux-modules-extra-5.13.0-1017-aws:*:*:*:*:*:*:*", "p-cpe:2.3:a:canonical:ubuntu_linux:linux-headers-generic-lpae:*:*:*:*:*:*:*", "p-cpe:2.3:a:canonical:ubuntu_linux:linux-oracle:*:*:*:*:*:*:*", "p-cpe:2.3:a:canonical:ubuntu_linux:linux-raspi:*:*:*:*:*:*:*", "p-cpe:2.3:a:canonical:ubuntu_linux:linux-buildinfo-5.13.0-1020-raspi:*:*:*:*:*:*:*", "p-cpe:2.3:a:canonical:ubuntu_linux:linux-headers-5.13.0-1016-kvm:*:*:*:*:*:*:*", "p-cpe:2.3:a:canonical:ubuntu_linux:linux-headers-lowlatency-hwe-20.04:*:*:*:*:*:*:*", "p-cpe:2.3:a:canonical:ubuntu_linux:linux-oem-20.04d:*:*:*:*:*:*:*", "p-cpe:2.3:a:canonical:ubuntu_linux:linux-headers-gke:*:*:*:*:*:*:*", "p-cpe:2.3:a:canonical:ubuntu_linux:linux-image-unsigned-5.13.0-1019-gcp:*:*:*:*:*:*:*", "p-cpe:2.3:a:canonical:ubuntu_linux:linux-source:*:*:*:*:*:*:*", "p-cpe:2.3:a:canonical:ubuntu_linux:linux-gke:*:*:*:*:*:*:*", "p-cpe:2.3:a:canonical:ubuntu_linux:linux-headers-oem-20.04:*:*:*:*:*:*:*", "p-cpe:2.3:a:canonical:ubuntu_linux:linux-modules-extra-raspi-nolpae:*:*:*:*:*:*:*", "p-cpe:2.3:a:canonical:ubuntu_linux:linux-azure-edge:*:*:*:*:*:*:*", "p-cpe:2.3:a:canonical:ubuntu_linux:linux-modules-5.13.0-1017-azure:*:*:*:*:*:*:*", "p-cpe:2.3:a:canonical:ubuntu_linux:linux-oem-5.14-tools-5.14.0-1027:*:*:*:*:*:*:*", "p-cpe:2.3:a:canonical:ubuntu_linux:linux-tools-gcp-edge:*:*:*:*:*:*:*", "p-cpe:2.3:a:canonical:ubuntu_linux:linux-crashdump:*:*:*:*:*:*:*", "p-cpe:2.3:a:canonical:ubuntu_linux:linux-modules-5.13.0-1016-kvm:*:*:*:*:*:*:*", "p-cpe:2.3:a:canonical:ubuntu_linux:linux-tools-generic:*:*:*:*:*:*:*", "p-cpe:2.3:a:canonical:ubuntu_linux:linux-tools-generic-64k:*:*:*:*:*:*:*", "p-cpe:2.3:a:canonical:ubuntu_linux:linux-headers-oem-20.04d:*:*:*:*:*:*:*", "p-cpe:2.3:a:canonical:ubuntu_linux:linux-image-unsigned-5.13.0-35-generic-64k:*:*:*:*:*:*:*", "p-cpe:2.3:a:canonical:ubuntu_linux:linux-generic-hwe-20.04-edge:*:*:*:*:*:*:*", "p-cpe:2.3:a:canonical:ubuntu_linux:linux-tools-raspi-nolpae:*:*:*:*:*:*:*", "p-cpe:2.3:a:canonical:ubuntu_linux:linux-oem-5.14-tools-host:*:*:*:*:*:*:*", "p-cpe:2.3:a:canonical:ubuntu_linux:linux-tools-5.13.0-1017-aws:*:*:*:*:*:*:*", "p-cpe:2.3:a:canonical:ubuntu_linux:linux-tools-lowlatency:*:*:*:*:*:*:*", "p-cpe:2.3:a:canonical:ubuntu_linux:linux-headers-aws:*:*:*:*:*:*:*", "p-cpe:2.3:a:canonical:ubuntu_linux:linux-virtual:*:*:*:*:*:*:*", "p-cpe:2.3:a:canonical:ubuntu_linux:linux-raspi-tools-5.13.0-1020:*:*:*:*:*:*:*", "p-cpe:2.3:a:canonical:ubuntu_linux:linux-tools-5.13.0-1020-raspi:*:*:*:*:*:*:*", "p-cpe:2.3:a:canonical:ubuntu_linux:linux-gcp-edge:*:*:*:*:*:*:*", "p-cpe:2.3:a:canonical:ubuntu_linux:linux-image-5.13.0-1020-raspi:*:*:*:*:*:*:*", "p-cpe:2.3:a:canonical:ubuntu_linux:linux-aws:*:*:*:*:*:*:*", "p-cpe:2.3:a:canonical:ubuntu_linux:linux-cloud-tools-lowlatency-hwe-20.04-edge:*:*:*:*:*:*:*", "p-cpe:2.3:a:canonical:ubuntu_linux:linux-modules-extra-gcp:*:*:*:*:*:*:*", "p-cpe:2.3:a:canonical:ubuntu_linux:linux-oracle-5.13-headers-5.13.0-1021:*:*:*:*:*:*:*", "p-cpe:2.3:a:canonical:ubuntu_linux:linux-tools-5.13.0-1020-raspi-nolpae:*:*:*:*:*:*:*", "p-cpe:2.3:a:canonical:ubuntu_linux:linux-cloud-tools-virtual-hwe-20.04:*:*:*:*:*:*:*", "p-cpe:2.3:a:canonical:ubuntu_linux:linux-tools-oem-20.04d:*:*:*:*:*:*:*", "p-cpe:2.3:a:canonical:ubuntu_linux:linux-aws-tools-5.13.0-1017:*:*:*:*:*:*:*", "p-cpe:2.3:a:canonical:ubuntu_linux:linux-image-gcp:*:*:*:*:*:*:*", "p-cpe:2.3:a:canonical:ubuntu_linux:linux-headers-generic:*:*:*:*:*:*:*", "p-cpe:2.3:a:canonical:ubuntu_linux:linux-image-virtual-hwe-20.04-edge:*:*:*:*:*:*:*", "p-cpe:2.3:a:canonical:ubuntu_linux:linux-lowlatency-hwe-20.04-edge:*:*:*:*:*:*:*", "p-cpe:2.3:a:canonical:ubuntu_linux:linux-modules-extra-gcp-edge:*:*:*:*:*:*:*", "p-cpe:2.3:a:canonical:ubuntu_linux:linux-gcp-tools-5.13.0-1019:*:*:*:*:*:*:*", "p-cpe:2.3:a:canonical:ubuntu_linux:linux-oem-5.14-headers-5.14.0-1027:*:*:*:*:*:*:*", "p-cpe:2.3:a:canonical:ubuntu_linux:linux-headers-gcp-edge:*:*:*:*:*:*:*", "p-cpe:2.3:a:canonical:ubuntu_linux:linux-tools-virtual-hwe-20.04:*:*:*:*:*:*:*", "p-cpe:2.3:a:canonical:ubuntu_linux:linux-tools-oracle:*:*:*:*:*:*:*", "p-cpe:2.3:a:canonical:ubuntu_linux:linux-source-5.13.0:*:*:*:*:*:*:*", "p-cpe:2.3:a:canonical:ubuntu_linux:linux-modules-extra-5.13.0-35-generic:*:*:*:*:*:*:*", "p-cpe:2.3:a:canonical:ubuntu_linux:linux-tools-5.13.0-35-generic-lpae:*:*:*:*:*:*:*", "p-cpe:2.3:a:canonical:ubuntu_linux:linux-image-azure:*:*:*:*:*:*:*", "p-cpe:2.3:a:canonical:ubuntu_linux:linux-tools-azure-edge:*:*:*:*:*:*:*", "p-cpe:2.3:a:canonical:ubuntu_linux:linux-headers-5.13.0-1020-raspi-nolpae:*:*:*:*:*:*:*", "p-cpe:2.3:a:canonical:ubuntu_linux:linux-headers-virtual:*:*:*:*:*:*:*", "p-cpe:2.3:a:canonical:ubuntu_linux:linux-image-lowlatency-hwe-20.04-edge:*:*:*:*:*:*:*", "p-cpe:2.3:a:canonical:ubuntu_linux:linux-raspi-nolpae:*:*:*:*:*:*:*", "p-cpe:2.3:a:canonical:ubuntu_linux:linux-generic-64k-hwe-20.04-edge:*:*:*:*:*:*:*", "p-cpe:2.3:a:canonical:ubuntu_linux:linux-headers-azure-edge:*:*:*:*:*:*:*", "p-cpe:2.3:a:canonical:ubuntu_linux:linux-generic:*:*:*:*:*:*:*", "p-cpe:2.3:a:canonical:ubuntu_linux:linux-hwe-5.13-tools-common:*:*:*:*:*:*:*", "p-cpe:2.3:a:canonical:ubuntu_linux:linux-image-generic-hwe-20.04-edge:*:*:*:*:*:*:*", "p-cpe:2.3:a:canonical:ubuntu_linux:linux-headers-azure:*:*:*:*:*:*:*", "p-cpe:2.3:a:canonical:ubuntu_linux:linux-tools-generic-64k-hwe-20.04:*:*:*:*:*:*:*", "p-cpe:2.3:a:canonical:ubuntu_linux:linux-tools-5.13.0-1019-gcp:*:*:*:*:*:*:*", "p-cpe:2.3:a:canonical:ubuntu_linux:linux-buildinfo-5.14.0-1027-oem:*:*:*:*:*:*:*", "p-cpe:2.3:a:canonical:ubuntu_linux:linux-headers-raspi:*:*:*:*:*:*:*", "p-cpe:2.3:a:canonical:ubuntu_linux:linux-aws-5.13-tools-5.13.0-1017:*:*:*:*:*:*:*", "p-cpe:2.3:a:canonical:ubuntu_linux:linux-image-oracle-edge:*:*:*:*:*:*:*", "p-cpe:2.3:a:canonical:ubuntu_linux:linux-image-gcp-edge:*:*:*:*:*:*:*", "p-cpe:2.3:a:canonical:ubuntu_linux:linux-image-5.13.0-1017-azure:*:*:*:*:*:*:*", "p-cpe:2.3:a:canonical:ubuntu_linux:linux-generic-hwe-20.04:*:*:*:*:*:*:*", "p-cpe:2.3:a:canonical:ubuntu_linux:linux-tools-oem-20.04b:*:*:*:*:*:*:*", "p-cpe:2.3:a:canonical:ubuntu_linux:linux-kvm-tools-5.13.0-1016:*:*:*:*:*:*:*", "p-cpe:2.3:a:canonical:ubuntu_linux:linux-tools-oem-20.04c:*:*:*:*:*:*:*", "p-cpe:2.3:a:canonical:ubuntu_linux:linux-aws-edge:*:*:*:*:*:*:*", "p-cpe:2.3:a:canonical:ubuntu_linux:linux-headers-oem-20.04b:*:*:*:*:*:*:*", "p-cpe:2.3:a:canonical:ubuntu_linux:linux-tools-raspi:*:*:*:*:*:*:*", "p-cpe:2.3:a:canonical:ubuntu_linux:linux-buildinfo-5.13.0-1017-aws:*:*:*:*:*:*:*", "p-cpe:2.3:a:canonical:ubuntu_linux:linux-headers-aws-edge:*:*:*:*:*:*:*", "p-cpe:2.3:a:canonical:ubuntu_linux:linux-modules-5.13.0-35-generic-64k:*:*:*:*:*:*:*", "p-cpe:2.3:a:canonical:ubuntu_linux:linux-oracle-tools-5.13.0-1021:*:*:*:*:*:*:*", "p-cpe:2.3:a:canonical:ubuntu_linux:linux-image-oem-20.04c:*:*:*:*:*:*:*", "p-cpe:2.3:a:canonical:ubuntu_linux:linux-image-5.14.0-1027-oem:*:*:*:*:*:*:*", "p-cpe:2.3:a:canonical:ubuntu_linux:linux-image-generic:*:*:*:*:*:*:*", "p-cpe:2.3:a:canonical:ubuntu_linux:linux-headers-gcp:*:*:*:*:*:*:*", "p-cpe:2.3:a:canonical:ubuntu_linux:linux-cloud-tools-lowlatency:*:*:*:*:*:*:*", "p-cpe:2.3:a:canonical:ubuntu_linux:linux-modules-extra-gke:*:*:*:*:*:*:*", "p-cpe:2.3:a:canonical:ubuntu_linux:linux-hwe-5.13-tools-host:*:*:*:*:*:*:*", "p-cpe:2.3:a:canonical:ubuntu_linux:linux-image-unsigned-5.13.0-35-lowlatency:*:*:*:*:*:*:*", "p-cpe:2.3:a:canonical:ubuntu_linux:linux-headers-oracle:*:*:*:*:*:*:*", "p-cpe:2.3:a:canonical:ubuntu_linux:linux-headers-oem-20.04c:*:*:*:*:*:*:*", "p-cpe:2.3:a:canonical:ubuntu_linux:linux-cloud-tools-azure-edge:*:*:*:*:*:*:*", "p-cpe:2.3:a:canonical:ubuntu_linux:linux-modules-extra-azure-edge:*:*:*:*:*:*:*", "p-cpe:2.3:a:canonical:ubuntu_linux:linux-image-unsigned-5.13.0-35-generic:*:*:*:*:*:*:*", "p-cpe:2.3:a:canonical:ubuntu_linux:linux-image-lowlatency:*:*:*:*:*:*:*", "p-cpe:2.3:a:canonical:ubuntu_linux:linux-image-generic-lpae-hwe-20.04:*:*:*:*:*:*:*", "p-cpe:2.3:a:canonical:ubuntu_linux:linux-modules-extra-aws-edge:*:*:*:*:*:*:*", "p-cpe:2.3:a:canonical:ubuntu_linux:linux-tools-gcp:*:*:*:*:*:*:*", "p-cpe:2.3:a:canonical:ubuntu_linux:linux-buildinfo-5.13.0-35-generic:*:*:*:*:*:*:*", "p-cpe:2.3:a:canonical:ubuntu_linux:linux-azure-5.13-cloud-tools-5.13.0-1017:*:*:*:*:*:*:*", "p-cpe:2.3:a:canonical:ubuntu_linux:linux-modules-5.13.0-1017-aws:*:*:*:*:*:*:*", "p-cpe:2.3:a:canonical:ubuntu_linux:linux-hwe-5.13-cloud-tools-5.13.0-35:*:*:*:*:*:*:*", "p-cpe:2.3:a:canonical:ubuntu_linux:linux-tools-azure:*:*:*:*:*:*:*", "p-cpe:2.3:a:canonical:ubuntu_linux:linux-buildinfo-5.13.0-1020-raspi-nolpae:*:*:*:*:*:*:*", "p-cpe:2.3:a:canonical:ubuntu_linux:linux-buildinfo-5.13.0-1021-oracle:*:*:*:*:*:*:*", "p-cpe:2.3:a:canonical:ubuntu_linux:linux-gcp-5.13-tools-5.13.0-1019:*:*:*:*:*:*:*", "p-cpe:2.3:a:canonical:ubuntu_linux:linux-image-aws:*:*:*:*:*:*:*", "p-cpe:2.3:a:canonical:ubuntu_linux:linux-kvm-headers-5.13.0-1016:*:*:*:*:*:*:*", "p-cpe:2.3:a:canonical:ubuntu_linux:linux-headers-5.13.0-1017-azure:*:*:*:*:*:*:*", "p-cpe:2.3:a:canonical:ubuntu_linux:linux-image-5.13.0-1017-aws:*:*:*:*:*:*:*", "p-cpe:2.3:a:canonical:ubuntu_linux:linux-lowlatency:*:*:*:*:*:*:*", "p-cpe:2.3:a:canonical:ubuntu_linux:linux-cloud-tools-5.13.0-1017-aws:*:*:*:*:*:*:*", "p-cpe:2.3:a:canonical:ubuntu_linux:linux-cloud-tools-azure:*:*:*:*:*:*:*", "p-cpe:2.3:a:canonical:ubuntu_linux:linux-headers-generic-lpae-hwe-20.04:*:*:*:*:*:*:*", "p-cpe:2.3:a:canonical:ubuntu_linux:linux-image-5.13.0-1019-gcp:*:*:*:*:*:*:*", "p-cpe:2.3:a:canonical:ubuntu_linux:linux-image-5.13.0-1020-raspi-nolpae:*:*:*:*:*:*:*", "p-cpe:2.3:a:canonical:ubuntu_linux:linux-cloud-tools-generic-hwe-20.04:*:*:*:*:*:*:*", "p-cpe:2.3:a:canonical:ubuntu_linux:linux-modules-extra-5.13.0-1019-gcp:*:*:*:*:*:*:*", "p-cpe:2.3:a:canonical:ubuntu_linux:linux-tools-5.13.0-1021-oracle:*:*:*:*:*:*:*"], "id": "UBUNTU_USN-5317-1.NASL", "href": "https://www.tenable.com/plugins/nessus/158731", "sourceData": "#%NASL_MIN_LEVEL 70300\n##\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-5317-1. The text\n# itself is copyright (C) Canonical, Inc. See\n# <https://ubuntu.com/security/notices>. Ubuntu(R) is a registered\n# trademark of Canonical, Inc.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(158731);\n script_version(\"1.8\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/08/12\");\n\n script_cve_id(\n \"CVE-2022-0001\",\n \"CVE-2022-0002\",\n \"CVE-2022-0847\",\n \"CVE-2022-23960\",\n \"CVE-2022-25636\"\n );\n script_xref(name:\"USN\", value:\"5317-1\");\n script_xref(name:\"CISA-KNOWN-EXPLOITED\", value:\"2022/05/16\");\n\n script_name(english:\"Ubuntu 20.04 LTS / 21.10 : Linux kernel vulnerabilities (USN-5317-1)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Ubuntu host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Ubuntu 20.04 LTS / 21.10 host has packages installed that are affected by multiple vulnerabilities as\nreferenced in the USN-5317-1 advisory.\n\n - A flaw was found in the way the flags member of the new pipe buffer structure was lacking proper\n initialization in copy_page_to_iter_pipe and push_pipe functions in the Linux kernel and could thus\n contain stale values. An unprivileged local user could use this flaw to write to pages in the page cache\n backed by read only files and as such escalate their privileges on the system. (CVE-2022-0847)\n\n - Non-transparent sharing of branch predictor selectors between contexts in some Intel(R) Processors may\n allow an authorized user to potentially enable information disclosure via local access. (CVE-2022-0001)\n\n - Non-transparent sharing of branch predictor within a context in some Intel(R) Processors may allow an\n authorized user to potentially enable information disclosure via local access. (CVE-2022-0002)\n\n - Certain Arm Cortex and Neoverse processors through 2022-03-08 do not properly restrict cache speculation,\n aka Spectre-BHB. An attacker can leverage the shared branch history in the Branch History Buffer (BHB) to\n influence mispredicted branches. Then, cache allocation can allow the attacker to obtain sensitive\n information. (CVE-2022-23960)\n\n - net/netfilter/nf_dup_netdev.c in the Linux kernel 5.4 through 5.6.10 allows local users to gain privileges\n because of a heap out-of-bounds write. This is related to nf_tables_offload. (CVE-2022-25636)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://ubuntu.com/security/notices/USN-5317-1\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2022-0847\");\n script_set_attribute(attribute:\"cvss3_score_source\", value:\"CVE-2022-25636\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'Dirty Pipe Local Privilege Escalation via CVE-2022-0847');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_canvas\", value:\"true\");\n script_set_attribute(attribute:\"canvas_package\", value:\"CANVAS\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2022/02/24\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2022/03/09\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/03/09\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:2.3:a:canonical:ubuntu_linux:linux-generic-64k-hwe-20.04:*:*:*:*:*:*:*\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:2.3:a:canonical:ubuntu_linux:linux-image-extra-virtual-hwe-20.04-edge:*:*:*:*:*:*:*\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:2.3:a:canonical:ubuntu_linux:linux-cloud-tools-5.13.0-1017-azure:*:*:*:*:*:*:*\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:2.3:a:canonical:ubuntu_linux:linux-image-generic-lpae:*:*:*:*:*:*:*\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:2.3:a:canonical:ubuntu_linux:linux-image-generic-hwe-20.04:*:*:*:*:*:*:*\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:2.3:a:canonical:ubuntu_linux:linux-cloud-tools-generic-hwe-20.04-edge:*:*:*:*:*:*:*\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:2.3:a:canonical:ubuntu_linux:linux-image-5.13.0-35-generic-64k:*:*:*:*:*:*:*\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:2.3:a:canonical:ubuntu_linux:linux-headers-kvm:*:*:*:*:*:*:*\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:2.3:a:canonical:ubuntu_linux:linux-tools-gke:*:*:*:*:*:*:*\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:2.3:a:canonical:ubuntu_linux:linux-headers-5.13.0-1020-raspi:*:*:*:*:*:*:*\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:2.3:a:canonical:ubuntu_linux:linux-tools-5.13.0-35:*:*:*:*:*:*:*\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:2.3:a:canonical:ubuntu_linux:linux-gcp-headers-5.13.0-1019:*:*:*:*:*:*:*\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:2.3:a:canonical:ubuntu_linux:linux-tools-5.13.0-35-lowlatency:*:*:*:*:*:*:*\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:2.3:a:canonical:ubuntu_linux:linux-aws-cloud-tools-5.13.0-1017:*:*:*:*:*:*:*\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:2.3:a:canonical:ubuntu_linux:linux-tools-aws:*:*:*:*:*:*:*\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:2.3:a:canonical:ubuntu_linux:linux-azure:*:*:*:*:*:*:*\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:2.3:a:canonical:ubuntu_linux:linux-hwe-5.13-source-5.13.0:*:*:*:*:*:*:*\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:2.3:a:canonical:ubuntu_linux:linux-headers-5.13.0-1017-aws:*:*:*:*:*:*:*\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:2.3:a:canonical:ubuntu_linux:linux-image-virtual:*:*:*:*:*:*:*\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:2.3:a:canonical:ubuntu_linux:linux-headers-lowlatency-hwe-20.04-edge:*:*:*:*:*:*:*\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:2.3:a:canonical:ubuntu_linux:linux-image-extra-virtual-hwe-20.04:*:*:*:*:*:*:*\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:2.3:a:canonical:ubuntu_linux:linux-tools-5.13.0-1016-kvm:*:*:*:*:*:*:*\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:2.3:a:canonical:ubuntu_linux:linux-headers-virtual-hwe-20.04:*:*:*:*:*:*:*\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:2.3:a:canonical:ubuntu_linux:linux-headers-5.14.0-1027-oem:*:*:*:*:*:*:*\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:2.3:a:canonical:ubuntu_linux:linux-tools-5.14.0-1027-oem:*:*:*:*:*:*:*\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:2.3:a:canonical:ubuntu_linux:linux-image-kvm:*:*:*:*:*:*:*\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:2.3:a:canonical:ubuntu_linux:linux-tools-virtual:*:*:*:*:*:*:*\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:2.3:a:canonical:ubuntu_linux:linux-modules-5.13.0-35-generic:*:*:*:*:*:*:*\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:2.3:a:canonical:ubuntu_linux:linux-buildinfo-5.13.0-1019-gcp:*:*:*:*:*:*:*\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:2.3:a:canonical:ubuntu_linux:linux-cloud-tools-common:*:*:*:*:*:*:*\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:2.3:a:canonical:ubuntu_linux:linux-cloud-tools-generic:*:*:*:*:*:*:*\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:2.3:a:canonical:ubuntu_linux:linux-oem-20.04b:*:*:*:*:*:*:*\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:2.3:a:canonical:ubuntu_linux:linux-cloud-tools-5.13.0-35:*:*:*:*:*:*:*\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:2.3:a:canonical:ubuntu_linux:linux-image-5.13.0-35-generic-lpae:*:*:*:*:*:*:*\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:2.3:a:canonical:ubuntu_linux:linux-image-5.13.0-35-lowlatency:*:*:*:*:*:*:*\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:2.3:a:canonical:ubuntu_linux:linux-image-virtual-hwe-20.04:*:*:*:*:*:*:*\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:2.3:a:canonical:ubuntu_linux:linux-cloud-tools-lowlatency-hwe-20.04:*:*:*:*:*:*:*\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:2.3:a:canonical:ubuntu_linux:linux-buildinfo-5.13.0-1017-azure:*:*:*:*:*:*:*\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:2.3:a:canonical:ubuntu_linux:linux-modules-extra-5.13.0-1017-azure:*:*:*:*:*:*:*\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:2.3:a:canonical:ubuntu_linux:linux-modules-extra-5.13.0-1020-raspi-nolpae:*:*:*:*:*:*:*\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:2.3:a:canonical:ubuntu_linux:linux-image-generic-lpae-hwe-20.04-edge:*:*:*:*:*:*:*\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:2.3:a:canonical:ubuntu_linux:linux-modules-5.14.0-1027-oem:*:*:*:*:*:*:*\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:2.3:a:canonical:ubuntu_linux:linux-headers-oracle-edge:*:*:*:*:*:*:*\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:2.3:a:canonical:ubuntu_linux:linux-tools-generic-hwe-20.04:*:*:*:*:*:*:*\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:2.3:a:canonical:ubuntu_linux:linux-tools-generic-lpae:*:*:*:*:*:*:*\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:2.3:a:canonical:ubuntu_linux:linux-raspi-headers-5.13.0-1020:*:*:*:*:*:*:*\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:2.3:a:canonical:ubuntu_linux:linux-cloud-tools-5.13.0-35-lowlatency:*:*:*:*:*:*:*\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:2.3:a:canonical:ubuntu_linux:linux-cloud-tools-5.13.0-35-generic:*:*:*:*:*:*:*\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:2.3:a:canonical:ubuntu_linux:linux-image-extra-virtual:*:*:*:*:*:*:*\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:2.3:a:canonical:ubuntu_linux:linux-tools-generic-64k-hwe-20.04-edge:*:*:*:*:*:*:*\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:2.3:a:canonical:ubuntu_linux:linux-image-raspi:*:*:*:*:*:*:*\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:2.3:a:canonical:ubuntu_linux:linux-image-aws-edge:*:*:*:*:*:*:*\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:2.3:a:canonical:ubuntu_linux:linux-tools-virtual-hwe-20.04-edge:*:*:*:*:*:*:*\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:2.3:a:canonical:ubuntu_linux:linux-buildinfo-5.13.0-1016-kvm:*:*:*:*:*:*:*\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:2.3:a:canonical:ubuntu_linux:linux-tools-5.13.0-1017-azure:*:*:*:*:*:*:*\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:2.3:a:canonical:ubuntu_linux:linux-headers-generic-lpae-hwe-20.04-edge:*:*:*:*:*:*:*\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:2.3:a:canonical:ubuntu_linux:linux-tools-lowlatency-hwe-20.04:*:*:*:*:*:*:*\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:2.3:a:canonical:ubuntu_linux:linux-libc-dev:*:*:*:*:*:*:*\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:2.3:a:canonical:ubuntu_linux:linux-image-unsigned-5.14.0-1027-oem:*:*:*:*:*:*:*\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:2.3:a:canonical:ubuntu_linux:linux-image-raspi-nolpae:*:*:*:*:*:*:*\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:2.3:a:canonical:ubuntu_linux:linux-virtual-hwe-20.04-edge:*:*:*:*:*:*:*\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:2.3:a:canonical:ubuntu_linux:linux-headers-5.13.0-35-lowlatency:*:*:*:*:*:*:*\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:2.3:a:canonical:ubuntu_linux:linux-generic-lpae-hwe-20.04:*:*:*:*:*:*:*\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:2.3:a:canonical:ubuntu_linux:linux-image-oracle:*:*:*:*:*:*:*\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:2.3:a:canonical:ubuntu_linux:linux-image-azure-edge:*:*:*:*:*:*:*\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:2.3:a:canonical:ubuntu_linux:linux-headers-generic-64k-hwe-20.04-edge:*:*:*:*:*:*:*\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:2.3:a:canonical:ubuntu_linux:linux-tools-generic-lpae-hwe-20.04-edge:*:*:*:*:*:*:*\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:2.3:a:canonical:ubuntu_linux:linux-tools-oem-20.04:*:*:*:*:*:*:*\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:2.3:a:canonical:ubuntu_linux:linux-oracle-edge:*:*:*:*:*:*:*\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:2.3:a:canonical:ubuntu_linux:linux-headers-5.13.0-1019-gcp:*:*:*:*:*:*:*\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:2.3:a:canonical:ubuntu_linux:linux-modules-5.13.0-1020-raspi-nolpae:*:*:*:*:*:*:*\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:2.3:a:canonical:ubuntu_linux:linux-cloud-tools-virtual:*:*:*:*:*:*:*\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:2.3:a:canonical:ubuntu_linux:linux-generic-64k:*:*:*:*:*:*:*\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:2.3:a:canonical:ubuntu_linux:linux-modules-5.13.0-1021-oracle:*:*:*:*:*:*:*\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:2.3:a:canonical:ubuntu_linux:linux-headers-lowlatency:*:*:*:*:*:*:*\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:2.3:a:canonical:ubuntu_linux:linux-modules-extra-aws:*:*:*:*:*:*:*\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:2.3:a:canonical:ubuntu_linux:linux-oem-20.04:*:*:*:*:*:*:*\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:2.3:a:canonical:ubuntu_linux:linux-azure-headers-5.13.0-1017:*:*:*:*:*:*:*\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:2.3:a:canonical:ubuntu_linux:linux-kvm:*:*:*:*:*:*:*\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:2.3:a:canonical:ubuntu_linux:linux-modules-extra-azure:*:*:*:*:*:*:*\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:2.3:a:canonical:ubuntu_linux:linux-hwe-5.13-cloud-tools-common:*:*:*:*:*:*:*\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:2.3:a:canonical:ubuntu_linux:linux-modules-5.13.0-1019-gcp:*:*:*:*:*:*:*\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:2.3:a:canonical:ubuntu_linux:linux-aws-headers-5.13.0-1017:*:*:*:*:*:*:*\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:2.3:a:canonical:ubuntu_linux:linux-azure-tools-5.13.0-1017:*:*:*:*:*:*:*\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:2.3:a:canonical:ubuntu_linux:linux-buildinfo-5.13.0-35-lowlatency:*:*:*:*:*:*:*\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:2.3:a:canonical:ubuntu_linux:linux-headers-5.13.0-1021-oracle:*:*:*:*:*:*:*\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:2.3:a:canonical:ubuntu_linux:linux-gcp:*:*:*:*:*:*:*\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:2.3:a:canonical:ubuntu_linux:linux-tools-lowlatency-hwe-20.04-edge:*:*:*:*:*:*:*\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:2.3:a:canonical:ubuntu_linux:linux-oem-20.04c:*:*:*:*:*:*:*\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:2.3:a:canonical:ubuntu_linux:linux-headers-generic-hwe-20.04-edge:*:*:*:*:*:*:*\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:2.3:a:canonical:ubuntu_linux:linux-headers-generic-hwe-20.04:*:*:*:*:*:*:*\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:2.3:a:canonical:ubuntu_linux:linux-lowlatency-hwe-20.04:*:*:*:*:*:*:*\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:2.3:a:canonical:ubuntu_linux:linux-image-unsigned-5.13.0-1016-kvm:*:*:*:*:*:*:*\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:2.3:a:canonical:ubuntu_linux:linux-image-generic-64k-hwe-20.04:*:*:*:*:*:*:*\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:2.3:a:canonical:ubuntu_linux:linux-tools-kvm:*:*:*:*:*:*:*\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:2.3:a:canonical:ubuntu_linux:linux-buildinfo-5.13.0-35-generic-64k:*:*:*:*:*:*:*\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:2.3:a:canonical:ubuntu_linux:linux-tools-aws-edge:*:*:*:*:*:*:*\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:2.3:a:canonical:ubuntu_linux:linux-image-5.13.0-1021-oracle:*:*:*:*:*:*:*\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:2.3:a:canonical:ubuntu_linux:linux-buildinfo-5.13.0-35-generic-lpae:*:*:*:*:*:*:*\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:2.3:a:canonical:ubuntu_linux:linux-headers-5.13.0-35-generic-64k:*:*:*:*:*:*:*\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:2.3:a:canonical:ubuntu_linux:linux-cloud-tools-virtual-hwe-20.04-edge:*:*:*:*:*:*:*\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:2.3:a:canonical:ubuntu_linux:linux-headers-raspi-nolpae:*:*:*:*:*:*:*\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:2.3:a:canonical:ubuntu_linux:linux-azure-5.13-tools-5.13.0-1017:*:*:*:*:*:*:*\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:2.3:a:canonical:ubuntu_linux:linux-hwe-5.13-tools-5.13.0-35:*:*:*:*:*:*:*\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:2.3:a:canonical:ubuntu_linux:linux-tools-5.13.0-35-generic:*:*:*:*:*:*:*\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:2.3:a:canonical:ubuntu_linux:linux-gcp-5.13-headers-5.13.0-1019:*:*:*:*:*:*:*\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:2.3:a:canonical:ubuntu_linux:linux-oracle-headers-5.13.0-1021:*:*:*:*:*:*:*\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:2.3:a:canonical:ubuntu_linux:linux-virtual-hwe-20.04:*:*:*:*:*:*:*\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:2.3:a:canonical:ubuntu_linux:linux-image-oem-20.04d:*:*:*:*:*:*:*\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:2.3:a:canonical:ubuntu_linux:linux-aws-5.13-headers-5.13.0-1017:*:*:*:*:*:*:*\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:2.3:a:canonical:ubuntu_linux:linux-generic-lpae:*:*:*:*:*:*:*\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:2.3:a:canonical:ubuntu_linux:linux-modules-5.13.0-35-generic-lpae:*:*:*:*:*:*:*\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:2.3:a:canonical:ubuntu_linux:linux-modules-extra-5.13.0-1020-raspi:*:*:*:*:*:*:*\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:2.3:a:canonical:ubuntu_linux:linux-image-generic-64k-hwe-20.04-edge:*:*:*:*:*:*:*\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:2.3:a:canonical:ubuntu_linux:linux-aws-5.13-cloud-tools-5.13.0-1017:*:*:*:*:*:*:*\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:2.3:a:canonical:ubuntu_linux:linux-modules-extra-raspi:*:*:*:*:*:*:*\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:2.3:a:canonical:ubuntu_linux:linux-headers-5.13.0-35-generic-lpae:*:*:*:*:*:*:*\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:2.3:a:canonical:ubuntu_linux:linux-modules-5.13.0-35-lowlatency:*:*:*:*:*:*:*\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:2.3:a:canonical:ubuntu_linux:linux-image-5.13.0-35-generic:*:*:*:*:*:*:*\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:2.3:a:canonical:ubuntu_linux:linux-modules-5.13.0-1020-raspi:*:*:*:*:*:*:*\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:2.3:a:canonical:ubuntu_linux:linux-modules-extra-5.13.0-1021-oracle:*:*:*:*:*:*:*\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:2.3:a:canonical:ubuntu_linux:linux-oracle-5.13-tools-5.13.0-1021:*:*:*:*:*:*:*\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:2.3:a:canonical:ubuntu_linux:linux-headers-5.13.0-35:*:*:*:*:*:*:*\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:2.3:a:canonical:ubuntu_linux:linux-hwe-5.13-headers-5.13.0-35:*:*:*:*:*:*:*\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:2.3:a:canonical:ubuntu_linux:linux-tools-generic-lpae-hwe-20.04:*:*:*:*:*:*:*\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:2.3:a:canonical:ubuntu_linux:linux-tools-5.13.0-35-generic-64k:*:*:*:*:*:*:*\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:2.3:a:canonical:ubuntu_linux:linux-tools-generic-hwe-20.04-edge:*:*:*:*:*:*:*\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:2.3:a:canonical:ubuntu_linux:linux-image-unsigned-5.13.0-1017-azure:*:*:*:*:*:*:*\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:2.3:a:canonical:ubuntu_linux:linux-image-gke:*:*:*:*:*:*:*\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:2.3:a:canonical:ubuntu_linux:linux-headers-generic-64k:*:*:*:*:*:*:*\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:2.3:a:canonical:ubuntu_linux:linux-headers-generic-64k-hwe-20.04:*:*:*:*:*:*:*\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:2.3:a:canonical:ubuntu_linux:linux-azure-cloud-tools-5.13.0-1017:*:*:*:*:*:*:*\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:2.3:a:canonical:ubuntu_linux:linux-image-unsigned-5.13.0-1021-oracle:*:*:*:*:*:*:*\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:2.3:a:canonical:ubuntu_linux:linux-image-generic-64k:*:*:*:*:*:*:*\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:2.3:a:canonical:ubuntu_linux:linux-tools-oracle-edge:*:*:*:*:*:*:*\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:2.3:a:canonical:ubuntu_linux:linux-tools-common:*:*:*:*:*:*:*\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:2.3:a:canonical:ubuntu_linux:linux-generic-lpae-hwe-20.04-edge:*:*:*:*:*:*:*\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:2.3:a:canonical:ubuntu_linux:linux-headers-virtual-hwe-20.04-edge:*:*:*:*:*:*:*\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:2.3:a:canonical:ubuntu_linux:linux-headers-5.13.0-35-generic:*:*:*:*:*:*:*\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:2.3:a:canonical:ubuntu_linux:linux-image-5.13.0-1016-kvm:*:*:*:*:*:*:*\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:2.3:o:canonical:ubuntu_linux:20.04:-:lts:*:*:*:*:*\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:2.3:a:canonical:ubuntu_linux:linux-image-oem-20.04:*:*:*:*:*:*:*\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:2.3:a:canonical:ubuntu_linux:linux-image-oem-20.04b:*:*:*:*:*:*:*\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:2.3:o:canonical:ubuntu_linux:21.10:*:*:*:*:*:*:*\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:2.3:a:canonical:ubuntu_linux:linux-azure-5.13-headers-5.13.0-1017:*:*:*:*:*:*:*\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:2.3:a:canonical:ubuntu_linux:linux-image-unsigned-5.13.0-1017-aws:*:*:*:*:*:*:*\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:2.3:a:canonical:ubuntu_linux:linux-image-lowlatency-hwe-20.04:*:*:*:*:*:*:*\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:2.3:a:canonical:ubuntu_linux:linux-tools-host:*:*:*:*:*:*:*\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:2.3:a:canonical:ubuntu_linux:linux-modules-extra-5.13.0-1017-aws:*:*:*:*:*:*:*\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:2.3:a:canonical:ubuntu_linux:linux-headers-generic-lpae:*:*:*:*:*:*:*\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:2.3:a:canonical:ubuntu_linux:linux-oracle:*:*:*:*:*:*:*\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:2.3:a:canonical:ubuntu_linux:linux-raspi:*:*:*:*:*:*:*\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:2.3:a:canonical:ubuntu_linux:linux-buildinfo-5.13.0-1020-raspi:*:*:*:*:*:*:*\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:2.3:a:canonical:ubuntu_linux:linux-headers-5.13.0-1016-kvm:*:*:*:*:*:*:*\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:2.3:a:canonical:ubuntu_linux:linux-headers-lowlatency-hwe-20.04:*:*:*:*:*:*:*\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:2.3:a:canonical:ubuntu_linux:linux-oem-20.04d:*:*:*:*:*:*:*\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:2.3:a:canonical:ubuntu_linux:linux-headers-gke:*:*:*:*:*:*:*\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:2.3:a:canonical:ubuntu_linux:linux-image-unsigned-5.13.0-1019-gcp:*:*:*:*:*:*:*\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:2.3:a:canonical:ubuntu_linux:linux-source:*:*:*:*:*:*:*\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:2.3:a:canonical:ubuntu_linux:linux-gke:*:*:*:*:*:*:*\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:2.3:a:canonical:ubuntu_linux:linux-headers-oem-20.04:*:*:*:*:*:*:*\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:2.3:a:canonical:ubuntu_linux:linux-modules-extra-raspi-nolpae:*:*:*:*:*:*:*\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:2.3:a:canonical:ubuntu_linux:linux-azure-edge:*:*:*:*:*:*:*\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:2.3:a:canonical:ubuntu_linux:linux-modules-5.13.0-1017-azure:*:*:*:*:*:*:*\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:2.3:a:canonical:ubuntu_linux:linux-oem-5.14-tools-5.14.0-1027:*:*:*:*:*:*:*\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:2.3:a:canonical:ubuntu_linux:linux-tools-gcp-edge:*:*:*:*:*:*:*\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:2.3:a:canonical:ubuntu_linux:linux-crashdump:*:*:*:*:*:*:*\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:2.3:a:canonical:ubuntu_linux:linux-modules-5.13.0-1016-kvm:*:*:*:*:*:*:*\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:2.3:a:canonical:ubuntu_linux:linux-tools-generic:*:*:*:*:*:*:*\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:2.3:a:canonical:ubuntu_linux:linux-tools-generic-64k:*:*:*:*:*:*:*\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:2.3:a:canonical:ubuntu_linux:linux-headers-oem-20.04d:*:*:*:*:*:*:*\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:2.3:a:canonical:ubuntu_linux:linux-image-unsigned-5.13.0-35-generic-64k:*:*:*:*:*:*:*\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:2.3:a:canonical:ubuntu_linux:linux-generic-hwe-20.04-edge:*:*:*:*:*:*:*\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:2.3:a:canonical:ubuntu_linux:linux-tools-raspi-nolpae:*:*:*:*:*:*:*\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:2.3:a:canonical:ubuntu_linux:linux-oem-5.14-tools-host:*:*:*:*:*:*:*\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:2.3:a:canonical:ubuntu_linux:linux-tools-5.13.0-1017-aws:*:*:*:*:*:*:*\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:2.3:a:canonical:ubuntu_linux:linux-tools-lowlatency:*:*:*:*:*:*:*\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:2.3:a:canonical:ubuntu_linux:linux-headers-aws:*:*:*:*:*:*:*\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:2.3:a:canonical:ubuntu_linux:linux-virtual:*:*:*:*:*:*:*\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:2.3:a:canonical:ubuntu_linux:linux-raspi-tools-5.13.0-1020:*:*:*:*:*:*:*\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:2.3:a:canonical:ubuntu_linux:linux-tools-5.13.0-1020-raspi:*:*:*:*:*:*:*\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:2.3:a:canonical:ubuntu_linux:linux-gcp-edge:*:*:*:*:*:*:*\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:2.3:a:canonical:ubuntu_linux:linux-image-5.13.0-1020-raspi:*:*:*:*:*:*:*\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:2.3:a:canonical:ubuntu_linux:linux-aws:*:*:*:*:*:*:*\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:2.3:a:canonical:ubuntu_linux:linux-cloud-tools-lowlatency-hwe-20.04-edge:*:*:*:*:*:*:*\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:2.3:a:canonical:ubuntu_linux:linux-modules-extra-gcp:*:*:*:*:*:*:*\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:2.3:a:canonical:ubuntu_linux:linux-oracle-5.13-headers-5.13.0-1021:*:*:*:*:*:*:*\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:2.3:a:canonical:ubuntu_linux:linux-tools-5.13.0-1020-raspi-nolpae:*:*:*:*:*:*:*\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:2.3:a:canonical:ubuntu_linux:linux-cloud-tools-virtual-hwe-20.04:*:*:*:*:*:*:*\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:2.3:a:canonical:ubuntu_linux:linux-tools-oem-20.04d:*:*:*:*:*:*:*\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:2.3:a:canonical:ubuntu_linux:linux-aws-tools-5.13.0-1017:*:*:*:*:*:*:*\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:2.3:a:canonical:ubuntu_linux:linux-image-gcp:*:*:*:*:*:*:*\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:2.3:a:canonical:ubuntu_linux:linux-headers-generic:*:*:*:*:*:*:*\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:2.3:a:canonical:ubuntu_linux:linux-image-virtual-hwe-20.04-edge:*:*:*:*:*:*:*\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:2.3:a:canonical:ubuntu_linux:linux-lowlatency-hwe-20.04-edge:*:*:*:*:*:*:*\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:2.3:a:canonical:ubuntu_linux:linux-modules-extra-gcp-edge:*:*:*:*:*:*:*\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:2.3:a:canonical:ubuntu_linux:linux-gcp-tools-5.13.0-1019:*:*:*:*:*:*:*\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:2.3:a:canonical:ubuntu_linux:linux-oem-5.14-headers-5.14.0-1027:*:*:*:*:*:*:*\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:2.3:a:canonical:ubuntu_linux:linux-headers-gcp-edge:*:*:*:*:*:*:*\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:2.3:a:canonical:ubuntu_linux:linux-tools-virtual-hwe-20.04:*:*:*:*:*:*:*\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:2.3:a:canonical:ubuntu_linux:linux-tools-oracle:*:*:*:*:*:*:*\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:2.3:a:canonical:ubuntu_linux:linux-source-5.13.0:*:*:*:*:*:*:*\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:2.3:a:canonical:ubuntu_linux:linux-modules-extra-5.13.0-35-generic:*:*:*:*:*:*:*\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:2.3:a:canonical:ubuntu_linux:linux-tools-5.13.0-35-generic-lpae:*:*:*:*:*:*:*\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:2.3:a:canonical:ubuntu_linux:linux-image-azure:*:*:*:*:*:*:*\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:2.3:a:canonical:ubuntu_linux:linux-tools-azure-edge:*:*:*:*:*:*:*\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:2.3:a:canonical:ubuntu_linux:linux-headers-5.13.0-1020-raspi-nolpae:*:*:*:*:*:*:*\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:2.3:a:canonical:ubuntu_linux:linux-headers-virtual:*:*:*:*:*:*:*\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:2.3:a:canonical:ubuntu_linux:linux-image-lowlatency-hwe-20.04-edge:*:*:*:*:*:*:*\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:2.3:a:canonical:ubuntu_linux:linux-raspi-nolpae:*:*:*:*:*:*:*\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:2.3:a:canonical:ubuntu_linux:linux-generic-64k-hwe-20.04-edge:*:*:*:*:*:*:*\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:2.3:a:canonical:ubuntu_linux:linux-headers-azure-edge:*:*:*:*:*:*:*\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:2.3:a:canonical:ubuntu_linux:linux-generic:*:*:*:*:*:*:*\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:2.3:a:canonical:ubuntu_linux:linux-hwe-5.13-tools-common:*:*:*:*:*:*:*\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:2.3:a:canonical:ubuntu_linux:linux-image-generic-hwe-20.04-edge:*:*:*:*:*:*:*\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:2.3:a:canonical:ubuntu_linux:linux-headers-azure:*:*:*:*:*:*:*\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:2.3:a:canonical:ubuntu_linux:linux-tools-generic-64k-hwe-20.04:*:*:*:*:*:*:*\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:2.3:a:canonical:ubuntu_linux:linux-tools-5.13.0-1019-gcp:*:*:*:*:*:*:*\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:2.3:a:canonical:ubuntu_linux:linux-buildinfo-5.14.0-1027-oem:*:*:*:*:*:*:*\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:2.3:a:canonical:ubuntu_linux:linux-headers-raspi:*:*:*:*:*:*:*\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:2.3:a:canonical:ubuntu_linux:linux-aws-5.13-tools-5.13.0-1017:*:*:*:*:*:*:*\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:2.3:a:canonical:ubuntu_linux:linux-image-oracle-edge:*:*:*:*:*:*:*\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:2.3:a:canonical:ubuntu_linux:linux-image-gcp-edge:*:*:*:*:*:*:*\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:2.3:a:canonical:ubuntu_linux:linux-image-5.13.0-1017-azure:*:*:*:*:*:*:*\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:2.3:a:canonical:ubuntu_linux:linux-generic-hwe-20.04:*:*:*:*:*:*:*\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:2.3:a:canonical:ubuntu_linux:linux-tools-oem-20.04b:*:*:*:*:*:*:*\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:2.3:a:canonical:ubuntu_linux:linux-kvm-tools-5.13.0-1016:*:*:*:*:*:*:*\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:2.3:a:canonical:ubuntu_linux:linux-tools-oem-20.04c:*:*:*:*:*:*:*\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:2.3:a:canonical:ubuntu_linux:linux-aws-edge:*:*:*:*:*:*:*\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:2.3:a:canonical:ubuntu_linux:linux-headers-oem-20.04b:*:*:*:*:*:*:*\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:2.3:a:canonical:ubuntu_linux:linux-tools-raspi:*:*:*:*:*:*:*\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:2.3:a:canonical:ubuntu_linux:linux-buildinfo-5.13.0-1017-aws:*:*:*:*:*:*:*\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:2.3:a:canonical:ubuntu_linux:linux-headers-aws-edge:*:*:*:*:*:*:*\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:2.3:a:canonical:ubuntu_linux:linux-modules-5.13.0-35-generic-64k:*:*:*:*:*:*:*\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:2.3:a:canonical:ubuntu_linux:linux-oracle-tools-5.13.0-1021:*:*:*:*:*:*:*\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:2.3:a:canonical:ubuntu_linux:linux-image-oem-20.04c:*:*:*:*:*:*:*\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:2.3:a:canonical:ubuntu_linux:linux-image-5.14.0-1027-oem:*:*:*:*:*:*:*\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:2.3:a:canonical:ubuntu_linux:linux-image-generic:*:*:*:*:*:*:*\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:2.3:a:canonical:ubuntu_linux:linux-headers-gcp:*:*:*:*:*:*:*\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:2.3:a:canonical:ubuntu_linux:linux-cloud-tools-lowlatency:*:*:*:*:*:*:*\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:2.3:a:canonical:ubuntu_linux:linux-modules-extra-gke:*:*:*:*:*:*:*\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:2.3:a:canonical:ubuntu_linux:linux-hwe-5.13-tools-host:*:*:*:*:*:*:*\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:2.3:a:canonical:ubuntu_linux:linux-image-unsigned-5.13.0-35-lowlatency:*:*:*:*:*:*:*\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:2.3:a:canonical:ubuntu_linux:linux-headers-oracle:*:*:*:*:*:*:*\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:2.3:a:canonical:ubuntu_linux:linux-headers-oem-20.04c:*:*:*:*:*:*:*\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:2.3:a:canonical:ubuntu_linux:linux-cloud-tools-azure-edge:*:*:*:*:*:*:*\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:2.3:a:canonical:ubuntu_linux:linux-modules-extra-azure-edge:*:*:*:*:*:*:*\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:2.3:a:canonical:ubuntu_linux:linux-image-unsigned-5.13.0-35-generic:*:*:*:*:*:*:*\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:2.3:a:canonical:ubuntu_linux:linux-image-lowlatency:*:*:*:*:*:*:*\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:2.3:a:canonical:ubuntu_linux:linux-image-generic-lpae-hwe-20.04:*:*:*:*:*:*:*\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:2.3:a:canonical:ubuntu_linux:linux-modules-extra-aws-edge:*:*:*:*:*:*:*\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:2.3:a:canonical:ubuntu_linux:linux-tools-gcp:*:*:*:*:*:*:*\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:2.3:a:canonical:ubuntu_linux:linux-buildinfo-5.13.0-35-generic:*:*:*:*:*:*:*\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:2.3:a:canonical:ubuntu_linux:linux-azure-5.13-cloud-tools-5.13.0-1017:*:*:*:*:*:*:*\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:2.3:a:canonical:ubuntu_linux:linux-modules-5.13.0-1017-aws:*:*:*:*:*:*:*\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:2.3:a:canonical:ubuntu_linux:linux-hwe-5.13-cloud-tools-5.13.0-35:*:*:*:*:*:*:*\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:2.3:a:canonical:ubuntu_linux:linux-tools-azure:*:*:*:*:*:*:*\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:2.3:a:canonical:ubuntu_linux:linux-buildinfo-5.13.0-1020-raspi-nolpae:*:*:*:*:*:*:*\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:2.3:a:canonical:ubuntu_linux:linux-buildinfo-5.13.0-1021-oracle:*:*:*:*:*:*:*\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:2.3:a:canonical:ubuntu_linux:linux-gcp-5.13-tools-5.13.0-1019:*:*:*:*:*:*:*\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:2.3:a:canonical:ubuntu_linux:linux-image-aws:*:*:*:*:*:*:*\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:2.3:a:canonical:ubuntu_linux:linux-kvm-headers-5.13.0-1016:*:*:*:*:*:*:*\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:2.3:a:canonical:ubuntu_linux:linux-headers-5.13.0-1017-azure:*:*:*:*:*:*:*\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:2.3:a:canonical:ubuntu_linux:linux-image-5.13.0-1017-aws:*:*:*:*:*:*:*\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:2.3:a:canonical:ubuntu_linux:linux-lowlatency:*:*:*:*:*:*:*\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:2.3:a:canonical:ubuntu_linux:linux-cloud-tools-5.13.0-1017-aws:*:*:*:*:*:*:*\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:2.3:a:canonical:ubuntu_linux:linux-cloud-tools-azure:*:*:*:*:*:*:*\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:2.3:a:canonical:ubuntu_linux:linux-headers-generic-lpae-hwe-20.04:*:*:*:*:*:*:*\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:2.3:a:canonical:ubuntu_linux:linux-image-5.13.0-1019-gcp:*:*:*:*:*:*:*\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:2.3:a:canonical:ubuntu_linux:linux-image-5.13.0-1020-raspi-nolpae:*:*:*:*:*:*:*\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:2.3:a:canonical:ubuntu_linux:linux-cloud-tools-generic-hwe-20.04:*:*:*:*:*:*:*\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:2.3:a:canonical:ubuntu_linux:linux-modules-extra-5.13.0-1019-gcp:*:*:*:*:*:*:*\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:2.3:a:canonical:ubuntu_linux:linux-tools-5.13.0-1021-oracle:*:*:*:*:*:*:*\");\n script_set_attribute(attribute:\"thorough_tests\", value:\"false\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_copyright(english:\"Ubuntu Security Notice (C) 2022 Canonical, Inc. / NASL script (C) 2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"linux_alt_patch_detect.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\ninclude('audit.inc');\ninclude('ubuntu.inc');\ninclude('ksplice.inc');\n\nif ( ! get_kb_item('Host/local_checks_enabled') ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar release = get_kb_item('Host/Ubuntu/release');\nif ( isnull(release) ) audit(AUDIT_OS_NOT, 'Ubuntu');\nvar release = chomp(release);\nif (! preg(pattern:\"^(20\\.04|21\\.10)$\", string:release)) audit(AUDIT_OS_NOT, 'Ubuntu 20.04 / 21.10', 'Ubuntu ' + release);\nif ( ! get_kb_item('Host/Debian/dpkg-l') ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Ubuntu', cpu);\n\nif (get_one_kb_item('Host/ksplice/kernel-cves'))\n{\n rm_kb_item(name:'Host/uptrack-uname-r');\n var cve_list = make_list('CVE-2022-0001', 'CVE-2022-0002', 'CVE-2022-0847', 'CVE-2022-23960', 'CVE-2022-25636');\n if (ksplice_cves_check(cve_list))\n {\n audit(AUDIT_PATCH_INSTALLED, 'KSplice hotfix for USN-5317-1');\n }\n else\n {\n _ubuntu_report = ksplice_reporting_text();\n }\n}\n\nvar pkgs = [\n {'osver': '20.04', 'pkgname': 'linux-aws', 'pkgver': '5.13.0.1017.19~20.04.10'},\n {'osver': '20.04', 'pkgname': 'linux-aws-5.13-cloud-tools-5.13.0-1017', 'pkgver': '5.13.0-1017.19~20.04.1'},\n {'osver': '20.04', 'pkgname': 'linux-aws-5.13-headers-5.13.0-1017', 'pkgver': '5.13.0-1017.19~20.04.1'},\n {'osver': '20.04', 'pkgname': 'linux-aws-5.13-tools-5.13.0-1017', 'pkgver': '5.13.0-1017.19~20.04.1'},\n {'osver': '20.04', 'pkgname': 'linux-aws-edge', 'pkgver': '5.13.0.1017.19~20.04.10'},\n {'osver': '20.04', 'pkgname': 'linux-azure', 'pkgver': '5.13.0.1017.19~20.04.7'},\n {'osver': '20.04', 'pkgname': 'linux-azure-5.13-cloud-tools-5.13.0-1017', 'pkgver': '5.13.0-1017.19~20.04.1'},\n {'osver': '20.04', 'pkgname': 'linux-azure-5.13-headers-5.13.0-1017', 'pkgver': '5.13.0-1017.19~20.04.1'},\n {'osver': '20.04', 'pkgname': 'linux-azure-5.13-tools-5.13.0-1017', 'pkgver': '5.13.0-1017.19~20.04.1'},\n {'osver': '20.04', 'pkgname': 'linux-azure-edge', 'pkgver': '5.13.0.1017.19~20.04.7'},\n {'osver': '20.04', 'pkgname': 'linux-buildinfo-5.13.0-1017-aws', 'pkgver': '5.13.0-1017.19~20.04.1'},\n {'osver': '20.04', 'pkgname': 'linux-buildinfo-5.13.0-1017-azure', 'pkgver': '5.13.0-1017.19~20.04.1'},\n {'osver': '20.04', 'pkgname': 'linux-buildinfo-5.13.0-1019-gcp', 'pkgver': '5.13.0-1019.23~20.04.1'},\n {'osver': '20.04', 'pkgname': 'linux-buildinfo-5.13.0-1021-oracle', 'pkgver': '5.13.0-1021.26~20.04.1'},\n {'osver': '20.04', 'pkgname': 'linux-buildinfo-5.13.0-35-generic', 'pkgver': '5.13.0-35.40~20.04.1'},\n {'osver': '20.04', 'pkgname': 'linux-buildinfo-5.13.0-35-generic-64k', 'pkgver': '5.13.0-35.40~20.04.1'},\n {'osver': '20.04', 'pkgname': 'linux-buildinfo-5.13.0-35-generic-lpae', 'pkgver': '5.13.0-35.40~20.04.1'},\n {'osver': '20.04', 'pkgname': 'linux-buildinfo-5.13.0-35-lowlatency', 'pkgver': '5.13.0-35.40~20.04.1'},\n {'osver': '20.04', 'pkgname': 'linux-buildinfo-5.14.0-1027-oem', 'pkgver': '5.14.0-1027.30'},\n {'osver': '20.04', 'pkgname': 'linux-cloud-tools-5.13.0-1017-aws', 'pkgver': '5.13.0-1017.19~20.04.1'},\n {'osver': '20.04', 'pkgname': 'linux-cloud-tools-5.13.0-1017-azure', 'pkgver': '5.13.0-1017.19~20.04.1'},\n {'osver': '20.04', 'pkgname': 'linux-cloud-tools-5.13.0-35-generic', 'pkgver': '5.13.0-35.40~20.04.1'},\n {'osver': '20.04', 'pkgname': 'linux-cloud-tools-5.13.0-35-lowlatency', 'pkgver': '5.13.0-35.40~20.04.1'},\n {'osver': '20.04', 'pkgname': 'linux-cloud-tools-azure', 'pkgver': '5.13.0.1017.19~20.04.7'},\n {'osver': '20.04', 'pkgname': 'linux-cloud-tools-azure-edge', 'pkgver': '5.13.0.1017.19~20.04.7'},\n {'osver': '20.04', 'pkgname': 'linux-cloud-tools-generic-hwe-20.04', 'pkgver': '5.13.0.35.40~20.04.20'},\n {'osver': '20.04', 'pkgname': 'linux-cloud-tools-lowlatency-hwe-20.04', 'pkgver': '5.13.0.35.40~20.04.20'},\n {'osver': '20.04', 'pkgname': 'linux-cloud-tools-virtual-hwe-20.04', 'pkgver': '5.13.0.35.40~20.04.20'},\n {'osver': '20.04', 'pkgname': 'linux-gcp', 'pkgver': '5.13.0.1019.23~20.04.1'},\n {'osver': '20.04', 'pkgname': 'linux-gcp-5.13-headers-5.13.0-1019', 'pkgver': '5.13.0-1019.23~20.04.1'},\n {'osver': '20.04', 'pkgname': 'linux-gcp-5.13-tools-5.13.0-1019', 'pkgver': '5.13.0-1019.23~20.04.1'},\n {'osver': '20.04', 'pkgname': 'linux-gcp-edge', 'pkgver': '5.13.0.1019.23~20.04.1'},\n {'osver': '20.04', 'pkgname': 'linux-generic-64k-hwe-20.04', 'pkgver': '5.13.0.35.40~20.04.20'},\n {'osver': '20.04', 'pkgname': 'linux-generic-hwe-20.04', 'pkgver': '5.13.0.35.40~20.04.20'},\n {'osver': '20.04', 'pkgname': 'linux-generic-lpae-hwe-20.04', 'pkgver': '5.13.0.35.40~20.04.20'},\n {'osver': '20.04', 'pkgname': 'linux-headers-5.13.0-1017-aws', 'pkgver': '5.13.0-1017.19~20.04.1'},\n {'osver': '20.04', 'pkgname': 'linux-headers-5.13.0-1017-azure', 'pkgver': '5.13.0-1017.19~20.04.1'},\n {'osver': '20.04', 'pkgname': 'linux-headers-5.13.0-1019-gcp', 'pkgver': '5.13.0-1019.23~20.04.1'},\n {'osver': '20.04', 'pkgname': 'linux-headers-5.13.0-1021-oracle', 'pkgver': '5.13.0-1021.26~20.04.1'},\n {'osver': '20.04', 'pkgname': 'linux-headers-5.13.0-35-generic', 'pkgver': '5.13.0-35.40~20.04.1'},\n {'osver': '20.04', 'pkgname': 'linux-headers-5.13.0-35-generic-64k', 'pkgver': '5.13.0-35.40~20.04.1'},\n {'osver': '20.04', 'pkgname': 'linux-headers-5.13.0-35-generic-lpae', 'pkgver': '5.13.0-35.40~20.04.1'},\n {'osver': '20.04', 'pkgname': 'linux-headers-5.13.0-35-lowlatency', 'pkgver': '5.13.0-35.40~20.04.1'},\n {'osver': '20.04', 'pkgname': 'linux-headers-5.14.0-1027-oem', 'pkgver': '5.14.0-1027.30'},\n {'osver': '20.04', 'pkgname': 'linux-headers-aws', 'pkgver': '5.13.0.1017.19~20.04.10'},\n {'osver': '20.04', 'pkgname': 'linux-headers-aws-edge', 'pkgver': '5.13.0.1017.19~20.04.10'},\n {'osver': '20.04', 'pkgname': 'linux-headers-azure', 'pkgver': '5.13.0.1017.19~20.04.7'},\n {'osver': '20.04', 'pkgname': 'linux-headers-azure-edge', 'pkgver': '5.13.0.1017.19~20.04.7'},\n {'osver': '20.04', 'pkgname': 'linux-headers-gcp', 'pkgver': '5.13.0.1019.23~20.04.1'},\n {'osver': '20.04', 'pkgname': 'linux-headers-gcp-edge', 'pkgver': '5.13.0.1019.23~20.04.1'},\n {'osver': '20.04', 'pkgname': 'linux-headers-generic-64k-hwe-20.04', 'pkgver': '5.13.0.35.40~20.04.20'},\n {'osver': '20.04', 'pkgname': 'linux-headers-generic-hwe-20.04', 'pkgver': '5.13.0.35.40~20.04.20'},\n {'osver': '20.04', 'pkgname': 'linux-headers-generic-lpae-hwe-20.04', 'pkgver': '5.13.0.35.40~20.04.20'},\n {'osver': '20.04', 'pkgname': 'linux-headers-lowlatency-hwe-20.04', 'pkgver': '5.13.0.35.40~20.04.20'},\n {'osver': '20.04', 'pkgname': 'linux-headers-oem-20.04', 'pkgver': '5.14.0.1027.24'},\n {'osver': '20.04', 'pkgname': 'linux-headers-oem-20.04b', 'pkgver': '5.14.0.1027.24'},\n {'osver': '20.04', 'pkgname': 'linux-headers-oem-20.04c', 'pkgver': '5.14.0.1027.24'},\n {'osver': '20.04', 'pkgname': 'linux-headers-oem-20.04d', 'pkgver': '5.14.0.1027.24'},\n {'osver': '20.04', 'pkgname': 'linux-headers-oracle', 'pkgver': '5.13.0.1021.26~20.04.1'},\n {'osver': '20.04', 'pkgname': 'linux-headers-oracle-edge', 'pkgver': '5.13.0.1021.26~20.04.1'},\n {'osver': '20.04', 'pkgname': 'linux-headers-virtual-hwe-20.04', 'pkgver': '5.13.0.35.40~20.04.20'},\n {'osver': '20.04', 'pkgname': 'linux-hwe-5.13-cloud-tools-5.13.0-35', 'pkgver': '5.13.0-35.40~20.04.1'},\n {'osver': '20.04', 'pkgname': 'linux-hwe-5.13-cloud-tools-common', 'pkgver': '5.13.0-35.40~20.04.1'},\n {'osver': '20.04', 'pkgname': 'linux-hwe-5.13-headers-5.13.0-35', 'pkgver': '5.13.0-35.40~20.04.1'},\n {'osver': '20.04', 'pkgname': 'linux-hwe-5.13-source-5.13.0', 'pkgver': '5.13.0-35.40~20.04.1'},\n {'osver': '20.04', 'pkgname': 'linux-hwe-5.13-tools-5.13.0-35', 'pkgver': '5.13.0-35.40~20.04.1'},\n {'osver': '20.04', 'pkgname': 'linux-hwe-5.13-tools-common', 'pkgver': '5.13.0-35.40~20.04.1'},\n {'osver': '20.04', 'pkgname': 'linux-hwe-5.13-tools-host', 'pkgver': '5.13.0-35.40~20.04.1'},\n {'osver': '20.04', 'pkgname': 'linux-image-5.13.0-1017-aws', 'pkgver': '5.13.0-1017.19~20.04.1'},\n {'osver': '20.04', 'pkgname': 'linux-image-5.13.0-1017-azure', 'pkgver': '5.13.0-1017.19~20.04.1'},\n {'osver': '20.04', 'pkgname': 'linux-image-5.13.0-1019-gcp', 'pkgver': '5.13.0-1019.23~20.04.1'},\n {'osver': '20.04', 'pkgname': 'linux-image-5.13.0-1021-oracle', 'pkgver': '5.13.0-1021.26~20.04.1'},\n {'osver': '20.04', 'pkgname': 'linux-image-5.13.0-35-generic', 'pkgver': '5.13.0-35.40~20.04.1'},\n {'osver': '20.04', 'pkgname': 'linux-image-5.13.0-35-generic-64k', 'pkgver': '5.13.0-35.40~20.04.1'},\n {'osver': '20.04', 'pkgname': 'linux-image-5.13.0-35-generic-lpae', 'pkgver': '5.13.0-35.40~20.04.1'},\n {'osver': '20.04', 'pkgname': 'linux-image-5.13.0-35-lowlatency', 'pkgver': '5.13.0-35.40~20.04.1'},\n {'osver': '20.04', 'pkgname': 'linux-image-5.14.0-1027-oem', 'pkgver': '5.14.0-1027.30'},\n {'osver': '20.04', 'pkgname': 'linux-image-aws', 'pkgver': '5.13.0.1017.19~20.04.10'},\n {'osver': '20.04', 'pkgname': 'linux-image-aws-edge', 'pkgver': '5.13.0.1017.19~20.04.10'},\n {'osver': '20.04', 'pkgname': 'linux-image-azure', 'pkgver': '5.13.0.1017.19~20.04.7'},\n {'osver': '20.04', 'pkgname': 'linux-image-azure-edge', 'pkgver': '5.13.0.1017.19~20.04.7'},\n {'osver': '20.04', 'pkgname': 'linux-image-extra-virtual-hwe-20.04', 'pkgver': '5.13.0.35.40~20.04.20'},\n {'osver': '20.04', 'pkgname': 'linux-image-gcp', 'pkgver': '5.13.0.1019.23~20.04.1'},\n {'osver': '20.04', 'pkgname': 'linux-image-gcp-edge', 'pkgver': '5.13.0.1019.23~20.04.1'},\n {'osver': '20.04', 'pkgname': 'linux-image-generic-64k-hwe-20.04', 'pkgver': '5.13.0.35.40~20.04.20'},\n {'osver': '20.04', 'pkgname': 'linux-image-generic-hwe-20.04', 'pkgver': '5.13.0.35.40~20.04.20'},\n {'osver': '20.04', 'pkgname': 'linux-image-generic-lpae-hwe-20.04', 'pkgver': '5.13.0.35.40~20.04.20'},\n {'osver': '20.04', 'pkgname': 'linux-image-lowlatency-hwe-20.04', 'pkgver': '5.13.0.35.40~20.04.20'},\n {'osver': '20.04', 'pkgname': 'linux-image-oem-20.04', 'pkgver': '5.14.0.1027.24'},\n {'osver': '20.04', 'pkgname': 'linux-image-oem-20.04b', 'pkgver': '5.14.0.1027.24'},\n {'osver': '20.04', 'pkgname': 'linux-image-oem-20.04c', 'pkgver': '5.14.0.1027.24'},\n {'osver': '20.04', 'pkgname': 'linux-image-oem-20.04d', 'pkgver': '5.14.0.1027.24'},\n {'osver': '20.04', 'pkgname': 'linux-image-oracle', 'pkgver': '5.13.0.1021.26~20.04.1'},\n {'osver': '20.04', 'pkgname': 'linux-image-oracle-edge', 'pkgver': '5.13.0.1021.26~20.04.1'},\n {'osver': '20.04', 'pkgname': 'linux-image-unsigned-5.13.0-1017-aws', 'pkgver': '5.13.0-1017.19~20.04.1'},\n {'osver': '20.04', 'pkgname': 'linux-image-unsigned-5.13.0-1017-azure', 'pkgver': '5.13.0-1017.19~20.04.1'},\n {'osver': '20.04', 'pkgname': 'linux-image-unsigned-5.13.0-1019-gcp', 'pkgver': '5.13.0-1019.23~20.04.1'},\n {'osver': '20.04', 'pkgname': 'linux-image-unsigned-5.13.0-1021-oracle', 'pkgver': '5.13.0-1021.26~20.04.1'},\n {'osver': '20.04', 'pkgname': 'linux-image-unsigned-5.13.0-35-generic', 'pkgver': '5.13.0-35.40~20.04.1'},\n {'osver': '20.04', 'pkgname': 'linux-image-unsigned-5.13.0-35-generic-64k', 'pkgver': '5.13.0-35.40~20.04.1'},\n {'osver': '20.04', 'pkgname': 'linux-image-unsigned-5.13.0-35-lowlatency', 'pkgver': '5.13.0-35.40~20.04.1'},\n {'osver': '20.04', 'pkgname': 'linux-image-unsigned-5.14.0-1027-oem', 'pkgver': '5.14.0-1027.30'},\n {'osver': '20.04', 'pkgname': 'linux-image-virtual-hwe-20.04', 'pkgver': '5.13.0.35.40~20.04.20'},\n {'osver': '20.04', 'pkgname': 'linux-lowlatency-hwe-20.04', 'pkgver': '5.13.0.35.40~20.04.20'},\n {'osver': '20.04', 'pkgname': 'linux-modules-5.13.0-1017-aws', 'pkgver': '5.13.0-1017.19~20.04.1'},\n {'osver': '20.04', 'pkgname': 'linux-modules-5.13.0-1017-azure', 'pkgver': '5.13.0-1017.19~20.04.1'},\n {'osver': '20.04', 'pkgname': 'linux-modules-5.13.0-1019-gcp', 'pkgver': '5.13.0-1019.23~20.04.1'},\n {'osver': '20.04', 'pkgname': 'linux-modules-5.13.0-1021-oracle', 'pkgver': '5.13.0-1021.26~20.04.1'},\n {'osver': '20.04', 'pkgname': 'linux-modules-5.13.0-35-generic', 'pkgver': '5.13.0-35.40~20.04.1'},\n {'osver': '20.04', 'pkgname': 'linux-modules-5.13.0-35-generic-64k', 'pkgver': '5.13.0-35.40~20.04.1'},\n {'osver': '20.04', 'pkgname': 'linux-modules-5.13.0-35-generic-lpae', 'pkgver': '5.13.0-35.40~20.04.1'},\n {'osver': '20.04', 'pkgname': 'linux-modules-5.13.0-35-lowlatency', 'pkgver': '5.13.0-35.40~20.04.1'},\n {'osver': '20.04', 'pkgname': 'linux-modules-5.14.0-1027-oem', 'pkgver': '5.14.0-1027.30'},\n {'osver': '20.04', 'pkgname': 'linux-modules-extra-5.13.0-1017-aws', 'pkgver': '5.13.0-1017.19~20.04.1'},\n {'osver': '20.04', 'pkgname': 'linux-modules-extra-5.13.0-1017-azure', 'pkgver': '5.13.0-1017.19~20.04.1'},\n {'osver': '20.04', 'pkgname': 'linux-modules-extra-5.13.0-1019-gcp', 'pkgver': '5.13.0-1019.23~20.04.1'},\n {'osver': '20.04', 'pkgname': 'linux-modules-extra-5.13.0-1021-oracle', 'pkgver': '5.13.0-1021.26~20.04.1'},\n {'osver': '20.04', 'pkgname': 'linux-modules-extra-5.13.0-35-generic', 'pkgver': '5.13.0-35.40~20.04.1'},\n {'osver': '20.04', 'pkgname': 'linux-modules-extra-aws', 'pkgver': '5.13.0.1017.19~20.04.10'},\n {'osver': '20.04', 'pkgname': 'linux-modules-extra-aws-edge', 'pkgver': '5.13.0.1017.19~20.04.10'},\n {'osver': '20.04', 'pkgname': 'linux-modules-extra-azure', 'pkgver': '5.13.0.1017.19~20.04.7'},\n {'osver': '20.04', 'pkgname': 'linux-modules-extra-azure-edge', 'pkgver': '5.13.0.1017.19~20.04.7'},\n {'osver': '20.04', 'pkgname': 'linux-modules-extra-gcp', 'pkgver': '5.13.0.1019.23~20.04.1'},\n {'osver': '20.04', 'pkgname': 'linux-modules-extra-gcp-edge', 'pkgver': '5.13.0.1019.23~20.04.1'},\n {'osver': '20.04', 'pkgname': 'linux-oem-20.04', 'pkgver': '5.14.0.1027.24'},\n {'osver': '20.04', 'pkgname': 'linux-oem-20.04b', 'pkgver': '5.14.0.1027.24'},\n {'osver': '20.04', 'pkgname': 'linux-oem-20.04c', 'pkgver': '5.14.0.1027.24'},\n {'osver': '20.04', 'pkgname': 'linux-oem-20.04d', 'pkgver': '5.14.0.1027.24'},\n {'osver': '20.04', 'pkgname': 'linux-oem-5.14-headers-5.14.0-1027', 'pkgver': '5.14.0-1027.30'},\n {'osver': '20.04', 'pkgname': 'linux-oem-5.14-tools-5.14.0-1027', 'pkgver': '5.14.0-1027.30'},\n {'osver': '20.04', 'pkgname': 'linux-oem-5.14-tools-host', 'pkgver': '5.14.0-1027.30'},\n {'osver': '20.04', 'pkgname': 'linux-oracle', 'pkgver': '5.13.0.1021.26~20.04.1'},\n {'osver': '20.04', 'pkgname': 'linux-oracle-5.13-headers-5.13.0-1021', 'pkgver': '5.13.0-1021.26~20.04.1'},\n {'osver': '20.04', 'pkgname': 'linux-oracle-5.13-tools-5.13.0-1021', 'pkgver': '5.13.0-1021.26~20.04.1'},\n {'osver': '20.04', 'pkgname': 'linux-oracle-edge', 'pkgver': '5.13.0.1021.26~20.04.1'},\n {'osver': '20.04', 'pkgname': 'linux-tools-5.13.0-1017-aws', 'pkgver': '5.13.0-1017.19~20.04.1'},\n {'osver': '20.04', 'pkgname': 'linux-tools-5.13.0-1017-azure', 'pkgver': '5.13.0-1017.19~20.04.1'},\n {'osver': '20.04', 'pkgname': 'linux-tools-5.13.0-1019-gcp', 'pkgver': '5.13.0-1019.23~20.04.1'},\n {'osver': '20.04', 'pkgname': 'linux-tools-5.13.0-1021-oracle', 'pkgver': '5.13.0-1021.26~20.04.1'},\n {'osver': '20.04', 'pkgname': 'linux-tools-5.13.0-35-generic', 'pkgver': '5.13.0-35.40~20.04.1'},\n {'osver': '20.04', 'pkgname': 'linux-tools-5.13.0-35-generic-64k', 'pkgver': '5.13.0-35.40~20.04.1'},\n {'osver': '20.04', 'pkgname': 'linux-tools-5.13.0-35-generic-lpae', 'pkgver': '5.13.0-35.40~20.04.1'},\n {'osver': '20.04', 'pkgname': 'linux-tools-5.13.0-35-lowlatency', 'pkgver': '5.13.0-35.40~20.04.1'},\n {'osver': '20.04', 'pkgname': 'linux-tools-5.14.0-1027-oem', 'pkgver': '5.14.0-1027.30'},\n {'osver': '20.04', 'pkgname': 'linux-tools-aws', 'pkgver': '5.13.0.1017.19~20.04.10'},\n {'osver': '20.04', 'pkgname': 'linux-tools-aws-edge', 'pkgver': '5.13.0.1017.19~20.04.10'},\n {'osver': '20.04', 'pkgname': 'linux-tools-azure', 'pkgver': '5.13.0.1017.19~20.04.7'},\n {'osver': '20.04', 'pkgname': 'linux-tools-azure-edge', 'pkgver': '5.13.0.1017.19~20.04.7'},\n {'osver': '20.04', 'pkgname': 'linux-tools-gcp', 'pkgver': '5.13.0.1019.23~20.04.1'},\n {'osver': '20.04', 'pkgname': 'linux-tools-gcp-edge', 'pkgver': '5.13.0.1019.23~20.04.1'},\n {'osver': '20.04', 'pkgname': 'linux-tools-generic-64k-hwe-20.04', 'pkgver': '5.13.0.35.40~20.04.20'},\n {'osver': '20.04', 'pkgname': 'linux-tools-generic-hwe-20.04', 'pkgver': '5.13.0.35.40~20.04.20'},\n {'osver': '20.04', 'pkgname': 'linux-tools-generic-lpae-hwe-20.04', 'pkgver': '5.13.0.35.40~20.04.20'},\n {'osver': '20.04', 'pkgname': 'linux-tools-lowlatency-hwe-20.04', 'pkgver': '5.13.0.35.40~20.04.20'},\n {'osver': '20.04', 'pkgname': 'linux-tools-oem-20.04', 'pkgver': '5.14.0.1027.24'},\n {'osver': '20.04', 'pkgname': 'linux-tools-oem-20.04b', 'pkgver': '5.14.0.1027.24'},\n {'osver': '20.04', 'pkgname': 'linux-tools-oem-20.04c', 'pkgver': '5.14.0.1027.24'},\n {'osver': '20.04', 'pkgname': 'linux-tools-oem-20.04d', 'pkgver': '5.14.0.1027.24'},\n {'osver': '20.04', 'pkgname': 'linux-tools-oracle', 'pkgver': '5.13.0.1021.26~20.04.1'},\n {'osver': '20.04', 'pkgname': 'linux-tools-oracle-edge', 'pkgver': '5.13.0.1021.26~20.04.1'},\n {'osver': '20.04', 'pkgname': 'linux-tools-virtual-hwe-20.04', 'pkgver': '5.13.0.35.40~20.04.20'},\n {'osver': '20.04', 'pkgname': 'linux-virtual-hwe-20.04', 'pkgver': '5.13.0.35.40~20.04.20'},\n {'osver': '21.10', 'pkgname': 'linux-aws', 'pkgver': '5.13.0.1017.18'},\n {'osver': '21.10', 'pkgname': 'linux-aws-cloud-tools-5.13.0-1017', 'pkgver': '5.13.0-1017.19'},\n {'osver': '21.10', 'pkgname': 'linux-aws-headers-5.13.0-1017', 'pkgver': '5.13.0-1017.19'},\n {'osver': '21.10', 'pkgname': 'linux-aws-tools-5.13.0-1017', 'pkgver': '5.13.0-1017.19'},\n {'osver': '21.10', 'pkgname': 'linux-azure', 'pkgver': '5.13.0.1017.17'},\n {'osver': '21.10', 'pkgname': 'linux-azure-cloud-tools-5.13.0-1017', 'pkgver': '5.13.0-1017.19'},\n {'osver': '21.10', 'pkgname': 'linux-azure-headers-5.13.0-1017', 'pkgver': '5.13.0-1017.19'},\n {'osver': '21.10', 'pkgname': 'linux-azure-tools-5.13.0-1017', 'pkgver': '5.13.0-1017.19'},\n {'osver': '21.10', 'pkgname': 'linux-buildinfo-5.13.0-1016-kvm', 'pkgver': '5.13.0-1016.17'},\n {'osver': '21.10', 'pkgname': 'linux-buildinfo-5.13.0-1017-aws', 'pkgver': '5.13.0-1017.19'},\n {'osver': '21.10', 'pkgname': 'linux-buildinfo-5.13.0-1017-azure', 'pkgver': '5.13.0-1017.19'},\n {'osver': '21.10', 'pkgname': 'linux-buildinfo-5.13.0-1019-gcp', 'pkgver': '5.13.0-1019.23'},\n {'osver': '21.10', 'pkgname': 'linux-buildinfo-5.13.0-1020-raspi', 'pkgver': '5.13.0-1020.22'},\n {'osver': '21.10', 'pkgname': 'linux-buildinfo-5.13.0-1020-raspi-nolpae', 'pkgver': '5.13.0-1020.22'},\n {'osver': '21.10', 'pkgname': 'linux-buildinfo-5.13.0-1021-oracle', 'pkgver': '5.13.0-1021.26'},\n {'osver': '21.10', 'pkgname': 'linux-buildinfo-5.13.0-35-generic', 'pkgver': '5.13.0-35.40'},\n {'osver': '21.10', 'pkgname': 'linux-buildinfo-5.13.0-35-generic-64k', 'pkgver': '5.13.0-35.40'},\n {'osver': '21.10', 'pkgname': 'linux-buildinfo-5.13.0-35-generic-lpae', 'pkgver': '5.13.0-35.40'},\n {'osver': '21.10', 'pkgname': 'linux-buildinfo-5.13.0-35-lowlatency', 'pkgver': '5.13.0-35.40'},\n {'osver': '21.10', 'pkgname': 'linux-cloud-tools-5.13.0-1017-aws', 'pkgver': '5.13.0-1017.19'},\n {'osver': '21.10', 'pkgname': 'linux-cloud-tools-5.13.0-1017-azure', 'pkgver': '5.13.0-1017.19'},\n {'osver': '21.10', 'pkgname': 'linux-cloud-tools-5.13.0-35', 'pkgver': '5.13.0-35.40'},\n {'osver': '21.10', 'pkgname': 'linux-cloud-tools-5.13.0-35-generic', 'pkgver': '5.13.0-35.40'},\n {'osver': '21.10', 'pkgname': 'linux-cloud-tools-5.13.0-35-lowlatency', 'pkgver': '5.13.0-35.40'},\n {'osver': '21.10', 'pkgname': 'linux-cloud-tools-azure', 'pkgver': '5.13.0.1017.17'},\n {'osver': '21.10', 'pkgname': 'linux-cloud-tools-common', 'pkgver': '5.13.0-35.40'},\n {'osver': '21.10', 'pkgname': 'linux-cloud-tools-generic', 'pkgver': '5.13.0.35.44'},\n {'osver': '21.10', 'pkgname': 'linux-cloud-tools-generic-hwe-20.04', 'pkgver': '5.13.0.35.44'},\n {'osver': '21.10', 'pkgname': 'linux-cloud-tools-generic-hwe-20.04-edge', 'pkgver': '5.13.0.35.44'},\n {'osver': '21.10', 'pkgname': 'linux-cloud-tools-lowlatency', 'pkgver': '5.13.0.35.44'},\n {'osver': '21.10', 'pkgname': 'linux-cloud-tools-lowlatency-hwe-20.04', 'pkgver': '5.13.0.35.44'},\n {'osver': '21.10', 'pkgname': 'linux-cloud-tools-lowlatency-hwe-20.04-edge', 'pkgver': '5.13.0.35.44'},\n {'osver': '21.10', 'pkgname': 'linux-cloud-tools-virtual', 'pkgver': '5.13.0.35.44'},\n {'osver': '21.10', 'pkgname': 'linux-cloud-tools-virtual-hwe-20.04', 'pkgver': '5.13.0.35.44'},\n {'osver': '21.10', 'pkgname': 'linux-cloud-tools-virtual-hwe-20.04-edge', 'pkgver': '5.13.0.35.44'},\n {'osver': '21.10', 'pkgname': 'linux-crashdump', 'pkgver': '5.13.0.35.44'},\n {'osver': '21.10', 'pkgname': 'linux-gcp', 'pkgver': '5.13.0.1019.17'},\n {'osver': '21.10', 'pkgname': 'linux-gcp-headers-5.13.0-1019', 'pkgver': '5.13.0-1019.23'},\n {'osver': '21.10', 'pkgname': 'linux-gcp-tools-5.13.0-1019', 'pkgver': '5.13.0-1019.23'},\n {'osver': '21.10', 'pkgname': 'linux-generic', 'pkgver': '5.13.0.35.44'},\n {'osver': '21.10', 'pkgname': 'linux-generic-64k', 'pkgver': '5.13.0.35.44'},\n {'osver': '21.10', 'pkgname': 'linux-generic-64k-hwe-20.04', 'pkgver': '5.13.0.35.44'},\n {'osver': '21.10', 'pkgname': 'linux-generic-64k-hwe-20.04-edge', 'pkgver': '5.13.0.35.44'},\n {'osver': '21.10', 'pkgname': 'linux-generic-hwe-20.04', 'pkgver': '5.13.0.35.44'},\n {'osver': '21.10', 'pkgname': 'linux-generic-hwe-20.04-edge', 'pkgver': '5.13.0.35.44'},\n {'osver': '21.10', 'pkgname': 'linux-generic-lpae', 'pkgver': '5.13.0.35.44'},\n {'osver': '21.10', 'pkgname': 'linux-generic-lpae-hwe-20.04', 'pkgver': '5.13.0.35.44'},\n {'osver': '21.10', 'pkgname': 'linux-generic-lpae-hwe-20.04-edge', 'pkgver': '5.13.0.35.44'},\n {'osver': '21.10', 'pkgname': 'linux-gke', 'pkgver': '5.13.0.1019.17'},\n {'osver': '21.10', 'pkgname': 'linux-headers-5.13.0-1016-kvm', 'pkgver': '5.13.0-1016.17'},\n {'osver': '21.10', 'pkgname': 'linux-headers-5.13.0-1017-aws', 'pkgver': '5.13.0-1017.19'},\n {'osver': '21.10', 'pkgname': 'linux-headers-5.13.0-1017-azure', 'pkgver': '5.13.0-1017.19'},\n {'osver': '21.10', 'pkgname': 'linux-headers-5.13.0-1019-gcp', 'pkgver': '5.13.0-1019.23'},\n {'osver': '21.10', 'pkgname': 'linux-headers-5.13.0-1020-raspi', 'pkgver': '5.13.0-1020.22'},\n {'osver': '21.10', 'pkgname': 'linux-headers-5.13.0-1020-raspi-nolpae', 'pkgver': '5.13.0-1020.22'},\n {'osver': '21.10', 'pkgname': 'linux-headers-5.13.0-1021-oracle', 'pkgver': '5.13.0-1021.26'},\n {'osver': '21.10', 'pkgname': 'linux-headers-5.13.0-35', 'pkgver': '5.13.0-35.40'},\n {'osver': '21.10', 'pkgname': 'linux-headers-5.13.0-35-generic', 'pkgver': '5.13.0-35.40'},\n {'osver': '21.10', 'pkgname': 'linux-headers-5.13.0-35-generic-64k', 'pkgver': '5.13.0-35.40'},\n {'osver': '21.10', 'pkgname': 'linux-headers-5.13.0-35-generic-lpae', 'pkgver': '5.13.0-35.40'},\n {'osver': '21.10', 'pkgname': 'linux-headers-5.13.0-35-lowlatency', 'pkgver': '5.13.0-35.40'},\n {'osver': '21.10', 'pkgname': 'linux-headers-aws', 'pkgver': '5.13.0.1017.18'},\n {'osver': '21.10', 'pkgname': 'linux-headers-azure', 'pkgver': '5.13.0.1017.17'},\n {'osver': '21.10', 'pkgname': 'linux-headers-gcp', 'pkgver': '5.13.0.1019.17'},\n {'osver': '21.10', 'pkgname': 'linux-headers-generic', 'pkgver': '5.13.0.35.44'},\n {'osver': '21.10', 'pkgname': 'linux-headers-generic-64k', 'pkgver': '5.13.0.35.44'},\n {'osver': '21.10', 'pkgname': 'linux-headers-generic-64k-hwe-20.04', 'pkgver': '5.13.0.35.44'},\n {'osver': '21.10', 'pkgname': 'linux-headers-generic-64k-hwe-20.04-edge', 'pkgver': '5.13.0.35.44'},\n {'osver': '21.10', 'pkgname': 'linux-headers-generic-hwe-20.04', 'pkgver': '5.13.0.35.44'},\n {'osver': '21.10', 'pkgname': 'linux-headers-generic-hwe-20.04-edge', 'pkgver': '5.13.0.35.44'},\n {'osver': '21.10', 'pkgname': 'linux-headers-generic-lpae', 'pkgver': '5.13.0.35.44'},\n {'osver': '21.10', 'pkgname': 'linux-headers-generic-lpae-hwe-20.04', 'pkgver': '5.13.0.35.44'},\n {'osver': '21.10', 'pkgname': 'linux-headers-generic-lpae-hwe-20.04-edge', 'pkgver': '5.13.0.35.44'},\n {'osver': '21.10', 'pkgname': 'linux-headers-gke', 'pkgver': '5.13.0.1019.17'},\n {'osver': '21.10', 'pkgname': 'linux-headers-kvm', 'pkgver': '5.13.0.1016.16'},\n {'osver': '21.10', 'pkgname': 'linux-headers-lowlatency', 'pkgver': '5.13.0.35.44'},\n {'osver': '21.10', 'pkgname': 'linux-headers-lowlatency-hwe-20.04', 'pkgver': '5.13.0.35.44'},\n {'osver': '21.10', 'pkgname': 'linux-headers-lowlatency-hwe-20.04-edge', 'pkgver': '5.13.0.35.44'},\n {'osver': '21.10', 'pkgname': 'linux-headers-oem-20.04', 'pkgver': '5.13.0.35.44'},\n {'osver': '21.10', 'pkgname': 'linux-headers-oracle', 'pkgver': '5.13.0.1021.21'},\n {'osver': '21.10', 'pkgname': 'linux-headers-raspi', 'pkgver': '5.13.0.1020.25'},\n {'osver': '21.10', 'pkgname': 'linux-headers-raspi-nolpae', 'pkgver': '5.13.0.1020.25'},\n {'osver': '21.10', 'pkgname': 'linux-headers-virtual', 'pkgver': '5.13.0.35.44'},\n {'osver': '21.10', 'pkgname': 'linux-headers-virtual-hwe-20.04', 'pkgver': '5.13.0.35.44'},\n {'osver': '21.10', 'pkgname': 'linux-headers-virtual-hwe-20.04-edge', 'pkgver': '5.13.0.35.44'},\n {'osver': '21.10', 'pkgname': 'linux-image-5.13.0-1016-kvm', 'pkgver': '5.13.0-1016.17'},\n {'osver': '21.10', 'pkgname': 'linux-image-5.13.0-1017-aws', 'pkgver': '5.13.0-1017.19'},\n {'osver': '21.10', 'pkgname': 'linux-image-5.13.0-1017-azure', 'pkgver': '5.13.0-1017.19'},\n {'osver': '21.10', 'pkgname': 'linux-image-5.13.0-1019-gcp', 'pkgver': '5.13.0-1019.23'},\n {'osver': '21.10', 'pkgname': 'linux-image-5.13.0-1020-raspi', 'pkgver': '5.13.0-1020.22'},\n {'osver': '21.10', 'pkgname': 'linux-image-5.13.0-1020-raspi-nolpae', 'pkgver': '5.13.0-1020.22'},\n {'osver': '21.10', 'pkgname': 'linux-image-5.13.0-1021-oracle', 'pkgver': '5.13.0-1021.26'},\n {'osver': '21.10', 'pkgname': 'linux-image-5.13.0-35-generic', 'pkgver': '5.13.0-35.40'},\n {'osver': '21.10', 'pkgname': 'linux-image-5.13.0-35-generic-64k', 'pkgver': '5.13.0-35.40'},\n {'osver': '21.10', 'pkgname': 'linux-image-5.13.0-35-generic-lpae', 'pkgver': '5.13.0-35.40'},\n {'osver': '21.10', 'pkgname': 'linux-image-5.13.0-35-lowlatency', 'pkgver': '5.13.0-35.40'},\n {'osver': '21.10', 'pkgname': 'linux-image-aws', 'pkgver': '5.13.0.1017.18'},\n {'osver': '21.10', 'pkgname': 'linux-image-azure', 'pkgver': '5.13.0.1017.17'},\n {'osver': '21.10', 'pkgname': 'linux-image-extra-virtual', 'pkgver': '5.13.0.35.44'},\n {'osver': '21.10', 'pkgname': 'linux-image-extra-virtual-hwe-20.04', 'pkgver': '5.13.0.35.44'},\n {'osver': '21.10', 'pkgname': 'linux-image-extra-virtual-hwe-20.04-edge', 'pkgver': '5.13.0.35.44'},\n {'osver': '21.10', 'pkgname': 'linux-image-gcp', 'pkgver': '5.13.0.1019.17'},\n {'osver': '21.10', 'pkgname': 'linux-image-generic', 'pkgver': '5.13.0.35.44'},\n {'osver': '21.10', 'pkgname': 'linux-image-generic-64k', 'pkgver': '5.13.0.35.44'},\n {'osver': '21.10', 'pkgname': 'linux-image-generic-64k-hwe-20.04', 'pkgver': '5.13.0.35.44'},\n {'osver': '21.10', 'pkgname': 'linux-image-generic-64k-hwe-20.04-edge', 'pkgver': '5.13.0.35.44'},\n {'osver': '21.10', 'pkgname': 'linux-image-generic-hwe-20.04', 'pkgver': '5.13.0.35.44'},\n {'osver': '21.10', 'pkgname': 'linux-image-generic-hwe-20.04-edge', 'pkgver': '5.13.0.35.44'},\n {'osver': '21.10', 'pkgname': 'linux-image-generic-lpae', 'pkgver': '5.13.0.35.44'},\n {'osver': '21.10', 'pkgname': 'linux-image-generic-lpae-hwe-20.04', 'pkgver': '5.13.0.35.44'},\n {'osver': '21.10', 'pkgname': 'linux-image-generic-lpae-hwe-20.04-edge', 'pkgver': '5.13.0.35.44'},\n {'osver': '21.10', 'pkgname': 'linux-image-gke', 'pkgver': '5.13.0.1019.17'},\n {'osver': '21.10', 'pkgname': 'linux-image-kvm', 'pkgver': '5.13.0.1016.16'},\n {'osver': '21.10', 'pkgname': 'linux-image-lowlatency', 'pkgver': '5.13.0.35.44'},\n {'osver': '21.10', 'pkgname': 'linux-image-lowlatency-hwe-20.04', 'pkgver': '5.13.0.35.44'},\n {'osver': '21.10', 'pkgname': 'linux-image-lowlatency-hwe-20.04-edge', 'pkgver': '5.13.0.35.44'},\n {'osver': '21.10', 'pkgname': 'linux-image-oem-20.04', 'pkgver': '5.13.0.35.44'},\n {'osver': '21.10', 'pkgname': 'linux-image-oracle', 'pkgver': '5.13.0.1021.21'},\n {'osver': '21.10', 'pkgname': 'linux-image-raspi', 'pkgver': '5.13.0.1020.25'},\n {'osver': '21.10', 'pkgname': 'linux-image-raspi-nolpae', 'pkgver': '5.13.0.1020.25'},\n {'osver': '21.10', 'pkgname': 'linux-image-unsigned-5.13.0-1016-kvm', 'pkgver': '5.13.0-1016.17'},\n {'osver': '21.10', 'pkgname': 'linux-image-unsigned-5.13.0-1017-aws', 'pkgver': '5.13.0-1017.19'},\n {'osver': '21.10', 'pkgname': 'linux-image-unsigned-5.13.0-1017-azure', 'pkgver': '5.13.0-1017.19'},\n {'osver': '21.10', 'pkgname': 'linux-image-unsigned-5.13.0-1019-gcp', 'pkgver': '5.13.0-1019.23'},\n {'osver': '21.10', 'pkgname': 'linux-image-unsigned-5.13.0-1021-oracle', 'pkgver': '5.13.0-1021.26'},\n {'osver': '21.10', 'pkgname': 'linux-image-unsigned-5.13.0-35-generic', 'pkgver': '5.13.0-35.40'},\n {'osver': '21.10', 'pkgname': 'linux-image-unsigned-5.13.0-35-generic-64k', 'pkgver': '5.13.0-35.40'},\n {'osver': '21.10', 'pkgname': 'linux-image-unsigned-5.13.0-35-lowlatency', 'pkgver': '5.13.0-35.40'},\n {'osver': '21.10', 'pkgname': 'linux-image-virtual', 'pkgver': '5.13.0.35.44'},\n {'osver': '21.10', 'pkgname': 'linux-image-virtual-hwe-20.04', 'pkgver': '5.13.0.35.44'},\n {'osver': '21.10', 'pkgname': 'linux-image-virtual-hwe-20.04-edge', 'pkgver': '5.13.0.35.44'},\n {'osver': '21.10', 'pkgname': 'linux-kvm', 'pkgver': '5.13.0.1016.16'},\n {'osver': '21.10', 'pkgname': 'linux-kvm-headers-5.13.0-1016', 'pkgver': '5.13.0-1016.17'},\n {'osver': '21.10', 'pkgname': 'linux-kvm-tools-5.13.0-1016', 'pkgver': '5.13.0-1016.17'},\n {'osver': '21.10', 'pkgname': 'linux-libc-dev', 'pkgver': '5.13.0-35.40'},\n {'osver': '21.10', 'pkgname': 'linux-lowlatency', 'pkgver': '5.13.0.35.44'},\n {'osver': '21.10', 'pkgname': 'linux-lowlatency-hwe-20.04', 'pkgver': '5.13.0.35.44'},\n {'osver': '21.10', 'pkgname': 'linux-lowlatency-hwe-20.04-edge', 'pkgver': '5.13.0.35.44'},\n {'osver': '21.10', 'pkgname': 'linux-modules-5.13.0-1016-kvm', 'pkgver': '5.13.0-1016.17'},\n {'osver': '21.10', 'pkgname': 'linux-modules-5.13.0-1017-aws', 'pkgver': '5.13.0-1017.19'},\n {'osver': '21.10', 'pkgname': 'linux-modules-5.13.0-1017-azure', 'pkgver': '5.13.0-1017.19'},\n {'osver': '21.10', 'pkgname': 'linux-modules-5.13.0-1019-gcp', 'pkgver': '5.13.0-1019.23'},\n {'osver': '21.10', 'pkgname': 'linux-modules-5.13.0-1020-raspi', 'pkgver': '5.13.0-1020.22'},\n {'osver': '21.10', 'pkgname': 'linux-modules-5.13.0-1020-raspi-nolpae', 'pkgver': '5.13.0-1020.22'},\n {'osver': '21.10', 'pkgname': 'linux-modules-5.13.0-1021-oracle', 'pkgver': '5.13.0-1021.26'},\n {'osver': '21.10', 'pkgname': 'linux-modules-5.13.0-35-generic', 'pkgver': '5.13.0-35.40'},\n {'osver': '21.10', 'pkgname': 'linux-modules-5.13.0-35-generic-64k', 'pkgver': '5.13.0-35.40'},\n {'osver': '21.10', 'pkgname': 'linux-modules-5.13.0-35-generic-lpae', 'pkgver': '5.13.0-35.40'},\n {'osver': '21.10', 'pkgname': 'linux-modules-5.13.0-35-lowlatency', 'pkgver': '5.13.0-35.40'},\n {'osver': '21.10', 'pkgname': 'linux-modules-extra-5.13.0-1017-aws', 'pkgver': '5.13.0-1017.19'},\n {'osver': '21.10', 'pkgname': 'linux-modules-extra-5.13.0-1017-azure', 'pkgver': '5.13.0-1017.19'},\n {'osver': '21.10', 'pkgname': 'linux-modules-extra-5.13.0-1019-gcp', 'pkgver': '5.13.0-1019.23'},\n {'osver': '21.10', 'pkgname': 'linux-modules-extra-5.13.0-1020-raspi', 'pkgver': '5.13.0-1020.22'},\n {'osver': '21.10', 'pkgname': 'linux-modules-extra-5.13.0-1020-raspi-nolpae', 'pkgver': '5.13.0-1020.22'},\n {'osver': '21.10', 'pkgname': 'linux-modules-extra-5.13.0-1021-oracle', 'pkgver': '5.13.0-1021.26'},\n {'osver': '21.10', 'pkgname': 'linux-modules-extra-5.13.0-35-generic', 'pkgver': '5.13.0-35.40'},\n {'osver': '21.10', 'pkgname': 'linux-modules-extra-aws', 'pkgver': '5.13.0.1017.18'},\n {'osver': '21.10', 'pkgname': 'linux-modules-extra-azure', 'pkgver': '5.13.0.1017.17'},\n {'osver': '21.10', 'pkgname': 'linux-modules-extra-gcp', 'pkgver': '5.13.0.1019.17'},\n {'osver': '21.10', 'pkgname': 'linux-modules-extra-gke', 'pkgver': '5.13.0.1019.17'},\n {'osver': '21.10', 'pkgname': 'linux-modules-extra-raspi', 'pkgver': '5.13.0.1020.25'},\n {'osver': '21.10', 'pkgname': 'linux-modules-extra-raspi-nolpae', 'pkgver': '5.13.0.1020.25'},\n {'osver': '21.10', 'pkgname': 'linux-oem-20.04', 'pkgver': '5.13.0.35.44'},\n {'osver': '21.10', 'pkgname': 'linux-oracle', 'pkgver': '5.13.0.1021.21'},\n {'osver': '21.10', 'pkgname': 'linux-oracle-headers-5.13.0-1021', 'pkgver': '5.13.0-1021.26'},\n {'osver': '21.10', 'pkgname': 'linux-oracle-tools-5.13.0-1021', 'pkgver': '5.13.0-1021.26'},\n {'osver': '21.10', 'pkgname': 'linux-raspi', 'pkgver': '5.13.0.1020.25'},\n {'osver': '21.10', 'pkgname': 'linux-raspi-headers-5.13.0-1020', 'pkgver': '5.13.0-1020.22'},\n {'osver': '21.10', 'pkgname': 'linux-raspi-nolpae', 'pkgver': '5.13.0.1020.25'},\n {'osver': '21.10', 'pkgname': 'linux-raspi-tools-5.13.0-1020', 'pkgver': '5.13.0-1020.22'},\n {'osver': '21.10', 'pkgname': 'linux-source', 'pkgver': '5.13.0.35.44'},\n {'osver': '21.10', 'pkgname': 'linux-source-5.13.0', 'pkgver': '5.13.0-35.40'},\n {'osver': '21.10', 'pkgname': 'linux-tools-5.13.0-1016-kvm', 'pkgver': '5.13.0-1016.17'},\n {'osver': '21.10', 'pkgname': 'linux-tools-5.13.0-1017-aws', 'pkgver': '5.13.0-1017.19'},\n {'osver': '21.10', 'pkgname': 'linux-tools-5.13.0-1017-azure', 'pkgver': '5.13.0-1017.19'},\n {'osver': '21.10', 'pkgname': 'linux-tools-5.13.0-1019-gcp', 'pkgver': '5.13.0-1019.23'},\n {'osver': '21.10', 'pkgname': 'linux-tools-5.13.0-1020-raspi', 'pkgver': '5.13.0-1020.22'},\n {'osver': '21.10', 'pkgname': 'linux-tools-5.13.0-1020-raspi-nolpae', 'pkgver': '5.13.0-1020.22'},\n {'osver': '21.10', 'pkgname': 'linux-tools-5.13.0-1021-oracle', 'pkgver': '5.13.0-1021.26'},\n {'osver': '21.10', 'pkgname': 'linux-tools-5.13.0-35', 'pkgver': '5.13.0-35.40'},\n {'osver': '21.10', 'pkgname': 'linux-tools-5.13.0-35-generic', 'pkgver': '5.13.0-35.40'},\n {'osver': '21.10', 'pkgname': 'linux-tools-5.13.0-35-generic-64k', 'pkgver': '5.13.0-35.40'},\n {'osver': '21.10', 'pkgname': 'linux-tools-5.13.0-35-generic-lpae', 'pkgver': '5.13.0-35.40'},\n {'osver': '21.10', 'pkgname': 'linux-tools-5.13.0-35-lowlatency', 'pkgver': '5.13.0-35.40'},\n {'osver': '21.10', 'pkgname': 'linux-tools-aws', 'pkgver': '5.13.0.1017.18'},\n {'osver': '21.10', 'pkgname': 'linux-tools-azure', 'pkgver': '5.13.0.1017.17'},\n {'osver': '21.10', 'pkgname': 'linux-tools-common', 'pkgver': '5.13.0-35.40'},\n {'osver': '21.10', 'pkgname': 'linux-tools-gcp', 'pkgver': '5.13.0.1019.17'},\n {'osver': '21.10', 'pkgname': 'linux-tools-generic', 'pkgver': '5.13.0.35.44'},\n {'osver': '21.10', 'pkgname': 'linux-tools-generic-64k', 'pkgver': '5.13.0.35.44'},\n {'osver': '21.10', 'pkgname': 'linux-tools-generic-64k-hwe-20.04', 'pkgver': '5.13.0.35.44'},\n {'osver': '21.10', 'pkgname': 'linux-tools-generic-64k-hwe-20.04-edge', 'pkgver': '5.13.0.35.44'},\n {'osver': '21.10', 'pkgname': 'linux-tools-generic-hwe-20.04', 'pkgver': '5.13.0.35.44'},\n {'osver': '21.10', 'pkgname': 'linux-tools-generic-hwe-20.04-edge', 'pkgver': '5.13.0.35.44'},\n {'osver': '21.10', 'pkgname': 'linux-tools-generic-lpae', 'pkgver': '5.13.0.35.44'},\n {'osver': '21.10', 'pkgname': 'linux-tools-generic-lpae-hwe-20.04', 'pkgver': '5.13.0.35.44'},\n {'osver': '21.10', 'pkgname': 'linux-tools-generic-lpae-hwe-20.04-edge', 'pkgver': '5.13.0.35.44'},\n {'osver': '21.10', 'pkgname': 'linux-tools-gke', 'pkgver': '5.13.0.1019.17'},\n {'osver': '21.10', 'pkgname': 'linux-tools-host', 'pkgver': '5.13.0-35.40'},\n {'osver': '21.10', 'pkgname': 'linux-tools-kvm', 'pkgver': '5.13.0.1016.16'},\n {'osver': '21.10', 'pkgname': 'linux-tools-lowlatency', 'pkgver': '5.13.0.35.44'},\n {'osver': '21.10', 'pkgname': 'linux-tools-lowlatency-hwe-20.04', 'pkgver': '5.13.0.35.44'},\n {'osver': '21.10', 'pkgname': 'linux-tools-lowlatency-hwe-20.04-edge', 'pkgver': '5.13.0.35.44'},\n {'osver': '21.10', 'pkgname': 'linux-tools-oem-20.04', 'pkgver': '5.13.0.35.44'},\n {'osver': '21.10', 'pkgname': 'linux-tools-oracle', 'pkgver': '5.13.0.1021.21'},\n {'osver': '21.10', 'pkgname': 'linux-tools-raspi', 'pkgver': '5.13.0.1020.25'},\n {'osver': '21.10', 'pkgname': 'linux-tools-raspi-nolpae', 'pkgver': '5.13.0.1020.25'},\n {'osver': '21.10', 'pkgname': 'linux-tools-virtual', 'pkgver': '5.13.0.35.44'},\n {'osver': '21.10', 'pkgname': 'linux-tools-virtual-hwe-20.04', 'pkgver': '5.13.0.35.44'},\n {'osver': '21.10', 'pkgname': 'linux-tools-virtual-hwe-20.04-edge', 'pkgver': '5.13.0.35.44'},\n {'osver': '21.10', 'pkgname': 'linux-virtual', 'pkgver': '5.13.0.35.44'},\n {'osver': '21.10', 'pkgname': 'linux-virtual-hwe-20.04', 'pkgver': '5.13.0.35.44'},\n {'osver': '21.10', 'pkgname': 'linux-virtual-hwe-20.04-edge', 'pkgver': '5.13.0.35.44'}\n];\n\nvar flag = 0;\nforeach package_array ( pkgs ) {\n var osver = NULL;\n var pkgname = NULL;\n var pkgver = NULL;\n if (!empty_or_null(package_array['osver'])) osver = package_array['osver'];\n if (!empty_or_null(package_array['pkgname'])) pkgname = package_array['pkgname'];\n if (!empty_or_null(package_array['pkgver'])) pkgver = package_array['pkgver'];\n if (osver && pkgname && pkgver) {\n if (ubuntu_check(osver:osver, pkgname:pkgname, pkgver:pkgver)) flag++;\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : ubuntu_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = ubuntu_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'linux-aws / linux-aws-5.13-cloud-tools-5.13.0-1017 / etc');\n}\n", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2022-08-12T18:22:01", "description": "The remote SUSE Linux SLES15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2022:0764-1 advisory.\n\n - Non-transparent sharing of branch predictor selectors between contexts in some Intel(R) Processors may allow an authorized user to potentially enable information disclosure via local access. (CVE-2022-0001)\n\n - Non-transparent sharing of branch predictor within a context in some Intel(R) Processors may allow an authorized user to potentially enable information disclosure via local access. (CVE-2022-0002)\n\n - A flaw was found in the way the flags member of the new pipe buffer structure was lacking proper initialization in copy_page_to_iter_pipe and push_pipe functions in the Linux kernel and could thus contain stale values. An unprivileged local user could use this flaw to write to pages in the page cache backed by read only files and as such escalate their privileges on the system. (CVE-2022-0847)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {"score": 7.8, "vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"}, "published": "2022-03-22T00:00:00", "type": "nessus", "title": "SUSE SLES15 Security Update : kernel (SUSE-SU-2022:0764-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2022-0001", "CVE-2022-0002", "CVE-2022-0847"], "modified": "2022-08-12T00:00:00", "cpe": ["p-cpe:2.3:a:novell:suse_linux:kernel-rt_debug:*:*:*:*:*:*:*", "p-cpe:2.3:a:novell:suse_linux:cluster-md-kmp-rt:*:*:*:*:*:*:*", "p-cpe:2.3:a:novell:suse_linux:kernel-rt_debug-devel:*:*:*:*:*:*:*", "p-cpe:2.3:a:novell:suse_linux:kernel-syms-rt:*:*:*:*:*:*:*", "p-cpe:2.3:a:novell:suse_linux:kernel-rt:*:*:*:*:*:*:*", "p-cpe:2.3:a:novell:suse_linux:kernel-rt-devel:*:*:*:*:*:*:*", "p-cpe:2.3:a:novell:suse_linux:dlm-kmp-rt:*:*:*:*:*:*:*", "cpe:2.3:o:novell:suse_linux:15:*:*:*:*:*:*:*", "p-cpe:2.3:a:novell:suse_linux:gfs2-kmp-rt:*:*:*:*:*:*:*", "p-cpe:2.3:a:novell:suse_linux:ocfs2-kmp-rt:*:*:*:*:*:*:*", "p-cpe:2.3:a:novell:suse_linux:kernel-devel-rt:*:*:*:*:*:*:*", "p-cpe:2.3:a:novell:suse_linux:kernel-source-rt:*:*:*:*:*:*:*"], "id": "SUSE_SU-2022-0764-1.NASL", "href": "https://www.tenable.com/plugins/nessus/159156", "sourceData": "#%NASL_MIN_LEVEL 70300\n##\n# (C) Tenable, Inc.\n#\n# The package checks in this plugin were extracted from\n# SUSE update advisory SUSE-SU-2022:0764-1. The text itself\n# is copyright (C) SUSE.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(159156);\n script_version(\"1.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/08/12\");\n\n script_cve_id(\"CVE-2022-0001\", \"CVE-2022-0002\", \"CVE-2022-0847\");\n script_xref(name:\"SuSE\", value:\"SUSE-SU-2022:0764-1\");\n script_xref(name:\"CISA-KNOWN-EXPLOITED\", value:\"2022/05/16\");\n\n script_name(english:\"SUSE SLES15 Security Update : kernel (SUSE-SU-2022:0764-1)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote SUSE host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote SUSE Linux SLES15 host has packages installed that are affected by multiple vulnerabilities as referenced in\nthe SUSE-SU-2022:0764-1 advisory.\n\n - Non-transparent sharing of branch predictor selectors between contexts in some Intel(R) Processors may\n allow an authorized user to potentially enable information disclosure via local access. (CVE-2022-0001)\n\n - Non-transparent sharing of branch predictor within a context in some Intel(R) Processors may allow an\n authorized user to potentially enable information disclosure via local access. (CVE-2022-0002)\n\n - A flaw was found in the way the flags member of the new pipe buffer structure was lacking proper\n initialization in copy_page_to_iter_pipe and push_pipe functions in the Linux kernel and could thus\n contain stale values. An unprivileged local user could use this flaw to write to pages in the page cache\n backed by read only files and as such escalate their privileges on the system. (CVE-2022-0847)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1191580\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1192483\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1195701\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1195995\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1196584\");\n # https://lists.suse.com/pipermail/sle-security-updates/2022-March/010389.html\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?2f7ac8b9\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-0001\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-0002\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-0847\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2022-0847\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'Dirty Pipe Local Privilege Escalation via CVE-2022-0847');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_canvas\", value:\"true\");\n script_set_attribute(attribute:\"canvas_package\", value:\"CANVAS\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2022/03/07\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2022/03/09\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/03/22\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:2.3:a:novell:suse_linux:kernel-rt_debug:*:*:*:*:*:*:*\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:2.3:a:novell:suse_linux:cluster-md-kmp-rt:*:*:*:*:*:*:*\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:2.3:a:novell:suse_linux:kernel-rt_debug-devel:*:*:*:*:*:*:*\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:2.3:a:novell:suse_linux:kernel-syms-rt:*:*:*:*:*:*:*\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:2.3:a:novell:suse_linux:kernel-rt:*:*:*:*:*:*:*\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:2.3:a:novell:suse_linux:kernel-rt-devel:*:*:*:*:*:*:*\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:2.3:a:novell:suse_linux:dlm-kmp-rt:*:*:*:*:*:*:*\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:2.3:o:novell:suse_linux:15:*:*:*:*:*:*:*\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:2.3:a:novell:suse_linux:gfs2-kmp-rt:*:*:*:*:*:*:*\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:2.3:a:novell:suse_linux:ocfs2-kmp-rt:*:*:*:*:*:*:*\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:2.3:a:novell:suse_linux:kernel-devel-rt:*:*:*:*:*:*:*\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:2.3:a:novell:suse_linux:kernel-source-rt:*:*:*:*:*:*:*\");\n script_set_attribute(attribute:\"thorough_tests\", value:\"false\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"SuSE Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"linux_alt_patch_detect.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude('audit.inc');\ninclude('global_settings.inc');\ninclude('misc_func.inc');\ninclude('rpm.inc');\ninclude('ksplice.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar release = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nvar os_ver = pregmatch(pattern: \"^(SLE(S|D)\\d+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'SUSE');\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLES15)$\", string:os_ver)) audit(AUDIT_OS_NOT, 'SUSE SLES15', 'SUSE ' + os_ver);\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'SUSE ' + os_ver, cpu);\n\nvar sp = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(sp)) sp = \"0\";\nif (os_ver == \"SLES15\" && (! preg(pattern:\"^(2)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLES15 SP2\", os_ver + \" SP\" + sp);\n\nvar pkgs = [\n {'reference':'cluster-md-kmp-rt-5.3.18-76.1', 'sp':'2', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'SLE_RT-release-15.2'},\n {'reference':'dlm-kmp-rt-5.3.18-76.1', 'sp':'2', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'SLE_RT-release-15.2'},\n {'reference':'gfs2-kmp-rt-5.3.18-76.1', 'sp':'2', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'SLE_RT-release-15.2'},\n {'reference':'kernel-devel-rt-5.3.18-76.1', 'sp':'2', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'SLE_RT-release-15.2'},\n {'reference':'kernel-rt-5.3.18-76.1', 'sp':'2', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'SLE_RT-release-15.2'},\n {'reference':'kernel-rt-devel-5.3.18-76.1', 'sp':'2', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'SLE_RT-release-15.2'},\n {'reference':'kernel-rt_debug-5.3.18-76.1', 'sp':'2', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'SLE_RT-release-15.2'},\n {'reference':'kernel-rt_debug-devel-5.3.18-76.1', 'sp':'2', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'SLE_RT-release-15.2'},\n {'reference':'kernel-source-rt-5.3.18-76.1', 'sp':'2', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'SLE_RT-release-15.2'},\n {'reference':'kernel-syms-rt-5.3.18-76.1', 'sp':'2', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'SLE_RT-release-15.2'},\n {'reference':'ocfs2-kmp-rt-5.3.18-76.1', 'sp':'2', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'SLE_RT-release-15.2'},\n {'reference':'cluster-md-kmp-rt-5.3.18-76.1', 'sp':'2', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'sle-module-rt-release-15.2'},\n {'reference':'dlm-kmp-rt-5.3.18-76.1', 'sp':'2', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'sle-module-rt-release-15.2'},\n {'reference':'gfs2-kmp-rt-5.3.18-76.1', 'sp':'2', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'sle-module-rt-release-15.2'},\n {'reference':'kernel-devel-rt-5.3.18-76.1', 'sp':'2', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'sle-module-rt-release-15.2'},\n {'reference':'kernel-rt-5.3.18-76.1', 'sp':'2', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'sle-module-rt-release-15.2'},\n {'reference':'kernel-rt-devel-5.3.18-76.1', 'sp':'2', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'sle-module-rt-release-15.2'},\n {'reference':'kernel-rt_debug-5.3.18-76.1', 'sp':'2', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'sle-module-rt-release-15.2'},\n {'reference':'kernel-rt_debug-devel-5.3.18-76.1', 'sp':'2', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'sle-module-rt-release-15.2'},\n {'reference':'kernel-source-rt-5.3.18-76.1', 'sp':'2', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'sle-module-rt-release-15.2'},\n {'reference':'kernel-syms-rt-5.3.18-76.1', 'sp':'2', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'sle-module-rt-release-15.2'},\n {'reference':'ocfs2-kmp-rt-5.3.18-76.1', 'sp':'2', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'sle-module-rt-release-15.2'}\n];\n\nvar ltss_caveat_required = FALSE;\nvar flag = 0;\nforeach package_array ( pkgs ) {\n var reference = NULL;\n var release = NULL;\n var sp = NULL;\n var cpu = NULL;\n var exists_check = NULL;\n var rpm_spec_vers_cmp = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) release = package_array['release'];\n if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) cpu = package_array['cpu'];\n if (!empty_or_null(package_array['exists_check'])) exists_check = package_array['exists_check'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (reference && release) {\n if (exists_check) {\n if (!rpm_exists(release:release, rpm:exists_check)) continue;\n if ('ltss' >< tolower(exists_check)) ltss_caveat_required = TRUE;\n }\n if (rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, rpm_spec_vers_cmp:rpm_spec_vers_cmp)) flag++;\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'cluster-md-kmp-rt / dlm-kmp-rt / gfs2-kmp-rt / kernel-devel-rt / etc');\n}\n", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2022-07-27T16:40:01", "description": "The remote SUSE Linux SLES15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2022:0931-1 advisory.\n\n - LFENCE/JMP (mitigation V2-2) may not sufficiently mitigate CVE-2017-5715 on some AMD CPUs.\n (CVE-2021-26401)\n\n - Non-transparent sharing of branch predictor selectors between contexts in some Intel(R) Processors may allow an authorized user to potentially enable information disclosure via local access. (CVE-2022-0001)\n\n - Non-transparent sharing of branch predictor within a context in some Intel(R) Processors may allow an authorized user to potentially enable information disclosure via local access. (CVE-2022-0002)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {"score": 6.5, "vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N"}, "published": "2022-03-23T00:00:00", "type": "nessus", "title": "SUSE SLES15 Security Update : xen (SUSE-SU-2022:0931-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-5715", "CVE-2021-26401", "CVE-2022-0001", "CVE-2022-0002"], "modified": "2022-03-23T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:xen", "p-cpe:/a:novell:suse_linux:xen-devel", "p-cpe:/a:novell:suse_linux:xen-libs", "p-cpe:/a:novell:suse_linux:xen-tools", "p-cpe:/a:novell:suse_linux:xen-tools-domU", "cpe:/o:novell:suse_linux:15"], "id": "SUSE_SU-2022-0931-1.NASL", "href": "https://www.tenable.com/plugins/nessus/159174", "sourceData": "#%NASL_MIN_LEVEL 70300\n##\n# (C) Tenable, Inc.\n#\n# The package checks in this plugin were extracted from\n# SUSE update advisory SUSE-SU-2022:0931-1. The text itself\n# is copyright (C) SUSE.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(159174);\n script_version(\"1.2\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/03/23\");\n\n script_cve_id(\"CVE-2021-26401\", \"CVE-2022-0001\", \"CVE-2022-0002\");\n script_xref(name:\"SuSE\", value:\"SUSE-SU-2022:0931-1\");\n\n script_name(english:\"SUSE SLES15 Security Update : xen (SUSE-SU-2022:0931-1)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote SUSE host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote SUSE Linux SLES15 host has packages installed that are affected by multiple vulnerabilities as referenced in\nthe SUSE-SU-2022:0931-1 advisory.\n\n - LFENCE/JMP (mitigation V2-2) may not sufficiently mitigate CVE-2017-5715 on some AMD CPUs.\n (CVE-2021-26401)\n\n - Non-transparent sharing of branch predictor selectors between contexts in some Intel(R) Processors may\n allow an authorized user to potentially enable information disclosure via local access. (CVE-2022-0001)\n\n - Non-transparent sharing of branch predictor within a context in some Intel(R) Processors may allow an\n authorized user to potentially enable information disclosure via local access. (CVE-2022-0002)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1196915\");\n # https://lists.suse.com/pipermail/sle-security-updates/2022-March/010501.html\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?8f29aea4\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-26401\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-0001\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-0002\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:P/I:N/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2022-0002\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2022/03/07\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2022/03/22\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/03/23\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:xen\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:xen-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:xen-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:xen-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:xen-tools-domU\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:15\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"SuSE Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude('audit.inc');\ninclude('global_settings.inc');\ninclude('misc_func.inc');\ninclude('rpm.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar release = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nvar os_ver = pregmatch(pattern: \"^(SLE(S|D)\\d+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'SUSE');\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLES15)$\", string:os_ver)) audit(AUDIT_OS_NOT, 'SUSE SLES15', 'SUSE ' + os_ver);\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'SUSE ' + os_ver, cpu);\n\nvar sp = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(sp)) sp = \"0\";\nif (os_ver == \"SLES15\" && (! preg(pattern:\"^(1)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLES15 SP1\", os_ver + \" SP\" + sp);\n\nvar pkgs = [\n {'reference':'xen-4.12.4_20-3.63.1', 'sp':'1', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'SLES_SAP-release-15.1'},\n {'reference':'xen-devel-4.12.4_20-3.63.1', 'sp':'1', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'SLES_SAP-release-15.1'},\n {'reference':'xen-libs-4.12.4_20-3.63.1', 'sp':'1', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'SLES_SAP-release-15.1'},\n {'reference':'xen-tools-4.12.4_20-3.63.1', 'sp':'1', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'SLES_SAP-release-15.1'},\n {'reference':'xen-tools-domU-4.12.4_20-3.63.1', 'sp':'1', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'SLES_SAP-release-15.1'},\n {'reference':'xen-4.12.4_20-3.63.1', 'sp':'1', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'SLE_HPC-ESPOS-release-1'},\n {'reference':'xen-devel-4.12.4_20-3.63.1', 'sp':'1', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'SLE_HPC-ESPOS-release-1'},\n {'reference':'xen-libs-4.12.4_20-3.63.1', 'sp':'1', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'SLE_HPC-ESPOS-release-1'},\n {'reference':'xen-tools-4.12.4_20-3.63.1', 'sp':'1', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'SLE_HPC-ESPOS-release-1'},\n {'reference':'xen-tools-domU-4.12.4_20-3.63.1', 'sp':'1', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'SLE_HPC-ESPOS-release-1'},\n {'reference':'xen-4.12.4_20-3.63.1', 'sp':'1', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'SLE_HPC-LTSS-release-15.1'},\n {'reference':'xen-devel-4.12.4_20-3.63.1', 'sp':'1', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'SLE_HPC-LTSS-release-15.1'},\n {'reference':'xen-libs-4.12.4_20-3.63.1', 'sp':'1', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'SLE_HPC-LTSS-release-15.1'},\n {'reference':'xen-tools-4.12.4_20-3.63.1', 'sp':'1', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'SLE_HPC-LTSS-release-15.1'},\n {'reference':'xen-tools-domU-4.12.4_20-3.63.1', 'sp':'1', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'SLE_HPC-LTSS-release-15.1'},\n {'reference':'xen-4.12.4_20-3.63.1', 'sp':'1', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'sles-ltss-release-15.1'},\n {'reference':'xen-devel-4.12.4_20-3.63.1', 'sp':'1', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'sles-ltss-release-15.1'},\n {'reference':'xen-libs-4.12.4_20-3.63.1', 'sp':'1', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'sles-ltss-release-15.1'},\n {'reference':'xen-tools-4.12.4_20-3.63.1', 'sp':'1', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'sles-ltss-release-15.1'},\n {'reference':'xen-tools-domU-4.12.4_20-3.63.1', 'sp':'1', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'sles-ltss-release-15.1'},\n {'reference':'xen-4.12.4_20-3.63.1', 'sp':'1', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'sles-release-15.1'},\n {'reference':'xen-devel-4.12.4_20-3.63.1', 'sp':'1', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'sles-release-15.1'},\n {'reference':'xen-libs-4.12.4_20-3.63.1', 'sp':'1', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'sles-release-15.1'},\n {'reference':'xen-tools-4.12.4_20-3.63.1', 'sp':'1', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'sles-release-15.1'},\n {'reference':'xen-tools-domU-4.12.4_20-3.63.1', 'sp':'1', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'sles-release-15.1'}\n];\n\nvar ltss_caveat_required = FALSE;\nvar flag = 0;\nforeach package_array ( pkgs ) {\n var reference = NULL;\n var release = NULL;\n var sp = NULL;\n var cpu = NULL;\n var exists_check = NULL;\n var rpm_spec_vers_cmp = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) release = package_array['release'];\n if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) cpu = package_array['cpu'];\n if (!empty_or_null(package_array['exists_check'])) exists_check = package_array['exists_check'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (reference && release) {\n if (exists_check) {\n if (!rpm_exists(release:release, rpm:exists_check)) continue;\n if ('ltss' >< tolower(exists_check)) ltss_caveat_required = TRUE;\n }\n if (rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, rpm_spec_vers_cmp:rpm_spec_vers_cmp)) flag++;\n }\n}\n\nif (flag)\n{\n var ltss_plugin_caveat = NULL;\n if(ltss_caveat_required) ltss_plugin_caveat = '\\n' +\n 'NOTE: This vulnerability check contains fixes that apply to\\n' +\n 'packages only available in SUSE Enterprise Linux Server LTSS\\n' +\n 'repositories. Access to these package security updates require\\n' +\n 'a paid SUSE LTSS subscription.\\n';\n security_report_v4(\n port : 0,\n severity : SECURITY_NOTE,\n extra : rpm_report_get() + ltss_plugin_caveat\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'xen / xen-devel / xen-libs / xen-tools / xen-tools-domU');\n}\n", "cvss": {"score": 2.1, "vector": "AV:L/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2022-07-27T16:40:36", "description": "The remote SUSE Linux SLED15 / SLES15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2022:0940-1 advisory.\n\n - LFENCE/JMP (mitigation V2-2) may not sufficiently mitigate CVE-2017-5715 on some AMD CPUs.\n (CVE-2021-26401)\n\n - Non-transparent sharing of branch predictor selectors between contexts in some Intel(R) Processors may allow an authorized user to potentially enable information disclosure via local access. (CVE-2022-0001)\n\n - Non-transparent sharing of branch predictor within a context in some Intel(R) Processors may allow an authorized user to potentially enable information disclosure via local access. (CVE-2022-0002)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {"score": 6.5, "vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N"}, "published": "2022-03-24T00:00:00", "type": "nessus", "title": "SUSE SLED15 / SLES15 Security Update : xen (SUSE-SU-2022:0940-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-5715", "CVE-2021-26401", "CVE-2022-0001", "CVE-2022-0002"], "modified": "2022-03-24T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:xen", "p-cpe:/a:novell:suse_linux:xen-devel", "p-cpe:/a:novell:suse_linux:xen-libs", "p-cpe:/a:novell:suse_linux:xen-tools", "p-cpe:/a:novell:suse_linux:xen-tools-domU", "p-cpe:/a:novell:suse_linux:xen-tools-xendomains-wait-disk", "cpe:/o:novell:suse_linux:15"], "id": "SUSE_SU-2022-0940-1.NASL", "href": "https://www.tenable.com/plugins/nessus/159191", "sourceData": "#%NASL_MIN_LEVEL 70300\n##\n# (C) Tenable, Inc.\n#\n# The package checks in this plugin were extracted from\n# SUSE update advisory SUSE-SU-2022:0940-1. The text itself\n# is copyright (C) SUSE.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(159191);\n script_version(\"1.2\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/03/24\");\n\n script_cve_id(\"CVE-2021-26401\", \"CVE-2022-0001\", \"CVE-2022-0002\");\n script_xref(name:\"SuSE\", value:\"SUSE-SU-2022:0940-1\");\n\n script_name(english:\"SUSE SLED15 / SLES15 Security Update : xen (SUSE-SU-2022:0940-1)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote SUSE host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote SUSE Linux SLED15 / SLES15 host has packages installed that are affected by multiple vulnerabilities as\nreferenced in the SUSE-SU-2022:0940-1 advisory.\n\n - LFENCE/JMP (mitigation V2-2) may not sufficiently mitigate CVE-2017-5715 on some AMD CPUs.\n (CVE-2021-26401)\n\n - Non-transparent sharing of branch predictor selectors between contexts in some Intel(R) Processors may\n allow an authorized user to potentially enable information disclosure via local access. (CVE-2022-0001)\n\n - Non-transparent sharing of branch predictor within a context in some Intel(R) Processors may allow an\n authorized user to potentially enable information disclosure via local access. (CVE-2022-0002)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1027519\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1191668\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1194267\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1196915\");\n # https://lists.suse.com/pipermail/sle-security-updates/2022-March/010504.html\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?354c1e60\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-26401\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-0001\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-0002\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:P/I:N/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2022-0002\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2022/03/07\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2022/03/23\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/03/24\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:xen\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:xen-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:xen-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:xen-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:xen-tools-domU\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:xen-tools-xendomains-wait-disk\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:15\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"SuSE Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude('audit.inc');\ninclude('global_settings.inc');\ninclude('misc_func.inc');\ninclude('rpm.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar release = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nvar os_ver = pregmatch(pattern: \"^(SLE(S|D)\\d+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'SUSE');\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLED15|SLES15)$\", string:os_ver)) audit(AUDIT_OS_NOT, 'SUSE SLED15 / SLES15', 'SUSE ' + os_ver);\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'SUSE ' + os_ver, cpu);\n\nvar sp = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(sp)) sp = \"0\";\nif (os_ver == \"SLED15\" && (! preg(pattern:\"^(3)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLED15 SP3\", os_ver + \" SP\" + sp);\nif (os_ver == \"SLES15\" && (! preg(pattern:\"^(3)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLES15 SP3\", os_ver + \" SP\" + sp);\n\nvar pkgs = [\n {'reference':'xen-4.14.4_02-150300.3.21.1', 'sp':'3', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'SLES_SAP-release-15.3'},\n {'reference':'xen-devel-4.14.4_02-150300.3.21.1', 'sp':'3', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'SLES_SAP-release-15.3'},\n {'reference':'xen-libs-4.14.4_02-150300.3.21.1', 'sp':'3', 'cpu':'x86_64', 'release':'SLED15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'SLES_SAP-release-15.3'},\n {'reference':'xen-libs-4.14.4_02-150300.3.21.1', 'sp':'3', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'SLES_SAP-release-15.3'},\n {'reference':'xen-tools-4.14.4_02-150300.3.21.1', 'sp':'3', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'SLES_SAP-release-15.3'},\n {'reference':'xen-tools-domU-4.14.4_02-150300.3.21.1', 'sp':'3', 'cpu':'x86_64', 'release':'SLED15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'SLES_SAP-release-15.3'},\n {'reference':'xen-tools-domU-4.14.4_02-150300.3.21.1', 'sp':'3', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'SLES_SAP-release-15.3'},\n {'reference':'xen-tools-xendomains-wait-disk-4.14.4_02-150300.3.21.1', 'sp':'3', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'SLES_SAP-release-15.3'},\n {'reference':'xen-4.14.4_02-150300.3.21.1', 'sp':'3', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'SLE_HPC-release-15.3'},\n {'reference':'xen-devel-4.14.4_02-150300.3.21.1', 'sp':'3', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'SLE_HPC-release-15.3'},\n {'reference':'xen-libs-4.14.4_02-150300.3.21.1', 'sp':'3', 'cpu':'x86_64', 'release':'SLED15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'SLE_HPC-release-15.3'},\n {'reference':'xen-libs-4.14.4_02-150300.3.21.1', 'sp':'3', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'SLE_HPC-release-15.3'},\n {'reference':'xen-tools-4.14.4_02-150300.3.21.1', 'sp':'3', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'SLE_HPC-release-15.3'},\n {'reference':'xen-tools-domU-4.14.4_02-150300.3.21.1', 'sp':'3', 'cpu':'x86_64', 'release':'SLED15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'SLE_HPC-release-15.3'},\n {'reference':'xen-tools-domU-4.14.4_02-150300.3.21.1', 'sp':'3', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'SLE_HPC-release-15.3'},\n {'reference':'xen-tools-xendomains-wait-disk-4.14.4_02-150300.3.21.1', 'sp':'3', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'SLE_HPC-release-15.3'},\n {'reference':'xen-libs-4.14.4_02-150300.3.21.1', 'sp':'3', 'cpu':'x86_64', 'release':'SLED15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'sle-module-basesystem-release-15.3'},\n {'reference':'xen-libs-4.14.4_02-150300.3.21.1', 'sp':'3', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'sle-module-basesystem-release-15.3'},\n {'reference':'xen-tools-domU-4.14.4_02-150300.3.21.1', 'sp':'3', 'cpu':'x86_64', 'release':'SLED15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'sle-module-basesystem-release-15.3'},\n {'reference':'xen-tools-domU-4.14.4_02-150300.3.21.1', 'sp':'3', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'sle-module-basesystem-release-15.3'},\n {'reference':'xen-4.14.4_02-150300.3.21.1', 'sp':'3', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'sle-module-server-applications-release-15.3'},\n {'reference':'xen-devel-4.14.4_02-150300.3.21.1', 'sp':'3', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'sle-module-server-applications-release-15.3'},\n {'reference':'xen-tools-4.14.4_02-150300.3.21.1', 'sp':'3', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'sle-module-server-applications-release-15.3'},\n {'reference':'xen-tools-xendomains-wait-disk-4.14.4_02-150300.3.21.1', 'sp':'3', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'sle-module-server-applications-release-15.3'},\n {'reference':'xen-libs-4.14.4_02-150300.3.21.1', 'sp':'3', 'cpu':'x86_64', 'release':'SLED15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'sled-release-15.3'},\n {'reference':'xen-libs-4.14.4_02-150300.3.21.1', 'sp':'3', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'sled-release-15.3'},\n {'reference':'xen-tools-domU-4.14.4_02-150300.3.21.1', 'sp':'3', 'cpu':'x86_64', 'release':'SLED15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'sled-release-15.3'},\n {'reference':'xen-tools-domU-4.14.4_02-150300.3.21.1', 'sp':'3', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'sled-release-15.3'},\n {'reference':'xen-4.14.4_02-150300.3.21.1', 'sp':'3', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'sles-release-15.3'},\n {'reference':'xen-devel-4.14.4_02-150300.3.21.1', 'sp':'3', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'sles-release-15.3'},\n {'reference':'xen-libs-4.14.4_02-150300.3.21.1', 'sp':'3', 'cpu':'x86_64', 'release':'SLED15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'sles-release-15.3'},\n {'reference':'xen-libs-4.14.4_02-150300.3.21.1', 'sp':'3', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'sles-release-15.3'},\n {'reference':'xen-tools-4.14.4_02-150300.3.21.1', 'sp':'3', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'sles-release-15.3'},\n {'reference':'xen-tools-domU-4.14.4_02-150300.3.21.1', 'sp':'3', 'cpu':'x86_64', 'release':'SLED15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'sles-release-15.3'},\n {'reference':'xen-tools-domU-4.14.4_02-150300.3.21.1', 'sp':'3', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'sles-release-15.3'},\n {'reference':'xen-tools-xendomains-wait-disk-4.14.4_02-150300.3.21.1', 'sp':'3', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'sles-release-15.3'}\n];\n\nvar ltss_caveat_required = FALSE;\nvar flag = 0;\nforeach package_array ( pkgs ) {\n var reference = NULL;\n var release = NULL;\n var sp = NULL;\n var cpu = NULL;\n var exists_check = NULL;\n var rpm_spec_vers_cmp = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) release = package_array['release'];\n if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) cpu = package_array['cpu'];\n if (!empty_or_null(package_array['exists_check'])) exists_check = package_array['exists_check'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (reference && release) {\n if (exists_check) {\n if (!rpm_exists(release:release, rpm:exists_check)) continue;\n if ('ltss' >< tolower(exists_check)) ltss_caveat_required = TRUE;\n }\n if (rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, rpm_spec_vers_cmp:rpm_spec_vers_cmp)) flag++;\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_NOTE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'xen / xen-devel / xen-libs / xen-tools / xen-tools-domU / etc');\n}\n", "cvss": {"score": 2.1, "vector": "AV:L/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2022-07-27T16:40:01", "description": "The remote SUSE Linux SLES12 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2022:0939-1 advisory.\n\n - LFENCE/JMP (mitigation V2-2) may not sufficiently mitigate CVE-2017-5715 on some AMD CPUs.\n (CVE-2021-26401)\n\n - Non-transparent sharing of branch predictor selectors between contexts in some Intel(R) Processors may allow an authorized user to potentially enable information disclosure via local access. (CVE-2022-0001)\n\n - Non-transparent sharing of branch predictor within a context in some Intel(R) Processors may allow an authorized user to potentially enable information disclosure via local access. (CVE-2022-0002)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {"score": 6.5, "vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N"}, "published": "2022-03-24T00:00:00", "type": "nessus", "title": "SUSE SLES12 Security Update : xen (SUSE-SU-2022:0939-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-5715", "CVE-2021-26401", "CVE-2022-0001", "CVE-2022-0002"], "modified": "2022-03-24T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:xen", "p-cpe:/a:novell:suse_linux:xen-devel", "p-cpe:/a:novell:suse_linux:xen-doc-html", "p-cpe:/a:novell:suse_linux:xen-libs", "p-cpe:/a:novell:suse_linux:xen-libs-32bit", "p-cpe:/a:novell:suse_linux:xen-tools", "p-cpe:/a:novell:suse_linux:xen-tools-domU", "cpe:/o:novell:suse_linux:12"], "id": "SUSE_SU-2022-0939-1.NASL", "href": "https://www.tenable.com/plugins/nessus/159188", "sourceData": "#%NASL_MIN_LEVEL 70300\n##\n# (C) Tenable, Inc.\n#\n# The package checks in this plugin were extracted from\n# SUSE update advisory SUSE-SU-2022:0939-1. The text itself\n# is copyright (C) SUSE.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(159188);\n script_version(\"1.2\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/03/24\");\n\n script_cve_id(\"CVE-2021-26401\", \"CVE-2022-0001\", \"CVE-2022-0002\");\n script_xref(name:\"SuSE\", value:\"SUSE-SU-2022:0939-1\");\n\n script_name(english:\"SUSE SLES12 Security Update : xen (SUSE-SU-2022:0939-1)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote SUSE host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote SUSE Linux SLES12 host has packages installed that are affected by multiple vulnerabilities as referenced in\nthe SUSE-SU-2022:0939-1 advisory.\n\n - LFENCE/JMP (mitigation V2-2) may not sufficiently mitigate CVE-2017-5715 on some AMD CPUs.\n (CVE-2021-26401)\n\n - Non-transparent sharing of branch predictor selectors between contexts in some Intel(R) Processors may\n allow an authorized user to potentially enable information disclosure via local access. (CVE-2022-0001)\n\n - Non-transparent sharing of branch predictor within a context in some Intel(R) Processors may allow an\n authorized user to potentially enable information disclosure via local access. (CVE-2022-0002)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1196915\");\n # https://lists.suse.com/pipermail/sle-security-updates/2022-March/010506.html\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?6e6cd755\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-26401\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-0001\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-0002\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:P/I:N/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2022-0002\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2022/03/07\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2022/03/23\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/03/24\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:xen\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:xen-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:xen-doc-html\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:xen-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:xen-libs-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:xen-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:xen-tools-domU\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:12\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"SuSE Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude('audit.inc');\ninclude('global_settings.inc');\ninclude('misc_func.inc');\ninclude('rpm.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar release = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nvar os_ver = pregmatch(pattern: \"^(SLE(S|D)\\d+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'SUSE');\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLES12)$\", string:os_ver)) audit(AUDIT_OS_NOT, 'SUSE SLES12', 'SUSE ' + os_ver);\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'SUSE ' + os_ver, cpu);\n\nvar sp = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(sp)) sp = \"0\";\nif (os_ver == \"SLES12\" && (! preg(pattern:\"^(5)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLES12 SP5\", os_ver + \" SP\" + sp);\n\nvar pkgs = [\n {'reference':'xen-4.12.4_20-3.61.1', 'sp':'5', 'cpu':'x86_64', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'SLES_SAP-release-12.5'},\n {'reference':'xen-devel-4.12.4_20-3.61.1', 'sp':'5', 'cpu':'aarch64', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'SLES_SAP-release-12.5'},\n {'reference':'xen-devel-4.12.4_20-3.61.1', 'sp':'5', 'cpu':'x86_64', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'SLES_SAP-release-12.5'},\n {'reference':'xen-doc-html-4.12.4_20-3.61.1', 'sp':'5', 'cpu':'x86_64', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'SLES_SAP-release-12.5'},\n {'reference':'xen-libs-32bit-4.12.4_20-3.61.1', 'sp':'5', 'cpu':'x86_64', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'SLES_SAP-release-12.5'},\n {'reference':'xen-libs-4.12.4_20-3.61.1', 'sp':'5', 'cpu':'x86_64', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'SLES_SAP-release-12.5'},\n {'reference':'xen-tools-4.12.4_20-3.61.1', 'sp':'5', 'cpu':'x86_64', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'SLES_SAP-release-12.5'},\n {'reference':'xen-tools-domU-4.12.4_20-3.61.1', 'sp':'5', 'cpu':'x86_64', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'SLES_SAP-release-12.5'},\n {'reference':'xen-devel-4.12.4_20-3.61.1', 'sp':'5', 'cpu':'aarch64', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'sle-sdk-release-12.5'},\n {'reference':'xen-devel-4.12.4_20-3.61.1', 'sp':'5', 'cpu':'x86_64', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'sle-sdk-release-12.5'},\n {'reference':'xen-4.12.4_20-3.61.1', 'sp':'5', 'cpu':'x86_64', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'sles-release-12.5'},\n {'reference':'xen-devel-4.12.4_20-3.61.1', 'sp':'5', 'cpu':'aarch64', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'sles-release-12.5'},\n {'reference':'xen-devel-4.12.4_20-3.61.1', 'sp':'5', 'cpu':'x86_64', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'sles-release-12.5'},\n {'reference':'xen-doc-html-4.12.4_20-3.61.1', 'sp':'5', 'cpu':'x86_64', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'sles-release-12.5'},\n {'reference':'xen-libs-32bit-4.12.4_20-3.61.1', 'sp':'5', 'cpu':'x86_64', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'sles-release-12.5'},\n {'reference':'xen-libs-4.12.4_20-3.61.1', 'sp':'5', 'cpu':'x86_64', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'sles-release-12.5'},\n {'reference':'xen-tools-4.12.4_20-3.61.1', 'sp':'5', 'cpu':'x86_64', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'sles-release-12.5'},\n {'reference':'xen-tools-domU-4.12.4_20-3.61.1', 'sp':'5', 'cpu':'x86_64', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'sles-release-12.5'}\n];\n\nvar ltss_caveat_required = FALSE;\nvar flag = 0;\nforeach package_array ( pkgs ) {\n var reference = NULL;\n var release = NULL;\n var sp = NULL;\n var cpu = NULL;\n var exists_check = NULL;\n var rpm_spec_vers_cmp = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) release = package_array['release'];\n if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) cpu = package_array['cpu'];\n if (!empty_or_null(package_array['exists_check'])) exists_check = package_array['exists_check'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (reference && release) {\n if (exists_check) {\n if (!rpm_exists(release:release, rpm:exists_check)) continue;\n if ('ltss' >< tolower(exists_check)) ltss_caveat_required = TRUE;\n }\n if (rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, rpm_spec_vers_cmp:rpm_spec_vers_cmp)) flag++;\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_NOTE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'xen / xen-devel / xen-doc-html / xen-libs / xen-libs-32bit / xen-tools / etc');\n}\n", "cvss": {"score": 2.1, "vector": "AV:L/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2022-07-27T16:40:19", "description": "The remote SUSE Linux SUSE15 host has packages installed that are affected by multiple vulnerabilities as referenced in the openSUSE-SU-2022:0940-1 advisory.\n\n - LFENCE/JMP (mitigation V2-2) may not sufficiently mitigate CVE-2017-5715 on some AMD CPUs.\n (CVE-2021-26401)\n\n - Non-transparent sharing of branch predictor selectors between contexts in some Intel(R) Processors may allow an authorized user to potentially enable information disclosure via local access. (CVE-2022-0001)\n\n - Non-transparent sharing of branch predictor within a context in some Intel(R) Processors may allow an authorized user to potentially enable information disclosure via local access. (CVE-2022-0002)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {"score": 6.5, "vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N"}, "published": "2022-03-24T00:00:00", "type": "nessus", "title": "openSUSE 15 Security Update : xen (openSUSE-SU-2022:0940-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-5715", "CVE-2021-26401", "CVE-2022-0001", "CVE-2022-0002"], "modified": "2022-03-24T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:xen", "p-cpe:/a:novell:opensuse:xen-devel", "p-cpe:/a:novell:opensuse:xen-libs", "p-cpe:/a:novell:opensuse:xen-libs-32bit", "p-cpe:/a:novell:opensuse:xen-tools", "p-cpe:/a:novell:opensuse:xen-tools-domU", "p-cpe:/a:novell:opensuse:xen-tools-xendomains-wait-disk", "cpe:/o:novell:opensuse:15.3"], "id": "OPENSUSE-2022-0940-1.NASL", "href": "https://www.tenable.com/plugins/nessus/159211", "sourceData": "#%NASL_MIN_LEVEL 70300\n##\n# (C) Tenable, Inc.\n#\n# The package checks in this plugin were extracted from\n# openSUSE Security Update openSUSE-SU-2022:0940-1. The text itself\n# is copyright (C) SUSE.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(159211);\n script_version(\"1.2\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/03/24\");\n\n script_cve_id(\"CVE-2021-26401\", \"CVE-2022-0001\", \"CVE-2022-0002\");\n\n script_name(english:\"openSUSE 15 Security Update : xen (openSUSE-SU-2022:0940-1)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote SUSE host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote SUSE Linux SUSE15 host has packages installed that are affected by multiple vulnerabilities as referenced in\nthe openSUSE-SU-2022:0940-1 advisory.\n\n - LFENCE/JMP (mitigation V2-2) may not sufficiently mitigate CVE-2017-5715 on some AMD CPUs.\n (CVE-2021-26401)\n\n - Non-transparent sharing of branch predictor selectors between contexts in some Intel(R) Processors may\n allow an authorized user to potentially enable information disclosure via local access. (CVE-2022-0001)\n\n - Non-transparent sharing of branch predictor within a context in some Intel(R) Processors may allow an\n authorized user to potentially enable information disclosure via local access. (CVE-2022-0002)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1027519\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1191668\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1194267\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1196915\");\n # https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/NXODJTCX5G5LLTBOEFVBOCIWYKEGYAMP/\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?cd78ea4b\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-26401\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-0001\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-0002\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:P/I:N/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2022-0002\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2022/03/07\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2022/03/23\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/03/24\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:xen\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:xen-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:xen-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:xen-libs-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:xen-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:xen-tools-domU\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:xen-tools-xendomains-wait-disk\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:15.3\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"SuSE Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude('audit.inc');\ninclude('global_settings.inc');\ninclude('misc_func.inc');\ninclude('rpm.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar release = get_kb_item('Host/SuSE/release');\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, 'openSUSE');\nvar os_ver = pregmatch(pattern: \"^SUSE([\\d.]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'openSUSE');\nos_ver = os_ver[1];\nif (release !~ \"^(SUSE15\\.3)$\") audit(AUDIT_OS_RELEASE_NOT, 'openSUSE', '15.3', release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'openSUSE ' + os_ver, cpu);\n\nvar pkgs = [\n {'reference':'xen-4.14.4_02-150300.3.21.1', 'cpu':'aarch64', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'xen-4.14.4_02-150300.3.21.1', 'cpu':'x86_64', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'xen-devel-4.14.4_02-150300.3.21.1', 'cpu':'aarch64', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'xen-devel-4.14.4_02-150300.3.21.1', 'cpu':'x86_64', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'xen-libs-32bit-4.14.4_02-150300.3.21.1', 'cpu':'x86_64', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'xen-libs-4.14.4_02-150300.3.21.1', 'cpu':'aarch64', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'xen-libs-4.14.4_02-150300.3.21.1', 'cpu':'x86_64', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'xen-tools-4.14.4_02-150300.3.21.1', 'cpu':'aarch64', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'xen-tools-4.14.4_02-150300.3.21.1', 'cpu':'x86_64', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'xen-tools-domU-4.14.4_02-150300.3.21.1', 'cpu':'aarch64', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'xen-tools-domU-4.14.4_02-150300.3.21.1', 'cpu':'x86_64', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'xen-tools-xendomains-wait-disk-4.14.4_02-150300.3.21.1', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE}\n];\n\nvar flag = 0;\nforeach package_array ( pkgs ) {\n var reference = NULL;\n var release = NULL;\n var cpu = NULL;\n var rpm_spec_vers_cmp = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) release = package_array['release'];\n if (!empty_or_null(package_array['cpu'])) cpu = package_array['cpu'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (reference && release) {\n if (rpm_check(release:release, cpu:cpu, reference:reference, rpm_spec_vers_cmp:rpm_spec_vers_cmp)) flag++;\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_NOTE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'xen / xen-devel / xen-libs / xen-libs-32bit / xen-tools / etc');\n}\n", "cvss": {"score": 2.1, "vector": "AV:L/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2022-06-19T17:39:40", "description": "The remote Ubuntu 18.04 LTS / 20.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-5318-1 advisory.\n\n - net/netfilter/nf_dup_netdev.c in the Linux kernel 5.4 through 5.6.10 allows local users to gain privileges because of a heap out-of-bounds write. This is related to nf_tables_offload. (CVE-2022-25636)\n\n - Non-transparent sharing of branch predictor selectors between contexts in some Intel(R) Processors may allow an authorized user to potentially enable information disclosure via local access. (CVE-2022-0001)\n\n - Non-transparent sharing of branch predictor within a context in some Intel(R) Processors may allow an authorized user to potentially enable information disclosure via local access. (CVE-2022-0002)\n\n - Certain Arm Cortex and Neoverse processors through 2022-03-08 do not properly restrict cache speculation, aka Spectre-BHB. An attacker can leverage the shared branch history in the Branch History Buffer (BHB) to influence mispredicted branches. Then, cache allocation can allow the attacker to obtain sensitive information. (CVE-2022-23960)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {"score": 7.8, "vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"}, "published": "2022-03-09T00:00:00", "type": "nessus", "title": "Ubuntu 18.04 LTS / 20.04 LTS : Linux kernel vulnerabilities (USN-5318-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2022-0001", "CVE-2022-0002", "CVE-2022-23960", "CVE-2022-25636"], "modified": "2022-03-14T00:00:00", "cpe": ["cpe:/o:canonical:ubuntu_linux:18.04:-:lts", "cpe:/o:canonical:ubuntu_linux:20.04:-:lts", "p-cpe:/a:canonical:ubuntu_linux:linux-aws", "p-cpe:/a:canonical:ubuntu_linux:linux-aws-5.4-cloud-tools-5.4.0-1068", "p-cpe:/a:canonical:ubuntu_linux:linux-aws-5.4-headers-5.4.0-1068", "p-cpe:/a:canonical:ubuntu_linux:linux-aws-5.4-tools-5.4.0-1068", "p-cpe:/a:canonical:ubuntu_linux:linux-aws-cloud-tools-5.4.0-1068", "p-cpe:/a:canonical:ubuntu_linux:linux-aws-edge", "p-cpe:/a:canonical:ubuntu_linux:linux-aws-headers-5.4.0-1068", "p-cpe:/a:canonical:ubuntu_linux:linux-aws-lts-20.04", "p-cpe:/a:canonical:ubuntu_linux:linux-aws-tools-5.4.0-1068", "p-cpe:/a:canonical:ubuntu_linux:linux-azure", "p-cpe:/a:canonical:ubuntu_linux:linux-azure-5.4-cloud-tools-5.4.0-1072", "p-cpe:/a:canonical:ubuntu_linux:linux-azure-5.4-headers-5.4.0-1072", "p-cpe:/a:canonical:ubuntu_linux:linux-azure-5.4-tools-5.4.0-1072", "p-cpe:/a:canonical:ubuntu_linux:linux-azure-cloud-tools-5.4.0-1072", "p-cpe:/a:canonical:ubuntu_linux:linux-azure-edge", "p-cpe:/a:canonical:ubuntu_linux:linux-azure-fde", "p-cpe:/a:canonical:ubuntu_linux:linux-azure-headers-5.4.0-1072", "p-cpe:/a:canonical:ubuntu_linux:linux-azure-lts-20.04", "p-cpe:/a:canonical:ubuntu_linux:linux-azure-tools-5.4.0-1072", "p-cpe:/a:canonical:ubuntu_linux:linux-bluefield", "p-cpe:/a:canonical:ubuntu_linux:linux-bluefield-headers-5.4.0-1030", "p-cpe:/a:canonical:ubuntu_linux:linux-bluefield-tools-5.4.0-1030", "p-cpe:/a:canonical:ubuntu_linux:linux-buildinfo-5.4.0-1017-ibm", "p-cpe:/a:canonical:ubuntu_linux:linux-buildinfo-5.4.0-1030-bluefield", "p-cpe:/a:canonical:ubuntu_linux:linux-buildinfo-5.4.0-1036-gkeop", "p-cpe:/a:canonical:ubuntu_linux:linux-buildinfo-5.4.0-104-generic", "p-cpe:/a:canonical:ubuntu_linux:linux-buildinfo-5.4.0-104-generic-lpae", "p-cpe:/a:canonical:ubuntu_linux:linux-buildinfo-5.4.0-104-lowlatency", "p-cpe:/a:canonical:ubuntu_linux:linux-buildinfo-5.4.0-1055-raspi", "p-cpe:/a:canonical:ubuntu_linux:linux-buildinfo-5.4.0-1058-kvm", "p-cpe:/a:canonical:ubuntu_linux:linux-buildinfo-5.4.0-1065-gke", "p-cpe:/a:canonical:ubuntu_linux:linux-buildinfo-5.4.0-1066-oracle", "p-cpe:/a:canonical:ubuntu_linux:linux-buildinfo-5.4.0-1067-gcp", "p-cpe:/a:canonical:ubuntu_linux:linux-buildinfo-5.4.0-1068-aws", "p-cpe:/a:canonical:ubuntu_linux:linux-buildinfo-5.4.0-1072-azure", "p-cpe:/a:canonical:ubuntu_linux:linux-cloud-tools-5.4.0-1036-gkeop", "p-cpe:/a:canonical:ubuntu_linux:linux-cloud-tools-5.4.0-104", "p-cpe:/a:canonical:ubuntu_linux:linux-cloud-tools-5.4.0-104-generic", "p-cpe:/a:canonical:ubuntu_linux:linux-cloud-tools-5.4.0-104-lowlatency", "p-cpe:/a:canonical:ubuntu_linux:linux-cloud-tools-5.4.0-1068-aws", "p-cpe:/a:canonical:ubuntu_linux:linux-cloud-tools-5.4.0-1072-azure", "p-cpe:/a:canonical:ubuntu_linux:linux-cloud-tools-azure", "p-cpe:/a:canonical:ubuntu_linux:linux-cloud-tools-azure-edge", "p-cpe:/a:canonical:ubuntu_linux:linux-cloud-tools-azure-fde", "p-cpe:/a:canonical:ubuntu_linux:linux-cloud-tools-azure-lts-20.04", "p-cpe:/a:canonical:ubuntu_linux:linux-cloud-tools-common", "p-cpe:/a:canonical:ubuntu_linux:linux-cloud-tools-generic", "p-cpe:/a:canonical:ubuntu_linux:linux-cloud-tools-generic-hwe-18.04", "p-cpe:/a:canonical:ubuntu_linux:linux-cloud-tools-generic-hwe-18.04-edge", "p-cpe:/a:canonical:ubuntu_linux:linux-cloud-tools-gkeop", "p-cpe:/a:canonical:ubuntu_linux:linux-cloud-tools-gkeop-5.4", "p-cpe:/a:canonical:ubuntu_linux:linux-cloud-tools-lowlatency", "p-cpe:/a:canonical:ubuntu_linux:linux-cloud-tools-lowlatency-hwe-18.04", "p-cpe:/a:canonical:ubuntu_linux:linux-cloud-tools-lowlatency-hwe-18.04-edge", "p-cpe:/a:canonical:ubuntu_linux:linux-cloud-tools-virtual", "p-cpe:/a:canonical:ubuntu_linux:linux-cloud-tools-virtual-hwe-18.04", "p-cpe:/a:canonical:ubuntu_linux:linux-cloud-tools-virtual-hwe-18.04-edge", "p-cpe:/a:canonical:ubuntu_linux:linux-crashdump", "p-cpe:/a:canonical:ubuntu_linux:linux-gcp", "p-cpe:/a:canonical:ubuntu_linux:linux-gcp-5.4-headers-5.4.0-1067", "p-cpe:/a:canonical:ubuntu_linux:linux-gcp-5.4-tools-5.4.0-1067", "p-cpe:/a:canonical:ubuntu_linux:linux-gcp-edge", "p-cpe:/a:canonical:ubuntu_linux:linux-gcp-headers-5.4.0-1067", "p-cpe:/a:canonical:ubuntu_linux:linux-gcp-lts-20.04", "p-cpe:/a:canonical:ubuntu_linux:linux-gcp-tools-5.4.0-1067", "p-cpe:/a:canonical:ubuntu_linux:linux-generic", "p-cpe:/a:canonical:ubuntu_linux:linux-generic-hwe-18.04", "p-cpe:/a:canonical:ubuntu_linux:linux-generic-hwe-18.04-edge", "p-cpe:/a:canonical:ubuntu_linux:linux-generic-lpae", "p-cpe:/a:canonical:ubuntu_linux:linux-generic-lpae-hwe-18.04", "p-cpe:/a:canonical:ubuntu_linux:linux-generic-lpae-hwe-18.04-edge", "p-cpe:/a:canonical:ubuntu_linux:linux-gke", "p-cpe:/a:canonical:ubuntu_linux:linux-gke-5.4", "p-cpe:/a:canonical:ubuntu_linux:linux-gke-5.4-headers-5.4.0-1065", "p-cpe:/a:canonical:ubuntu_linux:linux-gke-5.4-tools-5.4.0-1065", "p-cpe:/a:canonical:ubuntu_linux:linux-gke-headers-5.4.0-1065", "p-cpe:/a:canonical:ubuntu_linux:linux-gke-tools-5.4.0-1065", "p-cpe:/a:canonical:ubuntu_linux:linux-gkeop", "p-cpe:/a:canonical:ubuntu_linux:linux-gkeop-5.4", "p-cpe:/a:canonical:ubuntu_linux:linux-gkeop-5.4-cloud-tools-5.4.0-1036", "p-cpe:/a:canonical:ubuntu_linux:linux-gkeop-5.4-headers-5.4.0-1036", "p-cpe:/a:canonical:ubuntu_linux:linux-gkeop-5.4-source-5.4.0", "p-cpe:/a:canonical:ubuntu_linux:linux-gkeop-5.4-tools-5.4.0-1036", "p-cpe:/a:canonical:ubuntu_linux:linux-gkeop-cloud-tools-5.4.0-1036", "p-cpe:/a:canonical:ubuntu_linux:linux-gkeop-headers-5.4.0-1036", "p-cpe:/a:canonical:ubuntu_linux:linux-gkeop-source-5.4.0", "p-cpe:/a:canonical:ubuntu_linux:linux-gkeop-tools-5.4.0-1036", "p-cpe:/a:canonical:ubuntu_linux:linux-headers-5.4.0-1017-ibm", "p-cpe:/a:canonical:ubuntu_linux:linux-headers-5.4.0-1030-bluefield", "p-cpe:/a:canonical:ubuntu_linux:linux-headers-5.4.0-1036-gkeop", "p-cpe:/a:canonical:ubuntu_linux:linux-headers-5.4.0-104", "p-cpe:/a:canonical:ubuntu_linux:linux-headers-5.4.0-104-generic", "p-cpe:/a:canonical:ubuntu_linux:linux-headers-5.4.0-104-generic-lpae", "p-cpe:/a:canonical:ubuntu_linux:linux-headers-5.4.0-104-lowlatency", "p-cpe:/a:canonical:ubuntu_linux:linux-headers-5.4.0-1055-raspi", "p-cpe:/a:canonical:ubuntu_linux:linux-headers-5.4.0-1058-kvm", "p-cpe:/a:canonical:ubuntu_linux:linux-headers-5.4.0-1065-gke", "p-cpe:/a:canonical:ubuntu_linux:linux-headers-5.4.0-1066-oracle", "p-cpe:/a:canonical:ubuntu_linux:linux-headers-5.4.0-1067-gcp", "p-cpe:/a:canonical:ubuntu_linux:linux-headers-5.4.0-1068-aws", "p-cpe:/a:canonical:ubuntu_linux:linux-headers-5.4.0-1072-azure", "p-cpe:/a:canonical:ubuntu_linux:linux-headers-aws", "p-cpe:/a:canonical:ubuntu_linux:linux-headers-aws-edge", "p-cpe:/a:canonical:ubuntu_linux:linux-headers-aws-lts-20.04", "p-cpe:/a:canonical:ubuntu_linux:linux-headers-azure", "p-cpe:/a:canonical:ubuntu_linux:linux-headers-azure-edge", "p-cpe:/a:canonical:ubuntu_linux:linux-headers-azure-fde", "p-cpe:/a:canonical:ubuntu_linux:linux-headers-azure-lts-20.04", "p-cpe:/a:canonical:ubuntu_linux:linux-headers-bluefield", "p-cpe:/a:canonical:ubuntu_linux:linux-headers-gcp", "p-cpe:/a:canonical:ubuntu_linux:linux-headers-gcp-edge", "p-cpe:/a:canonical:ubuntu_linux:linux-headers-gcp-lts-20.04", "p-cpe:/a:canonical:ubuntu_linux:linux-headers-generic", "p-cpe:/a:canonical:ubuntu_linux:linux-headers-generic-hwe-18.04", "p-cpe:/a:canonical:ubuntu_linux:linux-headers-generic-hwe-18.04-edge", "p-cpe:/a:canonical:ubuntu_linux:linux-headers-generic-lpae", "p-cpe:/a:canonical:ubuntu_linux:linux-headers-generic-lpae-hwe-18.04", "p-cpe:/a:canonical:ubuntu_linux:linux-headers-generic-lpae-hwe-18.04-edge", "p-cpe:/a:canonical:ubuntu_linux:linux-headers-gke", "p-cpe:/a:canonical:ubuntu_linux:linux-headers-gke-5.4", "p-cpe:/a:canonical:ubuntu_linux:linux-headers-gkeop", "p-cpe:/a:canonical:ubuntu_linux:linux-headers-gkeop-5.4", "p-cpe:/a:canonical:ubuntu_linux:linux-headers-ibm", "p-cpe:/a:canonical:ubuntu_linux:linux-headers-ibm-edge", "p-cpe:/a:canonical:ubuntu_linux:linux-headers-ibm-lts-20.04", "p-cpe:/a:canonical:ubuntu_linux:linux-headers-kvm", "p-cpe:/a:canonical:ubuntu_linux:linux-headers-lowlatency", "p-cpe:/a:canonical:ubuntu_linux:linux-headers-lowlatency-hwe-18.04", "p-cpe:/a:canonical:ubuntu_linux:linux-headers-lowlatency-hwe-18.04-edge", "p-cpe:/a:canonical:ubuntu_linux:linux-headers-oem", "p-cpe:/a:canonical:ubuntu_linux:linux-headers-oem-osp1", "p-cpe:/a:canonical:ubuntu_linux:linux-headers-oracle", "p-cpe:/a:canonical:ubuntu_linux:linux-headers-oracle-edge", "p-cpe:/a:canonical:ubuntu_linux:linux-headers-oracle-lts-20.04", "p-cpe:/a:canonical:ubuntu_linux:linux-headers-raspi", "p-cpe:/a:canonical:ubuntu_linux:linux-headers-raspi-hwe-18.04", "p-cpe:/a:canonical:ubuntu_linux:linux-headers-raspi-hwe-18.04-edge", "p-cpe:/a:canonical:ubuntu_linux:linux-headers-raspi2", "p-cpe:/a:canonical:ubuntu_linux:linux-headers-raspi2-hwe-18.04", "p-cpe:/a:canonical:ubuntu_linux:linux-headers-raspi2-hwe-18.04-edge", "p-cpe:/a:canonical:ubuntu_linux:linux-headers-snapdragon-hwe-18.04", "p-cpe:/a:canonical:ubuntu_linux:linux-headers-snapdragon-hwe-18.04-edge", "p-cpe:/a:canonical:ubuntu_linux:linux-headers-virtual", "p-cpe:/a:canonical:ubuntu_linux:linux-headers-virtual-hwe-18.04", "p-cpe:/a:canonical:ubuntu_linux:linux-headers-virtual-hwe-18.04-edge", "p-cpe:/a:canonical:ubuntu_linux:linux-hwe-5.4-cloud-tools-5.4.0-104", "p-cpe:/a:canonical:ubuntu_linux:linux-hwe-5.4-cloud-tools-common", "p-cpe:/a:canonical:ubuntu_linux:linux-hwe-5.4-headers-5.4.0-104", "p-cpe:/a:canonical:ubuntu_linux:linux-hwe-5.4-source-5.4.0", "p-cpe:/a:canonical:ubuntu_linux:linux-hwe-5.4-tools-5.4.0-104", "p-cpe:/a:canonical:ubuntu_linux:linux-hwe-5.4-tools-common", "p-cpe:/a:canonical:ubuntu_linux:linux-ibm", "p-cpe:/a:canonical:ubuntu_linux:linux-ibm-5.4-cloud-tools-common", "p-cpe:/a:canonical:ubuntu_linux:linux-ibm-5.4-headers-5.4.0-1017", "p-cpe:/a:canonical:ubuntu_linux:linux-ibm-5.4-source-5.4.0", "p-cpe:/a:canonical:ubuntu_linux:linux-ibm-5.4-tools-5.4.0-1017", "p-cpe:/a:canonical:ubuntu_linux:linux-ibm-5.4-tools-common", "p-cpe:/a:canonical:ubuntu_linux:linux-ibm-cloud-tools-common", "p-cpe:/a:canonical:ubuntu_linux:linux-ibm-edge", "p-cpe:/a:canonical:ubuntu_linux:linux-ibm-headers-5.4.0-1017", "p-cpe:/a:canonical:ubuntu_linux:linux-ibm-lts-20.04", "p-cpe:/a:canonical:ubuntu_linux:linux-ibm-source-5.4.0", "p-cpe:/a:canonical:ubuntu_linux:linux-ibm-tools-5.4.0-1017", "p-cpe:/a:canonical:ubuntu_linux:linux-ibm-tools-common", "p-cpe:/a:canonical:ubuntu_linux:linux-image-5.4.0-1017-ibm", "p-cpe:/a:canonical:ubuntu_linux:linux-image-5.4.0-1030-bluefield", "p-cpe:/a:canonical:ubuntu_linux:linux-image-5.4.0-1036-gkeop", "p-cpe:/a:canonical:ubuntu_linux:linux-image-5.4.0-104-generic", "p-cpe:/a:canonical:ubuntu_linux:linux-image-5.4.0-104-generic-lpae", "p-cpe:/a:canonical:ubuntu_linux:linux-image-5.4.0-104-lowlatency", "p-cpe:/a:canonical:ubuntu_linux:linux-image-5.4.0-1055-raspi", "p-cpe:/a:canonical:ubuntu_linux:linux-image-5.4.0-1058-kvm", "p-cpe:/a:canonical:ubuntu_linux:linux-image-5.4.0-1065-gke", "p-cpe:/a:canonical:ubuntu_linux:linux-image-5.4.0-1066-oracle", "p-cpe:/a:canonical:ubuntu_linux:linux-image-5.4.0-1067-gcp", "p-cpe:/a:canonical:ubuntu_linux:linux-image-5.4.0-1068-aws", "p-cpe:/a:canonical:ubuntu_linux:linux-image-5.4.0-1072-azure", "p-cpe:/a:canonical:ubuntu_linux:linux-image-5.4.0-1072-azure-fde", "p-cpe:/a:canonical:ubuntu_linux:linux-image-aws", "p-cpe:/a:canonical:ubuntu_linux:linux-image-aws-edge", "p-cpe:/a:canonical:ubuntu_linux:linux-image-aws-lts-20.04", "p-cpe:/a:canonical:ubuntu_linux:linux-image-azure", "p-cpe:/a:canonical:ubuntu_linux:linux-image-azure-edge", "p-cpe:/a:canonical:ubuntu_linux:linux-image-azure-fde", "p-cpe:/a:canonical:ubuntu_linux:linux-image-azure-lts-20.04", "p-cpe:/a:canonical:ubuntu_linux:linux-image-bluefield", "p-cpe:/a:canonical:ubuntu_linux:linux-image-extra-virtual", "p-cpe:/a:canonical:ubuntu_linux:linux-image-extra-virtual-hwe-18.04", "p-cpe:/a:canonical:ubuntu_linux:linux-image-extra-virtual-hwe-18.04-edge", "p-cpe:/a:canonical:ubuntu_linux:linux-image-gcp", "p-cpe:/a:canonical:ubuntu_linux:linux-image-gcp-edge", "p-cpe:/a:canonical:ubuntu_linux:linux-image-gcp-lts-20.04", "p-cpe:/a:canonical:ubuntu_linux:linux-image-generic", "p-cpe:/a:canonical:ubuntu_linux:linux-image-generic-hwe-18.04", "p-cpe:/a:canonical:ubuntu_linux:linux-image-generic-hwe-18.04-edge", "p-cpe:/a:canonical:ubuntu_linux:linux-image-generic-lpae", "p-cpe:/a:canonical:ubuntu_linux:linux-image-generic-lpae-hwe-18.04", "p-cpe:/a:canonical:ubuntu_linux:linux-image-generic-lpae-hwe-18.04-edge", "p-cpe:/a:canonical:ubuntu_linux:linux-image-gke", "p-cpe:/a:canonical:ubuntu_linux:linux-image-gke-5.4", "p-cpe:/a:canonical:ubuntu_linux:linux-image-gkeop", "p-cpe:/a:canonical:ubuntu_linux:linux-image-gkeop-5.4", "p-cpe:/a:canonical:ubuntu_linux:linux-image-ibm", "p-cpe:/a:canonical:ubuntu_linux:linux-image-ibm-edge", "p-cpe:/a:canonical:ubuntu_linux:linux-image-ibm-lts-20.04", "p-cpe:/a:canonical:ubuntu_linux:linux-image-kvm", "p-cpe:/a:canonical:ubuntu_linux:linux-image-lowlatency", "p-cpe:/a:canonical:ubuntu_linux:linux-image-lowlatency-hwe-18.04", "p-cpe:/a:canonical:ubuntu_linux:linux-image-lowlatency-hwe-18.04-edge", "p-cpe:/a:canonical:ubuntu_linux:linux-image-oem", "p-cpe:/a:canonical:ubuntu_linux:linux-image-oem-osp1", "p-cpe:/a:canonical:ubuntu_linux:linux-image-oracle", "p-cpe:/a:canonical:ubuntu_linux:linux-image-oracle-edge", "p-cpe:/a:canonical:ubuntu_linux:linux-image-oracle-lts-20.04", "p-cpe:/a:canonical:ubuntu_linux:linux-image-raspi", "p-cpe:/a:canonical:ubuntu_linux:linux-image-raspi-hwe-18.04", "p-cpe:/a:canonical:ubuntu_linux:linux-image-raspi-hwe-18.04-edge", "p-cpe:/a:canonical:ubuntu_linux:linux-image-raspi2", "p-cpe:/a:canonical:ubuntu_linux:linux-image-raspi2-hwe-18.04", "p-cpe:/a:canonical:ubuntu_linux:linux-image-raspi2-hwe-18.04-edge", "p-cpe:/a:canonical:ubuntu_linux:linux-image-snapdragon-hwe-18.04", "p-cpe:/a:canonical:ubuntu_linux:linux-image-snapdragon-hwe-18.04-edge", "p-cpe:/a:canonical:ubuntu_linux:linux-image-unsigned-5.4.0-1017-ibm", "p-cpe:/a:canonical:ubuntu_linux:linux-image-unsigned-5.4.0-1030-bluefield", "p-cpe:/a:canonical:ubuntu_linux:linux-image-unsigned-5.4.0-1036-gkeop", "p-cpe:/a:canonical:ubuntu_linux:linux-image-unsigned-5.4.0-104-generic", "p-cpe:/a:canonical:ubuntu_linux:linux-image-unsigned-5.4.0-104-lowlatency", "p-cpe:/a:canonical:ubuntu_linux:linux-image-unsigned-5.4.0-1058-kvm", "p-cpe:/a:canonical:ubuntu_linux:linux-image-unsigned-5.4.0-1065-gke", "p-cpe:/a:canonical:ubuntu_linux:linux-image-unsigned-5.4.0-1066-oracle", "p-cpe:/a:canonical:ubuntu_linux:linux-image-unsigned-5.4.0-1067-gcp", "p-cpe:/a:canonical:ubuntu_linux:linux-image-unsigned-5.4.0-1068-aws", "p-cpe:/a:canonical:ubuntu_linux:linux-image-unsigned-5.4.0-1072-azure", "p-cpe:/a:canonical:ubuntu_linux:linux-image-unsigned-5.4.0-1072-azure-fde", "p-cpe:/a:canonical:ubuntu_linux:linux-image-virtual", "p-cpe:/a:canonical:ubuntu_linux:linux-image-virtual-hwe-18.04", "p-cpe:/a:canonical:ubuntu_linux:linux-image-virtual-hwe-18.04-edge", "p-cpe:/a:canonical:ubuntu_linux:linux-kvm", "p-cpe:/a:canonical:ubuntu_linux:linux-kvm-headers-5.4.0-1058", "p-cpe:/a:canonical:ubuntu_linux:linux-kvm-tools-5.4.0-1058", "p-cpe:/a:canonical:ubuntu_linux:linux-libc-dev", "p-cpe:/a:canonical:ubuntu_linux:linux-lowlatency", "p-cpe:/a:canonical:ubuntu_linux:linux-lowlatency-hwe-18.04", "p-cpe:/a:canonical:ubuntu_linux:linux-lowlatency-hwe-18.04-edge", "p-cpe:/a:canonical:ubuntu_linux:linux-modules-5.4.0-1017-ibm", "p-cpe:/a:canonical:ubuntu_linux:linux-modules-5.4.0-1030-bluefield", "p-cpe:/a:canonical:ubuntu_linux:linux-modules-5.4.0-1036-gkeop", "p-cpe:/a:canonical:ubuntu_linux:linux-modules-5.4.0-104-generic", "p-cpe:/a:canonical:ubuntu_linux:linux-modules-5.4.0-104-generic-lpae", "p-cpe:/a:canonical:ubuntu_linux:linux-modules-5.4.0-104-lowlatency", "p-cpe:/a:canonical:ubuntu_linux:linux-modules-5.4.0-1055-raspi", "p-cpe:/a:canonical:ubuntu_linux:linux-modules-5.4.0-1058-kvm", "p-cpe:/a:canonical:ubuntu_linux:linux-modules-5.4.0-1065-gke", "p-cpe:/a:canonical:ubuntu_linux:linux-modules-5.4.0-1066-oracle", "p-cpe:/a:canonical:ubuntu_linux:linux-modules-5.4.0-1067-gcp", "p-cpe:/a:canonical:ubuntu_linux:linux-modules-5.4.0-1068-aws", "p-cpe:/a:canonical:ubuntu_linux:linux-modules-5.4.0-1072-azure", "p-cpe:/a:canonical:ubuntu_linux:linux-modules-extra-5.4.0-1017-ibm", "p-cpe:/a:canonical:ubuntu_linux:linux-modules-extra-5.4.0-1036-gkeop", "p-cpe:/a:canonical:ubuntu_linux:linux-modules-extra-5.4.0-104-generic", "p-cpe:/a:canonical:ubuntu_linux:linux-modules-extra-5.4.0-1065-gke", "p-cpe:/a:canonical:ubuntu_linux:linux-modules-extra-5.4.0-1066-oracle", "p-cpe:/a:canonical:ubuntu_linux:linux-modules-extra-5.4.0-1067-gcp", "p-cpe:/a:canonical:ubuntu_linux:linux-modules-extra-5.4.0-1068-aws", "p-cpe:/a:canonical:ubuntu_linux:linux-modules-extra-5.4.0-1072-azure", "p-cpe:/a:canonical:ubuntu_linux:linux-modules-extra-aws", "p-cpe:/a:canonical:ubuntu_linux:linux-modules-extra-aws-edge", "p-cpe:/a:canonical:ubuntu_linux:linux-modules-extra-aws-lts-20.04", "p-cpe:/a:canonical:ubuntu_linux:linux-modules-extra-azure", "p-cpe:/a:canonical:ubuntu_linux:linux-modules-extra-azure-edge", "p-cpe:/a:canonical:ubuntu_linux:linux-modules-extra-azure-fde", "p-cpe:/a:canonical:ubuntu_linux:linux-modules-extra-azure-lts-20.04", "p-cpe:/a:canonical:ubuntu_linux:linux-modules-extra-gcp", "p-cpe:/a:canonical:ubuntu_linux:linux-modules-extra-gcp-edge", "p-cpe:/a:canonical:ubuntu_linux:linux-modules-extra-gcp-lts-20.04", "p-cpe:/a:canonical:ubuntu_linux:linux-modules-extra-gke", "p-cpe:/a:canonical:ubuntu_linux:linux-modules-extra-gke-5.4", "p-cpe:/a:canonical:ubuntu_linux:linux-modules-extra-gkeop", "p-cpe:/a:canonical:ubuntu_linux:linux-modules-extra-gkeop-5.4", "p-cpe:/a:canonical:ubuntu_linux:linux-modules-extra-ibm", "p-cpe:/a:canonical:ubuntu_linux:linux-modules-extra-ibm-edge", "p-cpe:/a:canonical:ubuntu_linux:linux-modules-extra-ibm-lts-20.04", "p-cpe:/a:canonical:ubuntu_linux:linux-modules-extra-oracle", "p-cpe:/a:canonical:ubuntu_linux:linux-modules-extra-oracle-edge", "p-cpe:/a:canonical:ubuntu_linux:linux-modules-extra-virtual-hwe-18.04", "p-cpe:/a:canonical:ubuntu_linux:linux-modules-extra-virtual-hwe-18.04-edge", "p-cpe:/a:canonical:ubuntu_linux:linux-oem", "p-cpe:/a:canonical:ubuntu_linux:linux-oem-osp1", "p-cpe:/a:canonical:ubuntu_linux:linux-oem-osp1-tools-host", "p-cpe:/a:canonical:ubuntu_linux:linux-oem-tools-host", "p-cpe:/a:canonical:ubuntu_linux:linux-oracle", "p-cpe:/a:canonical:ubuntu_linux:linux-oracle-5.4-headers-5.4.0-1066", "p-cpe:/a:canonical:ubuntu_linux:linux-oracle-5.4-tools-5.4.0-1066", "p-cpe:/a:canonical:ubuntu_linux:linux-oracle-edge", "p-cpe:/a:canonical:ubuntu_linux:linux-oracle-headers-5.4.0-1066", "p-cpe:/a:canonical:ubuntu_linux:linux-oracle-lts-20.04", "p-cpe:/a:canonical:ubuntu_linux:linux-oracle-tools-5.4.0-1066", "p-cpe:/a:canonical:ubuntu_linux:linux-raspi", "p-cpe:/a:canonical:ubuntu_linux:linux-raspi-5.4-headers-5.4.0-1055", "p-cpe:/a:canonical:ubuntu_linux:linux-raspi-5.4-tools-5.4.0-1055", "p-cpe:/a:canonical:ubuntu_linux:linux-raspi-headers-5.4.0-1055", "p-cpe:/a:canonical:ubuntu_linux:linux-raspi-hwe-18.04", "p-cpe:/a:canonical:ubuntu_linux:linux-raspi-hwe-18.04-edge", "p-cpe:/a:canonical:ubuntu_linux:linux-raspi-tools-5.4.0-1055", "p-cpe:/a:canonical:ubuntu_linux:linux-raspi2", "p-cpe:/a:canonical:ubuntu_linux:linux-raspi2-hwe-18.04", "p-cpe:/a:canonical:ubuntu_linux:linux-raspi2-hwe-18.04-edge", "p-cpe:/a:canonical:ubuntu_linux:linux-signed-azure", "p-cpe:/a:canonical:ubuntu_linux:linux-signed-azure-edge", "p-cpe:/a:canonical:ubuntu_linux:linux-signed-image-azure", "p-cpe:/a:canonical:ubuntu_linux:linux-signed-image-azure-edge", "p-cpe:/a:canonical:ubuntu_linux:linux-signed-image-oracle", "p-cpe:/a:canonical:ubuntu_linux:linux-signed-image-oracle-edge", "p-cpe:/a:canonical:ubuntu_linux:linux-signed-oracle", "p-cpe:/a:canonical:ubuntu_linux:linux-signed-oracle-edge", "p-cpe:/a:canonical:ubuntu_linux:linux-snapdragon-hwe-18.04", "p-cpe:/a:canonical:ubuntu_linux:linux-snapdragon-hwe-18.04-edge", "p-cpe:/a:canonical:ubuntu_linux:linux-source", "p-cpe:/a:canonical:ubuntu_linux:linux-source-5.4.0", "p-cpe:/a:canonical:ubuntu_linux:linux-tools-5.4.0-1017-ibm", "p-cpe:/a:canonical:ubuntu_linux:linux-tools-5.4.0-1030-bluefield", "p-cpe:/a:canonical:ubuntu_linux:linux-tools-5.4.0-1036-gkeop", "p-cpe:/a:canonical:ubuntu_linux:linux-tools-5.4.0-104", "p-cpe:/a:canonical:ubuntu_linux:linux-tools-5.4.0-104-generic", "p-cpe:/a:canonical:ubuntu_linux:linux-tools-5.4.0-104-generic-lpae", "p-cpe:/a:canonical:ubuntu_linux:linux-tools-5.4.0-104-lowlatency", "p-cpe:/a:canonical:ubuntu_linux:linux-tools-5.4.0-1055-raspi", "p-cpe:/a:canonical:ubuntu_linux:linux-tools-5.4.0-1058-kvm", "p-cpe:/a:canonical:ubuntu_linux:linux-tools-5.4.0-1065-gke", "p-cpe:/a:canonical:ubuntu_linux:linux-tools-5.4.0-1066-oracle", "p-cpe:/a:canonical:ubuntu_linux:linux-tools-5.4.0-1067-gcp", "p-cpe:/a:canonical:ubuntu_linux:linux-tools-5.4.0-1068-aws", "p-cpe:/a:canonical:ubuntu_linux:linux-tools-5.4.0-1072-azure", "p-cpe:/a:canonical:ubuntu_linux:linux-tools-aws", "p-cpe:/a:canonical:ubuntu_linux:linux-tools-aws-edge", "p-cpe:/a:canonical:ubuntu_linux:linux-tools-aws-lts-20.04", "p-cpe:/a:canonical:ubuntu_linux:linux-tools-azure", "p-cpe:/a:canonical:ubuntu_linux:linux-tools-azure-edge", "p-cpe:/a:canonical:ubuntu_linux:linux-tools-azure-fde", "p-cpe:/a:canonical:ubuntu_linux:linux-tools-azure-lts-20.04", "p-cpe:/a:canonical:ubuntu_linux:linux-tools-bluefield", "p-cpe:/a:canonical:ubuntu_linux:linux-tools-common", "p-cpe:/a:canonical:ubuntu_linux:linux-tools-gcp", "p-cpe:/a:canonical:ubuntu_linux:linux-tools-gcp-edge", "p-cpe:/a:canonical:ubuntu_linux:linux-tools-gcp-lts-20.04", "p-cpe:/a:canonical:ubuntu_linux:linux-tools-generic", "p-cpe:/a:canonical:ubuntu_linux:linux-tools-generic-hwe-18.04", "p-cpe:/a:canonical:ubuntu_linux:linux-tools-generic-hwe-18.04-edge", "p-cpe:/a:canonical:ubuntu_linux:linux-tools-generic-lpae", "p-cpe:/a:canonical:ubuntu_linux:linux-tools-generic-lpae-hwe-18.04", "p-cpe:/a:canonical:ubuntu_linux:linux-tools-generic-lpae-hwe-18.04-edge", "p-cpe:/a:canonical:ubuntu_linux:linux-tools-gke", "p-cpe:/a:canonical:ubuntu_linux:linux-tools-gke-5.4", "p-cpe:/a:canonical:ubuntu_linux:linux-tools-gkeop", "p-cpe:/a:canonical:ubuntu_linux:linux-tools-gkeop-5.4", "p-cpe:/a:canonical:ubuntu_linux:linux-tools-host", "p-cpe:/a:canonical:ubuntu_linux:linux-tools-ibm", "p-cpe:/a:canonical:ubuntu_linux:linux-tools-ibm-edge", "p-cpe:/a:canonical:ubuntu_linux:linux-tools-ibm-lts-20.04", "p-cpe:/a:canonical:ubuntu_linux:linux-tools-kvm", "p-cpe:/a:canonical:ubuntu_linux:linux-tools-lowlatency", "p-cpe:/a:canonical:ubuntu_linux:linux-tools-lowlatency-hwe-18.04", "p-cpe:/a:canonical:ubuntu_linux:linux-tools-lowlatency-hwe-18.04-edge", "p-cpe:/a:canonical:ubuntu_linux:linux-tools-oem", "p-cpe:/a:canonical:ubuntu_linux:linux-tools-oem-osp1", "p-cpe:/a:canonical:ubuntu_linux:linux-tools-oracle", "p-cpe:/a:canonical:ubuntu_linux:linux-tools-oracle-edge", "p-cpe:/a:canonical:ubuntu_linux:linux-tools-oracle-lts-20.04", "p-cpe:/a:canonical:ubuntu_linux:linux-tools-raspi", "p-cpe:/a:canonical:ubuntu_linux:linux-tools-raspi-hwe-18.04", "p-cpe:/a:canonical:ubuntu_linux:linux-tools-raspi-hwe-18.04-edge", "p-cpe:/a:canonical:ubuntu_linux:linux-tools-raspi2", "p-cpe:/a:canonical:ubuntu_linux:linux-tools-raspi2-hwe-18.04", "p-cpe:/a:canonical:ubuntu_linux:linux-tools-raspi2-hwe-18.04-edge", "p-cpe:/a:canonical:ubuntu_linux:linux-tools-snapdragon-hwe-18.04", "p-cpe:/a:canonical:ubuntu_linux:linux-tools-snapdragon-hwe-18.04-edge", "p-cpe:/a:canonical:ubuntu_linux:linux-tools-virtual", "p-cpe:/a:canonical:ubuntu_linux:linux-tools-virtual-hwe-18.04", "p-cpe:/a:canonical:ubuntu_linux:linux-tools-virtual-hwe-18.04-edge", "p-cpe:/a:canonical:ubuntu_linux:linux-virtual", "p-cpe:/a:canonical:ubuntu_linux:linux-virtual-hwe-18.04", "p-cpe:/a:canonical:ubuntu_linux:linux-virtual-hwe-18.04-edge"], "id": "UBUNTU_USN-5318-1.NASL", "href": "https://www.tenable.com/plugins/nessus/158737", "sourceData": "#%NASL_MIN_LEVEL 70300\n##\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-5318-1. The text\n# itself is copyright (C) Canonical, Inc. See\n# <https://ubuntu.com/security/notices>. Ubuntu(R) is a registered\n# trademark of Canonical, Inc.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(158737);\n script_version(\"1.3\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/03/14\");\n\n script_cve_id(\n \"CVE-2022-0001\",\n \"CVE-2022-0002\",\n \"CVE-2022-23960\",\n \"CVE-2022-25636\"\n );\n script_xref(name:\"USN\", value:\"5318-1\");\n\n script_name(english:\"Ubuntu 18.04 LTS / 20.04 LTS : Linux kernel vulnerabilities (USN-5318-1)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Ubuntu host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Ubuntu 18.04 LTS / 20.04 LTS host has packages installed that are affected by multiple vulnerabilities as\nreferenced in the USN-5318-1 advisory.\n\n - net/netfilter/nf_dup_netdev.c in the Linux kernel 5.4 through 5.6.10 allows local users to gain privileges\n because of a heap out-of-bounds write. This is related to nf_tables_offload. (CVE-2022-25636)\n\n - Non-transparent sharing of branch predictor selectors between contexts in some Intel(R) Processors may\n allow an authorized user to potentially enable information disclosure via local access. (CVE-2022-0001)\n\n - Non-transparent sharing of branch predictor within a context in some Intel(R) Processors may allow an\n authorized user to potentially enable information disclosure via local access. (CVE-2022-0002)\n\n - Certain Arm Cortex and Neoverse processors through 2022-03-08 do not properly restrict cache speculation,\n aka Spectre-BHB. An attacker can leverage the shared branch history in the Branch History Buffer (BHB) to\n influence mispredicted branches. Then, cache allocation can allow the attacker to obtain sensitive\n information. (CVE-2022-23960)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://ubuntu.com/security/notices/USN-5318-1\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2022-25636\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2022/02/24\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2022/03/09\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/03/09\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:18.04:-:lts\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:20.04:-:lts\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-aws\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-aws-5.4-cloud-tools-5.4.0-1068\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-aws-5.4-headers-5.4.0-1068\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-aws-5.4-tools-5.4.0-1068\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-aws-cloud-tools-5.4.0-1068\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-aws-edge\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-aws-headers-5.4.0-1068\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-aws-lts-20.04\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-aws-tools-5.4.0-1068\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-azure\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-azure-5.4-cloud-tools-5.4.0-1072\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-azure-5.4-headers-5.4.0-1072\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-azure-5.4-tools-5.4.0-1072\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-azure-cloud-tools-5.4.0-1072\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-azure-edge\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-azure-fde\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-azure-headers-5.4.0-1072\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-azure-lts-20.04\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-azure-tools-5.4.0-1072\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-bluefield\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-bluefield-headers-5.4.0-1030\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-bluefield-tools-5.4.0-1030\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-buildinfo-5.4.0-1017-ibm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-buildinfo-5.4.0-1030-bluefield\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-buildinfo-5.4.0-1036-gkeop\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-buildinfo-5.4.0-104-generic\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-buildinfo-5.4.0-104-generic-lpae\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-buildinfo-5.4.0-104-lowlatency\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-buildinfo-5.4.0-1055-raspi\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-buildinfo-5.4.0-1058-kvm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-buildinfo-5.4.0-1065-gke\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-buildinfo-5.4.0-1066-oracle\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-buildinfo-5.4.0-1067-gcp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-buildinfo-5.4.0-1068-aws\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-buildinfo-5.4.0-1072-azure\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-cloud-tools-5.4.0-1036-gkeop\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-cloud-tools-5.4.0-104\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-cloud-tools-5.4.0-104-generic\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-cloud-tools-5.4.0-104-lowlatency\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-cloud-tools-5.4.0-1068-aws\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-cloud-tools-5.4.0-1072-azure\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-cloud-tools-azure\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-cloud-tools-azure-edge\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-cloud-tools-azure-fde\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-cloud-tools-azure-lts-20.04\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-cloud-tools-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-cloud-tools-generic\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-cloud-tools-generic-hwe-18.04\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-cloud-tools-generic-hwe-18.04-edge\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-cloud-tools-gkeop\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-cloud-tools-gkeop-5.4\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-cloud-tools-lowlatency\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-cloud-tools-lowlatency-hwe-18.04\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-cloud-tools-lowlatency-hwe-18.04-edge\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-cloud-tools-virtual\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-cloud-tools-virtual-hwe-18.04\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-cloud-tools-virtual-hwe-18.04-edge\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-crashdump\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-gcp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-gcp-5.4-headers-5.4.0-1067\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-gcp-5.4-tools-5.4.0-1067\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-gcp-edge\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-gcp-headers-5.4.0-1067\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-gcp-lts-20.04\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-gcp-tools-5.4.0-1067\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-generic\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-generic-hwe-18.04\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-generic-hwe-18.04-edge\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-generic-lpae\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-generic-lpae-hwe-18.04\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-generic-lpae-hwe-18.04-edge\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-gke\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-gke-5.4\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-gke-5.4-headers-5.4.0-1065\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-gke-5.4-tools-5.4.0-1065\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-gke-headers-5.4.0-1065\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-gke-tools-5.4.0-1065\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-gkeop\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-gkeop-5.4\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-gkeop-5.4-cloud-tools-5.4.0-1036\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-gkeop-5.4-headers-5.4.0-1036\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-gkeop-5.4-source-5.4.0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-gkeop-5.4-tools-5.4.0-1036\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-gkeop-cloud-tools-5.4.0-1036\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-gkeop-headers-5.4.0-1036\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-gkeop-source-5.4.0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-gkeop-tools-5.4.0-1036\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-headers-5.4.0-1017-ibm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-headers-5.4.0-1030-bluefield\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-headers-5.4.0-1036-gkeop\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-headers-5.4.0-104\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-headers-5.4.0-104-generic\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-headers-5.4.0-104-generic-lpae\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-headers-5.4.0-104-lowlatency\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-headers-5.4.0-1055-raspi\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-headers-5.4.0-1058-kvm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-headers-5.4.0-1065-gke\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-headers-5.4.0-1066-oracle\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-headers-5.4.0-1067-gcp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-headers-5.4.0-1068-aws\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-headers-5.4.0-1072-azure\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-headers-aws\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-headers-aws-edge\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-headers-aws-lts-20.04\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-headers-azure\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-headers-azure-edge\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-headers-azure-fde\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-headers-azure-lts-20.04\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-headers-bluefield\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-headers-gcp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-headers-gcp-edge\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-headers-gcp-lts-20.04\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-headers-generic\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-headers-generic-hwe-18.04\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-headers-generic-hwe-18.04-edge\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-headers-generic-lpae\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-headers-generic-lpae-hwe-18.04\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-headers-generic-lpae-hwe-18.04-edge\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-headers-gke\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-headers-gke-5.4\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-headers-gkeop\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-headers-gkeop-5.4\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-headers-ibm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-headers-ibm-edge\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-headers-ibm-lts-20.04\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-headers-kvm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-headers-lowlatency\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-headers-lowlatency-hwe-18.04\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-headers-lowlatency-hwe-18.04-edge\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-headers-oem\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-headers-oem-osp1\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-headers-oracle\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-headers-oracle-edge\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-headers-oracle-lts-20.04\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-headers-raspi\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-headers-raspi-hwe-18.04\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-headers-raspi-hwe-18.04-edge\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-headers-raspi2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-headers-raspi2-hwe-18.04\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-headers-raspi2-hwe-18.04-edge\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-headers-snapdragon-hwe-18.04\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-headers-snapdragon-hwe-18.04-edge\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-headers-virtual\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-headers-virtual-hwe-18.04\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-headers-virtual-hwe-18.04-edge\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-hwe-5.4-cloud-tools-5.4.0-104\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-hwe-5.4-cloud-tools-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-hwe-5.4-headers-5.4.0-104\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-hwe-5.4-source-5.4.0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-hwe-5.4-tools-5.4.0-104\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-hwe-5.4-tools-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-ibm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-ibm-5.4-cloud-tools-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-ibm-5.4-headers-5.4.0-1017\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-ibm-5.4-source-5.4.0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-ibm-5.4-tools-5.4.0-1017\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-ibm-5.4-tools-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-ibm-cloud-tools-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-ibm-edge\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-ibm-headers-5.4.0-1017\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-ibm-lts-20.04\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-ibm-source-5.4.0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-ibm-tools-5.4.0-1017\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-ibm-tools-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-5.4.0-1017-ibm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-5.4.0-1030-bluefield\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-5.4.0-1036-gkeop\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-5.4.0-104-generic\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-5.4.0-104-generic-lpae\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-5.4.0-104-lowlatency\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-5.4.0-1055-raspi\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-5.4.0-1058-kvm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-5.4.0-1065-gke\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-5.4.0-1066-oracle\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-5.4.0-1067-gcp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-5.4.0-1068-aws\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-5.4.0-1072-azure\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-5.4.0-1072-azure-fde\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-aws\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-aws-edge\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-aws-lts-20.04\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-azure\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-azure-edge\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-azure-fde\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-azure-lts-20.04\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-bluefield\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-extra-virtual\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-extra-virtual-hwe-18.04\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-extra-virtual-hwe-18.04-edge\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-gcp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-gcp-edge\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-gcp-lts-20.04\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-generic\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-generic-hwe-18.04\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-generic-hwe-18.04-edge\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-generic-lpae\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-generic-lpae-hwe-18.04\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-generic-lpae-hwe-18.04-edge\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-gke\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-gke-5.4\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-gkeop\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-gkeop-5.4\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-ibm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-ibm-edge\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-ibm-lts-20.04\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-kvm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-lowlatency\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-lowlatency-hwe-18.04\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-lowlatency-hwe-18.04-edge\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-oem\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-oem-osp1\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-oracle\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-oracle-edge\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-oracle-lts-20.04\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-raspi\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-raspi-hwe-18.04\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-raspi-hwe-18.04-edge\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-raspi2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-raspi2-hwe-18.04\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-raspi2-hwe-18.04-edge\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-snapdragon-hwe-18.04\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-snapdragon-hwe-18.04-edge\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-unsigned-5.4.0-1017-ibm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-unsigned-5.4.0-1030-bluefield\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-unsigned-5.4.0-1036-gkeop\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-unsigned-5.4.0-104-generic\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-unsigned-5.4.0-104-lowlatency\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-unsigned-5.4.0-1058-kvm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-unsigned-5.4.0-1065-gke\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-unsigned-5.4.0-1066-oracle\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-unsigned-5.4.0-1067-gcp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-unsigned-5.4.0-1068-aws\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-unsigned-5.4.0-1072-azure\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-unsigned-5.4.0-1072-azure-fde\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-virtual\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-virtual-hwe-18.04\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-virtual-hwe-18.04-edge\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-kvm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-kvm-headers-5.4.0-1058\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-kvm-tools-5.4.0-1058\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-libc-dev\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-lowlatency\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-lowlatency-hwe-18.04\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-lowlatency-hwe-18.04-edge\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-modules-5.4.0-1017-ibm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-modules-5.4.0-1030-bluefield\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-modules-5.4.0-1036-gkeop\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-modules-5.4.0-104-generic\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-modules-5.4.0-104-generic-lpae\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-modules-5.4.0-104-lowlatency\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-modules-5.4.0-1055-raspi\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-modules-5.4.0-1058-kvm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-modules-5.4.0-1065-gke\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-modules-5.4.0-1066-oracle\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-modules-5.4.0-1067-gcp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-modules-5.4.0-1068-aws\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-modules-5.4.0-1072-azure\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-modules-extra-5.4.0-1017-ibm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-modules-extra-5.4.0-1036-gkeop\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-modules-extra-5.4.0-104-generic\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-modules-extra-5.4.0-1065-gke\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-modules-extra-5.4.0-1066-oracle\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-modules-extra-5.4.0-1067-gcp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-modules-extra-5.4.0-1068-aws\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-modules-extra-5.4.0-1072-azure\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-modules-extra-aws\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-modules-extra-aws-edge\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-modules-extra-aws-lts-20.04\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-modules-extra-azure\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-modules-extra-azure-edge\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-modules-extra-azure-fde\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-modules-extra-azure-lts-20.04\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-modules-extra-gcp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-modules-extra-gcp-edge\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-modules-extra-gcp-lts-20.04\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-modules-extra-gke\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-modules-extra-gke-5.4\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-modules-extra-gkeop\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-modules-extra-gkeop-5.4\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-modules-extra-ibm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-modules-extra-ibm-edge\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-modules-extra-ibm-lts-20.04\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-modules-extra-oracle\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-modules-extra-oracle-edge\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-modules-extra-virtual-hwe-18.04\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-modules-extra-virtual-hwe-18.04-edge\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-oem\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-oem-osp1\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-oem-osp1-tools-host\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-oem-tools-host\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-oracle\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-oracle-5.4-headers-5.4.0-1066\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-oracle-5.4-tools-5.4.0-1066\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-oracle-edge\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-oracle-headers-5.4.0-1066\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-oracle-lts-20.04\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-oracle-tools-5.4.0-1066\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-raspi\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-raspi-5.4-headers-5.4.0-1055\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-raspi-5.4-tools-5.4.0-1055\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-raspi-headers-5.4.0-1055\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-raspi-hwe-18.04\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-raspi-hwe-18.04-edge\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-raspi-tools-5.4.0-1055\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-raspi2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-raspi2-hwe-18.04\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-raspi2-hwe-18.04-edge\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-signed-azure\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-signed-azure-edge\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-signed-image-azure\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-signed-image-azure-edge\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-signed-image-oracle\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-signed-image-oracle-edge\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-signed-oracle\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-signed-oracle-edge\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-snapdragon-hwe-18.04\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-snapdragon-hwe-18.04-edge\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-source\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-source-5.4.0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-tools-5.4.0-1017-ibm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-tools-5.4.0-1030-bluefield\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-tools-5.4.0-1036-gkeop\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-tools-5.4.0-104\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-tools-5.4.0-104-generic\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-tools-5.4.0-104-generic-lpae\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-tools-5.4.0-104-lowlatency\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-tools-5.4.0-1055-raspi\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-tools-5.4.0-1058-kvm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-tools-5.4.0-1065-gke\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-tools-5.4.0-1066-oracle\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-tools-5.4.0-1067-gcp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-tools-5.4.0-1068-aws\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-tools-5.4.0-1072-azure\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-tools-aws\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-tools-aws-edge\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-tools-aws-lts-20.04\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-tools-azure\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-tools-azure-edge\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-tools-azure-fde\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-tools-azure-lts-20.04\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-tools-bluefield\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-tools-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-tools-gcp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-tools-gcp-edge\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-tools-gcp-lts-20.04\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-tools-generic\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-tools-generic-hwe-18.04\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-tools-generic-hwe-18.04-edge\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-tools-generic-lpae\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-tools-generic-lpae-hwe-18.04\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-tools-generic-lpae-hwe-18.04-edge\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-tools-gke\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-tools-gke-5.4\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-tools-gkeop\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-tools-gkeop-5.4\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-tools-host\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-tools-ibm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-tools-ibm-edge\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-tools-ibm-lts-20.04\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-tools-kvm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-tools-lowlatency\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-tools-lowlatency-hwe-18.04\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-tools-lowlatency-hwe-18.04-edge\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-tools-oem\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-tools-oem-osp1\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-tools-oracle\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-tools-oracle-edge\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-tools-oracle-lts-20.04\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-tools-raspi\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-tools-raspi-hwe-18.04\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-tools-raspi-hwe-18.04-edge\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-tools-raspi2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-tools-raspi2-hwe-18.04\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-tools-raspi2-hwe-18.04-edge\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-tools-snapdragon-hwe-18.04\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-tools-snapdragon-hwe-18.04-edge\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-tools-virtual\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-tools-virtual-hwe-18.04\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-tools-virtual-hwe-18.04-edge\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-virtual\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-virtual-hwe-18.04\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-virtual-hwe-18.04-edge\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_copyright(english:\"Ubuntu Security Notice (C) 2022 Canonical, Inc. / NASL script (C) 2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"linux_alt_patch_detect.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\ninclude('audit.inc');\ninclude('ubuntu.inc');\ninclude('ksplice.inc');\n\nif ( ! get_kb_item('Host/local_checks_enabled') ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar release = get_kb_item('Host/Ubuntu/release');\nif ( isnull(release) ) audit(AUDIT_OS_NOT, 'Ubuntu');\nvar release = chomp(release);\nif (! preg(pattern:\"^(18\\.04|20\\.04)$\", string:release)) audit(AUDIT_OS_NOT, 'Ubuntu 18.04 / 20.04', 'Ubuntu ' + release);\nif ( ! get_kb_item('Host/Debian/dpkg-l') ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Ubuntu', cpu);\n\nif (get_one_kb_item('Host/ksplice/kernel-cves'))\n{\n rm_kb_item(name:'Host/uptrack-uname-r');\n var cve_list = make_list('CVE-2022-0001', 'CVE-2022-0002', 'CVE-2022-23960', 'CVE-2022-25636');\n if (ksplice_cves_check(cve_list))\n {\n audit(AUDIT_PATCH_INSTALLED, 'KSplice hotfix for USN-5318-1');\n }\n else\n {\n _ubuntu_report = ksplice_reporting_text();\n }\n}\n\nvar pkgs = [\n {'osver': '18.04', 'pkgname': 'linux-aws', 'pkgver': '5.4.0.1068.50'},\n {'osver': '18.04', 'pkgname': 'linux-aws-5.4-cloud-tools-5.4.0-1068', 'pkgver': '5.4.0-1068.72~18.04.1'},\n {'osver': '18.04', 'pkgname': 'linux-aws-5.4-headers-5.4.0-1068', 'pkgver': '5.4.0-1068.72~18.04.1'},\n {'osver': '18.04', 'pkgname': 'linux-aws-5.4-tools-5.4.0-1068', 'pkgver': '5.4.0-1068.72~18.04.1'},\n {'osver': '18.04', 'pkgname': 'linux-aws-edge', 'pkgver': '5.4.0.1068.50'},\n {'osver': '18.04', 'pkgname': 'linux-azure', 'pkgver': '5.4.0.1072.51'},\n {'osver': '18.04', 'pkgname': 'linux-azure-5.4-cloud-tools-5.4.0-1072', 'pkgver': '5.4.0-1072.75~18.04.1'},\n {'osver': '18.04', 'pkgname': 'linux-azure-5.4-headers-5.4.0-1072', 'pkgver': '5.4.0-1072.75~18.04.1'},\n {'osver': '18.04', 'pkgname': 'linux-azure-5.4-tools-5.4.0-1072', 'pkgver': '5.4.0-1072.75~18.04.1'},\n {'osver': '18.04', 'pkgname': 'linux-azure-edge', 'pkgver': '5.4.0.1072.51'},\n {'osver': '18.04', 'pkgname': 'linux-buildinfo-5.4.0-1017-ibm', 'pkgver': '5.4.0-1017.19~18.04.1'},\n {'osver': '18.04', 'pkgname': 'linux-buildinfo-5.4.0-1036-gkeop', 'pkgver': '5.4.0-1036.37~18.04.1'},\n {'osver': '18.04', 'pkgname': 'linux-buildinfo-5.4.0-104-generic', 'pkgver': '5.4.0-104.118~18.04.1'},\n {'osver': '18.04', 'pkgname': 'linux-buildinfo-5.4.0-104-generic-lpae', 'pkgver': '5.4.0-104.118~18.04.1'},\n {'osver': '18.04', 'pkgname': 'linux-buildinfo-5.4.0-104-lowlatency', 'pkgver': '5.4.0-104.118~18.04.1'},\n {'osver': '18.04', 'pkgname': 'linux-buildinfo-5.4.0-1055-raspi', 'pkgver': '5.4.0-1055.62~18.04.1'},\n {'osver': '18.04', 'pkgname': 'linux-buildinfo-5.4.0-1065-gke', 'pkgver': '5.4.0-1065.68~18.04.1'},\n {'osver': '18.04', 'pkgname': 'linux-buildinfo-5.4.0-1066-oracle', 'pkgver': '5.4.0-1066.71~18.04.1'},\n {'osver': '18.04', 'pkgname': 'linux-buildinfo-5.4.0-1067-gcp', 'pkgver': '5.4.0-1067.71~18.04.1'},\n {'osver': '18.04', 'pkgname': 'linux-buildinfo-5.4.0-1068-aws', 'pkgver': '5.4.0-1068.72~18.04.1'},\n {'osver': '18.04', 'pkgname': 'linux-buildinfo-5.4.0-1072-azure', 'pkgver': '5.4.0-1072.75~18.04.1'},\n {'osver': '18.04', 'pkgname': 'linux-cloud-tools-5.4.0-1036-gkeop', 'pkgver': '5.4.0-1036.37~18.04.1'},\n {'osver': '18.04', 'pkgname': 'linux-cloud-tools-5.4.0-104-generic', 'pkgver': '5.4.0-104.118~18.04.1'},\n {'osver': '18.04', 'pkgname': 'linux-cloud-tools-5.4.0-104-lowlatency', 'pkgver': '5.4.0-104.118~18.04.1'},\n {'osver': '18.04', 'pkgname': 'linux-cloud-tools-5.4.0-1068-aws', 'pkgver': '5.4.0-1068.72~18.04.1'},\n {'osver': '18.04', 'pkgname': 'linux-cloud-tools-5.4.0-1072-azure', 'pkgver': '5.4.0-1072.75~18.04.1'},\n {'osver': '18.04', 'pkgname': 'linux-cloud-tools-azure', 'pkgver': '5.4.0.1072.51'},\n {'osver': '18.04', 'pkgname': 'linux-cloud-tools-azure-edge', 'pkgver': '5.4.0.1072.51'},\n {'osver': '18.04', 'pkgname': 'linux-cloud-tools-generic-hwe-18.04', 'pkgver': '5.4.0.104.118~18.04.89'},\n {'osver': '18.04', 'pkgname': 'linux-cloud-tools-generic-hwe-18.04-edge', 'pkgver': '5.4.0.104.118~18.04.89'},\n {'osver': '18.04', 'pkgname': 'linux-cloud-tools-gkeop-5.4', 'pkgver': '5.4.0.1036.37~18.04.36'},\n {'osver': '18.04', 'pkgname': 'linux-cloud-tools-lowlatency-hwe-18.04', 'pkgver': '5.4.0.104.118~18.04.89'},\n {'osver': '18.04', 'pkgname': 'linux-cloud-tools-lowlatency-hwe-18.04-edge', 'pkgver': '5.4.0.104.118~18.04.89'},\n {'osver': '18.04', 'pkgname': 'linux-cloud-tools-virtual-hwe-18.04', 'pkgver': '5.4.0.104.118~18.04.89'},\n {'osver': '18.04', 'pkgname': 'linux-cloud-tools-virtual-hwe-18.04-edge', 'pkgver': '5.4.0.104.118~18.04.89'},\n {'osver': '18.04', 'pkgname': 'linux-gcp', 'pkgver': '5.4.0.1067.52'},\n {'osver': '18.04', 'pkgname': 'linux-gcp-5.4-headers-5.4.0-1067', 'pkgver': '5.4.0-1067.71~18.04.1'},\n {'osver': '18.04', 'pkgname': 'linux-gcp-5.4-tools-5.4.0-1067', 'pkgver': '5.4.0-1067.71~18.04.1'},\n {'osver': '18.04', 'pkgname': 'linux-gcp-edge', 'pkgver': '5.4.0.1067.52'},\n {'osver': '18.04', 'pkgname': 'linux-generic-hwe-18.04', 'pkgver': '5.4.0.104.118~18.04.89'},\n {'osver': '18.04', 'pkgname': 'linux-generic-hwe-18.04-edge', 'pkgver': '5.4.0.104.118~18.04.89'},\n {'osver': '18.04', 'pkgname': 'linux-generic-lpae-hwe-18.04', 'pkgver': '5.4.0.104.118~18.04.89'},\n {'osver': '18.04', 'pkgname': 'linux-generic-lpae-hwe-18.04-edge', 'pkgver': '5.4.0.104.118~18.04.89'},\n {'osver': '18.04', 'pkgname': 'linux-gke-5.4', 'pkgver': '5.4.0.1065.68~18.04.29'},\n {'osver': '18.04', 'pkgname': 'linux-gke-5.4-headers-5.4.0-1065', 'pkgver': '5.4.0-1065.68~18.04.1'},\n {'osver': '18.04', 'pkgname': 'linux-gke-5.4-tools-5.4.0-1065', 'pkgver': '5.4.0-1065.68~18.04.1'},\n {'osver': '18.04', 'pkgname': 'linux-gkeop-5.4', 'pkgver': '5.4.0.1036.37~18.04.36'},\n {'osver': '18.04', 'pkgname': 'linux-gkeop-5.4-cloud-tools-5.4.0-1036', 'pkgver': '5.4.0-1036.37~18.04.1'},\n {'osver': '18.04', 'pkgname': 'linux-gkeop-5.4-headers-5.4.0-1036', 'pkgver': '5.4.0-1036.37~18.04.1'},\n {'osver': '18.04', 'pkgname': 'linux-gkeop-5.4-source-5.4.0', 'pkgver': '5.4.0-1036.37~18.04.1'},\n {'osver': '18.04', 'pkgname': 'linux-gkeop-5.4-tools-5.4.0-1036', 'pkgver': '5.4.0-1036.37~18.04.1'},\n {'osver': '18.04', 'pkgname': 'linux-headers-5.4.0-1017-ibm', 'pkgver': '5.4.0-1017.19~18.04.1'},\n {'osver': '18.04', 'pkgname': 'linux-headers-5.4.0-1036-gkeop', 'pkgver': '5.4.0-1036.37~18.04.1'},\n {'osver': '18.04', 'pkgname': 'linux-headers-5.4.0-104-generic', 'pkgver': '5.4.0-104.118~18.04.1'},\n {'osver': '18.04', 'pkgname': 'linux-headers-5.4.0-104-generic-lpae', 'pkgver': '5.4.0-104.118~18.04.1'},\n {'osver': '18.04', 'pkgname': 'linux-headers-5.4.0-104-lowlatency', 'pkgver': '5.4.0-104.118~18.04.1'},\n {'osver': '18.04', 'pkgname': 'linux-headers-5.4.0-1055-raspi', 'pkgver': '5.4.0-1055.62~18.04.1'},\n {'osver': '18.04', 'pkgname': 'linux-headers-5.4.0-1065-gke', 'pkgver': '5.4.0-1065.68~18.04.1'},\n {'osver': '18.04', 'pkgname': 'linux-headers-5.4.0-1066-oracle', 'pkgver': '5.4.0-1066.71~18.04.1'},\n {'osver': '18.04', 'pkgname': 'linux-headers-5.4.0-1067-gcp', 'pkgver': '5.4.0-1067.71~18.04.1'},\n {'osver': '18.04', 'pkgname': 'linux-headers-5.4.0-1068-aws', 'pkgver': '5.4.0-1068.72~18.04.1'},\n {'osver': '18.04', 'pkgname': 'linux-headers-5.4.0-1072-azure', 'pkgver': '5.4.0-1072.75~18.04.1'},\n {'osver': '18.04', 'pkgname': 'linux-headers-aws', 'pkgver': '5.4.0.1068.50'},\n {'osver': '18.04', 'pkgname': 'linux-headers-aws-edge', 'pkgver': '5.4.0.1068.50'},\n {'osver': '18.04', 'pkgname': 'linux-headers-azure', 'pkgver': '5.4.0.1072.51'},\n {'osver': '18.04', 'pkgname': 'linux-headers-azure-edge', 'pkgver': '5.4.0.1072.51'},\n {'osver': '18.04', 'pkgname': 'linux-headers-gcp', 'pkgver': '5.4.0.1067.52'},\n {'osver': '18.04', 'pkgname': 'linux-headers-gcp-edge', 'pkgver': '5.4.0.1067.52'},\n {'osver': '18.04', 'pkgname': 'linux-headers-generic-hwe-18.04', 'pkgver': '5.4.0.104.118~18.04.89'},\n {'osver': '18.04', 'pkgname': 'linux-headers-generic-hwe-18.04-edge', 'pkgver': '5.4.0.104.118~18.04.89'},\n {'osver': '18.04', 'pkgname': 'linux-headers-generic-lpae-hwe-18.04', 'pkgver': '5.4.0.104.118~18.04.89'},\n {'osver': '18.04', 'pkgname': 'linux-headers-generic-lpae-hwe-18.04-edge', 'pkgver': '5.4.0.104.118~18.04.89'},\n {'osver': '18.04', 'pkgname': 'linux-headers-gke-5.4', 'pkgver': '5.4.0.1065.68~18.04.29'},\n {'osver': '18.04', 'pkgname': 'linux-headers-gkeop-5.4', 'pkgver': '5.4.0.1036.37~18.04.36'},\n {'osver': '18.04', 'pkgname': 'linux-headers-ibm', 'pkgver': '5.4.0.1017.34'},\n {'osver': '18.04', 'pkgname': 'linux-headers-ibm-edge', 'pkgver': '5.4.0.1017.34'},\n {'osver': '18.04', 'pkgname': 'linux-headers-lowlatency-hwe-18.04', 'pkgver': '5.4.0.104.118~18.04.89'},\n {'osver': '18.04', 'pkgname': 'linux-headers-lowlatency-hwe-18.04-edge', 'pkgver': '5.4.0.104.118~18.04.89'},\n {'osver': '18.04', 'pkgname': 'linux-headers-oem', 'pkgver': '5.4.0.104.118~18.04.89'},\n {'osver': '18.04', 'pkgname': 'linux-headers-oem-osp1', 'pkgver': '5.4.0.104.118~18.04.89'},\n {'osver': '18.04', 'pkgname': 'linux-headers-oracle', 'pkgver': '5.4.0.1066.71~18.04.45'},\n {'osver': '18.04', 'pkgname': 'linux-headers-oracle-edge', 'pkgver': '5.4.0.1066.71~18.04.45'},\n {'osver': '18.04', 'pkgname': 'linux-headers-raspi-hwe-18.04', 'pkgver': '5.4.0.1055.57'},\n {'osver': '18.04', 'pkgname': 'linux-headers-raspi-hwe-18.04-edge', 'pkgver': '5.4.0.1055.57'},\n {'osver': '18.04', 'pkgname': 'linux-headers-snapdragon-hwe-18.04', 'pkgver': '5.4.0.104.118~18.04.89'},\n {'osver': '18.04', 'pkgname': 'linux-headers-snapdragon-hwe-18.04-edge', 'pkgver': '5.4.0.104.118~18.04.89'},\n {'osver': '18.04', 'pkgname': 'linux-headers-virtual-hwe-18.04', 'pkgver': '5.4.0.104.118~18.04.89'},\n {'osver': '18.04', 'pkgname': 'linux-headers-virtual-hwe-18.04-edge', 'pkgver': '5.4.0.104.118~18.04.89'},\n {'osver': '18.04', 'pkgname': 'linux-hwe-5.4-cloud-tools-5.4.0-104', 'pkgver': '5.4.0-104.118~18.04.1'},\n {'osver': '18.04', 'pkgname': 'linux-hwe-5.4-cloud-tools-common', 'pkgver': '5.4.0-104.118~18.04.1'},\n {'osver': '18.04', 'pkgname': 'linux-hwe-5.4-headers-5.4.0-104', 'pkgver': '5.4.0-104.118~18.04.1'},\n {'osver': '18.04', 'pkgname': 'linux-hwe-5.4-source-5.4.0', 'pkgver': '5.4.0-104.118~18.04.1'},\n {'osver': '18.04', 'pkgname': 'linux-hwe-5.4-tools-5.4.0-104', 'pkgver': '5.4.0-104.118~18.04.1'},\n {'osver': '18.04', 'pkgname': 'linux-hwe-5.4-tools-common', 'pkgver': '5.4.0-104.118~18.04.1'},\n {'osver': '18.04', 'pkgname': 'linux-ibm', 'pkgver': '5.4.0.1017.34'},\n {'osver': '18.04', 'pkgname': 'linux-ibm-5.4-cloud-tools-common', 'pkgver': '5.4.0-1017.19~18.04.1'},\n {'osver': '18.04', 'pkgname': 'linux-ibm-5.4-headers-5.4.0-1017', 'pkgver': '5.4.0-1017.19~18.04.1'},\n {'osver': '18.04', 'pkgname': 'linux-ibm-5.4-source-5.4.0', 'pkgver': '5.4.0-1017.19~18.04.1'},\n {'osver': '18.04', 'pkgname': 'linux-ibm-5.4-tools-5.4.0-1017', 'pkgver': '5.4.0-1017.19~18.04.1'},\n {'osver': '18.04', 'pkgname': 'linux-ibm-5.4-tools-common', 'pkgver': '5.4.0-1017.19~18.04.1'},\n {'osver': '18.04', 'pkgname': 'linux-ibm-edge', 'pkgver': '5.4.0.1017.34'},\n {'osver': '18.04', 'pkgname': 'linux-image-5.4.0-1017-ibm', 'pkgver': '5.4.0-1017.19~18.04.1'},\n {'osver': '18.04', 'pkgname': 'linux-image-5.4.0-1036-gkeop', 'pkgver': '5.4.0-1036.37~18.04.1'},\n {'osver': '18.04', 'pkgname': 'linux-image-5.4.0-104-generic', 'pkgver': '5.4.0-104.118~18.04.1'},\n {'osver': '18.04', 'pkgname': 'linux-image-5.4.0-104-generic-lpae', 'pkgver': '5.4.0-104.118~18.04.1'},\n {'osver': '18.04', 'pkgname': 'linux-image-5.4.0-104-lowlatency', 'pkgver': '5.4.0-104.118~18.04.1'},\n {'osver': '18.04', 'pkgname': 'linux-image-5.4.0-1055-raspi', 'pkgver': '5.4.0-1055.62~18.04.1'},\n {'osver': '18.04', 'pkgname': 'linux-image-5.4.0-1065-gke', 'pkgver': '5.4.0-1065.68~18.04.1'},\n {'osver': '18.04', 'pkgname': 'linux-image-5.4.0-1066-oracle', 'pkgver': '5.4.0-1066.71~18.04.1'},\n {'osver': '18.04', 'pkgname': 'linux-image-5.4.0-1067-gcp', 'pkgver': '5.4.0-1067.71~18.04.1'},\n {'osver': '18.04', 'pkgname': 'linux-image-5.4.0-1068-aws', 'pkgver': '5.4.0-1068.72~18.04.1'},\n {'osver': '18.04', 'pkgname': 'linux-image-5.4.0-1072-azure', 'pkgver': '5.4.0-1072.75~18.04.1'},\n {'osver': '18.04', 'pkgname': 'linux-image-aws', 'pkgver': '5.4.0.1068.50'},\n {'osver': '18.04', 'pkgname': 'linux-image-aws-edge', 'pkgver': '5.4.0.1068.50'},\n {'osver': '18.04', 'pkgname': 'linux-image-azure', 'pkgver': '5.4.0.1072.51'},\n {'osver': '18.04', 'pkgname': 'linux-image-azure-edge', 'pkgver': '5.4.0.1072.51'},\n {'osver': '18.04', 'pkgname': 'linux-image-extra-virtual-hwe-18.04', 'pkgver': '5.4.0.104.118~18.04.89'},\n {'osver': '18.04', 'pkgname': 'linux-image-extra-virtual-hwe-18.04-edge', 'pkgver': '5.4.0.104.118~18.04.89'},\n {'osver': '18.04', 'pkgname': 'linux-image-gcp', 'pkgver': '5.4.0.1067.52'},\n {'osver': '18.04', 'pkgname': 'linux-image-gcp-edge', 'pkgver': '5.4.0.1067.52'},\n {'osver': '18.04', 'pkgname': 'linux-image-generic-hwe-18.04', 'pkgver': '5.4.0.104.118~18.04.89'},\n {'osver': '18.04', 'pkgname': 'linux-image-generic-hwe-18.04-edge', 'pkgver': '5.4.0.104.118~18.04.89'},\n {'osver': '18.04', 'pkgname': 'linux-image-generic-lpae-hwe-18.04', 'pkgver': '5.4.0.104.118~18.04.89'},\n {'osver': '18.04', 'pkgname': 'linux-image-generic-lpae-hwe-18.04-edge', 'pkgver': '5.4.0.104.118~18.04.89'},\n {'osver': '18.04', 'pkgname': 'linux-image-gke-5.4', 'pkgver': '5.4.0.1065.68~18.04.29'},\n {'osver': '18.04', 'pkgname': 'linux-image-gkeop-5.4', 'pkgver': '5.4.0.1036.37~18.04.36'},\n {'osver': '18.04', 'pkgname': 'linux-image-ibm', 'pkgver': '5.4.0.1017.34'},\n {'osver': '18.04', 'pkgname': 'linux-image-ibm-edge', 'pkgver': '5.4.0.1017.34'},\n {'osver': '18.04', 'pkgname': 'linux-image-lowlatency-hwe-18.04', 'pkgver': '5.4.0.104.118~18.04.89'},\n {'osver': '18.04', 'pkgname': 'linux-image-lowlatency-hwe-18.04-edge', 'pkgver': '5.4.0.104.118~18.04.89'},\n {'osver': '18.04', 'pkgname': 'linux-image-oem', 'pkgver': '5.4.0.104.118~18.04.89'},\n {'osver': '18.04', 'pkgname': 'linux-image-oem-osp1', 'pkgver': '5.4.0.104.118~18.04.89'},\n {'osver': '18.04', 'pkgname': 'linux-image-oracle', 'pkgver': '5.4.0.1066.71~18.04.45'},\n {'osver': '18.04', 'pkgname': 'linux-image-oracle-edge', 'pkgver': '5.4.0.1066.71~18.04.45'},\n {'osver': '18.04', 'pkgname': 'linux-image-raspi-hwe-18.04', 'pkgver': '5.4.0.1055.57'},\n {'osver': '18.04', 'pkgname': 'linux-image-raspi-hwe-18.04-edge', 'pkgver': '5.4.0.1055.57'},\n {'osver': '18.04', 'pkgname': 'linux-image-snapdragon-hwe-18.04', 'pkgver': '5.4.0.104.118~18.04.89'},\n {'osver': '18.04', 'pkgname': 'linux-image-snapdragon-hwe-18.04-edge', 'pkgver': '5.4.0.104.118~18.04.89'},\n {'osver': '18.04', 'pkgname': 'linux-image-unsigned-5.4.0-1017-ibm', 'pkgver': '5.4.0-1017.19~18.04.1'},\n {'osver': '18.04', 'pkgname': 'linux-image-unsigned-5.4.0-1036-gkeop', 'pkgver': '5.4.0-1036.37~18.04.1'},\n {'osver': '18.04', 'pkgname': 'linux-image-unsigned-5.4.0-104-generic', 'pkgver': '5.4.0-104.118~18.04.1'},\n {'osver': '18.04', 'pkgname': 'linux-image-unsigned-5.4.0-104-lowlatency', 'pkgver': '5.4.0-104.118~18.04.1'},\n {'osver': '18.04', 'pkgname': 'linux-image-unsigned-5.4.0-1065-gke', 'pkgver': '5.4.0-1065.68~18.04.1'},\n {'osver': '18.04', 'pkgname': 'linux-image-unsigned-5.4.0-1066-oracle', 'pkgver': '5.4.0-1066.71~18.04.1'},\n {'osver': '18.04', 'pkgname': 'linux-image-unsigned-5.4.0-1067-gcp', 'pkgver': '5.4.0-1067.71~18.04.1'},\n {'osver': '18.04', 'pkgname': 'linux-image-unsigned-5.4.0-1068-aws', 'pkgver': '5.4.0-1068.72~18.04.1'},\n {'osver': '18.04', 'pkgname': 'linux-image-unsigned-5.4.0-1072-azure', 'pkgver': '5.4.0-1072.75~18.04.1'},\n {'osver': '18.04', 'pkgname': 'linux-image-virtual-hwe-18.04', 'pkgver': '5.4.0.104.118~18.04.89'},\n {'osver': '18.04', 'pkgname': 'linux-image-virtual-hwe-18.04-edge', 'pkgver': '5.4.0.104.118~18.04.89'},\n {'osver': '18.04', 'pkgname': 'linux-lowlatency-hwe-18.04', 'pkgver': '5.4.0.104.118~18.04.89'},\n {'osver': '18.04', 'pkgname': 'linux-lowlatency-hwe-18.04-edge', 'pkgver': '5.4.0.104.118~18.04.89'},\n {'osver': '18.04', 'pkgname': 'linux-modules-5.4.0-1017-ibm', 'pkgver': '5.4.0-1017.19~18.04.1'},\n {'osver': '18.04', 'pkgname': 'linux-modules-5.4.0-1036-gkeop', 'pkgver': '5.4.0-1036.37~18.04.1'},\n {'osver': '18.04', 'pkgname': 'linux-modules-5.4.0-104-generic', 'pkgver': '5.4.0-104.118~18.04.1'},\n {'osver': '18.04', 'pkgname': 'linux-modules-5.4.0-104-generic-lpae', 'pkgver': '5.4.0-104.118~18.04.1'},\n {'osver': '18.04', 'pkgname': 'linux-modules-5.4.0-104-lowlatency', 'pkgver': '5.4.0-104.118~18.04.1'},\n {'osver': '18.04', 'pkgname': 'linux-modules-5.4.0-1055-raspi', 'pkgver': '5.4.0-1055.62~18.04.1'},\n {'osver': '18.04', 'pkgname': 'linux-modules-5.4.0-1065-gke', 'pkgver': '5.4.0-1065.68~18.04.1'},\n {'osver': '18.04', 'pkgname': 'linux-modules-5.4.0-1066-oracle', 'pkgver': '5.4.0-1066.71~18.04.1'},\n {'osver': '18.04', 'pkgname': 'linux-modules-5.4.0-1067-gcp', 'pkgver': '5.4.0-1067.71~18.04.1'},\n {'osver': '18.04', 'pkgname': 'linux-modules-5.4.0-1068-aws', 'pkgver': '5.4.0-1068.72~18.04.1'},\n {'osver': '18.04', 'pkgname': 'linux-modules-5.4.0-1072-azure', 'pkgver': '5.4.0-1072.75~18.04.1'},\n {'osver': '18.04', 'pkgname': 'linux-modules-extra-5.4.0-1017-ibm', 'pkgver': '5.4.0-1017.19~18.04.1'},\n {'osver': '18.04', 'pkgname': 'linux-modules-extra-5.4.0-1036-gkeop', 'pkgver': '5.4.0-1036.37~18.04.1'},\n {'osver': '18.04', 'pkgname': 'linux-modules-extra-5.4.0-104-generic', 'pkgver': '5.4.0-104.118~18.04.1'},\n {'osver': '18.04', 'pkgname': 'linux-modules-extra-5.4.0-1065-gke', 'pkgver': '5.4.0-1065.68~18.04.1'},\n {'osver': '18.04', 'pkgname': 'linux-modules-extra-5.4.0-1066-oracle', 'pkgver': '5.4.0-1066.71~18.04.1'},\n {'osver': '18.04', 'pkgname': 'linux-modules-extra-5.4.0-1067-gcp', 'pkgver': '5.4.0-1067.71~18.04.1'},\n {'osver': '18.04', 'pkgname': 'linux-modules-extra-5.4.0-1068-aws', 'pkgver': '5.4.0-1068.72~18.04.1'},\n {'osver': '18.04', 'pkgname': 'linux-modules-extra-5.4.0-1072-azure', 'pkgver': '5.4.0-1072.75~18.04.1'},\n {'osver': '18.04', 'pkgname': 'linux-modules-extra-aws', 'pkgver': '5.4.0.1068.50'},\n {'osver': '18.04', 'pkgname': 'linux-modules-extra-aws-edge', 'pkgver': '5.4.0.1068.50'},\n {'osver': '18.04', 'pkgname': 'linux-modules-extra-azure', 'pkgver': '5.4.0.1072.51'},\n {'osver': '18.04', 'pkgname': 'linux-modules-extra-azure-edge', 'pkgver': '5.4.0.1072.51'},\n {'osver': '18.04', 'pkgname': 'linux-modules-extra-gcp', 'pkgver': '5.4.0.1067.52'},\n {'osver': '18.04', 'pkgname': 'linux-modules-extra-gcp-edge', 'pkgver': '5.4.0.1067.52'},\n {'osver': '18.04', 'pkgname': 'linux-modules-extra-gke-5.4', 'pkgver': '5.4.0.1065.68~18.04.29'},\n {'osver': '18.04', 'pkgname': 'linux-modules-extra-gkeop-5.4', 'pkgver': '5.4.0.1036.37~18.04.36'},\n {'osver': '18.04', 'pkgname': 'linux-modules-extra-ibm', 'pkgver': '5.4.0.1017.34'},\n {'osver': '18.04', 'pkgname': 'linux-modules-extra-ibm-edge', 'pkgver': '5.4.0.1017.34'},\n {'osver': '18.04', 'pkgname': 'linux-modules-extra-oracle', 'pkgver': '5.4.0.1066.71~18.04.45'},\n {'osver': '18.04', 'pkgname': 'linux-modules-extra-oracle-edge', 'pkgver': '5.4.0.1066.71~18.04.45'},\n {'osver': '18.04', 'pkgname': 'linux-modules-extra-virtual-hwe-18.04', 'pkgver': '5.4.0.104.118~18.04.89'},\n {'osver': '18.04', 'pkgname': 'linux-modules-extra-virtual-hwe-18.04-edge', 'pkgver': '5.4.0.104.118~18.04.89'},\n {'osver': '18.04', 'pkgname': 'linux-oem', 'pkgver': '5.4.0.104.118~18.04.89'},\n {'osver': '18.04', 'pkgname': 'linux-oem-osp1', 'pkgver': '5.4.0.104.118~18.04.89'},\n {'osver': '18.04', 'pkgname': 'linux-oracle', 'pkgver': '5.4.0.1066.71~18.04.45'},\n {'osver': '18.04', 'pkgname': 'linux-oracle-5.4-headers-5.4.0-1066', 'pkgver': '5.4.0-1066.71~18.04.1'},\n {'osver': '18.04', 'pkgname': 'linux-oracle-5.4-tools-5.4.0-1066', 'pkgver': '5.4.0-1066.71~18.04.1'},\n {'osver': '18.04', 'pkgname': 'linux-oracle-edge', 'pkgver': '5.4.0.1066.71~18.04.45'},\n {'osver': '18.04', 'pkgname': 'linux-raspi-5.4-headers-5.4.0-1055', 'pkgver': '5.4.0-1055.62~18.04.1'},\n {'osver': '18.04', 'pkgname': 'linux-raspi-5.4-tools-5.4.0-1055', 'pkgver': '5.4.0-1055.62~18.04.1'},\n {'osver': '18.04', 'pkgname': 'linux-raspi-hwe-18.04', 'pkgver': '5.4.0.1055.57'},\n {'osver': '18.04', 'pkgname': 'linux-raspi-hwe-18.04-edge', 'pkgver': '5.4.0.1055.57'},\n {'osver': '18.04', 'pkgname': 'linux-signed-azure', 'pkgver': '5.4.0.1072.51'},\n {'osver': '18.04', 'pkgname': 'linux-signed-azure-edge', 'pkgver': '5.4.0.1072.51'},\n {'osver': '18.04', 'pkgname': 'linux-signed-image-azure', 'pkgver': '5.4.0.1072.51'},\n {'osver': '18.04', 'pkgname': 'linux-signed-image-azure-edge', 'pkgver': '5.4.0.1072.51'},\n {'osver': '18.04', 'pkgname': 'linux-signed-image-oracle', 'pkgver': '5.4.0.1066.71~18.04.45'},\n {'osver': '18.04', 'pkgname': 'linux-signed-image-oracle-edge', 'pkgver': '5.4.0.1066.71~18.04.45'},\n {'osver': '18.04', 'pkgname': 'linux-signed-oracle', 'pkgver': '5.4.0.1066.71~18.04.45'},\n {'osver': '18.04', 'pkgname': 'linux-signed-oracle-edge', 'pkgver': '5.4.0.1066.71~18.04.45'},\n {'osver': '18.04', 'pkgname': 'linux-snapdragon-hwe-18.04', 'pkgver': '5.4.0.104.118~18.04.89'},\n {'osver': '18.04', 'pkgname': 'linux-snapdragon-hwe-18.04-edge', 'pkgver': '5.4.0.104.118~18.04.89'},\n {'osver': '18.04', 'pkgname': 'linux-tools-5.4.0-1017-ibm', 'pkgver': '5.4.0-1017.19~18.04.1'},\n {'osver': '18.04', 'pkgname': 'linux-tools-5.4.0-1036-gkeop', 'pkgver': '5.4.0-1036.37~18.04.1'},\n {'osver': '18.04', 'pkgname': 'linux-tools-5.4.0-104-generic', 'pkgver': '5.4.0-104.118~18.04.1'},\n {'osver': '18.04', 'pkgname': 'linux-tools-5.4.0-104-generic-lpae', 'pkgver': '5.4.0-104.118~18.04.1'},\n {'osver': '18.04', 'pkgname': 'linux-tools-5.4.0-104-lowlatency', 'pkgver': '5.4.0-104.118~18.04.1'},\n {'osver': '18.04', 'pkgname': 'linux-tools-5.4.0-1055-raspi', 'pkgver': '5.4.0-1055.62~18.04.1'},\n {'osver': '18.04', 'pkgname': 'linux-tools-5.4.0-1065-gke', 'pkgver': '5.4.0-1065.68~18.04.1'},\n {'osver': '18.04', 'pkgname': 'linux-tools-5.4.0-1066-oracle', 'pkgver': '5.4.0-1066.71~18.04.1'},\n {'osver': '18.04', 'pkgname': 'linux-tools-5.4.0-1067-gcp', 'pkgver': '5.4.0-1067.71~18.04.1'},\n {'osver': '18.04', 'pkgname': 'linux-tools-5.4.0-1068-aws', 'pkgver': '5.4.0-1068.72~18.04.1'},\n {'osver': '18.04', 'pkgname': 'linux-tools-5.4.0-1072-azure', 'pkgver': '5.4.0-1072.75~18.04.1'},\n {'osver': '18.04', 'pkgname': 'linux-tools-aws', 'pkgver': '5.4.0.1068.50'},\n {'osver': '18.04', 'pkgname': 'linux-tools-aws-edge', 'pkgver': '5.4.0.1068.50'},\n {'osver': '18.04', 'pkgname': 'linux-tools-azure', 'pkgver': '5.4.0.1072.51'},\n {'osver': '18.04', 'pkgname': 'linux-tools-azure-edge', 'pkgver': '5.4.0.1072.51'},\n {'osver': '18.04', 'pkgname': 'linux-tools-gcp', 'pkgver': '5.4.0.1067.52'},\n {'osver': '18.04', 'pkgname': 'linux-tools-gcp-edge', 'pkgver': '5.4.0.1067.52'},\n {'osver': '18.04', 'pkgname': 'linux-tools-generic-hwe-18.04', 'pkgver': '5.4.0.104.118~18.04.89'},\n {'osver': '18.04', 'pkgname': 'linux-tools-generic-hwe-18.04-edge', 'pkgver': '5.4.0.104.118~18.04.89'},\n {'osver': '18.04', 'pkgname': 'linux-tools-generic-lpae-hwe-18.04', 'pkgver': '5.4.0.104.118~18.04.89'},\n {'osver': '18.04', 'pkgname': 'linux-tools-generic-lpae-hwe-18.04-edge', 'pkgver': '5.4.0.104.118~18.04.89'},\n {'osver': '18.04', 'pkgname': 'linux-tools-gke-5.4', 'pkgver': '5.4.0.1065.68~18.04.29'},\n {'osver': '18.04', 'pkgname': 'linux-tools-gkeop-5.4', 'pkgver': '5.4.0.1036.37~18.04.36'},\n {'osver': '18.04', 'pkgname': 'linux-tools-ibm', 'pkgver': '5.4.0.1017.34'},\n {'osver': '18.04', 'pkgname': 'linux-tools-ibm-edge', 'pkgver': '5.4.0.1017.34'},\n {'osver': '18.04', 'pkgname': 'linux-tools-lowlatency-hwe-18.04', 'pkgver': '5.4.0.104.118~18.04.89'},\n {'osver': '18.04', 'pkgname': 'linux-tools-lowlatency-hwe-18.04-edge', 'pkgver': '5.4.0.104.118~18.04.89'},\n {'osver': '18.04', 'pkgname': 'linux-tools-oem', 'pkgver': '5.4.0.104.118~18.04.89'},\n {'osver': '18.04', 'pkgname': 'linux-tools-oem-osp1', 'pkgver': '5.4.0.104.118~18.04.89'},\n {'osver': '18.04', 'pkgname': 'linux-tools-oracle', 'pkgver': '5.4.0.1066.71~18.04.45'},\n {'osver': '18.04', 'pkgname': 'linux-tools-oracle-edge', 'pkgver': '5.4.0.1066.71~18.04.45'},\n {'osver': '18.04', 'pkgname': 'linux-tools-raspi-hwe-18.04', 'pkgver': '5.4.0.1055.57'},\n {'osver': '18.04', 'pkgname': 'linux-tools-raspi-hwe-18.04-edge', 'pkgver': '5.4.0.1055.57'},\n {'osver': '18.04', 'pkgname': 'linux-tools-snapdragon-hwe-18.04', 'pkgver': '5.4.0.104.118~18.04.89'},\n {'osver': '18.04', 'pkgname': 'linux-tools-snapdragon-hwe-18.04-edge', 'pkgver': '5.4.0.104.118~18.04.89'},\n {'osver': '18.04', 'pkgname': 'linux-tools-virtual-hwe-18.04', 'pkgver': '5.4.0.104.118~18.04.89'},\n {'osver': '18.04', 'pkgname': 'linux-tools-virtual-hwe-18.04-edge', 'pkgver': '5.4.0.104.118~18.04.89'},\n {'osver': '18.04', 'pkgname': 'linux-virtual-hwe-18.04', 'pkgver': '5.4.0.104.118~18.04.89'},\n {'osver': '18.04', 'pkgname': 'linux-virtual-hwe-18.04-edge', 'pkgver': '5.4.0.104.118~18.04.89'},\n {'osver': '20.04', 'pkgname': 'linux-aws-cloud-tools-5.4.0-1068', 'pkgver': '5.4.0-1068.72'},\n {'osver': '20.04', 'pkgname': 'linux-aws-headers-5.4.0-1068', 'pkgver': '5.4.0-1068.72'},\n {'osver': '20.04', 'pkgname': 'linux-aws-lts-20.04', 'pkgver': '5.4.0.1068.70'},\n {'osver': '20.04', 'pkgname': 'linux-aws-tools-5.4.0-1068', 'pkgver': '5.4.0-1068.72'},\n {'osver': '20.04', 'pkgname': 'linux-azure-cloud-tools-5.4.0-1072', 'pkgver': '5.4.0-1072.75'},\n {'osver': '20.04', 'pkgname': 'linux-azure-fde', 'pkgver': '5.4.0.1072.75+cvm1.18'},\n {'osver': '20.04', 'pkgname': 'linux-azure-headers-5.4.0-1072', 'pkgver': '5.4.0-1072.75'},\n {'osver': '20.04', 'pkgname': 'linux-azure-lts-20.04', 'pkgver': '5.4.0.1072.70'},\n {'osver': '20.04', 'pkgname': 'linux-azure-tools-5.4.0-1072', 'pkgver': '5.4.0-1072.75'},\n {'osver': '20.04', 'pkgname': 'linux-bluefield', 'pkgver': '5.4.0.1030.31'},\n {'osver': '20.04', 'pkgname': 'linux-bluefield-headers-5.4.0-1030', 'pkgver': '5.4.0-1030.33'},\n {'osver': '20.04', 'pkgname': 'linux-bluefield-tools-5.4.0-1030', 'pkgver': '5.4.0-1030.33'},\n {'osver': '20.04', 'pkgname': 'linux-buildinfo-5.4.0-1017-ibm', 'pkgver': '5.4.0-1017.19'},\n {'osver': '20.04', 'pkgname': 'linux-buildinfo-5.4.0-1030-bluefield', 'pkgver': '5.4.0-1030.33'},\n {'osver': '20.04', 'pkgname': 'linux-buildinfo-5.4.0-1036-gkeop', 'pkgver': '5.4.0-1036.37'},\n {'osver': '20.04', 'pkgname': 'linux-buildinfo-5.4.0-104-generic', 'pkgver': '5.4.0-104.118'},\n {'osver': '20.04', 'pkgname': 'linux-buildinfo-5.4.0-104-generic-lpae', 'pkgver': '5.4.0-104.118'},\n {'osver': '20.04', 'pkgname': 'linux-buildinfo-5.4.0-104-lowlatency', 'pkgver': '5.4.0-104.118'},\n {'osver': '20.04', 'pkgname': 'linux-buildinfo-5.4.0-1055-raspi', 'pkgver': '5.4.0-1055.62'},\n {'osver': '20.04', 'pkgname': 'linux-buildinfo-5.4.0-1058-kvm', 'pkgver': '5.4.0-1058.61'},\n {'osver': '20.04', 'pkgname': 'linux-buildinfo-5.4.0-1065-gke', 'pkgver': '5.4.0-1065.68'},\n {'osver': '20.04', 'pkgname': 'linux-buildinfo-5.4.0-1066-oracle', 'pkgver': '5.4.0-1066.71'},\n {'osver': '20.04', 'pkgname': 'linux-buildinfo-5.4.0-1067-gcp', 'pkgver': '5.4.0-1067.71'},\n {'osver': '20.04', 'pkgname': 'linux-buildinfo-5.4.0-1068-aws', 'pkgver': '5.4.0-1068.72'},\n {'osver': '20.04', 'pkgname': 'linux-buildinfo-5.4.0-1072-azure', 'pkgver': '5.4.0-1072.75'},\n {'osver': '20.04', 'pkgname': 'linux-cloud-tools-5.4.0-1036-gkeop', 'pkgver': '5.4.0-1036.37'},\n {'osver': '20.04', 'pkgname': 'linux-cloud-tools-5.4.0-104', 'pkgver': '5.4.0-104.118'},\n {'osver': '20.04', 'pkgname': 'linux-cloud-tools-5.4.0-104-generic', 'pkgver': '5.4.0-104.118'},\n {'osver': '20.04', 'pkgname': 'linux-cloud-tools-5.4.0-104-lowlatency', 'pkgver': '5.4.0-104.118'},\n {'osver': '20.04', 'pkgname': 'linux-cloud-tools-5.4.0-1068-aws', 'pkgver': '5.4.0-1068.72'},\n {'osver': '20.04', 'pkgname': 'linux-cloud-tools-5.4.0-1072-azure', 'pkgver': '5.4.0-1072.75'},\n {'osver': '20.04', 'pkgname': 'linux-cloud-tools-azure-fde', 'pkgver': '5.4.0.1072.75+cvm1.18'},\n {'osver': '20.04', 'pkgname': 'linux-cloud-tools-azure-lts-20.04', 'pkgver': '5.4.0.1072.70'},\n {'osver': '20.04', 'pkgname': 'linux-cloud-tools-common', 'pkgver': '5.4.0-104.118'},\n {'osver': '20.04', 'pkgname': 'linux-cloud-tools-generic', 'pkgver': '5.4.0.104.108'},\n {'osver': '20.04', 'pkgname': 'linux-cloud-tools-generic-hwe-18.04', 'pkgver': '5.4.0.104.108'},\n {'osver': '20.04', 'pkgname': 'linux-cloud-tools-generic-hwe-18.04-edge', 'pkgver': '5.4.0.104.108'},\n {'osver': '20.04', 'pkgname': 'linux-cloud-tools-gkeop', 'pkgver': '5.4.0.1036.39'},\n {'osver': '20.04', 'pkgname': 'linux-cloud-tools-gkeop-5.4', 'pkgver': '5.4.0.1036.39'},\n {'osver': '20.04', 'pkgname': 'linux-cloud-tools-lowlatency', 'pkgver': '5.4.0.104.108'},\n {'osver': '20.04', 'pkgname': 'linux-cloud-tools-lowlatency-hwe-18.04', 'pkgver': '5.4.0.104.108'},\n {'osver': '20.04', 'pkgname': 'linux-cloud-tools-lowlatency-hwe-18.04-edge', 'pkgver': '5.4.0.104.108'},\n {'osver': '20.04', 'pkgname': 'linux-cloud-tools-virtual', 'pkgver': '5.4.0.104.108'},\n {'osver': '20.04', 'pkgname': 'linux-cloud-tools-virtual-hwe-18.04', 'pkgver': '5.4.0.104.108'},\n {'osver': '20.04', 'pkgname': 'linux-cloud-tools-virtual-hwe-18.04-edge', 'pkgver': '5.4.0.104.108'},\n {'osver': '20.04', 'pkgname': 'linux-crashdump', 'pkgver': '5.4.0.104.108'},\n {'osver': '20.04', 'pkgname': 'linux-gcp-headers-5.4.0-1067', 'pkgver': '5.4.0-1067.71'},\n {'osver': '20.04', 'pkgname': 'linux-gcp-lts-20.04', 'pkgver': '5.4.0.1067.76'},\n {'osver': '20.04', 'pkgname': 'linux-gcp-tools-5.4.0-1067', 'pkgver': '5.4.0-1067.71'},\n {'osver': '20.04', 'pkgname': 'linux-generic', 'pkgver': '5.4.0.104.108'},\n {'osver': '20.04', 'pkgname': 'linux-generic-hwe-18.04', 'pkgver': '5.4.0.104.108'},\n {'osver': '20.04', 'pkgname': 'linux-generic-hwe-18.04-edge', 'pkgver': '5.4.0.104.108'},\n {'osver': '20.04', 'pkgname': 'linux-generic-lpae', 'pkgver': '5.4.0.104.108'},\n {'osver': '20.04', 'pkgname': 'linux-generic-lpae-hwe-18.04', 'pkgver': '5.4.0.104.108'},\n {'osver': '20.04', 'pkgname': 'linux-generic-lpae-hwe-18.04-edge', 'pkgver': '5.4.0.104.108'},\n {'osver': '20.04', 'pkgname': 'linux-gke', 'pkgver': '5.4.0.1065.75'},\n {'osver': '20.04', 'pkgname': 'linux-gke-5.4', 'pkgver': '5.4.0.1065.75'},\n {'osver': '20.04', 'pkgname': 'linux-gke-headers-5.4.0-1065', 'pkgver': '5.4.0-1065.68'},\n {'osver': '20.04', 'pkgname': 'linux-gke-tools-5.4.0-1065', 'pkgver': '5.4.0-1065.68'},\n {'osver': '20.04', 'pkgname': 'linux-gkeop', 'pkgver': '5.4.0.1036.39'},\n {'osver': '20.04', 'pkgname': 'linux-gkeop-5.4', 'pkgver': '5.4.0.1036.39'},\n {'osver': '20.04', 'pkgname': 'linux-gkeop-cloud-tools-5.4.0-1036', 'pkgver': '5.4.0-1036.37'},\n {'osver': '20.04', 'pkgname': 'linux-gkeop-headers-5.4.0-1036', 'pkgver': '5.4.0-1036.37'},\n {'osver': '20.04', 'pkgname': 'linux-gkeop-source-5.4.0', 'pkgver': '5.4.0-1036.37'},\n {'osver': '20.04', 'pkgname': 'linux-gkeop-tools-5.4.0-1036', 'pkgver': '5.4.0-1036.37'},\n {'osver': '20.04', 'pkgname': 'linux-headers-5.4.0-1017-ibm', 'pkgver': '5.4.0-1017.19'},\n {'osver': '20.04', 'pkgname': 'linux-headers-5.4.0-1030-bluefield', 'pkgver': '5.4.0-1030.33'},\n {'osver': '20.04', 'pkgname': 'linux-headers-5.4.0-1036-gkeop', 'pkgver': '5.4.0-1036.37'},\n {'osver': '20.04', 'pkgname': 'linux-headers-5.4.0-104', 'pkgver': '5.4.0-104.118'},\n {'osver': '20.04', 'pkgname': 'linux-headers-5.4.0-104-generic', 'pkgver': '5.4.0-104.118'},\n {'osver': '20.04', 'pkgname': 'linux-headers-5.4.0-104-generic-lpae', 'pkgver': '5.4.0-104.118'},\n {'osver': '20.04', 'pkgname': 'linux-headers-5.4.0-104-lowlatency', 'pkgver': '5.4.0-104.118'},\n {'osver': '20.04', 'pkgname': 'linux-headers-5.4.0-1055-raspi', 'pkgver': '5.4.0-1055.62'},\n {'osver': '20.04', 'pkgname': 'linux-headers-5.4.0-1058-kvm', 'pkgver': '5.4.0-1058.61'},\n {'osver': '20.04', 'pkgname': 'linux-headers-5.4.0-1065-gke', 'pkgver': '5.4.0-1065.68'},\n {'osver': '20.04', 'pkgname': 'linux-headers-5.4.0-1066-oracle', 'pkgver': '5.4.0-1066.71'},\n {'osver': '20.04', 'pkgname': 'linux-headers-5.4.0-1067-gcp', 'pkgver': '5.4.0-1067.71'},\n {'osver': '20.04', 'pkgname': 'linux-headers-5.4.0-1068-aws', 'pkgver': '5.4.0-1068.72'},\n {'osver': '20.04', 'pkgname': 'linux-headers-5.4.0-1072-azure', 'pkgver': '5.4.0-1072.75'},\n {'osver': '20.04', 'pkgname': 'linux-headers-aws-lts-20.04', 'pkgver': '5.4.0.1068.70'},\n {'osver': '20.04', 'pkgname': 'linux-headers-azure-fde', 'pkgver': '5.4.0.1072.75+cvm1.18'},\n {'osver': '20.04', 'pkgname': 'linux-headers-azure-lts-20.04', 'pkgver': '5.4.0.1072.70'},\n {'osver': '20.04', 'pkgname': 'linux-headers-bluefield', 'pkgver': '5.4.0.1030.31'},\n {'osver': '20.04', 'pkgname': 'linux-headers-gcp-lts-20.04', 'pkgver': '5.4.0.1067.76'},\n {'osver': '20.04', 'pkgname': 'linux-headers-generic', 'pkgver': '5.4.0.104.108'},\n {'osver': '20.04', 'pkgname': 'linux-headers-generic-hwe-18.04', 'pkgver': '5.4.0.104.108'},\n {'osver': '20.04', 'pkgname': 'linux-headers-generic-hwe-18.04-edge', 'pkgver': '5.4.0.104.108'},\n {'osver': '20.04', 'pkgname': 'linux-headers-generic-lpae', 'pkgver': '5.4.0.104.108'},\n {'osver': '20.04', 'pkgname': 'linux-headers-generic-lpae-hwe-18.04', 'pkgver': '5.4.0.104.108'},\n {'osver': '20.04', 'pkgname': 'linux-headers-generic-lpae-hwe-18.04-edge', 'pkgver': '5.4.0.104.108'},\n {'osver': '20.04', 'pkgname': 'linux-headers-gke', 'pkgver': '5.4.0.1065.75'},\n {'osver': '20.04', 'pkgname': 'linux-headers-gke-5.4', 'pkgver': '5.4.0.1065.75'},\n {'osver': '20.04', 'pkgname': 'linux-headers-gkeop', 'pkgver': '5.4.0.1036.39'},\n {'osver': '20.04', 'pkgname': 'linux-headers-gkeop-5.4', 'pkgver': '5.4.0.1036.39'},\n {'osver': '20.04', 'pkgname': 'linux-headers-ibm', 'pkgver': '5.4.0.1017.17'},\n {'osver': '20.04', 'pkgname': 'linux-headers-ibm-lts-20.04', 'pkgver': '5.4.0.1017.17'},\n {'osver': '20.04', 'pkgname': 'linux-headers-kvm', 'pkgver': '5.4.0.1058.57'},\n {'osver': '20.04', 'pkgname': 'linux-headers-lowlatency', 'pkgver': '5.4.0.104.108'},\n {'osver': '20.04', 'pkgname': 'linux-headers-lowlatency-hwe-18.04', 'pkgver': '5.4.0.104.108'},\n {'osver': '20.04', 'pkgname': 'linux-headers-lowlatency-hwe-18.04-edge', 'pkgver': '5.4.0.104.108'},\n {'osver': '20.04', 'pkgname': 'linux-headers-oem', 'pkgver': '5.4.0.104.108'},\n {'osver': '20.04', 'pkgname': 'linux-headers-oem-osp1', 'pkgver': '5.4.0.104.108'},\n {'osver': '20.04', 'pkgname': 'linux-headers-oracle-lts-20.04', 'pkgver': '5.4.0.1066.66'},\n {'osver': '20.04', 'pkgname': 'linux-headers-raspi', 'pkgver': '5.4.0.1055.89'},\n {'osver': '20.04', 'pkgname': 'linux-headers-raspi-hwe-18.04', 'pkgver': '5.4.0.1055.89'},\n {'osver': '20.04', 'pkgname': 'linux-headers-raspi-hwe-18.04-edge', 'pkgver': '5.4.0.1055.89'},\n {'osver': '20.04', 'pkgname': 'linux-headers-raspi2', 'pkgver': '5.4.0.1055.89'},\n {'osver': '20.04', 'pkgname': 'linux-headers-raspi2-hwe-18.04', 'pkgver': '5.4.0.1055.89'},\n {'osver': '20.04', 'pkgname': 'linux-headers-raspi2-hwe-18.04-edge', 'pkgver': '5.4.0.1055.89'},\n {'osver': '20.04', 'pkgname': 'linux-headers-virtual', 'pkgver': '5.4.0.104.108'},\n {'osver': '20.04', 'pkgname': 'linux-headers-virtual-hwe-18.04', 'pkgver': '5.4.0.104.108'},\n {'osver': '20.04', 'pkgname': 'linux-headers-virtual-hwe-18.04-edge', 'pkgver': '5.4.0.104.108'},\n {'osver': '20.04', 'pkgname': 'linux-ibm', 'pkgver': '5.4.0.1017.17'},\n {'osver': '20.04', 'pkgname': 'linux-ibm-cloud-tools-common', 'pkgver': '5.4.0-1017.19'},\n {'osver': '20.04', 'pkgname': 'linux-ibm-headers-5.4.0-1017', 'pkgver': '5.4.0-1017.19'},\n {'osver': '20.04', 'pkgname': 'linux-ibm-lts-20.04', 'pkgver': '5.4.0.1017.17'},\n {'osver': '20.04', 'pkgname': 'linux-ibm-source-5.4.0', 'pkgver': '5.4.0-1017.19'},\n {'osver': '20.04', 'pkgname': 'linux-ibm-tools-5.4.0-1017', 'pkgver': '5.4.0-1017.19'},\n {'osver': '20.04', 'pkgname': 'linux-ibm-tools-common', 'pkgver': '5.4.0-1017.19'},\n {'osver': '20.04', 'pkgname': 'linux-image-5.4.0-1017-ibm', 'pkgver': '5.4.0-1017.19'},\n {'osver': '20.04', 'pkgname': 'linux-image-5.4.0-1030-bluefield', 'pkgver': '5.4.0-1030.33'},\n {'osver': '20.04', 'pkgname': 'linux-image-5.4.0-1036-gkeop', 'pkgver': '5.4.0-1036.37'},\n {'osver': '20.04', 'pkgname': 'linux-image-5.4.0-104-generic', 'pkgver': '5.4.0-104.118'},\n {'osver': '20.04', 'pkgname': 'linux-image-5.4.0-104-generic-lpae', 'pkgver': '5.4.0-104.118'},\n {'osver': '20.04', 'pkgname': 'linux-image-5.4.0-104-lowlatency', 'pkgver': '5.4.0-104.118'},\n {'osver': '20.04', 'pkgname': 'linux-image-5.4.0-1055-raspi', 'pkgver': '5.4.0-1055.62'},\n {'osver': '20.04', 'pkgname': 'linux-image-5.4.0-1058-kvm', 'pkgver': '5.4.0-1058.61'},\n {'osver': '20.04', 'pkgname': 'linux-image-5.4.0-1065-gke', 'pkgver': '5.4.0-1065.68'},\n {'osver': '20.04', 'pkgname': 'linux-image-5.4.0-1066-oracle', 'pkgver': '5.4.0-1066.71'},\n {'osver': '20.04', 'pkgname': 'linux-image-5.4.0-1067-gcp', 'pkgver': '5.4.0-1067.71'},\n {'osver': '20.04', 'pkgname': 'linux-image-5.4.0-1068-aws', 'pkgver': '5.4.0-1068.72'},\n {'osver': '20.04', 'pkgname': 'linux-image-5.4.0-1072-azure', 'pkgver': '5.4.0-1072.75'},\n {'osver': '20.04', 'pkgname': 'linux-image-5.4.0-1072-azure-fde', 'pkgver': '5.4.0-1072.75+cvm1.1'},\n {'osver': '20.04', 'pkgname': 'linux-image-aws-lts-20.04', 'pkgver': '5.4.0.1068.70'},\n {'osver': '20.04', 'pkgname': 'linux-image-azure-fde', 'pkgver': '5.4.0.1072.75+cvm1.18'},\n {'osver': '20.04', 'pkgname': 'linux-image-azure-lts-20.04', 'pkgver': '5.4.0.1072.70'},\n {'osver': '20.04', 'pkgname': 'linux-image-bluefield', 'pkgver': '5.4.0.1030.31'},\n {'osver': '20.04', 'pkgname': 'linux-image-extra-virtual', 'pkgver': '5.4.0.104.108'},\n {'osver': '20.04', 'pkgname': 'linux-image-extra-virtual-hwe-18.04', 'pkgver': '5.4.0.104.108'},\n {'osver': '20.04', 'pkgname': 'linux-image-extra-virtual-hwe-18.04-edge', 'pkgver': '5.4.0.104.108'},\n {'osver': '20.04', 'pkgname': 'linux-image-gcp-lts-20.04', 'pkgver': '5.4.0.1067.76'},\n {'osver': '20.04', 'pkgname': 'linux-image-generic', 'pkgver': '5.4.0.104.108'},\n {'osver': '20.04', 'pkgname': 'linux-image-generic-hwe-18.04', 'pkgver': '5.4.0.104.108'},\n {'osver': '20.04', 'pkgname': 'linux-image-generic-hwe-18.04-edge', 'pkgver': '5.4.0.104.108'},\n {'osver': '20.04', 'pkgname': 'linux-image-generic-lpae', 'pkgver': '5.4.0.104.108'},\n {'osver': '20.04', 'pkgname': 'linux-image-generic-lpae-hwe-18.04', 'pkgver': '5.4.0.104.108'},\n {'osver': '20.04', 'pkgname': 'linux-image-generic-lpae-hwe-18.04-edge', 'pkgver': '5.4.0.104.108'},\n {'osver': '20.04', 'pkgname': 'linux-image-gke', 'pkgver': '5.4.0.1065.75'},\n {'osver': '20.04', 'pkgname': 'linux-image-gke-5.4', 'pkgver': '5.4.0.1065.75'},\n {'osver': '20.04', 'pkgname': 'linux-image-gkeop', 'pkgver': '5.4.0.1036.39'},\n {'osver': '20.04', 'pkgname': 'linux-image-gkeop-5.4', 'pkgver': '5.4.0.1036.39'},\n {'osver': '20.04', 'pkgname': 'linux-image-ibm', 'pkgver': '5.4.0.1017.17'},\n {'osver': '20.04', 'pkgname': 'linux-image-ibm-lts-20.04', 'pkgver': '5.4.0.1017.17'},\n {'osver': '20.04', 'pkgname': 'linux-image-kvm', 'pkgver': '5.4.0.1058.57'},\n {'osver': '20.04', 'pkgname': 'linux-image-lowlatency', 'pkgver': '5.4.0.104.108'},\n {'osver': '20.04', 'pkgname': 'linux-image-lowlatency-hwe-18.04', 'pkgver': '5.4.0.104.108'},\n {'osver': '20.04', 'pkgname': 'linux-image-lowlatency-hwe-18.04-edge', 'pkgver': '5.4.0.104.108'},\n {'osver': '20.04', 'pkgname': 'linux-image-oem', 'pkgver': '5.4.0.104.108'},\n {'osver': '20.04', 'pkgname': 'linux-image-oem-osp1', 'pkgver': '5.4.0.104.108'},\n {'osver': '20.04', 'pkgname': 'linux-image-oracle-lts-20.04', 'pkgver': '5.4.0.1066.66'},\n {'osver': '20.04', 'pkgname': 'linux-image-raspi', 'pkgver': '5.4.0.1055.89'},\n {'osver': '20.04', 'pkgname': 'linux-image-raspi-hwe-18.04', 'pkgver': '5.4.0.1055.89'},\n {'osver': '20.04', 'pkgname': 'linux-image-raspi-hwe-18.04-edge', 'pkgver': '5.4.0.1055.89'},\n {'osver': '20.04', 'pkgname': 'linux-image-raspi2', 'pkgver': '5.4.0.1055.89'},\n {'osver': '20.04', 'pkgname': 'linux-image-raspi2-hwe-18.04', 'pkgver': '5.4.0.1055.89'},\n {'osver': '20.04', 'pkgname': 'linux-image-raspi2-hwe-18.04-edge', 'pkgver': '5.4.0.1055.89'},\n {'osver': '20.04', 'pkgname': 'linux-image-unsigned-5.4.0-1017-ibm', 'pkgver': '5.4.0-1017.19'},\n {'osver': '20.04', 'pkgname': 'linux-image-unsigned-5.4.0-1030-bluefield', 'pkgver': '5.4.0-1030.33'},\n {'osver': '20.04', 'pkgname': 'linux-image-unsigned-5.4.0-1036-gkeop', 'pkgver': '5.4.0-1036.37'},\n {'osver': '20.04', 'pkgname': 'linux-image-unsigned-5.4.0-104-generic', 'pkgver': '5.4.0-104.118'},\n {'osver': '20.04', 'pkgname': 'linux-image-unsigned-5.4.0-104-lowlatency', 'pkgver': '5.4.0-104.118'},\n {'osver': '20.04', 'pkgname': 'linux-image-unsigned-5.4.0-1058-kvm', 'pkgver': '5.4.0-1058.61'},\n {'osver': '20.04', 'pkgname': 'linux-image-unsigned-5.4.0-1065-gke', 'pkgver': '5.4.0-1065.68'},\n {'osver': '20.04', 'pkgname': 'linux-image-unsigned-5.4.0-1066-oracle', 'pkgver': '5.4.0-1066.71'},\n {'osver': '20.04', 'pkgname': 'linux-image-unsigned-5.4.0-1067-gcp', 'pkgver': '5.4.0-1067.71'},\n {'osver': '20.04', 'pkgname': 'linux-image-unsigned-5.4.0-1068-aws', 'pkgver': '5.4.0-1068.72'},\n {'osver': '20.04', 'pkgname': 'linux-image-unsigned-5.4.0-1072-azure', 'pkgver': '5.4.0-1072.75'},\n {'osver': '20.04', 'pkgname': 'linux-image-unsigned-5.4.0-1072-azure-fde', 'pkgver': '5.4.0-1072.75+cvm1.1'},\n {'osver': '20.04', 'pkgname': 'linux-image-virtual', 'pkgver': '5.4.0.104.108'},\n {'osver': '20.04', 'pkgname': 'linux-image-virtual-hwe-18.04', 'pkgver': '5.4.0.104.108'},\n {'osver': '20.04', 'pkgname': 'linux-image-virtual-hwe-18.04-edge', 'pkgver': '5.4.0.104.108'},\n {'osver': '20.04', 'pkgname': 'linux-kvm', 'pkgver': '5.4.0.1058.57'},\n {'osver': '20.04', 'pkgname': 'linux-kvm-headers-5.4.0-1058', 'pkgver': '5.4.0-1058.61'},\n {'osver': '20.04', 'pkgname': 'linux-kvm-tools-5.4.0-1058', 'pkgver': '5.4.0-1058.61'},\n {'osver': '20.04', 'pkgname': 'linux-libc-dev', 'pkgver': '5.4.0-104.118'},\n {'osver': '20.04', 'pkgname': 'linux-lowlatency', 'pkgver': '5.4.0.104.108'},\n {'osver': '20.04', 'pkgname': 'linux-lowlatency-hwe-18.04', 'pkgver': '5.4.0.104.108'},\n {'osver': '20.04', 'pkgname': 'linux-lowlatency-hwe-18.04-edge', 'pkgver': '5.4.0.104.108'},\n {'osver': '20.04', 'pkgname': 'linux-modules-5.4.0-1017-ibm', 'pkgver': '5.4.0-1017.19'},\n {'osver': '20.04', 'pkgname': 'linux-modules-5.4.0-1030-bluefield', 'pkgver': '5.4.0-1030.33'},\n {'osver': '20.04', 'pkgname': 'linux-modules-5.4.0-1036-gkeop', 'pkgver': '5.4.0-1036.37'},\n {'osver': '20.04', 'pkgname': 'linux-modules-5.4.0-104-generic', 'pkgver': '5.4.0-104.118'},\n {'osver': '20.04', 'pkgname': 'linux-modules-5.4.0-104-generic-lpae', 'pkgver': '5.4.0-104.118'},\n {'osver': '20.04', 'pkgname': 'linux-modules-5.4.0-104-lowlatency', 'pkgver': '5.4.0-104.118'},\n {'osver': '20.04', 'pkgname': 'linux-modules-5.4.0-1055-raspi', 'pkgver': '5.4.0-1055.62'},\n {'osver': '20.04', 'pkgname': 'linux-modules-5.4.0-1058-kvm', 'pkgver': '5.4.0-1058.61'},\n {'osver': '20.04', 'pkgname': 'linux-modules-5.4.0-1065-gke', 'pkgver': '5.4.0-1065.68'},\n {'osver': '20.04', 'pkgname': 'linux-modules-5.4.0-1066-oracle', 'pkgver': '5.4.0-1066.71'},\n {'osver': '20.04', 'pkgname': 'linux-modules-5.4.0-1067-gcp', 'pkgver': '5.4.0-1067.71'},\n {'osver': '20.04', 'pkgname': 'linux-modules-5.4.0-1068-aws', 'pkgver': '5.4.0-1068.72'},\n {'osver': '20.04', 'pkgname': 'linux-modules-5.4.0-1072-azure', 'pkgver': '5.4.0-1072.75'},\n {'osver': '20.04', 'pkgname': 'linux-modules-extra-5.4.0-1017-ibm', 'pkgver': '5.4.0-1017.19'},\n {'osver': '20.04', 'pkgname': 'linux-modules-extra-5.4.0-1036-gkeop', 'pkgver': '5.4.0-1036.37'},\n {'osver': '20.04', 'pkgname': 'linux-modules-extra-5.4.0-104-generic', 'pkgver': '5.4.0-104.118'},\n {'osver': '20.04', 'pkgname': 'linux-modules-extra-5.4.0-1065-gke', 'pkgver': '5.4.0-1065.68'},\n {'osver': '20.04', 'pkgname': 'linux-modules-extra-5.4.0-1066-oracle', 'pkgver': '5.4.0-1066.71'},\n {'osver': '20.04', 'pkgname': 'linux-modules-extra-5.4.0-1067-gcp', 'pkgver': '5.4.0-1067.71'},\n {'osver': '20.04', 'pkgname': 'linux-modules-extra-5.4.0-1068-aws', 'pkgver': '5.4.0-1068.72'},\n {'osver': '20.04', 'pkgname': 'linux-modules-extra-5.4.0-1072-azure', 'pkgver': '5.4.0-1072.75'},\n {'osver': '20.04', 'pkgname': 'linux-modules-extra-aws-lts-20.04', 'pkgver': '5.4.0.1068.70'},\n {'osver': '20.04', 'pkgname': 'linux-modules-extra-azure-fde', 'pkgver': '5.4.0.1072.75+cvm1.18'},\n {'osver': '20.04', 'pkgname': 'linux-modules-extra-azure-lts-20.04', 'pkgver': '5.4.0.1072.70'},\n {'osver': '20.04', 'pkgname': 'linux-modules-extra-gcp-lts-20.04', 'pkgver': '5.4.0.1067.76'},\n {'osver': '20.04', 'pkgname': 'linux-modules-extra-gke', 'pkgver': '5.4.0.1065.75'},\n {'osver': '20.04', 'pkgname': 'linux-modules-extra-gke-5.4', 'pkgver': '5.4.0.1065.75'},\n {'osver': '20.04', 'pkgname': 'linux-modules-extra-gkeop', 'pkgver': '5.4.0.1036.39'},\n {'osver': '20.04', 'pkgname': 'linux-modules-extra-gkeop-5.4', 'pkgver': '5.4.0.1036.39'},\n {'osver': '20.04', 'pkgname': 'linux-modules-extra-ibm', 'pkgver': '5.4.0.1017.17'},\n {'osver': '20.04', 'pkgname': 'linux-modules-extra-ibm-lts-20.04', 'pkgver': '5.4.0.1017.17'},\n {'osver': '20.04', 'pkgname': 'linux-oem', 'pkgver': '5.4.0.104.108'},\n {'osver': '20.04', 'pkgname': 'linux-oem-osp1', 'pkgver': '5.4.0.104.108'},\n {'osver': '20.04', 'pkgname': 'linux-oem-osp1-tools-host', 'pkgver': '5.4.0.104.108'},\n {'osver': '20.04', 'pkgname': 'linux-oem-tools-host', 'pkgver': '5.4.0.104.108'},\n {'osver': '20.04', 'pkgname': 'linux-oracle-headers-5.4.0-1066', 'pkgver': '5.4.0-1066.71'},\n {'osver': '20.04', 'pkgname': 'linux-oracle-lts-20.04', 'pkgver': '5.4.0.1066.66'},\n {'osver': '20.04', 'pkgname': 'linux-oracle-tools-5.4.0-1066', 'pkgver': '5.4.0-1066.71'},\n {'osver': '20.04', 'pkgname': 'linux-raspi', 'pkgver': '5.4.0.1055.89'},\n {'osver': '20.04', 'pkgname': 'linux-raspi-headers-5.4.0-1055', 'pkgver': '5.4.0-1055.62'},\n {'osver': '20.04', 'pkgname': 'linux-raspi-hwe-18.04', 'pkgver': '5.4.0.1055.89'},\n {'osver': '20.04', 'pkgname': 'linux-raspi-hwe-18.04-edge', 'pkgver': '5.4.0.1055.89'},\n {'osver': '20.04', 'pkgname': 'linux-raspi-tools-5.4.0-1055', 'pkgver': '5.4.0-1055.62'},\n {'osver': '20.04', 'pkgname': 'linux-raspi2', 'pkgver': '5.4.0.1055.89'},\n {'osver': '20.04', 'pkgname': 'linux-raspi2-hwe-18.04', 'pkgver': '5.4.0.1055.89'},\n {'osver': '20.04', 'pkgname': 'linux-raspi2-hwe-18.04-edge', 'pkgver': '5.4.0.1055.89'},\n {'osver': '20.04', 'pkgname': 'linux-source', 'pkgver': '5.4.0.104.108'},\n {'osver': '20.04', 'pkgname': 'linux-source-5.4.0', 'pkgver': '5.4.0-104.118'},\n {'osver': '20.04', 'pkgname': 'linux-tools-5.4.0-1017-ibm', 'pkgver': '5.4.0-1017.19'},\n {'osver': '20.04', 'pkgname': 'linux-tools-5.4.0-1030-bluefield', 'pkgver': '5.4.0-1030.33'},\n {'osver': '20.04', 'pkgname': 'linux-tools-5.4.0-1036-gkeop', 'pkgver': '5.4.0-1036.37'},\n {'osver': '20.04', 'pkgname': 'linux-tools-5.4.0-104', 'pkgver': '5.4.0-104.118'},\n {'osver': '20.04', 'pkgname': 'linux-tools-5.4.0-104-generic', 'pkgver': '5.4.0-104.118'},\n {'osver': '20.04', 'pkgname': 'linux-tools-5.4.0-104-generic-lpae', 'pkgver': '5.4.0-104.118'},\n {'osver': '20.04', 'pkgname': 'linux-tools-5.4.0-104-lowlatency', 'pkgver': '5.4.0-104.118'},\n {'osver': '20.04', 'pkgname': 'linux-tools-5.4.0-1055-raspi', 'pkgver': '5.4.0-1055.62'},\n {'osver': '20.04', 'pkgname': 'linux-tools-5.4.0-1058-kvm', 'pkgver': '5.4.0-1058.61'},\n {'osver': '20.04', 'pkgname': 'linux-tools-5.4.0-1065-gke', 'pkgver': '5.4.0-1065.68'},\n {'osver': '20.04', 'pkgname': 'linux-tools-5.4.0-1066-oracle', 'pkgver': '5.4.0-1066.71'},\n {'osver': '20.04', 'pkgname': 'linux-tools-5.4.0-1067-gcp', 'pkgver': '5.4.0-1067.71'},\n {'osver': '20.04', 'pkgname': 'linux-tools-5.4.0-1068-aws', 'pkgver': '5.4.0-1068.72'},\n {'osver': '20.04', 'pkgname': 'linux-tools-5.4.0-1072-azure', 'pkgver': '5.4.0-1072.75'},\n {'osver': '20.04', 'pkgname': 'linux-tools-aws-lts-20.04', 'pkgver': '5.4.0.1068.70'},\n {'osver': '20.04', 'pkgname': 'linux-tools-azure-fde', 'pkgver': '5.4.0.1072.75+cvm1.18'},\n {'osver': '20.04', 'pkgname': 'linux-tools-azure-lts-20.04', 'pkgver': '5.4.0.1072.70'},\n {'osver': '20.04', 'pkgname': 'linux-tools-bluefield', 'pkgver': '5.4.0.1030.31'},\n {'osver': '20.04', 'pkgname': 'linux-tools-common', 'pkgver': '5.4.0-104.118'},\n {'osver': '20.04', 'pkgname': 'linux-tools-gcp-lts-20.04', 'pkgver': '5.4.0.1067.76'},\n {'osver': '20.04', 'pkgname': 'linux-tools-generic', 'pkgver': '5.4.0.104.108'},\n {'osver': '20.04', 'pkgname': 'linux-tools-generic-hwe-18.04', 'pkgver': '5.4.0.104.108'},\n {'osver': '20.04', 'pkgname': 'linux-tools-generic-hwe-18.04-edge', 'pkgver': '5.4.0.104.108'},\n {'osver': '20.04', 'pkgname': 'linux-tools-generic-lpae', 'pkgver': '5.4.0.104.108'},\n {'osver': '20.04', 'pkgname': 'linux-tools-generic-lpae-hwe-18.04', 'pkgver': '5.4.0.104.108'},\n {'osver': '20.04', 'pkgname': 'linux-tools-generic-lpae-hwe-18.04-edge', 'pkgver': '5.4.0.104.108'},\n {'osver': '20.04', 'pkgname': 'linux-tools-gke', 'pkgver': '5.4.0.1065.75'},\n {'osver': '20.04', 'pkgname': 'linux-tools-gke-5.4', 'pkgver': '5.4.0.1065.75'},\n {'osver': '20.04', 'pkgname': 'linux-tools-gkeop', 'pkgver': '5.4.0.1036.39'},\n {'osver': '20.04', 'pkgname': 'linux-tools-gkeop-5.4', 'pkgver': '5.4.0.1036.39'},\n {'osver': '20.04', 'pkgname': 'linux-tools-host', 'pkgver': '5.4.0-104.118'},\n {'osver': '20.04', 'pkgname': 'linux-tools-ibm', 'pkgver': '5.4.0.1017.17'},\n {'osver': '20.04', 'pkgname': 'linux-tools-ibm-lts-20.04', 'pkgver': '5.4.0.1017.17'},\n {'osver': '20.04', 'pkgname': 'linux-tools-kvm', 'pkgver': '5.4.0.1058.57'},\n {'osver': '20.04', 'pkgname': 'linux-tools-lowlatency', 'pkgver': '5.4.0.104.108'},\n {'osver': '20.04', 'pkgname': 'linux-tools-lowlatency-hwe-18.04', 'pkgver': '5.4.0.104.108'},\n {'osver': '20.04', 'pkgname': 'linux-tools-lowlatency-hwe-18.04-edge', 'pkgver': '5.4.0.104.108'},\n {'osver': '20.04', 'pkgname': 'linux-tools-oem', 'pkgver': '5.4.0.104.108'},\n {'osver': '20.04', 'pkgname': 'linux-tools-oem-osp1', 'pkgver': '5.4.0.104.108'},\n {'osver': '20.04', 'pkgname': 'linux-tools-oracle-lts-20.04', 'pkgver': '5.4.0.1066.66'},\n {'osver': '20.04', 'pkgname': 'linux-tools-raspi', 'pkgver': '5.4.0.1055.89'},\n {'osver': '20.04', 'pkgname': 'linux-tools-raspi-hwe-18.04', 'pkgver': '5.4.0.1055.89'},\n {'osver': '20.04', 'pkgname': 'linux-tools-raspi-hwe-18.04-edge', 'pkgver': '5.4.0.1055.89'},\n {'osver': '20.04', 'pkgname': 'linux-tools-raspi2', 'pkgver': '5.4.0.1055.89'},\n {'osver': '20.04', 'pkgname': 'linux-tools-raspi2-hwe-18.04', 'pkgver': '5.4.0.1055.89'},\n {'osver': '20.04', 'pkgname': 'linux-tools-raspi2-hwe-18.04-edge', 'pkgver': '5.4.0.1055.89'},\n {'osver': '20.04', 'pkgname': 'linux-tools-virtual', 'pkgver': '5.4.0.104.108'},\n {'osver': '20.04', 'pkgname': 'linux-tools-virtual-hwe-18.04', 'pkgver': '5.4.0.104.108'},\n {'osver': '20.04', 'pkgname': 'linux-tools-virtual-hwe-18.04-edge', 'pkgver': '5.4.0.104.108'},\n {'osver': '20.04', 'pkgname': 'linux-virtual', 'pkgver': '5.4.0.104.108'},\n {'osver': '20.04', 'pkgname': 'linux-virtual-hwe-18.04', 'pkgver': '5.4.0.104.108'},\n {'osver': '20.04', 'pkgname': 'linux-virtual-hwe-18.04-edge', 'pkgver': '5.4.0.104.108'}\n];\n\nvar flag = 0;\nforeach package_array ( pkgs ) {\n var osver = NULL;\n var pkgname = NULL;\n var pkgver = NULL;\n if (!empty_or_null(package_array['osver'])) osver = package_array['osver'];\n if (!empty_or_null(package_array['pkgname'])) pkgname = package_array['pkgname'];\n if (!empty_or_null(package_array['pkgver'])) pkgver = package_array['pkgver'];\n if (osver && pkgname && pkgver) {\n if (ubuntu_check(osver:osver, pkgname:pkgname, pkgver:pkgver)) flag++;\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : ubuntu_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = ubuntu_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'linux-aws / linux-aws-5.4-cloud-tools-5.4.0-1068 / etc');\n}\n", "cvss": {"score": 6.9, "vector": "AV:L/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2022-08-10T16:33:41", "description": "The remote SUSE Linux SLES12 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2022:0762-1 advisory.\n\n - An issue was discovered in fs/gfs2/rgrp.c in the Linux kernel before 4.8. A use-after-free is caused by the functions gfs2_clear_rgrpd and read_rindex_entry. (CVE-2016-10905)\n\n - In unix_scm_to_skb of af_unix.c, there is a possible use after free bug due to a race condition. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-196926917References:\n Upstream kernel (CVE-2021-0920)\n\n - Non-transparent sharing of branch predictor selectors between contexts in some Intel(R) Processors may allow an authorized user to potentially enable information disclosure via local access. (CVE-2022-0001)\n\n - Non-transparent sharing of branch predictor within a context in some Intel(R) Processors may allow an authorized user to potentially enable information disclosure via local access. (CVE-2022-0002)\n\n - A vulnerability was found in the Linux kernel's cgroup_release_agent_write in the kernel/cgroup/cgroup-v1.c function. This flaw, under certain circumstances, allows the use of the cgroups v1 release_agent feature to escalate privileges and bypass the namespace isolation unexpectedly.\n (CVE-2022-0492)\n\n - A flaw null pointer dereference in the Linux kernel UDF file system functionality was found in the way user triggers udf_file_write_iter function for the malicious UDF image. A local user could use this flaw to crash the system. Actual from Linux kernel 4.2-rc1 till 5.17-rc2. (CVE-2022-0617)\n\n - An issue was discovered in fs/nfs/dir.c in the Linux kernel before 5.16.5. If an application sets the O_DIRECTORY flag, and tries to open a regular file, nfs_atomic_open() performs a regular lookup. If a regular file is found, ENOTDIR should occur, but the server instead returns uninitialized data in the file descriptor. (CVE-2022-24448)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {"score": 7.8, "vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"}, "published": "2022-03-09T00:00:00", "type": "nessus", "title": "SUSE SLES12 Security Update : kernel (SUSE-SU-2022:0762-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-10905", "CVE-2021-0920", "CVE-2022-0001", "CVE-2022-0002", "CVE-2022-0492", "CVE-2022-0617", "CVE-2022-24448"], "modified": "2022-05-25T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:cluster-md-kmp-default", "p-cpe:/a:novell:suse_linux:dlm-kmp-default", "p-cpe:/a:novell:suse_linux:gfs2-kmp-default", "p-cpe:/a:novell:suse_linux:kernel-default", "p-cpe:/a:novell:suse_linux:kernel-default-base", "p-cpe:/a:novell:suse_linux:kernel-default-devel", "p-cpe:/a:novell:suse_linux:kernel-default-kgraft", "p-cpe:/a:novell:suse_linux:kernel-default-man", "p-cpe:/a:novell:suse_linux:kernel-devel", "p-cpe:/a:novell:suse_linux:kernel-macros", "p-cpe:/a:novell:suse_linux:kernel-source", "p-cpe:/a:novell:suse_linux:kernel-syms", "p-cpe:/a:novell:suse_linux:kgraft-patch-4_4_180-94_156-default", "p-cpe:/a:novell:suse_linux:ocfs2-kmp-default", "cpe:/o:novell:suse_linux:12"], "id": "SUSE_SU-2022-0762-1.NASL", "href": "https://www.tenable.com/plugins/nessus/158748", "sourceData": "#%NASL_MIN_LEVEL 70300\n##\n# (C) Tenable, Inc.\n#\n# The package checks in this plugin were extracted from\n# SUSE update advisory SUSE-SU-2022:0762-1. The text itself\n# is copyright (C) SUSE.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(158748);\n script_version(\"1.6\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/05/25\");\n\n script_cve_id(\n \"CVE-2016-10905\",\n \"CVE-2021-0920\",\n \"CVE-2022-0001\",\n \"CVE-2022-0002\",\n \"CVE-2022-0492\",\n \"CVE-2022-0617\",\n \"CVE-2022-24448\"\n );\n script_xref(name:\"SuSE\", value:\"SUSE-SU-2022:0762-1\");\n script_xref(name:\"CISA-KNOWN-EXPLOITED\", value:\"2022/06/13\");\n\n script_name(english:\"SUSE SLES12 Security Update : kernel (SUSE-SU-2022:0762-1)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote SUSE host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote SUSE Linux SLES12 host has packages installed that are affected by multiple vulnerabilities as referenced in\nthe SUSE-SU-2022:0762-1 advisory.\n\n - An issue was discovered in fs/gfs2/rgrp.c in the Linux kernel before 4.8. A use-after-free is caused by\n the functions gfs2_clear_rgrpd and read_rindex_entry. (CVE-2016-10905)\n\n - In unix_scm_to_skb of af_unix.c, there is a possible use after free bug due to a race condition. This\n could lead to local escalation of privilege with System execution privileges needed. User interaction is\n not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-196926917References:\n Upstream kernel (CVE-2021-0920)\n\n - Non-transparent sharing of branch predictor selectors between contexts in some Intel(R) Processors may\n allow an authorized user to potentially enable information disclosure via local access. (CVE-2022-0001)\n\n - Non-transparent sharing of branch predictor within a context in some Intel(R) Processors may allow an\n authorized user to potentially enable information disclosure via local access. (CVE-2022-0002)\n\n - A vulnerability was found in the Linux kernel's cgroup_release_agent_write in the\n kernel/cgroup/cgroup-v1.c function. This flaw, under certain circumstances, allows the use of the cgroups\n v1 release_agent feature to escalate privileges and bypass the namespace isolation unexpectedly.\n (CVE-2022-0492)\n\n - A flaw null pointer dereference in the Linux kernel UDF file system functionality was found in the way\n user triggers udf_file_write_iter function for the malicious UDF image. A local user could use this flaw\n to crash the system. Actual from Linux kernel 4.2-rc1 till 5.17-rc2. (CVE-2022-0617)\n\n - An issue was discovered in fs/nfs/dir.c in the Linux kernel before 5.16.5. If an application sets the\n O_DIRECTORY flag, and tries to open a regular file, nfs_atomic_open() performs a regular lookup. If a\n regular file is found, ENOTDIR should occur, but the server instead returns uninitialized data in the file\n descriptor. (CVE-2022-24448)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1146312\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1185973\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1191580\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1193731\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1194463\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1195536\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1195543\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1195612\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1195908\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1195939\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1196079\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1196612\");\n # https://lists.suse.com/pipermail/sle-security-updates/2022-March/010390.html\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?202c3c9c\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2016-10905\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-0920\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-0001\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-0002\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-0492\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-0617\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-24448\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2021-0920\");\n script_set_attribute(attribute:\"cvss3_score_source\", value:\"CVE-2022-0492\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/08/19\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2022/03/08\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/03/09\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:cluster-md-kmp-default\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:dlm-kmp-default\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:gfs2-kmp-default\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-base\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-kgraft\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-man\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-macros\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-source\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-syms\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kgraft-patch-4_4_180-94_156-default\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:ocfs2-kmp-default\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:12\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"SuSE Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"linux_alt_patch_detect.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude('audit.inc');\ninclude('global_settings.inc');\ninclude('misc_func.inc');\ninclude('rpm.inc');\ninclude('ksplice.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar release = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nvar os_ver = pregmatch(pattern: \"^(SLE(S|D)\\d+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'SUSE');\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLES12)$\", string:os_ver)) audit(AUDIT_OS_NOT, 'SUSE SLES12', 'SUSE ' + os_ver);\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'SUSE ' + os_ver, cpu);\n\nvar sp = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(sp)) sp = \"0\";\nif (os_ver == \"SLES12\" && (! preg(pattern:\"^(3|4|5)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLES12 SP3/4/5\", os_ver + \" SP\" + sp);\n\nvar pkgs = [\n {'reference':'cluster-md-kmp-default-4.4.180-94.156.1', 'sp':'3', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'SLE-HPC-release-12.3'},\n {'reference':'cluster-md-kmp-default-4.4.180-94.156.1', 'sp':'4', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'SLE-HPC-release-12.3'},\n {'reference':'cluster-md-kmp-default-4.4.180-94.156.1', 'sp':'5', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'SLE-HPC-release-12.3'},\n {'reference':'dlm-kmp-default-4.4.180-94.156.1', 'sp':'3', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'SLE-HPC-release-12.3'},\n {'reference':'dlm-kmp-default-4.4.180-94.156.1', 'sp':'4', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'SLE-HPC-release-12.3'},\n {'reference':'dlm-kmp-default-4.4.180-94.156.1', 'sp':'5', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'SLE-HPC-release-12.3'},\n {'reference':'gfs2-kmp-default-4.4.180-94.156.1', 'sp':'3', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'SLE-HPC-release-12.3'},\n {'reference':'gfs2-kmp-default-4.4.180-94.156.1', 'sp':'4', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'SLE-HPC-release-12.3'},\n {'reference':'gfs2-kmp-default-4.4.180-94.156.1', 'sp':'5', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'SLE-HPC-release-12.3'},\n {'reference':'ocfs2-kmp-default-4.4.180-94.156.1', 'sp':'3', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'SLE-HPC-release-12.3'},\n {'reference':'ocfs2-kmp-default-4.4.180-94.156.1', 'sp':'4', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'SLE-HPC-release-12.3'},\n {'reference':'ocfs2-kmp-default-4.4.180-94.156.1', 'sp':'5', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'SLE-HPC-release-12.3'},\n {'reference':'cluster-md-kmp-default-4.4.180-94.156.1', 'sp':'3', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'SLES_SAP-release-12.3'},\n {'reference':'cluster-md-kmp-default-4.4.180-94.156.1', 'sp':'4', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'SLES_SAP-release-12.3'},\n {'reference':'cluster-md-kmp-default-4.4.180-94.156.1', 'sp':'5', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'SLES_SAP-release-12.3'},\n {'reference':'dlm-kmp-default-4.4.180-94.156.1', 'sp':'3', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'SLES_SAP-release-12.3'},\n {'reference':'dlm-kmp-default-4.4.180-94.156.1', 'sp':'4', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'SLES_SAP-release-12.3'},\n {'reference':'dlm-kmp-default-4.4.180-94.156.1', 'sp':'5', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'SLES_SAP-release-12.3'},\n {'reference':'gfs2-kmp-default-4.4.180-94.156.1', 'sp':'3', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'SLES_SAP-release-12.3'},\n {'reference':'gfs2-kmp-default-4.4.180-94.156.1', 'sp':'4', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'SLES_SAP-release-12.3'},\n {'reference':'gfs2-kmp-default-4.4.180-94.156.1', 'sp':'5', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'SLES_SAP-release-12.3'},\n {'reference':'kernel-default-4.4.180-94.156.1', 'sp':'3', 'cpu':'x86_64', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'SLES_SAP-release-12.3'},\n {'reference':'kernel-default-base-4.4.180-94.156.1', 'sp':'3', 'cpu':'x86_64', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'SLES_SAP-release-12.3'},\n {'reference':'kernel-default-devel-4.4.180-94.156.1', 'sp':'3', 'cpu':'x86_64', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'SLES_SAP-release-12.3'},\n {'reference':'kernel-default-kgraft-4.4.180-94.156.1', 'sp':'3', 'cpu':'x86_64', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'SLES_SAP-release-12.3'},\n {'reference':'kernel-devel-4.4.180-94.156.1', 'sp':'3', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'SLES_SAP-release-12.3'},\n {'reference':'kernel-macros-4.4.180-94.156.1', 'sp':'3', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'SLES_SAP-release-12.3'},\n {'reference':'kernel-source-4.4.180-94.156.1', 'sp':'3', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'SLES_SAP-release-12.3'},\n {'reference':'kernel-syms-4.4.180-94.156.1', 'sp':'3', 'cpu':'x86_64', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'SLES_SAP-release-12.3'},\n {'reference':'kgraft-patch-4_4_180-94_156-default-1-4.3.1', 'sp':'3', 'cpu':'x86_64', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'SLES_SAP-release-12.3'},\n {'reference':'ocfs2-kmp-default-4.4.180-94.156.1', 'sp':'3', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'SLES_SAP-release-12.3'},\n {'reference':'ocfs2-kmp-default-4.4.180-94.156.1', 'sp':'4', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'SLES_SAP-release-12.3'},\n {'reference':'ocfs2-kmp-default-4.4.180-94.156.1', 'sp':'5', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'SLES_SAP-release-12.3'},\n {'reference':'cluster-md-kmp-default-4.4.180-94.156.1', 'sp':'3', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'SLES_SAP-release-12.4'},\n {'reference':'cluster-md-kmp-default-4.4.180-94.156.1', 'sp':'4', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'SLES_SAP-release-12.4'},\n {'reference':'cluster-md-kmp-default-4.4.180-94.156.1', 'sp':'5', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'SLES_SAP-release-12.4'},\n {'reference':'dlm-kmp-default-4.4.180-94.156.1', 'sp':'3', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'SLES_SAP-release-12.4'},\n {'reference':'dlm-kmp-default-4.4.180-94.156.1', 'sp':'4', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'SLES_SAP-release-12.4'},\n {'reference':'dlm-kmp-default-4.4.180-94.156.1', 'sp':'5', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'SLES_SAP-release-12.4'},\n {'reference':'gfs2-kmp-default-4.4.180-94.156.1', 'sp':'3', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'SLES_SAP-release-12.4'},\n {'reference':'gfs2-kmp-default-4.4.180-94.156.1', 'sp':'4', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'SLES_SAP-release-12.4'},\n {'reference':'gfs2-kmp-default-4.4.180-94.156.1', 'sp':'5', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'SLES_SAP-release-12.4'},\n {'reference':'ocfs2-kmp-default-4.4.180-94.156.1', 'sp':'3', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'SLES_SAP-release-12.4'},\n {'reference':'ocfs2-kmp-default-4.4.180-94.156.1', 'sp':'4', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'SLES_SAP-release-12.4'},\n {'reference':'ocfs2-kmp-default-4.4.180-94.156.1', 'sp':'5', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'SLES_SAP-release-12.4'},\n {'reference':'cluster-md-kmp-default-4.4.180-94.156.1', 'sp':'3', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'SLES_SAP-release-12.5'},\n {'reference':'cluster-md-kmp-default-4.4.180-94.156.1', 'sp':'4', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'SLES_SAP-release-12.5'},\n {'reference':'cluster-md-kmp-default-4.4.180-94.156.1', 'sp':'5', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'SLES_SAP-release-12.5'},\n {'reference':'dlm-kmp-default-4.4.180-94.156.1', 'sp':'3', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'SLES_SAP-release-12.5'},\n {'reference':'dlm-kmp-default-4.4.180-94.156.1', 'sp':'4', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'SLES_SAP-release-12.5'},\n {'reference':'dlm-kmp-default-4.4.180-94.156.1', 'sp':'5', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'SLES_SAP-release-12.5'},\n {'reference':'gfs2-kmp-default-4.4.180-94.156.1', 'sp':'3', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'SLES_SAP-release-12.5'},\n {'reference':'gfs2-kmp-default-4.4.180-94.156.1', 'sp':'4', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'SLES_SAP-release-12.5'},\n {'reference':'gfs2-kmp-default-4.4.180-94.156.1', 'sp':'5', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'SLES_SAP-release-12.5'},\n {'reference':'ocfs2-kmp-default-4.4.180-94.156.1', 'sp':'3', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'SLES_SAP-release-12.5'},\n {'reference':'ocfs2-kmp-default-4.4.180-94.156.1', 'sp':'4', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'SLES_SAP-release-12.5'},\n {'reference':'ocfs2-kmp-default-4.4.180-94.156.1', 'sp':'5', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'SLES_SAP-release-12.5'},\n {'reference':'cluster-md-kmp-default-4.4.180-94.156.1', 'sp':'3', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'sle-ha-release-12.3'},\n {'reference':'cluster-md-kmp-default-4.4.180-94.156.1', 'sp':'4', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'sle-ha-release-12.3'},\n {'reference':'cluster-md-kmp-default-4.4.180-94.156.1', 'sp':'5', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'sle-ha-release-12.3'},\n {'reference':'dlm-kmp-default-4.4.180-94.156.1', 'sp':'3', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'sle-ha-release-12.3'},\n {'reference':'dlm-kmp-default-4.4.180-94.156.1', 'sp':'4', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'sle-ha-release-12.3'},\n {'reference':'dlm-kmp-default-4.4.180-94.156.1', 'sp':'5', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'sle-ha-release-12.3'},\n {'reference':'gfs2-kmp-default-4.4.180-94.156.1', 'sp':'3', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'sle-ha-release-12.3'},\n {'reference':'gfs2-kmp-default-4.4.180-94.156.1', 'sp':'4', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'sle-ha-release-12.3'},\n {'reference':'gfs2-kmp-default-4.4.180-94.156.1', 'sp':'5', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'sle-ha-release-12.3'},\n {'reference':'ocfs2-kmp-default-4.4.180-94.156.1', 'sp':'3', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'sle-ha-release-12.3'},\n {'reference':'ocfs2-kmp-default-4.4.180-94.156.1', 'sp':'4', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'sle-ha-release-12.3'},\n {'reference':'ocfs2-kmp-default-4.4.180-94.156.1', 'sp':'5', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'sle-ha-release-12.3'},\n {'reference':'cluster-md-kmp-default-4.4.180-94.156.1', 'sp':'3', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'sles-release-12.3'},\n {'reference':'cluster-md-kmp-default-4.4.180-94.156.1', 'sp':'4', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'sles-release-12.3'},\n {'reference':'cluster-md-kmp-default-4.4.180-94.156.1', 'sp':'5', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'sles-release-12.3'},\n {'reference':'dlm-kmp-default-4.4.180-94.156.1', 'sp':'3', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'sles-release-12.3'},\n {'reference':'dlm-kmp-default-4.4.180-94.156.1', 'sp':'4', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'sles-release-12.3'},\n {'reference':'dlm-kmp-default-4.4.180-94.156.1', 'sp':'5', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'sles-release-12.3'},\n {'reference':'gfs2-kmp-default-4.4.180-94.156.1', 'sp':'3', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'sles-release-12.3'},\n {'reference':'gfs2-kmp-default-4.4.180-94.156.1', 'sp':'4', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'sles-release-12.3'},\n {'reference':'gfs2-kmp-default-4.4.180-94.156.1', 'sp':'5', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'sles-release-12.3'},\n {'reference':'kernel-default-4.4.180-94.156.1', 'sp':'3', 'cpu':'x86_64', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'sles-release-12.3'},\n {'reference':'kernel-default-4.4.180-94.156.1', 'sp':'3', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'sles-release-12.3'},\n {'reference':'kernel-default-base-4.4.180-94.156.1', 'sp':'3', 'cpu':'x86_64', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'sles-release-12.3'},\n {'reference':'kernel-default-base-4.4.180-94.156.1', 'sp':'3', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'sles-release-12.3'},\n {'reference':'kernel-default-devel-4.4.180-94.156.1', 'sp':'3', 'cpu':'x86_64', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'sles-release-12.3'},\n {'reference':'kernel-default-devel-4.4.180-94.156.1', 'sp':'3', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'sles-release-12.3'},\n {'reference':'kernel-default-kgraft-4.4.180-94.156.1', 'sp':'3', 'cpu':'x86_64', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'sles-release-12.3'},\n {'reference':'kernel-default-man-4.4.180-94.156.1', 'sp':'3', 'cpu':'s390x', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'sles-release-12.3'},\n {'reference':'kernel-devel-4.4.180-94.156.1', 'sp':'3', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'sles-release-12.3'},\n {'reference':'kernel-devel-4.4.180-94.156.1', 'sp':'3', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'sles-release-12.3'},\n {'reference':'kernel-macros-4.4.180-94.156.1', 'sp':'3', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'sles-release-12.3'},\n {'reference':'kernel-macros-4.4.180-94.156.1', 'sp':'3', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'sles-release-12.3'},\n {'reference':'kernel-source-4.4.180-94.156.1', 'sp':'3', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'sles-release-12.3'},\n {'reference':'kernel-source-4.4.180-94.156.1', 'sp':'3', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'sles-release-12.3'},\n {'reference':'kernel-syms-4.4.180-94.156.1', 'sp':'3', 'cpu':'x86_64', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'sles-release-12.3'},\n {'reference':'kernel-syms-4.4.180-94.156.1', 'sp':'3', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'sles-release-12.3'},\n {'reference':'kgraft-patch-4_4_180-94_156-default-1-4.3.1', 'sp':'3', 'cpu':'x86_64', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'sles-release-12.3'},\n {'reference':'ocfs2-kmp-default-4.4.180-94.156.1', 'sp':'3', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'sles-release-12.3'},\n {'reference':'ocfs2-kmp-default-4.4.180-94.156.1', 'sp':'4', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'sles-release-12.3'},\n {'reference':'ocfs2-kmp-default-4.4.180-94.156.1', 'sp':'5', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'sles-release-12.3'},\n {'reference':'cluster-md-kmp-default-4.4.180-94.156.1', 'sp':'3', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'sles-release-12.4'},\n {'reference':'cluster-md-kmp-default-4.4.180-94.156.1', 'sp':'4', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'sles-release-12.4'},\n {'reference':'cluster-md-kmp-default-4.4.180-94.156.1', 'sp':'5', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'sles-release-12.4'},\n {'reference':'dlm-kmp-default-4.4.180-94.156.1', 'sp':'3', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'sles-release-12.4'},\n {'reference':'dlm-kmp-default-4.4.180-94.156.1', 'sp':'4', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'sles-release-12.4'},\n {'reference':'dlm-kmp-default-4.4.180-94.156.1', 'sp':'5', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'sles-release-12.4'},\n {'reference':'gfs2-kmp-default-4.4.180-94.156.1', 'sp':'3', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'sles-release-12.4'},\n {'reference':'gfs2-kmp-default-4.4.180-94.156.1', 'sp':'4', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'sles-release-12.4'},\n {'reference':'gfs2-kmp-default-4.4.180-94.156.1', 'sp':'5', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'sles-release-12.4'},\n {'reference':'ocfs2-kmp-default-4.4.180-94.156.1', 'sp':'3', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'sles-release-12.4'},\n {'reference':'ocfs2-kmp-default-4.4.180-94.156.1', 'sp':'4', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'sles-release-12.4'},\n {'reference':'ocfs2-kmp-default-4.4.180-94.156.1', 'sp':'5', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'sles-release-12.4'},\n {'reference':'cluster-md-kmp-default-4.4.180-94.156.1', 'sp':'3', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'sles-release-12.5'},\n {'reference':'cluster-md-kmp-default-4.4.180-94.156.1', 'sp':'4', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'sles-release-12.5'},\n {'reference':'cluster-md-kmp-default-4.4.180-94.156.1', 'sp':'5', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'sles-release-12.5'},\n {'reference':'dlm-kmp-default-4.4.180-94.156.1', 'sp':'3', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'sles-release-12.5'},\n {'reference':'dlm-kmp-default-4.4.180-94.156.1', 'sp':'4', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'sles-release-12.5'},\n {'reference':'dlm-kmp-default-4.4.180-94.156.1', 'sp':'5', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'sles-release-12.5'},\n {'reference':'gfs2-kmp-default-4.4.180-94.156.1', 'sp':'3', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'sles-release-12.5'},\n {'reference':'gfs2-kmp-default-4.4.180-94.156.1', 'sp':'4', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'sles-release-12.5'},\n {'reference':'gfs2-kmp-default-4.4.180-94.156.1', 'sp':'5', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'sles-release-12.5'},\n {'reference':'ocfs2-kmp-default-4.4.180-94.156.1', 'sp':'3', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'sles-release-12.5'},\n {'reference':'ocfs2-kmp-default-4.4.180-94.156.1', 'sp':'4', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'sles-release-12.5'},\n {'reference':'ocfs2-kmp-default-4.4.180-94.156.1', 'sp':'5', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'sles-release-12.5'}\n];\n\nvar ltss_caveat_required = FALSE;\nvar flag = 0;\nforeach package_array ( pkgs ) {\n var reference = NULL;\n var release = NULL;\n var sp = NULL;\n var cpu = NULL;\n var exists_check = NULL;\n var rpm_spec_vers_cmp = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) release = package_array['release'];\n if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) cpu = package_array['cpu'];\n if (!empty_or_null(package_array['exists_check'])) exists_check = package_array['exists_check'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (reference && release) {\n if (exists_check) {\n if (!rpm_exists(release:release, rpm:exists_check)) continue;\n if ('ltss' >< tolower(exists_check)) ltss_caveat_required = TRUE;\n }\n if (rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, rpm_spec_vers_cmp:rpm_spec_vers_cmp)) flag++;\n }\n}\n\nif (flag)\n{\n var ltss_plugin_caveat = NULL;\n if(ltss_caveat_required) ltss_plugin_caveat = '\\n' +\n 'NOTE: This vulnerability check contains fixes that apply to\\n' +\n 'packages only available in SUSE Enterprise Linux Server LTSS\\n' +\n 'repositories. Access to these package security updates require\\n' +\n 'a paid SUSE LTSS subscription.\\n';\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get() + ltss_plugin_caveat\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'cluster-md-kmp-default / dlm-kmp-default / gfs2-kmp-default / etc');\n}\n", "cvss": {"score": 6.9, "vector": "AV:L/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2022-08-10T16:33:04", "description": "The remote SUSE Linux SLES12 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2022:0756-1 advisory.\n\n - An issue was discovered in fs/gfs2/rgrp.c in the Linux kernel before 4.8. A use-after-free is caused by the functions gfs2_clear_rgrpd and read_rindex_entry. (CVE-2016-10905)\n\n - In unix_scm_to_skb of af_unix.c, there is a possible use after free bug due to a race condition. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-196926917References:\n Upstream kernel (CVE-2021-0920)\n\n - Amazon Linux has been made aware of a potential Branch Target Injection (BTI) issue (sometimes referred to as Spectre variant 2). This is a known cross-domain transient execution attack where a third party may seek to cause a disclosure gadget to be speculatively executed after an indirect branch prediction.\n Generally, actors who attempt transient execution attacks do not have access to the data on the hosts they attempt to access (e.g. where privilege-level isolation is in place). For such attacks to succeed, actors need to be able to run code on the (virtual) machine hosting the data in which they are interested.\n (CVE-2022-0001, CVE-2022-0002)\n\n - A vulnerability was found in the Linux kernel's cgroup_release_agent_write in the kernel/cgroup/cgroup-v1.c function. This flaw, under certain circumstances, allows the use of the cgroups v1 release_agent feature to escalate privileges and bypass the namespace isolation unexpectedly.\n (CVE-2022-0492)\n\n - A flaw null pointer dereference in the Linux kernel UDF file system functionality was found in the way user triggers udf_file_write_iter function for the malicious UDF image. A local user could use this flaw to crash the system. Actual from Linux kernel 4.2-rc1 till 5.17-rc2. (CVE-2022-0617)\n\n - An issue was discovered in fs/nfs/dir.c in the Linux kernel before 5.16.5. If an application sets the O_DIRECTORY flag, and tries to open a regular file, nfs_atomic_open() performs a regular lookup. If a regular file is found, ENOTDIR should occur, but the server instead returns uninitialized data in the file descriptor. (CVE-2022-24448)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {"score": 7.8, "vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"}, "published": "2022-03-09T00:00:00", "type": "nessus", "title": "SUSE SLES12 Security Update : kernel (SUSE-SU-2022:0756-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-10905", "CVE-2021-0920", "CVE-2022-0001", "CVE-2022-0002", "CVE-2022-0492", "CVE-2022-0617", "CVE-2022-24448"], "modified": "2022-05-25T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:kernel-default", "p-cpe:/a:novell:suse_linux:kernel-default-base", "p-cpe:/a:novell:suse_linux:kernel-default-devel", "p-cpe:/a:novell:suse_linux:kernel-devel", "p-cpe:/a:novell:suse_linux:kernel-macros", "p-cpe:/a:novell:suse_linux:kernel-source", "p-cpe:/a:novell:suse_linux:kernel-syms", "cpe:/o:novell:suse_linux:12"], "id": "SUSE_SU-2022-0756-1.NASL", "href": "https://www.tenable.com/plugins/nessus/158756", "sourceData": "#%NASL_MIN_LEVEL 70300\n##\n# (C) Tenable Network Security, Inc.\n#\n# The package checks in this plugin were extracted from\n# SUSE update advisory SUSE-SU-2022:0756-1. The text itself\n# is copyright (C) SUSE.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(158756);\n script_version(\"1.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/05/25\");\n\n script_cve_id(\n \"CVE-2016-10905\",\n \"CVE-2021-0920\",\n \"CVE-2022-0001\",\n \"CVE-2022-0002\",\n \"CVE-2022-0492\",\n \"CVE-2022-0617\",\n \"CVE-2022-24448\"\n );\n script_xref(name:\"SuSE\", value:\"SUSE-SU-2022:0756-1\");\n script_xref(name:\"CISA-KNOWN-EXPLOITED\", value:\"2022/06/13\");\n\n script_name(english:\"SUSE SLES12 Security Update : kernel (SUSE-SU-2022:0756-1)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote SUSE host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote SUSE Linux SLES12 host has packages installed that are affected by multiple vulnerabilities as referenced in\nthe SUSE-SU-2022:0756-1 advisory.\n\n - An issue was discovered in fs/gfs2/rgrp.c in the Linux kernel before 4.8. A use-after-free is caused by\n the functions gfs2_clear_rgrpd and read_rindex_entry. (CVE-2016-10905)\n\n - In unix_scm_to_skb of af_unix.c, there is a possible use after free bug due to a race condition. This\n could lead to local escalation of privilege with System execution privileges needed. User interaction is\n not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-196926917References:\n Upstream kernel (CVE-2021-0920)\n\n - Amazon Linux has been made aware of a potential Branch Target Injection (BTI) issue (sometimes referred to\n as Spectre variant 2). This is a known cross-domain transient execution attack where a third party may\n seek to cause a disclosure gadget to be speculatively executed after an indirect branch prediction.\n Generally, actors who attempt transient execution attacks do not have access to the data on the hosts they\n attempt to access (e.g. where privilege-level isolation is in place). For such attacks to succeed, actors\n need to be able to run code on the (virtual) machine hosting the data in which they are interested.\n (CVE-2022-0001, CVE-2022-0002)\n\n - A vulnerability was found in the Linux kernel's cgroup_release_agent_write in the\n kernel/cgroup/cgroup-v1.c function. This flaw, under certain circumstances, allows the use of the cgroups\n v1 release_agent feature to escalate privileges and bypass the namespace isolation unexpectedly.\n (CVE-2022-0492)\n\n - A flaw null pointer dereference in the Linux kernel UDF file system functionality was found in the way\n user triggers udf_file_write_iter function for the malicious UDF image. A local user could use this flaw\n to crash the system. Actual from Linux kernel 4.2-rc1 till 5.17-rc2. (CVE-2022-0617)\n\n - An issue was discovered in fs/nfs/dir.c in the Linux kernel before 5.16.5. If an application sets the\n O_DIRECTORY flag, and tries to open a regular file, nfs_atomic_open() performs a regular lookup. If a\n regular file is found, ENOTDIR should occur, but the server instead returns uninitialized data in the file\n descriptor. (CVE-2022-24448)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1146312\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1190717\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1191580\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1193731\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1194463\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1195543\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1195612\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1195908\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1195939\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1196079\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1196612\");\n # https://lists.suse.com/pipermail/sle-security-updates/2022-March/010401.html\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?906e37e7\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2016-10905\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-0920\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-0001\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-0002\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-0492\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-0617\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-24448\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2021-0920\");\n script_set_attribute(attribute:\"cvss3_score_source\", value:\"CVE-2022-0492\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/08/19\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2022/03/08\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/03/09\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-base\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-macros\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-source\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-syms\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:12\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"SuSE Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"linux_alt_patch_detect.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude('audit.inc');\ninclude('global_settings.inc');\ninclude('misc_func.inc');\ninclude('rpm.inc');\ninclude('ksplice.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar release = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nvar os_ver = pregmatch(pattern: \"^(SLE(S|D)\\d+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'SUSE');\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLES12)$\", string:os_ver)) audit(AUDIT_OS_NOT, 'SUSE SLES12', 'SUSE ' + os_ver);\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'SUSE ' + os_ver, cpu);\n\nvar sp = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(sp)) sp = \"0\";\nif (os_ver == \"SLES12\" && (! preg(pattern:\"^(2)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLES12 SP2\", os_ver + \" SP\" + sp);\n\nvar pkgs = [\n {'reference':'kernel-default-4.4.121-92.169.1', 'sp':'2', 'cpu':'x86_64', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'sles-release-12.2'},\n {'reference':'kernel-default-base-4.4.121-92.169.1', 'sp':'2', 'cpu':'x86_64', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'sles-release-12.2'},\n {'reference':'kernel-default-devel-4.4.121-92.169.1', 'sp':'2', 'cpu':'x86_64', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'sles-release-12.2'},\n {'reference':'kernel-devel-4.4.121-92.169.1', 'sp':'2', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'sles-release-12.2'},\n {'reference':'kernel-macros-4.4.121-92.169.1', 'sp':'2', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'sles-release-12.2'},\n {'reference':'kernel-source-4.4.121-92.169.1', 'sp':'2', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'sles-release-12.2'},\n {'reference':'kernel-syms-4.4.121-92.169.1', 'sp':'2', 'cpu':'x86_64', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'sles-release-12.2'}\n];\n\nvar ltss_caveat_required = FALSE;\nvar flag = 0;\nforeach package_array ( pkgs ) {\n var reference = NULL;\n var release = NULL;\n var sp = NULL;\n var cpu = NULL;\n var exists_check = NULL;\n var rpm_spec_vers_cmp = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) release = package_array['release'];\n if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) cpu = package_array['cpu'];\n if (!empty_or_null(package_array['exists_check'])) exists_check = package_array['exists_check'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (reference && release) {\n if (exists_check) {\n if (!rpm_exists(release:release, rpm:exists_check)) continue;\n if ('ltss' >< tolower(exists_check)) ltss_caveat_required = TRUE;\n }\n if (rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, rpm_spec_vers_cmp:rpm_spec_vers_cmp)) flag++;\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'kernel-default / kernel-default-base / kernel-default-devel / etc');\n}\n", "cvss": {"score": 6.9, "vector": "AV:L/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2022-08-12T18:19:44", "description": "The remote Rocky Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2022:819 advisory.\n\n - A flaw was found in the way the flags member of the new pipe buffer structure was lacking proper initialization in copy_page_to_iter_pipe and push_pipe functions in the Linux kernel and could thus contain stale values. An unprivileged local user could use this flaw to write to pages in the page cache backed by read only files and as such escalate their privileges on the system. (CVE-2022-0847)\n\n - A random memory access flaw was found in the Linux kernel's GPU i915 kernel driver functionality in the way a user may run malicious code on the GPU. This flaw allows a local user to crash the system or escalate their privileges on the system. (CVE-2022-0330)\n\n - A stack overflow flaw was found in the Linux kernel's TIPC protocol functionality in the way a user sends a packet with malicious content where the number of domain member nodes is higher than the 64 allowed.\n This flaw allows a remote user to crash the system or possibly escalate their privileges if they have access to the TIPC network. (CVE-2022-0435)\n\n - A vulnerability was found in the Linux kernel's cgroup_release_agent_write in the kernel/cgroup/cgroup-v1.c function. This flaw, under certain circumstances, allows the use of the cgroups v1 release_agent feature to escalate privileges and bypass the namespace isolation unexpectedly.\n (CVE-2022-0492)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {"score": 8.8, "vector": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"}, "published": "2022-03-11T00:00:00", "type": "nessus", "title": "Rocky Linux 8 : kernel-rt (RLSA-2022:819)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2022-0330", "CVE-2022-0435", "CVE-2022-0492", "CVE-2022-0847"], "modified": "2022-08-12T00:00:00", "cpe": ["p-cpe:2.3:a:rocky:linux:bpftool-debuginfo:*:*:*:*:*:*:*", "p-cpe:2.3:a:rocky:linux:kernel-debug-debuginfo:*:*:*:*:*:*:*", "p-cpe:2.3:a:rocky:linux:kernel-rt-core:*:*:*:*:*:*:*", "p-cpe:2.3:a:rocky:linux:kernel-debuginfo-common-aarch64:*:*:*:*:*:*:*", "p-cpe:2.3:a:rocky:linux:kernel-debug:*:*:*:*:*:*:*", "p-cpe:2.3:a:rocky:linux:kernel-rt:*:*:*:*:*:*:*", "p-cpe:2.3:a:rocky:linux:kernel-rt-modules-extra:*:*:*:*:*:*:*", "p-cpe:2.3:a:rocky:linux:kernel-tools-libs-devel:*:*:*:*:*:*:*", "p-cpe:2.3:a:rocky:linux:perf-debuginfo:*:*:*:*:*:*:*", "p-cpe:2.3:a:rocky:linux:kernel:*:*:*:*:*:*:*", "p-cpe:2.3:a:rocky:linux:kernel-debug-core:*:*:*:*:*:*:*", "p-cpe:2.3:a:rocky:linux:kernel-rt-debug-devel:*:*:*:*:*:*:*", "p-cpe:2.3:a:rocky:linux:kernel-rt-debuginfo:*:*:*:*:*:*:*", "p-cpe:2.3:a:rocky:linux:kernel-modules:*:*:*:*:*:*:*", "p-cpe:2.3:a:rocky:linux:kernel-debug-modules:*:*:*:*:*:*:*", "p-cpe:2.3:a:rocky:linux:kernel-tools-debuginfo:*:*:*:*:*:*:*", "p-cpe:2.3:a:rocky:linux:kernel-modules-extra:*:*:*:*:*:*:*", "p-cpe:2.3:a:rocky:linux:kernel-rt-devel:*:*:*:*:*:*:*", "p-cpe:2.3:a:rocky:linux:kernel-tools:*:*:*:*:*:*:*", "p-cpe:2.3:a:rocky:linux:kernel-rt-debug-modules:*:*:*:*:*:*:*", "p-cpe:2.3:a:rocky:linux:kernel-debug-modules-extra:*:*:*:*:*:*:*", "p-cpe:2.3:a:rocky:linux:kernel-debug-devel:*:*:*:*:*:*:*", "p-cpe:2.3:a:rocky:linux:kernel-abi-stablelists:*:*:*:*:*:*:*", "p-cpe:2.3:a:rocky:linux:kernel-debuginfo:*:*:*:*:*:*:*", "p-cpe:2.3:a:rocky:linux:kernel-rt-debug-debuginfo:*:*:*:*:*:*:*", "p-cpe:2.3:a:rocky:linux:bpftool:*:*:*:*:*:*:*", "p-cpe:2.3:a:rocky:linux:kernel-rt-debug-modules-extra:*:*:*:*:*:*:*", "p-cpe:2.3:a:rocky:linux:kernel-rt-debug-core:*:*:*:*:*:*:*", "p-cpe:2.3:a:rocky:linux:kernel-rt-modules:*:*:*:*:*:*:*", "p-cpe:2.3:a:rocky:linux:kernel-rt-kvm:*:*:*:*:*:*:*", "p-cpe:2.3:a:rocky:linux:kernel-core:*:*:*:*:*:*:*", "p-cpe:2.3:a:rocky:linux:kernel-tools-libs:*:*:*:*:*:*:*", "p-cpe:2.3:a:rocky:linux:kernel-debuginfo-common-x86_64:*:*:*:*:*:*:*", "p-cpe:2.3:a:rocky:linux:kernel-devel:*:*:*:*:*:*:*", "p-cpe:2.3:a:rocky:linux:python3-perf:*:*:*:*:*:*:*", "p-cpe:2.3:a:rocky:linux:python3-perf-debuginfo:*:*:*:*:*:*:*", "p-cpe:2.3:a:rocky:linux:perf:*:*:*:*:*:*:*", "p-cpe:2.3:a:rocky:linux:kernel-rt-debuginfo-common-x86_64:*:*:*:*:*:*:*", "p-cpe:2.3:a:rocky:linux:kernel-headers:*:*:*:*:*:*:*", "p-cpe:2.3:a:rocky:linux:kernel-rt-debug:*:*:*:*:*:*:*", "p-cpe:2.3:a:rocky:linux:kernel-cross-headers:*:*:*:*:*:*:*", "cpe:2.3:o:rocky:linux:8:*:*:*:*:*:*:*"], "id": "ROCKY_LINUX_RLSA-2022-819.NASL", "href": "https://www.tenable.com/plugins/nessus/158842", "sourceData": "#%NASL_MIN_LEVEL 70300\n##\n# (C) Tenable Network Security, Inc.\n#\n# The package checks in this plugin were extracted from\n# Rocky Linux Security Advisory RLSA-2022:819.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(158842);\n script_version(\"1.7\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/08/12\");\n\n script_cve_id(\n \"CVE-2022-0330\",\n \"CVE-2022-0435\",\n \"CVE-2022-0492\",\n \"CVE-2022-0847\"\n );\n script_xref(name:\"RLSA\", value:\"2022:819\");\n script_xref(name:\"CISA-KNOWN-EXPLOITED\", value:\"2022/05/16\");\n\n script_name(english:\"Rocky Linux 8 : kernel-rt (RLSA-2022:819)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Rocky Linux host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Rocky Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the\nRLSA-2022:819 advisory.\n\n - A flaw was found in the way the flags member of the new pipe buffer structure was lacking proper\n initialization in copy_page_to_iter_pipe and push_pipe functions in the Linux kernel and could thus\n contain stale values. An unprivileged local user could use this flaw to write to pages in the page cache\n backed by read only files and as such escalate their privileges on the system. (CVE-2022-0847)\n\n - A random memory access flaw was found in the Linux kernel's GPU i915 kernel driver functionality in the\n way a user may run malicious code on the GPU. This flaw allows a local user to crash the system or\n escalate their privileges on the system. (CVE-2022-0330)\n\n - A stack overflow flaw was found in the Linux kernel's TIPC protocol functionality in the way a user sends\n a packet with malicious content where the number of domain member nodes is higher than the 64 allowed.\n This flaw allows a remote user to crash the system or possibly escalate their privileges if they have\n access to the TIPC network. (CVE-2022-0435)\n\n - A vulnerability was found in the Linux kernel's cgroup_release_agent_write in the\n kernel/cgroup/cgroup-v1.c function. This flaw, under certain circumstances, allows the use of the cgroups\n v1 release_agent feature to escalate privileges and bypass the namespace isolation unexpectedly.\n (CVE-2022-0492)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://errata.rockylinux.org/RLSA-2022:819\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/show_bug.cgi?id=2031930\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/show_bug.cgi?id=2034514\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/show_bug.cgi?id=2042404\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/show_bug.cgi?id=2044809\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/show_bug.cgi?id=2048738\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/show_bug.cgi?id=2051505\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/show_bug.cgi?id=2060795\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:S/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2022-0435\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'Dirty Pipe Local Privilege Escalation via CVE-2022-0847');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_canvas\", value:\"true\");\n script_set_attribute(attribute:\"canvas_package\", value:\"CANVAS\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2022/02/23\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2022/03/11\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/03/11\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:2.3:a:rocky:linux:bpftool-debuginfo:*:*:*:*:*:*:*\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:2.3:a:rocky:linux:kernel-debug-debuginfo:*:*:*:*:*:*:*\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:2.3:a:rocky:linux:kernel-rt-core:*:*:*:*:*:*:*\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:2.3:a:rocky:linux:kernel-debuginfo-common-aarch64:*:*:*:*:*:*:*\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:2.3:a:rocky:linux:kernel-debug:*:*:*:*:*:*:*\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:2.3:a:rocky:linux:kernel-rt:*:*:*:*:*:*:*\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:2.3:a:rocky:linux:kernel-rt-modules-extra:*:*:*:*:*:*:*\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:2.3:a:rocky:linux:kernel-tools-libs-devel:*:*:*:*:*:*:*\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:2.3:a:rocky:linux:perf-debuginfo:*:*:*:*:*:*:*\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:2.3:a:rocky:linux:kernel:*:*:*:*:*:*:*\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:2.3:a:rocky:linux:kernel-debug-core:*:*:*:*:*:*:*\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:2.3:a:rocky:linux:kernel-rt-debug-devel:*:*:*:*:*:*:*\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:2.3:a:rocky:linux:kernel-rt-debuginfo:*:*:*:*:*:*:*\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:2.3:a:rocky:linux:kernel-modules:*:*:*:*:*:*:*\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:2.3:a:rocky:linux:kernel-debug-modules:*:*:*:*:*:*:*\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:2.3:a:rocky:linux:kernel-tools-debuginfo:*:*:*:*:*:*:*\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:2.3:a:rocky:linux:kernel-modules-extra:*:*:*:*:*:*:*\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:2.3:a:rocky:linux:kernel-rt-devel:*:*:*:*:*:*:*\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:2.3:a:rocky:linux:kernel-tools:*:*:*:*:*:*:*\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:2.3:a:rocky:linux:kernel-rt-debug-modules:*:*:*:*:*:*:*\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:2.3:a:rocky:linux:kernel-debug-modules-extra:*:*:*:*:*:*:*\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:2.3:a:rocky:linux:kernel-debug-devel:*:*:*:*:*:*:*\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:2.3:a:rocky:linux:kernel-abi-stablelists:*:*:*:*:*:*:*\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:2.3:a:rocky:linux:kernel-debuginfo:*:*:*:*:*:*:*\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:2.3:a:rocky:linux:kernel-rt-debug-debuginfo:*:*:*:*:*:*:*\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:2.3:a:rocky:linux:bpftool:*:*:*:*:*:*:*\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:2.3:a:rocky:linux:kernel-rt-debug-modules-extra:*:*:*:*:*:*:*\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:2.3:a:rocky:linux:kernel-rt-debug-core:*:*:*:*:*:*:*\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:2.3:a:rocky:linux:kernel-rt-modules:*:*:*:*:*:*:*\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:2.3:a:rocky:linux:kernel-rt-kvm:*:*:*:*:*:*:*\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:2.3:a:rocky:linux:kernel-core:*:*:*:*:*:*:*\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:2.3:a:rocky:linux:kernel-tools-libs:*:*:*:*:*:*:*\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:2.3:a:rocky:linux:kernel-debuginfo-common-x86_64:*:*:*:*:*:*:*\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:2.3:a:rocky:linux:kernel-devel:*:*:*:*:*:*:*\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:2.3:a:rocky:linux:python3-perf:*:*:*:*:*:*:*\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:2.3:a:rocky:linux:python3-perf-debuginfo:*:*:*:*:*:*:*\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:2.3:a:rocky:linux:perf:*:*:*:*:*:*:*\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:2.3:a:rocky:linux:kernel-rt-debuginfo-common-x86_64:*:*:*:*:*:*:*\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:2.3:a:rocky:linux:kernel-headers:*:*:*:*:*:*:*\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:2.3:a:rocky:linux:kernel-rt-debug:*:*:*:*:*:*:*\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:2.3:a:rocky:linux:kernel-cross-headers:*:*:*:*:*:*:*\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:2.3:o:rocky:linux:8:*:*:*:*:*:*:*\");\n script_set_attribute(attribute:\"thorough_tests\", value:\"false\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Rocky Linux Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"linux_alt_patch_detect.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RockyLinux/release\", \"Host/RockyLinux/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude('audit.inc');\ninclude('global_settings.inc');\ninclude('misc_func.inc');\ninclude('rpm.inc');\ninclude('ksplice.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar release = get_kb_item('Host/RockyLinux/release');\nif (isnull(release) || 'Rocky Linux' >!< release) audit(AUDIT_OS_NOT, 'Rocky Linux');\nvar os_ver = pregmatch(pattern: \"Rocky(?: Linux)? release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'Rocky Linux');\nvar os_ver = os_ver[1];\nif (! preg(pattern:\"^8([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, 'Rocky Linux 8.x', 'Rocky Linux ' + os_ver);\n\nif (!get_kb_item('Host/RockyLinux/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Rocky Linux', cpu);\n\nif (get_one_kb_item('Host/ksplice/kernel-cves'))\n{\n rm_kb_item(name:'Host/uptrack-uname-r');\n var cve_list = make_list('CVE-2022-0330', 'CVE-2022-0435', 'CVE-2022-0492', 'CVE-2022-0847');\n if (ksplice_cves_check(cve_list))\n {\n audit(AUDIT_PATCH_INSTALLED, 'KSplice hotfix for RLSA-2022:819');\n }\n else\n {\n __rpm_report = ksplice_reporting_text();\n }\n}\n\nvar pkgs = [\n {'reference':'bpftool-4.18.0-348.20.1.el8_5', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'bpftool-4.18.0-348.20.1.el8_5', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'bpftool-debuginfo-4.18.0-348.20.1.el8_5', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'bpftool-debuginfo-4.18.0-348.20.1.el8_5', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-4.18.0-348.20.1.el8_5', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-4.18.0-348.20.1.el8_5', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-abi-stablelists-4.18.0-348.20.1.el8_5', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-core-4.18.0-348.20.1.el8_5', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-core-4.18.0-348.20.1.el8_5', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-cross-headers-4.18.0-348.20.1.el8_5', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-cross-headers-4.18.0-348.20.1.el8_5', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-debug-4.18.0-348.20.1.el8_5', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-debug-4.18.0-348.20.1.el8_5', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-debug-core-4.18.0-348.20.1.el8_5', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-debug-core-4.18.0-348.20.1.el8_5', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-debug-debuginfo-4.18.0-348.20.1.el8_5', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-debug-debuginfo-4.18.0-348.20.1.el8_5', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-debug-devel-4.18.0-348.20.1.el8_5', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-debug-devel-4.18.0-348.20.1.el8_5', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-debug-modules-4.18.0-348.20.1.el8_5', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-debug-modules-4.18.0-348.20.1.el8_5', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-debug-modules-extra-4.18.0-348.20.1.el8_5', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-debug-modules-extra-4.18.0-348.20.1.el8_5', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-debuginfo-4.18.0-348.20.1.el8_5', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-debuginfo-4.18.0-348.20.1.el8_5', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-debuginfo-common-aarch64-4.18.0-348.20.1.el8_5', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-debuginfo-common-x86_64-4.18.0-348.20.1.el8_5', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-devel-4.18.0-348.20.1.el8_5', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-devel-4.18.0-348.20.1.el8_5', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-headers-4.18.0-348.20.1.el8_5', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-headers-4.18.0-348.20.1.el8_5', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-modules-4.18.0-348.20.1.el8_5', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-modules-4.18.0-348.20.1.el8_5', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-modules-extra-4.18.0-348.20.1.el8_5', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-modules-extra-4.18.0-348.20.1.el8_5', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-rt-4.18.0-348.20.1.rt7.150.el8_5', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-rt-core-4.18.0-348.20.1.rt7.150.el8_5', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-rt-debug-4.18.0-348.20.1.rt7.150.el8_5', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-rt-debug-core-4.18.0-348.20.1.rt7.150.el8_5', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-rt-debug-debuginfo-4.18.0-348.20.1.rt7.150.el8_5', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-rt-debug-devel-4.18.0-348.20.1.rt7.150.el8_5', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-rt-debug-modules-4.18.0-348.20.1.rt7.150.el8_5', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-rt-debug-modules-extra-4.18.0-348.20.1.rt7.150.el8_5', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-rt-debuginfo-4.18.0-348.20.1.rt7.150.el8_5', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-rt-debuginfo-common-x86_64-4.18.0-348.20.1.rt7.150.el8_5', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-rt-devel-4.18.0-348.20.1.rt7.150.el8_5', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-rt-kvm-4.18.0-348.20.1.rt7.150.el8_5', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-rt-modules-4.18.0-348.20.1.rt7.150.el8_5', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-rt-modules-extra-4.18.0-348.20.1.rt7.150.el8_5', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-tools-4.18.0-348.20.1.el8_5', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-tools-4.18.0-348.20.1.el8_5', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-tools-debuginfo-4.18.0-348.20.1.el8_5', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-tools-debuginfo-4.18.0-348.20.1.el8_5', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-tools-libs-4.18.0-348.20.1.el8_5', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-tools-libs-4.18.0-348.20.1.el8_5', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-tools-libs-devel-4.18.0-348.20.1.el8_5', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-tools-libs-devel-4.18.0-348.20.1.el8_5', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'perf-4.18.0-348.20.1.el8_5', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'perf-4.18.0-348.20.1.el8_5', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'perf-debuginfo-4.18.0-348.20.1.el8_5', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'perf-debuginfo-4.18.0-348.20.1.el8_5', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'python3-perf-4.18.0-348.20.1.el8_5', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'python3-perf-4.18.0-348.20.1.el8_5', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'python3-perf-debuginfo-4.18.0-348.20.1.el8_5', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'python3-perf-debuginfo-4.18.0-348.20.1.el8_5', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE}\n];\n\nvar flag = 0;\nforeach var package_array ( pkgs ) {\n var reference = NULL;\n var release = NULL;\n var sp = NULL;\n var cpu = NULL;\n var el_string = NULL;\n var rpm_spec_vers_cmp = NULL;\n var epoch = NULL;\n var allowmaj = NULL;\n var exists_check = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) release = 'Rocky-' + package_array['release'];\n if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) cpu = package_array['cpu'];\n if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (!empty_or_null(package_array['epoch'])) epoch = package_array['epoch'];\n if (!empty_or_null(package_array['allowmaj'])) allowmaj = package_array['allowmaj'];\n if (!empty_or_null(package_array['exists_check'])) exists_check = package_array['exists_check'];\n if (reference && release && (!exists_check || rpm_exists(release:release, rpm:exists_check))) {\n if (rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'bpftool / bpftool-debuginfo / kernel / kernel-abi-stablelists / etc');\n}\n", "cvss": {"score": 9, "vector": "AV:N/AC:L/Au:S/C:C/I:C/A:C"}}, {"lastseen": "2022-08-12T18:20:08", "description": "The remote Rocky Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2022:825 advisory.\n\n - A flaw was found in the way the flags member of the new pipe buffer structure was lacking proper initialization in copy_page_to_iter_pipe and push_pipe functions in the Linux kernel and could thus contain stale values. An unprivileged local user could use this flaw to write to pages in the page cache backed by read only files and as such escalate their privileges on the system. (CVE-2022-0847)\n\n - A random memory access flaw was found in the Linux kernel's GPU i915 kernel driver functionality in the way a user may run malicious code on the GPU. This flaw allows a local user to crash the system or escalate their privileges on the system. (CVE-2022-0330)\n\n - A stack overflow flaw was found in the Linux kernel's TIPC protocol functionality in the way a user sends a packet with malicious content where the number of domain member nodes is higher than the 64 allowed.\n This flaw allows a remote user to crash the system or possibly escalate their privileges if they have access to the TIPC network. (CVE-2022-0435)\n\n - A vulnerability was found in the Linux kernel's cgroup_release_agent_write in the kernel/cgroup/cgroup-v1.c function. This flaw, under certain circumstances, allows the use of the cgroups v1 release_agent feature to escalate privileges and bypass the namespace isolation unexpectedly.\n (CVE-2022-0492)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {"score": 8.8, "vector": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"}, "published": "2022-03-12T00:00:00", "type": "nessus", "title": "Rocky Linux 8 : kernel (RLSA-2022:825)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2022-0330", "CVE-2022-0435", "CVE-2022-0492", "CVE-2022-0847"], "modified": "2022-08-12T00:00:00", "cpe": ["p-cpe:2.3:a:rocky:linux:bpftool-debuginfo:*:*:*:*:*:*:*", "p-cpe:2.3:a:rocky:linux:kernel-debug-debuginfo:*:*:*:*:*:*:*", "p-cpe:2.3:a:rocky:linux:kernel-rt-core:*:*:*:*:*:*:*", "p-cpe:2.3:a:rocky:linux:kernel-debuginfo-common-aarch64:*:*:*:*:*:*:*", "p-cpe:2.3:a:rocky:linux:kernel-debug:*:*:*:*:*:*:*", "p-cpe:2.3:a:rocky:linux:kernel-rt:*:*:*:*:*:*:*", "p-cpe:2.3:a:rocky:linux:kernel-rt-modules-extra:*:*:*:*:*:*:*", "p-cpe:2.3:a:rocky:linux:kernel-tools-libs-devel:*:*:*:*:*:*:*", "p-cpe:2.3:a:rocky:linux:perf-debuginfo:*:*:*:*:*:*:*", "p-cpe:2.3:a:rocky:linux:kernel:*:*:*:*:*:*:*", "p-cpe:2.3:a:rocky:linux:kernel-debug-core:*:*:*:*:*:*:*", "p-cpe:2.3:a:rocky:linux:kernel-rt-debug-devel:*:*:*:*:*:*:*", "p-cpe:2.3:a:rocky:linux:kernel-rt-debuginfo:*:*:*:*:*:*:*", "p-cpe:2.3:a:rocky:linux:kernel-modules:*:*:*:*:*:*:*", "p-cpe:2.3:a:rocky:linux:kernel-debug-modules:*:*:*:*:*:*:*", "p-cpe:2.3:a:rocky:linux:kernel-tools-debuginfo:*:*:*:*:*:*:*", "p-cpe:2.3:a:rocky:linux:kernel-modules-extra:*:*:*:*:*:*:*", "p-cpe:2.3:a:rocky:linux:kernel-rt-devel:*:*:*:*:*:*:*", "p-cpe:2.3:a:rocky:linux:kernel-tools:*:*:*:*:*:*:*", "p-cpe:2.3:a:rocky:linux:kernel-rt-debug-modules:*:*:*:*:*:*:*", "p-cpe:2.3:a:rocky:linux:kernel-debug-modules-extra:*:*:*:*:*:*:*", "p-cpe:2.3:a:rocky:linux:kernel-debug-devel:*:*:*:*:*:*:*", "p-cpe:2.3:a:rocky:linux:kernel-abi-stablelists:*:*:*:*:*:*:*", "p-cpe:2.3:a:rocky:linux:kernel-debuginfo:*:*:*:*:*:*:*", "p-cpe:2.3:a:rocky:linux:kernel-rt-debug-debuginfo:*:*:*:*:*:*:*", "p-cpe:2.3:a:rocky:linux:bpftool:*:*:*:*:*:*:*", "p-cpe:2.3:a:rocky:linux:kernel-rt-debug-modules-extra:*:*:*:*:*:*:*", "p-cpe:2.3:a:rocky:linux:kernel-rt-debug-core:*:*:*:*:*:*:*", "p-cpe:2.3:a:rocky:linux:kernel-rt-modules:*:*:*:*:*:*:*", "p-cpe:2.3:a:rocky:linux:kernel-rt-kvm:*:*:*:*:*:*:*", "p-cpe:2.3:a:rocky:linux:kernel-core:*:*:*:*:*:*:*", "p-cpe:2.3:a:rocky:linux:kernel-tools-libs:*:*:*:*:*:*:*", "p-cpe:2.3:a:rocky:linux:kernel-debuginfo-common-x86_64:*:*:*:*:*:*:*", "p-cpe:2.3:a:rocky:linux:kernel-devel:*:*:*:*:*:*:*", "p-cpe:2.3:a:rocky:linux:python3-perf:*:*:*:*:*:*:*", "p-cpe:2.3:a:rocky:linux:python3-perf-debuginfo:*:*:*:*:*:*:*", "p-cpe:2.3:a:rocky:linux:perf:*:*:*:*:*:*:*", "p-cpe:2.3:a:rocky:linux:kernel-rt-debuginfo-common-x86_64:*:*:*:*:*:*:*", "p-cpe:2.3:a:rocky:linux:kernel-headers:*:*:*:*:*:*:*", "p-cpe:2.3:a:rocky:linux:kernel-rt-debug:*:*:*:*:*:*:*", "p-cpe:2.3:a:rocky:linux:kernel-cross-headers:*:*:*:*:*:*:*", "cpe:2.3:o:rocky:linux:8:*:*:*:*:*:*:*"], "id": "ROCKY_LINUX_RLSA-2022-825.NASL", "href": "https://www.tenable.com/plugins/nessus/158877", "sourceData": "#%NASL_MIN_LEVEL 70300\n##\n# (C) Tenable Network Security, Inc.\n#\n# The package checks in this plugin were extracted from\n# Rocky Linux Security Advisory RLSA-2022:825.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(158877);\n script_version(\"1.7\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/08/12\");\n\n script_cve_id(\n \"CVE-2022-0330\",\n \"CVE-2022-0435\",\n \"CVE-2022-0492\",\n \"CVE-2022-0847\"\n );\n script_xref(name:\"RLSA\", value:\"2022:825\");\n script_xref(name:\"CISA-KNOWN-EXPLOITED\", value:\"2022/05/16\");\n\n script_name(english:\"Rocky Linux 8 : kernel (RLSA-2022:825)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Rocky Linux host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Rocky Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the\nRLSA-2022:825 advisory.\n\n - A flaw was found in the way the flags member of the new pipe buffer structure was lacking proper\n initialization in copy_page_to_iter_pipe and push_pipe functions in the Linux kernel and could thus\n contain stale values. An unprivileged local user could use this flaw to write to pages in the page cache\n backed by read only files and as such escalate their privileges on the system. (CVE-2022-0847)\n\n - A random memory access flaw was found in the Linux kernel's GPU i915 kernel driver functionality in the\n way a user may run malicious code on the GPU. This flaw allows a local user to crash the system or\n escalate their privileges on the system. (CVE-2022-0330)\n\n - A stack overflow flaw was found in the Linux kernel's TIPC protocol functionality in the way a user sends\n a packet with malicious content where the number of domain member nodes is higher than the 64 allowed.\n This flaw allows a remote user to crash the system or possibly escalate their privileges if they have\n access to the TIPC network. (CVE-2022-0435)\n\n - A vulnerability was found in the Linux kernel's cgroup_release_agent_write in the\n kernel/cgroup/cgroup-v1.c function. This flaw, under certain circumstances, allows the use of the cgroups\n v1 release_agent feature to escalate privileges and bypass the namespace isolation unexpectedly.\n (CVE-2022-0492)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://errata.rockylinux.org/RLSA-2022:825\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/show_bug.cgi?id=2031930\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/show_bug.cgi?id=2034514\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/show_bug.cgi?id=2042404\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/show_bug.cgi?id=2044809\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/show_bug.cgi?id=2048738\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/show_bug.cgi?id=2050237\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/show_bug.cgi?id=2051505\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/show_bug.cgi?id=2060795\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:S/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2022-0435\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'Dirty Pipe Local Privilege Escalation via CVE-2022-0847');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_canvas\", value:\"true\");\n script_set_attribute(attribute:\"canvas_package\", value:\"CANVAS\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2022/02/23\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2022/03/11\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/03/12\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:2.3:a:rocky:linux:bpftool-debuginfo:*:*:*:*:*:*:*\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:2.3:a:rocky:linux:kernel-debug-debuginfo:*:*:*:*:*:*:*\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:2.3:a:rocky:linux:kernel-rt-core:*:*:*:*:*:*:*\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:2.3:a:rocky:linux:kernel-debuginfo-common-aarch64:*:*:*:*:*:*:*\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:2.3:a:rocky:linux:kernel-debug:*:*:*:*:*:*:*\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:2.3:a:rocky:linux:kernel-rt:*:*:*:*:*:*:*\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:2.3:a:rocky:linux:kernel-rt-modules-extra:*:*:*:*:*:*:*\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:2.3:a:rocky:linux:kernel-tools-libs-devel:*:*:*:*:*:*:*\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:2.3:a:rocky:linux:perf-debuginfo:*:*:*:*:*:*:*\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:2.3:a:rocky:linux:kernel:*:*:*:*:*:*:*\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:2.3:a:rocky:linux:kernel-debug-core:*:*:*:*:*:*:*\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:2.3:a:rocky:linux:kernel-rt-debug-devel:*:*:*:*:*:*:*\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:2.3:a:rocky:linux:kernel-rt-debuginfo:*:*:*:*:*:*:*\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:2.3:a:rocky:linux:kernel-modules:*:*:*:*:*:*:*\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:2.3:a:rocky:linux:kernel-debug-modules:*:*:*:*:*:*:*\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:2.3:a:rocky:linux:kernel-tools-debuginfo:*:*:*:*:*:*:*\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:2.3:a:rocky:linux:kernel-modules-extra:*:*:*:*:*:*:*\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:2.3:a:rocky:linux:kernel-rt-devel:*:*:*:*:*:*:*\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:2.3:a:rocky:linux:kernel-tools:*:*:*:*:*:*:*\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:2.3:a:rocky:linux:kernel-rt-debug-modules:*:*:*:*:*:*:*\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:2.3:a:rocky:linux:kernel-debug-modules-extra:*:*:*:*:*:*:*\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:2.3:a:rocky:linux:kernel-debug-devel:*:*:*:*:*:*:*\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:2.3:a:rocky:linux:kernel-abi-stablelists:*:*:*:*:*:*:*\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:2.3:a:rocky:linux:kernel-debuginfo:*:*:*:*:*:*:*\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:2.3:a:rocky:linux:kernel-rt-debug-debuginfo:*:*:*:*:*:*:*\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:2.3:a:rocky:linux:bpftool:*:*:*:*:*:*:*\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:2.3:a:rocky:linux:kernel-rt-debug-modules-extra:*:*:*:*:*:*:*\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:2.3:a:rocky:linux:kernel-rt-debug-core:*:*:*:*:*:*:*\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:2.3:a:rocky:linux:kernel-rt-modules:*:*:*:*:*:*:*\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:2.3:a:rocky:linux:kernel-rt-kvm:*:*:*:*:*:*:*\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:2.3:a:rocky:linux:kernel-core:*:*:*:*:*:*:*\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:2.3:a:rocky:linux:kernel-tools-libs:*:*:*:*:*:*:*\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:2.3:a:rocky:linux:kernel-debuginfo-common-x86_64:*:*:*:*:*:*:*\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:2.3:a:rocky:linux:kernel-devel:*:*:*:*:*:*:*\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:2.3:a:rocky:linux:python3-perf:*:*:*:*:*:*:*\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:2.3:a:rocky:linux:python3-perf-debuginfo:*:*:*:*:*:*:*\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:2.3:a:rocky:linux:perf:*:*:*:*:*:*:*\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:2.3:a:rocky:linux:kernel-rt-debuginfo-common-x86_64:*:*:*:*:*:*:*\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:2.3:a:rocky:linux:kernel-headers:*:*:*:*:*:*:*\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:2.3:a:rocky:linux:kernel-rt-debug:*:*:*:*:*:*:*\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:2.3:a:rocky:linux:kernel-cross-headers:*:*:*:*:*:*:*\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:2.3:o:rocky:linux:8:*:*:*:*:*:*:*\");\n script_set_attribute(attribute:\"thorough_tests\", value:\"false\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Rocky Linux Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"linux_alt_patch_detect.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RockyLinux/release\", \"Host/RockyLinux/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude('audit.inc');\ninclude('global_settings.inc');\ninclude('misc_func.inc');\ninclude('rpm.inc');\ninclude('ksplice.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar release = get_kb_item('Host/RockyLinux/release');\nif (isnull(release) || 'Rocky Linux' >!< release) audit(AUDIT_OS_NOT, 'Rocky Linux');\nvar os_ver = pregmatch(pattern: \"Rocky(?: Linux)? release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'Rocky Linux');\nvar os_ver = os_ver[1];\nif (! preg(pattern:\"^8([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, 'Rocky Linux 8.x', 'Rocky Linux ' + os_ver);\n\nif (!get_kb_item('Host/RockyLinux/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Rocky Linux', cpu);\n\nif (get_one_kb_item('Host/ksplice/kernel-cves'))\n{\n rm_kb_item(name:'Host/uptrack-uname-r');\n var cve_list = make_list('CVE-2022-0330', 'CVE-2022-0435', 'CVE-2022-0492', 'CVE-2022-0847');\n if (ksplice_cves_check(cve_list))\n {\n audit(AUDIT_PATCH_INSTALLED, 'KSplice hotfix for RLSA-2022:825');\n }\n else\n {\n __rpm_report = ksplice_reporting_text();\n }\n}\n\nvar pkgs = [\n {'reference':'bpftool-4.18.0-348.20.1.el8_5', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'bpftool-4.18.0-348.20.1.el8_5', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'bpftool-debuginfo-4.18.0-348.20.1.el8_5', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'bpftool-debuginfo-4.18.0-348.20.1.el8_5', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-4.18.0-348.20.1.el8_5', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-4.18.0-348.20.1.el8_5', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-abi-stablelists-4.18.0-348.20.1.el8_5', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-core-4.18.0-348.20.1.el8_5', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-core-4.18.0-348.20.1.el8_5', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-cross-headers-4.18.0-348.20.1.el8_5', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-cross-headers-4.18.0-348.20.1.el8_5', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-debug-4.18.0-348.20.1.el8_5', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-debug-4.18.0-348.20.1.el8_5', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-debug-core-4.18.0-348.20.1.el8_5', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-debug-core-4.18.0-348.20.1.el8_5', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-debug-debuginfo-4.18.0-348.20.1.el8_5', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-debug-debuginfo-4.18.0-348.20.1.el8_5', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-debug-devel-4.18.0-348.20.1.el8_5', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-debug-devel-4.18.0-348.20.1.el8_5', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-debug-modules-4.18.0-348.20.1.el8_5', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-debug-modules-4.18.0-348.20.1.el8_5', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-debug-modules-extra-4.18.0-348.20.1.el8_5', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-debug-modules-extra-4.18.0-348.20.1.el8_5', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-debuginfo-4.18.0-348.20.1.el8_5', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-debuginfo-4.18.0-348.20.1.el8_5', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-debuginfo-common-aarch64-4.18.0-348.20.1.el8_5', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-debuginfo-common-x86_64-4.18.0-348.20.1.el8_5', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-devel-4.18.0-348.20.1.el8_5', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-devel-4.18.0-348.20.1.el8_5', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-headers-4.18.0-348.20.1.el8_5', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-headers-4.18.0-348.20.1.el8_5', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-modules-4.18.0-348.20.1.el8_5', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-modules-4.18.0-348.20.1.el8_5', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-modules-extra-4.18.0-348.20.1.el8_5', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-modules-extra-4.18.0-348.20.1.el8_5', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-rt-4.18.0-348.20.1.rt7.150.el8_5', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-rt-core-4.18.0-348.20.1.rt7.150.el8_5', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-rt-debug-4.18.0-348.20.1.rt7.150.el8_5', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-rt-debug-core-4.18.0-348.20.1.rt7.150.el8_5', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-rt-debug-debuginfo-4.18.0-348.20.1.rt7.150.el8_5', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-rt-debug-devel-4.18.0-348.20.1.rt7.150.el8_5', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-rt-debug-modules-4.18.0-348.20.1.rt7.150.el8_5', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-rt-debug-modules-extra-4.18.0-348.20.1.rt7.150.el8_5', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-rt-debuginfo-4.18.0-348.20.1.rt7.150.el8_5', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-rt-debuginfo-common-x86_64-4.18.0-348.20.1.rt7.150.el8_5', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-rt-devel-4.18.0-348.20.1.rt7.150.el8_5', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-rt-kvm-4.18.0-348.20.1.rt7.150.el8_5', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-rt-modules-4.18.0-348.20.1.rt7.150.el8_5', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-rt-modules-extra-4.18.0-348.20.1.rt7.150.el8_5', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-tools-4.18.0-348.20.1.el8_5', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-tools-4.18.0-348.20.1.el8_5', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-tools-debuginfo-4.18.0-348.20.1.el8_5', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-tools-debuginfo-4.18.0-348.20.1.el8_5', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-tools-libs-4.18.0-348.20.1.el8_5', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-tools-libs-4.18.0-348.20.1.el8_5', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-tools-libs-devel-4.18.0-348.20.1.el8_5', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-tools-libs-devel-4.18.0-348.20.1.el8_5', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'perf-4.18.0-348.20.1.el8_5', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'perf-4.18.0-348.20.1.el8_5', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'perf-debuginfo-4.18.0-348.20.1.el8_5', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'perf-debuginfo-4.18.0-348.20.1.el8_5', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'python3-perf-4.18.0-348.20.1.el8_5', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'python3-perf-4.18.0-348.20.1.el8_5', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'python3-perf-debuginfo-4.18.0-348.20.1.el8_5', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'python3-perf-debuginfo-4.18.0-348.20.1.el8_5', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE}\n];\n\nvar flag = 0;\nforeach var package_array ( pkgs ) {\n var reference = NULL;\n var release = NULL;\n var sp = NULL;\n var cpu = NULL;\n var el_string = NULL;\n var rpm_spec_vers_cmp = NULL;\n var epoch = NULL;\n var allowmaj = NULL;\n var exists_check = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) release = 'Rocky-' + package_array['release'];\n if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) cpu = package_array['cpu'];\n if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (!empty_or_null(package_array['epoch'])) epoch = package_array['epoch'];\n if (!empty_or_null(package_array['allowmaj'])) allowmaj = package_array['allowmaj'];\n if (!empty_or_null(package_array['exists_check'])) exists_check = package_array['exists_check'];\n if (reference && release && (!exists_check || rpm_exists(release:release, rpm:exists_check))) {\n if (rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'bpftool / bpftool-debuginfo / kernel / kernel-abi-stablelists / etc');\n}\n", "cvss": {"score": 9, "vector": "AV:N/AC:L/Au:S/C:C/I:C/A:C"}}, {"lastseen": "2022-08-12T23:03:15", "description": "The remote SUSE Linux SLES15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2022:0763-1 advisory.\n\n - Non-transparent sharing of branch predictor selectors between contexts in some Intel(R) Processors may allow an authorized user to potentially enable information disclosure via local access. (CVE-2022-0001)\n\n - Non-transparent sharing of branch predictor within a context in some Intel(R) Processors may allow an authorized user to potentially enable information disclosure via local access. (CVE-2022-0002)\n\n - A flaw was found in the way the flags member of the new pipe buffer structure was lacking proper initialization in copy_page_to_iter_pipe and push_pipe functions in the Linux kernel and could thus contain stale values. An unprivileged local user could use this flaw to write to pages in the page cache backed by read only files and as such escalate their privileges on the system. (CVE-2022-0847)\n\n - An issue was discovered in drivers/usb/gadget/function/rndis.c in the Linux kernel before 5.16.10. The RNDIS USB gadget lacks validation of the size of the RNDIS_MSG_SET command. Attackers can obtain sensitive information from kernel memory. (CVE-2022-25375)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {"score": 7.8, "vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"}, "published": "2022-03-22T00:00:00", "type": "nessus", "title": "SUSE SLES15 Security Update : kernel (SUSE-SU-2022:0763-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2022-0001", "CVE-2022-0002", "CVE-2022-0847", "CVE-2022-25375"], "modified": "2022-08-12T00:00:00", "cpe": ["p-cpe:2.3:a:novell:suse_linux:cluster-md-kmp-rt:*:*:*:*:*:*:*", "p-cpe:2.3:a:novell:suse_linux:kernel-rt_debug-devel:*:*:*:*:*:*:*", "p-cpe:2.3:a:novell:suse_linux:kernel-syms-rt:*:*:*:*:*:*:*", "p-cpe:2.3:a:novell:suse_linux:kernel-rt:*:*:*:*:*:*:*", "p-cpe:2.3:a:novell:suse_linux:kernel-rt-devel:*:*:*:*:*:*:*", "p-cpe:2.3:a:novell:suse_linux:dlm-kmp-rt:*:*:*:*:*:*:*", "cpe:2.3:o:novell:suse_linux:15:*:*:*:*:*:*:*", "p-cpe:2.3:a:novell:suse_linux:gfs2-kmp-rt:*:*:*:*:*:*:*", "p-cpe:2.3:a:novell:suse_linux:ocfs2-kmp-rt:*:*:*:*:*:*:*", "p-cpe:2.3:a:novell:suse_linux:kernel-devel-rt:*:*:*:*:*:*:*", "p-cpe:2.3:a:novell:suse_linux:kernel-source-rt:*:*:*:*:*:*:*"], "id": "SUSE_SU-2022-0763-1.NASL", "href": "https://www.tenable.com/plugins/nessus/159158", "sourceData": "#%NASL_MIN_LEVEL 70300\n##\n# (C) Tenable, Inc.\n#\n# The package checks in this plugin were extracted from\n# SUSE update advisory SUSE-SU-2022:0763-1. The text itself\n# is copyright (C) SUSE.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(159158);\n script_version(\"1.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/08/12\");\n\n script_cve_id(\n \"CVE-2022-0001\",\n \"CVE-2022-0002\",\n \"CVE-2022-0847\",\n \"CVE-2022-25375\"\n );\n script_xref(name:\"SuSE\", value:\"SUSE-SU-2022:0763-1\");\n script_xref(name:\"CISA-KNOWN-EXPLOITED\", value:\"2022/05/16\");\n\n script_name(english:\"SUSE SLES15 Security Update : kernel (SUSE-SU-2022:0763-1)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote SUSE host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote SUSE Linux SLES15 host has packages installed that are affected by multiple vulnerabilities as referenced in\nthe SUSE-SU-2022:0763-1 advisory.\n\n - Non-transparent sharing of branch predictor selectors between contexts in some Intel(R) Processors may\n allow an authorized user to potentially enable information disclosure via local access. (CVE-2022-0001)\n\n - Non-transparent sharing of branch predictor within a context in some Intel(R) Processors may allow an\n authorized user to potentially enable information disclosure via local access. (CVE-2022-0002)\n\n - A flaw was found in the way the flags member of the new pipe buffer structure was lacking proper\n initialization in copy_page_to_iter_pipe and push_pipe functions in the Linux kernel and could thus\n contain stale values. An unprivileged local user could use this flaw to write to pages in the page cache\n backed by read only files and as such escalate their privileges on the system. (CVE-2022-0847)\n\n - An issue was discovered in drivers/usb/gadget/function/rndis.c in the Linux kernel before 5.16.10. The\n RNDIS USB gadget lacks validation of the size of the RNDIS_MSG_SET command. Attackers can obtain sensitive\n information from kernel memory. (CVE-2022-25375)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1089644\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1154353\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1157038\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1157923\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1176447\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1176940\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1178134\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1181147\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1181588\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1183872\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1187716\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1188404\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1189126\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1190812\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1190972\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1191580\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1191655\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1191741\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1192210\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1192483\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1193096\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1193233\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1193243\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1193787\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1194163\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1194967\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1195012\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1195081\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1195286\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1195352\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1195378\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1195506\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1195668\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1195701\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1195798\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1195799\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1195823\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1195928\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1195957\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1195995\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1196195\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1196235\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1196339\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1196400\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1196516\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1196584\");\n # https://lists.suse.com/pipermail/sle-security-updates/2022-March/010391.html\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?a965d71e\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-0001\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-0002\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-0847\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-25375\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2022-0847\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'Dirty Pipe Local Privilege Escalation via CVE-2022-0847');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_canvas\", value:\"true\");\n script_set_attribute(attribute:\"canvas_package\", value:\"CANVAS\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2022/02/20\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2022/03/09\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/03/22\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:2.3:a:novell:suse_linux:cluster-md-kmp-rt:*:*:*:*:*:*:*\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:2.3:a:novell:suse_linux:kernel-rt_debug-devel:*:*:*:*:*:*:*\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:2.3:a:novell:suse_linux:kernel-syms-rt:*:*:*:*:*:*:*\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:2.3:a:novell:suse_linux:kernel-rt:*:*:*:*:*:*:*\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:2.3:a:novell:suse_linux:kernel-rt-devel:*:*:*:*:*:*:*\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:2.3:a:novell:suse_linux:dlm-kmp-rt:*:*:*:*:*:*:*\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:2.3:o:novell:suse_linux:15:*:*:*:*:*:*:*\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:2.3:a:novell:suse_linux:gfs2-kmp-rt:*:*:*:*:*:*:*\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:2.3:a:novell:suse_linux:ocfs2-kmp-rt:*:*:*:*:*:*:*\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:2.3:a:novell:suse_linux:kernel-devel-rt:*:*:*:*:*:*:*\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:2.3:a:novell:suse_linux:kernel-source-rt:*:*:*:*:*:*:*\");\n script_set_attribute(attribute:\"thorough_tests\", value:\"false\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"SuSE Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"linux_alt_patch_detect.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude('audit.inc');\ninclude('global_settings.inc');\ninclude('misc_func.inc');\ninclude('rpm.inc');\ninclude('ksplice.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar release = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nvar os_ver = pregmatch(pattern: \"^(SLE(S|D)\\d+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'SUSE');\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLES15)$\", string:os_ver)) audit(AUDIT_OS_NOT, 'SUSE SLES15', 'SUSE ' + os_ver);\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'SUSE ' + os_ver, cpu);\n\nvar sp = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(sp)) sp = \"0\";\nif (os_ver == \"SLES15\" && (! preg(pattern:\"^(3)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLES15 SP3\", os_ver + \" SP\" + sp);\n\nvar pkgs = [\n {'reference':'cluster-md-kmp-rt-5.3.18-150300.79.1', 'sp':'3', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'SLE_RT-release-15.3'},\n {'reference':'dlm-kmp-rt-5.3.18-150300.79.1', 'sp':'3', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'SLE_RT-release-15.3'},\n {'reference':'gfs2-kmp-rt-5.3.18-150300.79.1', 'sp':'3', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'SLE_RT-release-15.3'},\n {'reference':'kernel-devel-rt-5.3.18-150300.79.1', 'sp':'3', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'SLE_RT-release-15.3'},\n {'reference':'kernel-rt-5.3.18-150300.79.1', 'sp':'3', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'SLE_RT-release-15.3'},\n {'reference':'kernel-rt-devel-5.3.18-150300.79.1', 'sp':'3', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'SLE_RT-release-15.3'},\n {'reference':'kernel-rt_debug-devel-5.3.18-150300.79.1', 'sp':'3', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'SLE_RT-release-15.3'},\n {'reference':'kernel-source-rt-5.3.18-150300.79.1', 'sp':'3', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'SLE_RT-release-15.3'},\n {'reference':'kernel-syms-rt-5.3.18-150300.79.1', 'sp':'3', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'SLE_RT-release-15.3'},\n {'reference':'ocfs2-kmp-rt-5.3.18-150300.79.1', 'sp':'3', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'SLE_RT-release-15.3'},\n {'reference':'cluster-md-kmp-rt-5.3.18-150300.79.1', 'sp':'3', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'sle-module-rt-release-15.3'},\n {'reference':'dlm-kmp-rt-5.3.18-150300.79.1', 'sp':'3', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'sle-module-rt-release-15.3'},\n {'reference':'gfs2-kmp-rt-5.3.18-150300.79.1', 'sp':'3', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'sle-module-rt-release-15.3'},\n {'reference':'kernel-devel-rt-5.3.18-150300.79.1', 'sp':'3', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'sle-module-rt-release-15.3'},\n {'reference':'kernel-rt-5.3.18-150300.79.1', 'sp':'3', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'sle-module-rt-release-15.3'},\n {'reference':'kernel-rt-devel-5.3.18-150300.79.1', 'sp':'3', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'sle-module-rt-release-15.3'},\n {'reference':'kernel-rt_debug-devel-5.3.18-150300.79.1', 'sp':'3', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'sle-module-rt-release-15.3'},\n {'reference':'kernel-source-rt-5.3.18-150300.79.1', 'sp':'3', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'sle-module-rt-release-15.3'},\n {'reference':'kernel-syms-rt-5.3.18-150300.79.1', 'sp':'3', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'sle-module-rt-release-15.3'},\n {'reference':'ocfs2-kmp-rt-5.3.18-150300.79.1', 'sp':'3', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'sle-module-rt-release-15.3'}\n];\n\nvar ltss_caveat_required = FALSE;\nvar flag = 0;\nforeach package_array ( pkgs ) {\n var reference = NULL;\n var release = NULL;\n var sp = NULL;\n var cpu = NULL;\n var exists_check = NULL;\n var rpm_spec_vers_cmp = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) release = package_array['release'];\n if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) cpu = package_array['cpu'];\n if (!empty_or_null(package_array['exists_check'])) exists_check = package_array['exists_check'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (reference && release) {\n if (exists_check) {\n if (!rpm_exists(release:release, rpm:exists_check)) continue;\n if ('ltss' >< tolower(exists_check)) ltss_caveat_required = TRUE;\n }\n if (rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, rpm_spec_vers_cmp:rpm_spec_vers_cmp)) flag++;\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'cluster-md-kmp-rt / dlm-kmp-rt / gfs2-kmp-rt / kernel-devel-rt / etc');\n}\n", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2022-08-12T23:00:05", "description": "The remote SUSE Linux SUSE15 host has packages installed that are affected by multiple vulnerabilities as referenced in the openSUSE-SU-2022:0768-1 advisory.\n\n - In gc_data_segment in fs/f2fs/gc.c in the Linux kernel before 5.16.3, special files are not considered, leading to a move_data_page NULL pointer dereference. (CVE-2021-44879)\n\n - Amazon Linux has been made aware of a potential Branch Target Injection (BTI) issue (sometimes referred to as Spectre variant 2). This is a known cross-domain transient execution attack where a third party may seek to cause a disclosure gadget to be speculatively executed after an indirect branch prediction.\n Generally, actors who attempt transient execution attacks do not have access to the data on the hosts they attempt to access (e.g. where privilege-level isolation is in place). For such attacks to succeed, actors need to be able to run code on the (virtual) machine hosting the data in which they are interested.\n (CVE-2022-0001, CVE-2022-0002, CVE-2022-0847)\n\n - A use-after-free vulnerability was found in rtsx_usb_ms_drv_remove in drivers/memstick/host/rtsx_usb_ms.c in memstick in the Linux kernel. In this flaw, a local attacker with a user privilege may impact system Confidentiality. This flaw affects kernel versions prior to 5.14 rc1. (CVE-2022-0487)\n\n - A vulnerability was found in the Linux kernel's cgroup_release_agent_write in the kernel/cgroup/cgroup-v1.c function. This flaw, under certain circumstances, allows the use of the cgroups v1 release_agent feature to escalate privileges and bypass the namespace isolation unexpectedly.\n (CVE-2022-0492)\n\n - A flaw null pointer dereference in the Linux kernel UDF file system functionality was found in the way user triggers udf_file_write_iter function for the malicious UDF image. A local user could use this flaw to crash the system. Actual from Linux kernel 4.2-rc1 till 5.17-rc2. (CVE-2022-0617)\n\n - An issue was discovered in fs/nfs/dir.c in the Linux kernel before 5.16.5. If an application sets the O_DIRECTORY flag, and tries to open a regular file, nfs_atomic_open() performs a regular lookup. If a regular file is found, ENOTDIR should occur, but the server instead returns uninitialized data in the file descriptor. (CVE-2022-24448)\n\n - An issue was discovered in the Linux kernel before 5.16.5. There is a memory leak in yam_siocdevprivate in drivers/net/hamradio/yam.c. (CVE-2022-24959)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {"score": 7.8, "vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"}, "published": "2022-03-10T00:00:00", "type": "nessus", "title": "openSUSE 15 Security Update : kernel (openSUSE-SU-2022:0768-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2021-44879", "CVE-2022-0001", "CVE-2022-0002", "CVE-2022-0487", "CVE-2022-0492", "CVE-2022-0617", "CVE-2022-0644", "CVE-2022-0847", "CVE-2022-24448", "CVE-2022-24959"], "modified": "2022-08-12T00:00:00", "cpe": ["cpe:2.3:o:novell:opensuse:15.3:*:*:*:*:*:*:*", "p-cpe:2.3:a:novell:opensuse:kernel-default-man:*:*:*:*:*:*:*", "p-cpe:2.3:a:novell:opensuse:kernel-kvmsmall-base:*:*:*:*:*:*:*", "p-cpe:2.3:a:novell:opensuse:kernel-vanilla-livepatch-devel:*:*:*:*:*:*:*", "p-cpe:2.3:a:novell:opensuse:kernel-zfcpdump-man:*:*:*:*:*:*:*", "p-cpe:2.3:a:novell:opensuse:kernel-vanilla:*:*:*:*:*:*:*", "p-cpe:2.3:a:novell:opensuse:kernel-vanilla-devel:*:*:*:*:*:*:*", "p-cpe:2.3:a:novell:opensuse:kernel-debug-base:*:*:*:*:*:*:*", "p-cpe:2.3:a:novell:opensuse:kernel-vanilla-base:*:*:*:*:*:*:*"], "id": "OPENSUSE-2022-0768-1.NASL", "href": "https://www.tenable.com/plugins/nessus/158779", "sourceData": "#%NASL_MIN_LEVEL 70300\n##\n# (C) Tenable Network Security, Inc.\n#\n# The package checks in this plugin were extracted from\n# openSUSE Security Update openSUSE-SU-2022:0768-1. The text itself\n# is copyright (C) SUSE.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(158779);\n script_version(\"1.6\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/08/12\");\n\n script_cve_id(\n \"CVE-2021-44879\",\n \"CVE-2022-0001\",\n \"CVE-2022-0002\",\n \"CVE-2022-0487\",\n \"CVE-2022-0492\",\n \"CVE-2022-0617\",\n \"CVE-2022-0644\",\n \"CVE-2022-0847\",\n \"CVE-2022-24448\",\n \"CVE-2022-24959\"\n );\n script_xref(name:\"CISA-KNOWN-EXPLOITED\", value:\"2022/05/16\");\n\n script_name(english:\"openSUSE 15 Security Update : kernel (openSUSE-SU-2022:0768-1)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote SUSE host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote SUSE Linux SUSE15 host has packages installed that are affected by multiple vulnerabilities as referenced in\nthe openSUSE-SU-2022:0768-1 advisory.\n\n - In gc_data_segment in fs/f2fs/gc.c in the Linux kernel before 5.16.3, special files are not considered,\n leading to a move_data_page NULL pointer dereference. (CVE-2021-44879)\n\n - Amazon Linux has been made aware of a potential Branch Target Injection (BTI) issue (sometimes referred to\n as Spectre variant 2). This is a known cross-domain transient execution attack where a third party may\n seek to cause a disclosure gadget to be speculatively executed after an indirect branch prediction.\n Generally, actors who attempt transient execution attacks do not have access to the data on the hosts they\n attempt to access (e.g. where privilege-level isolation is in place). For such attacks to succeed, actors\n need to be able to run code on the (virtual) machine hosting the data in which they are interested.\n (CVE-2022-0001, CVE-2022-0002, CVE-2022-0847)\n\n - A use-after-free vulnerability was found in rtsx_usb_ms_drv_remove in drivers/memstick/host/rtsx_usb_ms.c\n in memstick in the Linux kernel. In this flaw, a local attacker with a user privilege may impact system\n Confidentiality. This flaw affects kernel versions prior to 5.14 rc1. (CVE-2022-0487)\n\n - A vulnerability was found in the Linux kernel's cgroup_release_agent_write in the\n kernel/cgroup/cgroup-v1.c function. This flaw, under certain circumstances, allows the use of the cgroups\n v1 release_agent feature to escalate privileges and bypass the namespace isolation unexpectedly.\n (CVE-2022-0492)\n\n - A flaw null pointer dereference in the Linux kernel UDF file system functionality was found in the way\n user triggers udf_file_write_iter function for the malicious UDF image. A local user could use this flaw\n to crash the system. Actual from Linux kernel 4.2-rc1 till 5.17-rc2. (CVE-2022-0617)\n\n - An issue was discovered in fs/nfs/dir.c in the Linux kernel before 5.16.5. If an application sets the\n O_DIRECTORY flag, and tries to open a regular file, nfs_atomic_open() performs a regular lookup. If a\n regular file is found, ENOTDIR should occur, but the server instead returns uninitialized data in the file\n descriptor. (CVE-2022-24448)\n\n - An issue was discovered in the Linux kernel before 5.16.5. There is a memory leak in yam_siocdevprivate in\n drivers/net/hamradio/yam.c. (CVE-2022-24959)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1185973\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1191580\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1194516\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1195536\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1195543\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1195612\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1195840\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1195897\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1195908\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1195949\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1195987\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1196079\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1196155\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1196584\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1196612\");\n # https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/MWGLT5YBYSSX5MP2JBKT3N3QV2IWMC5F/\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?b7a9aa2b\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-44879\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-0001\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-0002\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-0487\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-0492\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-0617\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-0644\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-0847\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-24448\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-24959\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2022-0847\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'Dirty Pipe Local Privilege Escalation via CVE-2022-0847');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_canvas\", value:\"true\");\n script_set_attribute(attribute:\"canvas_package\", value:\"CANVAS\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2022/02/04\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2022/03/09\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/03/10\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:2.3:o:novell:opensuse:15.3:*:*:*:*:*:*:*\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:2.3:a:novell:opensuse:kernel-default-man:*:*:*:*:*:*:*\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:2.3:a:novell:opensuse:kernel-kvmsmall-base:*:*:*:*:*:*:*\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:2.3:a:novell:opensuse:kernel-vanilla-livepatch-devel:*:*:*:*:*:*:*\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:2.3:a:novell:opensuse:kernel-zfcpdump-man:*:*:*:*:*:*:*\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:2.3:a:novell:opensuse:kernel-vanilla:*:*:*:*:*:*:*\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:2.3:a:novell:opensuse:kernel-vanilla-devel:*:*:*:*:*:*:*\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:2.3:a:novell:opensuse:kernel-debug-base:*:*:*:*:*:*:*\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:2.3:a:novell:opensuse:kernel-vanilla-base:*:*:*:*:*:*:*\");\n script_set_attribute(attribute:\"thorough_tests\", value:\"false\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"SuSE Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude('audit.inc');\ninclude('global_settings.inc');\ninclude('misc_func.inc');\ninclude('rpm.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar release = get_kb_item('Host/SuSE/release');\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, 'openSUSE');\nvar os_ver = pregmatch(pattern: \"^SUSE([\\d.]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'openSUSE');\nos_ver = os_ver[1];\nif (release !~ \"^(SUSE15\\.3)$\") audit(AUDIT_OS_RELEASE_NOT, 'openSUSE', '15.3', release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'openSUSE ' + os_ver, cpu);\n\nvar pkgs = [\n {'reference':'kernel-debug-base-4.12.14-197.108.1', 'cpu':'x86_64', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-default-man-4.12.14-197.108.1', 'cpu':'s390x', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-kvmsmall-base-4.12.14-197.108.1', 'cpu':'x86_64', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-vanilla-4.12.14-197.108.1', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-vanilla-base-4.12.14-197.108.1', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-vanilla-devel-4.12.14-197.108.1', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-vanilla-livepatch-devel-4.12.14-197.108.1', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-zfcpdump-man-4.12.14-197.108.1', 'cpu':'s390x', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE}\n];\n\nvar flag = 0;\nforeach package_array ( pkgs ) {\n var reference = NULL;\n var release = NULL;\n var cpu = NULL;\n var rpm_spec_vers_cmp = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) release = package_array['release'];\n if (!empty_or_null(package_array['cpu'])) cpu = package_array['cpu'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (reference && release) {\n if (rpm_check(release:release, cpu:cpu, reference:reference, rpm_spec_vers_cmp:rpm_spec_vers_cmp)) flag++;\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'kernel-debug-base / kernel-default-man / kernel-kvmsmall-base / etc');\n}\n", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2022-08-12T18:20:08", "description": "The remote SUSE Linux SLES15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2022:0766-1 advisory.\n\n - In gc_data_segment in fs/f2fs/gc.c in the Linux kernel before 5.16.3, special files are not considered, leading to a move_data_page NULL pointer dereference. (CVE-2021-44879)\n\n - Non-transparent sharing of branch predictor selectors between contexts in some Intel(R) Processors may allow an authorized user to potentially enable information disclosure via local access. (CVE-2022-0001)\n\n - Non-transparent sharing of branch predictor within a context in some Intel(R) Processors may allow an authorized user to potentially enable information disclosure via local access. (CVE-2022-0002)\n\n - A use-after-free vulnerability was found in rtsx_usb_ms_drv_remove in drivers/memstick/host/rtsx_usb_ms.c in memstick in the Linux kernel. In this flaw, a local attacker with a user privilege may impact system Confidentiality. This flaw affects kernel versions prior to 5.14 rc1. (CVE-2022-0487)\n\n - A vulnerability was found in the Linux kernel's cgroup_release_agent_write in the kernel/cgroup/cgroup-v1.c function. This flaw, under certain circumstances, allows the use of the cgroups v1 release_agent feature to escalate privileges and bypass the namespace isolation unexpectedly.\n (CVE-2022-0492)\n\n - A flaw null pointer dereference in the Linux kernel UDF file system functionality was found in the way user triggers udf_file_write_iter function for the malicious UDF image. A local user could use this flaw to crash the system. Actual from Linux kernel 4.2-rc1 till 5.17-rc2. (CVE-2022-0617)\n\n - A flaw was found in the way the flags member of the new pipe buffer structure was lacking proper initialization in copy_page_to_iter_pipe and push_pipe functions in the Linux kernel and could thus contain stale values. An unprivileged local user could use this flaw to write to pages in the page cache backed by read only files and as such escalate their privileges on the system. (CVE-2022-0847)\n\n - An issue was discovered in fs/nfs/dir.c in the Linux kernel before 5.16.5. If an application sets the O_DIRECTORY flag, and tries to open a regular file, nfs_atomic_open() performs a regular lookup. If a regular file is found, ENOTDIR should occur, but the server instead returns uninitialized data in the file descriptor. (CVE-2022-24448)\n\n - An issue was discovered in the Linux kernel before 5.16.5. There is a memory leak in yam_siocdevprivate in drivers/net/hamradio/yam.c. (CVE-2022-24959)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {"score": 7.8, "vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"}, "published": "2022-03-09T00:00:00", "type": "nessus", "title": "SUSE SLES15 Security Update : kernel (SUSE-SU-2022:0766-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2021-44879", "CVE-2022-0001", "CVE-2022-0002", "CVE-2022-0487", "CVE-2022-0492", "CVE-2022-0617", "CVE-2022-0644", "CVE-2022-0847", "CVE-2022-24448", "CVE-2022-24959"], "modified": "2022-08-12T00:00:00", "cpe": ["p-cpe:2.3:a:novell:suse_linux:cluster-md-kmp-default:*:*:*:*:*:*:*", "p-cpe:2.3:a:novell:suse_linux:dlm-kmp-default:*:*:*:*:*:*:*", "p-cpe:2.3:a:novell:suse_linux:reiserfs-kmp-default:*:*:*:*:*:*:*", "p-cpe:2.3:a:novell:suse_linux:kernel-default-man:*:*:*:*:*:*:*", "p-cpe:2.3:a:novell:suse_linux:kernel-macros:*:*:*:*:*:*:*", "p-cpe:2.3:a:novell:suse_linux:kernel-default-base:*:*:*:*:*:*:*", "p-cpe:2.3:a:novell:suse_linux:kernel-default-devel:*:*:*:*:*:*:*", "p-cpe:2.3:a:novell:suse_linux:kernel-default:*:*:*:*:*:*:*", "p-cpe:2.3:a:novell:suse_linux:kernel-obs-build:*:*:*:*:*:*:*", "p-cpe:2.3:a:novell:suse_linux:kernel-syms:*:*:*:*:*:*:*", "p-cpe:2.3:a:novell:suse_linux:kernel-livepatch-4_12_14-150_86-default:*:*:*:*:*:*:*", "p-cpe:2.3:a:novell:suse_linux:kernel-default-livepatch:*:*:*:*:*:*:*", "p-cpe:2.3:a:novell:suse_linux:kernel-source:*:*:*:*:*:*:*", "p-cpe:2.3:a:novell:suse_linux:kernel-vanilla-base:*:*:*:*:*:*:*", "p-cpe:2.3:a:novell:suse_linux:gfs2-kmp-default:*:*:*:*:*:*:*", "cpe:2.3:o:novell:suse_linux:15:*:*:*:*:*:*:*", "p-cpe:2.3:a:novell:suse_linux:ocfs2-kmp-default:*:*:*:*:*:*:*", "p-cpe:2.3:a:novell:suse_linux:kernel-devel:*:*:*:*:*:*:*"], "id": "SUSE_SU-2022-0766-1.NASL", "href": "https://www.tenable.com/plugins/nessus/158755", "sourceData": "#%NASL_MIN_LEVEL 70300\n##\n# (C) Tenable, Inc.\n#\n# The package checks in this plugin were extracted from\n# SUSE update advisory SUSE-SU-2022:0766-1. The text itself\n# is copyright (C) SUSE.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(158755);\n script_version(\"1.8\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/08/12\");\n\n script_cve_id(\n \"CVE-2021-44879\",\n \"CVE-2022-0001\",\n \"CVE-2022-0002\",\n \"CVE-2022-0487\",\n \"CVE-2022-0492\",\n \"CVE-2022-0617\",\n \"CVE-2022-0644\",\n \"CVE-2022-0847\",\n \"CVE-2022-24448\",\n \"CVE-2022-24959\"\n );\n script_xref(name:\"SuSE\", value:\"SUSE-SU-2022:0766-1\");\n script_xref(name:\"CISA-KNOWN-EXPLOITED\", value:\"2022/05/16\");\n\n script_name(english:\"SUSE SLES15 Security Update : kernel (SUSE-SU-2022:0766-1)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote SUSE host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote SUSE Linux SLES15 host has packages installed that are affected by multiple vulnerabilities as referenced in\nthe SUSE-SU-2022:0766-1 advisory.\n\n - In gc_data_segment in fs/f2fs/gc.c in the Linux kernel before 5.16.3, special files are not considered,\n leading to a move_data_page NULL pointer dereference. (CVE-2021-44879)\n\n - Non-transparent sharing of branch predictor selectors between contexts in some Intel(R) Processors may\n allow an authorized user to potentially enable information disclosure via local access. (CVE-2022-0001)\n\n - Non-transparent sharing of branch predictor within a context in some Intel(R) Processors may allow an\n authorized user to potentially enable information disclosure via local access. (CVE-2022-0002)\n\n - A use-after-free vulnerability was found in rtsx_usb_ms_drv_remove in drivers/memstick/host/rtsx_usb_ms.c\n in memstick in the Linux kernel. In this flaw, a local attacker with a user privilege may impact system\n Confidentiality. This flaw affects kernel versions prior to 5.14 rc1. (CVE-2022-0487)\n\n - A vulnerability was found in the Linux kernel's cgroup_release_agent_write in the\n kernel/cgroup/cgroup-v1.c function. This flaw, under certain circumstances, allows the use of the cgroups\n v1 release_agent feature to escalate privileges and bypass the namespace isolation unexpectedly.\n (CVE-2022-0492)\n\n - A flaw null pointer dereference in the Linux kernel UDF file system functionality was found in the way\n user triggers udf_file_write_iter function for the malicious UDF image. A local user could use this flaw\n to crash the system. Actual from Linux kernel 4.2-rc1 till 5.17-rc2. (CVE-2022-0617)\n\n - A flaw was found in the way the flags member of the new pipe buffer structure was lacking proper\n initialization in copy_page_to_iter_pipe and push_pipe functions in the Linux kernel and could thus\n contain stale values. An unprivileged local user could use this flaw to write to pages in the page cache\n backed by read only files and as such escalate their privileges on the system. (CVE-2022-0847)\n\n - An issue was discovered in fs/nfs/dir.c in the Linux kernel before 5.16.5. If an application sets the\n O_DIRECTORY flag, and tries to open a regular file, nfs_atomic_open() performs a regular lookup. If a\n regular file is found, ENOTDIR should occur, but the server instead returns uninitialized data in the file\n descriptor. (CVE-2022-24448)\n\n - An issue was discovered in the Linux kernel before 5.16.5. There is a memory leak in yam_siocdevprivate in\n drivers/net/hamradio/yam.c. (CVE-2022-24959)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1107207\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1185973\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1191580\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1194516\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1195536\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1195543\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1195612\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1195840\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1195897\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1195908\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1195949\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1195987\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1196079\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1196155\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1196584\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1196612\");\n # https://lists.suse.com/pipermail/sle-security-updates/2022-March/010394.html\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?75fce9a4\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-44879\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-0001\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-0002\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-0487\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-0492\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-0617\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-0644\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-0847\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-24448\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-24959\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2022-0847\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'Dirty Pipe Local Privilege Escalation via CVE-2022-0847');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_canvas\", value:\"true\");\n script_set_attribute(attribute:\"canvas_package\", value:\"CANVAS\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2022/02/04\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2022/03/09\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/03/09\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:2.3:a:novell:suse_linux:cluster-md-kmp-default:*:*:*:*:*:*:*\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:2.3:a:novell:suse_linux:dlm-kmp-default:*:*:*:*:*:*:*\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:2.3:a:novell:suse_linux:reiserfs-kmp-default:*:*:*:*:*:*:*\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:2.3:a:novell:suse_linux:kernel-default-man:*:*:*:*:*:*:*\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:2.3:a:novell:suse_linux:kernel-macros:*:*:*:*:*:*:*\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:2.3:a:novell:suse_linux:kernel-default-base:*:*:*:*:*:*:*\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:2.3:a:novell:suse_linux:kernel-default-devel:*:*:*:*:*:*:*\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:2.3:a:novell:suse_linux:kernel-default:*:*:*:*:*:*:*\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:2.3:a:novell:suse_linux:kernel-obs-build:*:*:*:*:*:*:*\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:2.3:a:novell:suse_linux:kernel-syms:*:*:*:*:*:*:*\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:2.3:a:novell:suse_linux:kernel-livepatch-4_12_14-150_86-default:*:*:*:*:*:*:*\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:2.3:a:novell:suse_linux:kernel-default-livepatch:*:*:*:*:*:*:*\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:2.3:a:novell:suse_linux:kernel-source:*:*:*:*:*:*:*\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:2.3:a:novell:suse_linux:kernel-vanilla-base:*:*:*:*:*:*:*\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:2.3:a:novell:suse_linux:gfs2-kmp-default:*:*:*:*:*:*:*\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:2.3:o:novell:suse_linux:15:*:*:*:*:*:*:*\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:2.3:a:novell:suse_linux:ocfs2-kmp-default:*:*:*:*:*:*:*\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:2.3:a:novell:suse_linux:kernel-devel:*:*:*:*:*:*:*\");\n script_set_attribute(attribute:\"thorough_tests\", value:\"false\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"SuSE Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"linux_alt_patch_detect.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude('audit.inc');\ninclude('global_settings.inc');\ninclude('misc_func.inc');\ninclude('rpm.inc');\ninclude('ksplice.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar release = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nvar os_ver = pregmatch(pattern: \"^(SLE(S|D)\\d+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'SUSE');\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLES15)$\", string:os_ver)) audit(AUDIT_OS_NOT, 'SUSE SLES15', 'SUSE ' + os_ver);\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'SUSE ' + os_ver, cpu);\n\nvar sp = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(sp)) sp = \"0\";\nif (os_ver == \"SLES15\" && (! preg(pattern:\"^(0)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLES15 SP0\", os_ver + \" SP\" + sp);\n\nvar pkgs = [\n {'reference':'cluster-md-kmp-default-4.12.14-150.86.1', 'sp':'0', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'SLES_SAP-release-15'},\n {'reference':'dlm-kmp-default-4.12.14-150.86.1', 'sp':'0', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'SLES_SAP-release-15'},\n {'reference':'gfs2-kmp-default-4.12.14-150.86.1', 'sp':'0', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'SLES_SAP-release-15'},\n {'reference':'kernel-default-4.12.14-150.86.1', 'sp':'0', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'SLES_SAP-release-15'},\n {'reference':'kernel-default-base-4.12.14-150.86.1', 'sp':'0', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'SLES_SAP-release-15'},\n {'reference':'kernel-default-devel-4.12.14-150.86.1', 'sp':'0', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'SLES_SAP-release-15'},\n {'reference':'kernel-default-livepatch-4.12.14-150.86.1', 'sp':'0', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'SLES_SAP-release-15'},\n {'reference':'kernel-devel-4.12.14-150.86.1', 'sp':'0', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'SLES_SAP-release-15'},\n {'reference':'kernel-livepatch-4_12_14-150_86-default-1-1.3.1', 'sp':'0', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'SLES_SAP-release-15'},\n {'reference':'kernel-macros-4.12.14-150.86.1', 'sp':'0', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'SLES_SAP-release-15'},\n {'reference':'kernel-obs-build-4.12.14-150.86.1', 'sp':'0', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'SLES_SAP-release-15'},\n {'reference':'kernel-source-4.12.14-150.86.1', 'sp':'0', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'SLES_SAP-release-15'},\n {'reference':'kernel-syms-4.12.14-150.86.1', 'sp':'0', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'SLES_SAP-release-15'},\n {'reference':'kernel-vanilla-base-4.12.14-150.86.1', 'sp':'0', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'SLES_SAP-release-15'},\n {'reference':'ocfs2-kmp-default-4.12.14-150.86.1', 'sp':'0', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'SLES_SAP-release-15'},\n {'reference':'reiserfs-kmp-default-4.12.14-150.86.1', 'sp':'0', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'SLES_SAP-release-15'},\n {'reference':'kernel-default-4.12.14-150.86.1', 'sp':'0', 'cpu':'aarch64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'SLE_HPC-ESPOS-release-15'},\n {'reference':'kernel-default-4.12.14-150.86.1', 'sp':'0', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'SLE_HPC-ESPOS-release-15'},\n {'reference':'kernel-default-4.12.14-150.86.1', 'sp':'0', 'cpu':'aarch64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'SLE_HPC-ESPOS-release-15'},\n {'reference':'kernel-default-4.12.14-150.86.1', 'sp':'0', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'SLE_HPC-ESPOS-release-15'},\n {'reference':'kernel-default-base-4.12.14-150.86.1', 'sp':'0', 'cpu':'aarch64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'SLE_HPC-ESPOS-release-15'},\n {'reference':'kernel-default-base-4.12.14-150.86.1', 'sp':'0', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'SLE_HPC-ESPOS-release-15'},\n {'reference':'kernel-default-base-4.12.14-150.86.1', 'sp':'0', 'cpu':'aarch64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'SLE_HPC-ESPOS-release-15'},\n {'reference':'kernel-default-base-4.12.14-150.86.1', 'sp':'0', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'SLE_HPC-ESPOS-release-15'},\n {'reference':'kernel-default-devel-4.12.14-150.86.1', 'sp':'0', 'cpu':'aarch64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'SLE_HPC-ESPOS-release-15'},\n {'reference':'kernel-default-devel-4.12.14-150.86.1', 'sp':'0', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'SLE_HPC-ESPOS-release-15'},\n {'reference':'kernel-default-devel-4.12.14-150.86.1', 'sp':'0', 'cpu':'aarch64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'SLE_HPC-ESPOS-release-15'},\n {'reference':'kernel-default-devel-4.12.14-150.86.1', 'sp':'0', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'SLE_HPC-ESPOS-release-15'},\n {'reference':'kernel-devel-4.12.14-150.86.1', 'sp':'0', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'SLE_HPC-ESPOS-release-15'},\n {'reference':'kernel-devel-4.12.14-150.86.1', 'sp':'0', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'SLE_HPC-ESPOS-release-15'},\n {'reference':'kernel-macros-4.12.14-150.86.1', 'sp':'0', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'SLE_HPC-ESPOS-release-15'},\n {'reference':'kernel-macros-4.12.14-150.86.1', 'sp':'0', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'SLE_HPC-ESPOS-release-15'},\n {'reference':'kernel-obs-build-4.12.14-150.86.1', 'sp':'0', 'cpu':'aarch64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'SLE_HPC-ESPOS-release-15'},\n {'reference':'kernel-obs-build-4.12.14-150.86.1', 'sp':'0', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'SLE_HPC-ESPOS-release-15'},\n {'reference':'kernel-obs-build-4.12.14-150.86.1', 'sp':'0', 'cpu':'aarch64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'SLE_HPC-ESPOS-release-15'},\n {'reference':'kernel-obs-build-4.12.14-150.86.1', 'sp':'0', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'SLE_HPC-ESPOS-release-15'},\n {'reference':'kernel-source-4.12.14-150.86.1', 'sp':'0', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'SLE_HPC-ESPOS-release-15'},\n {'reference':'kernel-source-4.12.14-150.86.1', 'sp':'0', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'SLE_HPC-ESPOS-release-15'},\n {'reference':'kernel-syms-4.12.14-150.86.1', 'sp':'0', 'cpu':'aarch64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'SLE_HPC-ESPOS-release-15'},\n {'reference':'kernel-syms-4.12.14-150.86.1', 'sp':'0', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'SLE_HPC-ESPOS-release-15'},\n {'reference':'kernel-syms-4.12.14-150.86.1', 'sp':'0', 'cpu':'aarch64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'SLE_HPC-ESPOS-release-15'},\n {'reference':'kernel-syms-4.12.14-150.86.1', 'sp':'0', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'SLE_HPC-ESPOS-release-15'},\n {'reference':'kernel-vanilla-base-4.12.14-150.86.1', 'sp':'0', 'cpu':'aarch64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'SLE_HPC-ESPOS-release-15'},\n {'reference':'kernel-vanilla-base-4.12.14-150.86.1', 'sp':'0', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'SLE_HPC-ESPOS-release-15'},\n {'reference':'kernel-vanilla-base-4.12.14-150.86.1', 'sp':'0', 'cpu':'aarch64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'SLE_HPC-ESPOS-release-15'},\n {'reference':'kernel-vanilla-base-4.12.14-150.86.1', 'sp':'0', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'SLE_HPC-ESPOS-release-15'},\n {'reference':'kernel-default-4.12.14-150.86.1', 'sp':'0', 'cpu':'aarch64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'SLE_HPC-LTSS-release-15'},\n {'reference':'kernel-default-4.12.14-150.86.1', 'sp':'0', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'SLE_HPC-LTSS-release-15'},\n {'reference':'kernel-default-4.12.14-150.86.1', 'sp':'0', 'cpu':'aarch64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'SLE_HPC-LTSS-release-15'},\n {'reference':'kernel-default-4.12.14-150.86.1', 'sp':'0', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'SLE_HPC-LTSS-release-15'},\n {'reference':'kernel-default-base-4.12.14-150.86.1', 'sp':'0', 'cpu':'aarch64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'SLE_HPC-LTSS-release-15'},\n {'reference':'kernel-default-base-4.12.14-150.86.1', 'sp':'0', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'SLE_HPC-LTSS-release-15'},\n {'reference':'kernel-default-base-4.12.14-150.86.1', 'sp':'0', 'cpu':'aarch64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'SLE_HPC-LTSS-release-15'},\n {'reference':'kernel-default-base-4.12.14-150.86.1', 'sp':'0', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'SLE_HPC-LTSS-release-15'},\n {'reference':'kernel-default-devel-4.12.14-150.86.1', 'sp':'0', 'cpu':'aarch64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'SLE_HPC-LTSS-release-15'},\n {'reference':'kernel-default-devel-4.12.14-150.86.1', 'sp':'0', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'SLE_HPC-LTSS-release-15'},\n {'reference':'kernel-default-devel-4.12.14-150.86.1', 'sp':'0', 'cpu':'aarch64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'SLE_HPC-LTSS-release-15'},\n {'reference':'kernel-default-devel-4.12.14-150.86.1', 'sp':'0', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'SLE_HPC-LTSS-release-15'},\n {'reference':'kernel-devel-4.12.14-150.86.1', 'sp':'0', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'SLE_HPC-LTSS-release-15'},\n {'reference':'kernel-devel-4.12.14-150.86.1', 'sp':'0', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'SLE_HPC-LTSS-release-15'},\n {'reference':'kernel-macros-4.12.14-150.86.1', 'sp':'0', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'SLE_HPC-LTSS-release-15'},\n {'reference':'kernel-macros-4.12.14-150.86.1', 'sp':'0', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'SLE_HPC-LTSS-release-15'},\n {'reference':'kernel-obs-build-4.12.14-150.86.1', 'sp':'0', 'cpu':'aarch64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'SLE_HPC-LTSS-release-15'},\n {'reference':'kernel-obs-build-4.12.14-150.86.1', 'sp':'0', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'SLE_HPC-LTSS-release-15'},\n {'reference':'kernel-obs-build-4.12.14-150.86.1', 'sp':'0', 'cpu':'aarch64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'SLE_HPC-LTSS-release-15'},\n {'reference':'kernel-obs-build-4.12.14-150.86.1', 'sp':'0', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'SLE_HPC-LTSS-release-15'},\n {'reference':'kernel-source-4.12.14-150.86.1', 'sp':'0', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'SLE_HPC-LTSS-release-15'},\n {'reference':'kernel-source-4.12.14-150.86.1', 'sp':'0', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'SLE_HPC-LTSS-release-15'},\n {'reference':'kernel-syms-4.12.14-150.86.1', 'sp':'0', 'cpu':'aarch64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'SLE_HPC-LTSS-release-15'},\n {'reference':'kernel-syms-4.12.14-150.86.1', 'sp':'0', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'SLE_HPC-LTSS-release-15'},\n {'reference':'kernel-syms-4.12.14-150.86.1', 'sp':'0', 'cpu':'aarch64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'SLE_HPC-LTSS-release-15'},\n {'reference':'kernel-syms-4.12.14-150.86.1', 'sp':'0', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'SLE_HPC-LTSS-release-15'},\n {'reference':'kernel-vanilla-base-4.12.14-150.86.1', 'sp':'0', 'cpu':'aarch64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'SLE_HPC-LTSS-release-15'},\n {'reference':'kernel-vanilla-base-4.12.14-150.86.1', 'sp':'0', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'SLE_HPC-LTSS-release-15'},\n {'reference':'kernel-vanilla-base-4.12.14-150.86.1', 'sp':'0', 'cpu':'aarch64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'SLE_HPC-LTSS-release-15'},\n {'reference':'kernel-vanilla-base-4.12.14-150.86.1', 'sp':'0', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'SLE_HPC-LTSS-release-15'},\n {'reference':'cluster-md-kmp-default-4.12.14-150.86.1', 'sp':'0', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'SLE_HPC-release-15'},\n {'reference':'dlm-kmp-default-4.12.14-150.86.1', 'sp':'0', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'SLE_HPC-release-15'},\n {'reference':'gfs2-kmp-default-4.12.14-150.86.1', 'sp':'0', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'SLE_HPC-release-15'},\n {'reference':'kernel-default-livepatch-4.12.14-150.86.1', 'sp':'0', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'SLE_HPC-release-15'},\n {'reference':'kernel-livepatch-4_12_14-150_86-default-1-1.3.1', 'sp':'0', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'SLE_HPC-release-15'},\n {'reference':'ocfs2-kmp-default-4.12.14-150.86.1', 'sp':'0', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'SLE_HPC-release-15'},\n {'reference':'cluster-md-kmp-default-4.12.14-150.86.1', 'sp':'0', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'sle-ha-release-15'},\n {'reference':'dlm-kmp-default-4.12.14-150.86.1', 'sp':'0', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'sle-ha-release-15'},\n {'reference':'gfs2-kmp-default-4.12.14-150.86.1', 'sp':'0', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'sle-ha-release-15'},\n {'reference':'ocfs2-kmp-default-4.12.14-150.86.1', 'sp':'0', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'sle-ha-release-15'},\n {'reference':'kernel-default-livepatch-4.12.14-150.86.1', 'sp':'0', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'sle-module-live-patching-release-15'},\n {'reference':'kernel-livepatch-4_12_14-150_86-default-1-1.3.1', 'sp':'0', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'sle-module-live-patching-release-15'},\n {'reference':'kernel-default-4.12.14-150.86.1', 'sp':'0', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'sles-ltss-release-15'},\n {'reference':'kernel-default-base-4.12.14-150.86.1', 'sp':'0', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'sles-ltss-release-15'},\n {'reference':'kernel-default-devel-4.12.14-150.86.1', 'sp':'0', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'sles-ltss-release-15'},\n {'reference':'kernel-default-man-4.12.14-150.86.1', 'sp':'0', 'cpu':'s390x', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'sles-ltss-release-15'},\n {'reference':'kernel-devel-4.12.14-150.86.1', 'sp':'0', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'sles-ltss-release-15'},\n {'reference':'kernel-macros-4.12.14-150.86.1', 'sp':'0', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'sles-ltss-release-15'},\n {'reference':'kernel-obs-build-4.12.14-150.86.1', 'sp':'0', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'sles-ltss-release-15'},\n {'reference':'kernel-source-4.12.14-150.86.1', 'sp':'0', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'sles-ltss-release-15'},\n {'reference':'kernel-syms-4.12.14-150.86.1', 'sp':'0', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'sles-ltss-release-15'},\n {'reference':'kernel-vanilla-base-4.12.14-150.86.1', 'sp':'0', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'sles-ltss-release-15'},\n {'reference':'reiserfs-kmp-default-4.12.14-150.86.1', 'sp':'0', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'sles-ltss-release-15'},\n {'reference':'cluster-md-kmp-default-4.12.14-150.86.1', 'sp':'0', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'sles-release-15'},\n {'reference':'dlm-kmp-default-4.12.14-150.86.1', 'sp':'0', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'sles-release-15'},\n {'reference':'gfs2-kmp-default-4.12.14-150.86.1', 'sp':'0', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'sles-release-15'},\n {'reference':'kernel-default-livepatch-4.12.14-150.86.1', 'sp':'0', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'sles-release-15'},\n {'reference':'kernel-livepatch-4_12_14-150_86-default-1-1.3.1', 'sp':'0', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'sles-release-15'},\n {'reference':'ocfs2-kmp-default-4.12.14-150.86.1', 'sp':'0', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'sles-release-15'}\n];\n\nvar ltss_caveat_required = FALSE;\nvar flag = 0;\nforeach package_array ( pkgs ) {\n var reference = NULL;\n var release = NULL;\n var sp = NULL;\n var cpu = NULL;\n var exists_check = NULL;\n var rpm_spec_vers_cmp = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) release = package_array['release'];\n if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) cpu = package_array['cpu'];\n if (!empty_or_null(package_array['exists_check'])) exists_check = package_array['exists_check'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (reference && release) {\n if (exists_check) {\n if (!rpm_exists(release:release, rpm:exists_check)) continue;\n if ('ltss' >< tolower(exists_check)) ltss_caveat_required = TRUE;\n }\n if (rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, rpm_spec_vers_cmp:rpm_spec_vers_cmp)) flag++;\n }\n}\n\nif (flag)\n{\n var ltss_plugin_caveat = NULL;\n if(ltss_caveat_required) ltss_plugin_caveat = '\\n' +\n 'NOTE: This vulnerability check contains fixes that apply to\\n' +\n 'packages only available in SUSE Enterprise Linux Server LTSS\\n' +\n 'repositories. Access to these package security updates require\\n' +\n 'a paid SUSE LTSS subscription.\\n';\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get() + ltss_plugin_caveat\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'cluster-md-kmp-default / dlm-kmp-default / gfs2-kmp-default / etc');\n}\n", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2022-08-12T18:18:49", "description": "The remote SUSE Linux SLES12 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2022:0757-1 advisory.\n\n - In gc_data_segment in fs/f2fs/gc.c in the Linux kernel before 5.16.3, special files are not considered, leading to a move_data_page NULL pointer dereference. (CVE-2021-44879)\n\n - Non-transparent sharing of branch predictor selectors between contexts in some Intel(R) Processors may allow an authorized user to potentially enable information disclosure via local access. (CVE-2022-0001)\n\n - Non-transparent sharing of branch predictor within a context in some Intel(R) Processors may allow an authorized user to potentially enable information disclosure via local access. (CVE-2022-0002)\n\n - A use-after-free vulnerability was found in rtsx_usb_ms_drv_remove in drivers/memstick/host/rtsx_usb_ms.c in memstick in the Linux kernel. In this flaw, a local attacker with a user privilege may impact system Confidentiality. This flaw affects kernel versions prior to 5.14 rc1. (CVE-2022-0487)\n\n - A vulnerability was found in the Linux kernel's cgroup_release_agent_write in the kernel/cgroup/cgroup-v1.c function. This flaw, under certain circumstances, allows the use of the cgroups v1 release_agent feature to escalate privileges and bypass the namespace isolation unexpectedly.\n (CVE-2022-0492)\n\n - A flaw null pointer dereference in the Linux kernel UDF file system functionality was found in the way user triggers udf_file_write_iter function for the malicious UDF image. A local user could use this flaw to crash the system. Actual from Linux kernel 4.2-rc1 till 5.17-rc2. (CVE-2022-0617)\n\n - A flaw was found in the way the flags member of the new pipe buffer structure was lacking proper initialization in copy_page_to_iter_pipe and push_pipe functions in the Linux kernel and could thus contain stale values. An unprivileged local user could use this flaw to write to pages in the page cache backed by read only files and as such escalate their privileges on the system. (CVE-2022-0847)\n\n - An issue was discovered in fs/nfs/dir.c in the Linux kernel before 5.16.5. If an application sets the O_DIRECTORY flag, and tries to open a regular file, nfs_atomic_open() performs a regular lookup. If a regular file is found, ENOTDIR should occur, but the server instead returns uninitialized data in the file descriptor. (CVE-2022-24448)\n\n - An issue was discovered in the Linux kernel before 5.16.5. There is a memory leak in yam_siocdevprivate in drivers/net/hamradio/yam.c. (CVE-2022-24959)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {"score": 7.8, "vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"}, "published": "2022-03-09T00:00:00", "type": "nessus", "title": "SUSE SLES12 Security Update : kernel (SUSE-SU-2022:0757-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2021-44879", "CVE-2022-0001", "CVE-2022-0002", "CVE-2022-0487", "CVE-2022-0492", "CVE-2022-0617", "CVE-2022-0644", "CVE-2022-0847", "CVE-2022-24448", "CVE-2022-24959"], "modified": "2022-08-12T00:00:00", "cpe": ["cpe:2.3:o:novell:suse_linux:12:*:*:*:*:*:*:*", "p-cpe:2.3:a:novell:suse_linux:cluster-md-kmp-default:*:*:*:*:*:*:*", "p-cpe:2.3:a:novell:suse_linux:dlm-kmp-default:*:*:*:*:*:*:*", "p-cpe:2.3:a:novell:suse_linux:kernel-default-man:*:*:*:*:*:*:*", "p-cpe:2.3:a:novell:suse_linux:kernel-macros:*:*:*:*:*:*:*", "p-cpe:2.3:a:novell:suse_linux:kernel-default-base:*:*:*:*:*:*:*", "p-cpe:2.3:a:novell:suse_linux:kgraft-patch-4_12_14-95_93-default:*:*:*:*:*:*:*", "p-cpe:2.3:a:novell:suse_linux:kernel-default-devel:*:*:*:*:*:*:*", "p-cpe:2.3:a:novell:suse_linux:kernel-default-kgraft-devel:*:*:*:*:*:*:*", "p-cpe:2.3:a:novell:suse_linux:kernel-default:*:*:*:*:*:*:*", "p-cpe:2.3:a:novell:suse_linux:kernel-default-kgraft:*:*:*:*:*:*:*", "p-cpe:2.3:a:novell:suse_linux:kernel-syms:*:*:*:*:*:*:*", "p-cpe:2.3:a:novell:suse_linux:kernel-source:*:*:*:*:*:*:*", "p-cpe:2.3:a:novell:suse_linux:gfs2-kmp-default:*:*:*:*:*:*:*", "p-cpe:2.3:a:novell:suse_linux:ocfs2-kmp-default:*:*:*:*:*:*:*", "p-cpe:2.3:a:novell:suse_linux:kernel-devel:*:*:*:*:*:*:*"], "id": "SUSE_SU-2022-0757-1.NASL", "href": "https://www.tenable.com/plugins/nessus/158758", "sourceData": "#%NASL_MIN_LEVEL 70300\n##\n# (C) Tenable, Inc.\n#\n# The package checks in this plugin were extracted from\n# SUSE update advisory SUSE-SU-2022:0757-1. The text itself\n# is copyright (C) SUSE.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(158758);\n script_version(\"1.8\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/08/12\");\n\n script_cve_id(\n \"CVE-2021-44879\",\n \"CVE-2022-0001\",\n \"CVE-2022-0002\",\n \"CVE-2022-0487\",\n \"CVE-2022-0492\",\n \"CVE-2022-0617\",\n \"CVE-2022-0644\",\n \"CVE-2022-0847\",\n \"CVE-2022-24448\",\n \"CVE-2022-24959\"\n );\n script_xref(name:\"SuSE\", value:\"SUSE-SU-2022:0757-1\");\n script_xref(name:\"CISA-KNOWN-EXPLOITED\", value:\"2022/05/16\");\n\n script_name(english:\"SUSE SLES12 Security Update : kernel (SUSE-SU-2022:0757-1)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote SUSE host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote SUSE Linux SLES12 host has packages installed that are affected by multiple vulnerabilities as referenced in\nthe SUSE-SU-2022:0757-1 advisory.\n\n - In gc_data_segment in fs/f2fs/gc.c in the Linux kernel before 5.16.3, special files are not considered,\n leading to a move_data_page NULL pointer dereference. (CVE-2021-44879)\n\n - Non-transparent sharing of branch predictor selectors between contexts in some Intel(R) Processors may\n allow an authorized user to potentially enable information disclosure via local access. (CVE-2022-0001)\n\n - Non-transparent sharing of branch predictor within a context in some Intel(R) Processors may allow an\n authorized user to potentially enable information disclosure via local access. (CVE-2022-0002)\n\n - A use-after-free vulnerability was found in rtsx_usb_ms_drv_remove in drivers/memstick/host/rtsx_usb_ms.c\n in memstick in the Linux kernel. In this flaw, a local attacker with a user privilege may impact system\n Confidentiality. This flaw affects kernel versions prior to 5.14 rc1. (CVE-2022-0487)\n\n - A vulnerability was found in the Linux kernel's cgroup_release_agent_write in the\n kernel/cgroup/cgroup-v1.c function. This flaw, under certain circumstances, allows the use of the cgroups\n v1 release_agent feature to escalate privileges and bypass the namespace isolation unexpectedly.\n (CVE-2022-0492)\n\n - A flaw null pointer dereference in the Linux kernel UDF file system functionality was found in the way\n user triggers udf_file_write_iter function for the malicious UDF image. A local user could use this flaw\n to crash the system. Actual from Linux kernel 4.2-rc1 till 5.17-rc2. (CVE-2022-0617)\n\n - A flaw was found in the way the flags member of the new pipe buffer structure was lacking proper\n initialization in copy_page_to_iter_pipe and push_pipe functions in the Linux kernel and could thus\n contain stale values. An unprivileged local user could use this flaw to write to pages in the page cache\n backed by read only files and as such escalate their privileges on the system. (CVE-2022-0847)\n\n - An issue was discovered in fs/nfs/dir.c in the Linux kernel before 5.16.5. If an application sets the\n O_DIRECTORY flag, and tries to open a regular file, nfs_atomic_open() performs a regular lookup. If a\n regular file is found, ENOTDIR should occur, but the server instead returns uninitialized data in the file\n descriptor. (CVE-2022-24448)\n\n - An issue was discovered in the Linux kernel before 5.16.5. There is a memory leak in yam_siocdevprivate in\n drivers/net/hamradio/yam.c. (CVE-2022-24959)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1107207\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1114893\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1185973\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1191580\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1194516\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1195536\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1195543\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1195612\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1195840\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1195897\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1195908\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1195934\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1195949\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1195987\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1196079\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1196155\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1196584\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1196601\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1196612\");\n # https://lists.suse.com/pipermail/sle-security-updates/2022-March/010402.html\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?4065e344\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-44879\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-0001\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-0002\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-0487\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-0492\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-0617\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-0644\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-0847\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-24448\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-24959\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2022-0847\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'Dirty Pipe Local Privilege Escalation via CVE-2022-0847');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_canvas\", value:\"true\");\n script_set_attribute(attribute:\"canvas_package\", value:\"CANVAS\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2022/02/04\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2022/03/08\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/03/09\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:2.3:o:novell:suse_linux:12:*:*:*:*:*:*:*\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:2.3:a:novell:suse_linux:cluster-md-kmp-default:*:*:*:*:*:*:*\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:2.3:a:novell:suse_linux:dlm-kmp-default:*:*:*:*:*:*:*\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:2.3:a:novell:suse_linux:kernel-default-man:*:*:*:*:*:*:*\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:2.3:a:novell:suse_linux:kernel-macros:*:*:*:*:*:*:*\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:2.3:a:novell:suse_linux:kernel-default-base:*:*:*:*:*:*:*\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:2.3:a:novell:suse_linux:kgraft-patch-4_12_14-95_93-default:*:*:*:*:*:*:*\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:2.3:a:novell:suse_linux:kernel-default-devel:*:*:*:*:*:*:*\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:2.3:a:novell:suse_linux:kernel-default-kgraft-devel:*:*:*:*:*:*:*\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:2.3:a:novell:suse_linux:kernel-default:*:*:*:*:*:*:*\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:2.3:a:novell:suse_linux:kernel-default-kgraft:*:*:*:*:*:*:*\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:2.3:a:novell:suse_linux:kernel-syms:*:*:*:*:*:*:*\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:2.3:a:novell:suse_linux:kernel-source:*:*:*:*:*:*:*\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:2.3:a:novell:suse_linux:gfs2-kmp-default:*:*:*:*:*:*:*\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:2.3:a:novell:suse_linux:ocfs2-kmp-default:*:*:*:*:*:*:*\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:2.3:a:novell:suse_linux:kernel-devel:*:*:*:*:*:*:*\");\n script_set_attribute(attribute:\"thorough_tests\", value:\"false\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"SuSE Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"linux_alt_patch_detect.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude('audit.inc');\ninclude('global_settings.inc');\ninclude('misc_func.inc');\ninclude('rpm.inc');\ninclude('ksplice.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar release = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nvar os_ver = pregmatch(pattern: \"^(SLE(S|D)\\d+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'SUSE');\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLES12)$\", string:os_ver)) audit(AUDIT_OS_NOT, 'SUSE SLES12', 'SUSE ' + os_ver);\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'SUSE ' + os_ver, cpu);\n\nvar sp = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(sp)) sp = \"0\";\nif (os_ver == \"SLES12\" && (! preg(pattern:\"^(3|4|5)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLES12 SP3/4/5\", os_ver + \" SP\" + sp);\n\nvar pkgs = [\n {'reference':'cluster-md-kmp-default-4.12.14-95.93.1', 'sp':'3', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'SLE-HPC-release-12.4'},\n {'reference':'cluster-md-kmp-default-4.12.14-95.93.1', 'sp':'4', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'SLE-HPC-release-12.4'},\n {'reference':'cluster-md-kmp-default-4.12.14-95.93.1', 'sp':'5', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'SLE-HPC-release-12.4'},\n {'reference':'dlm-kmp-default-4.12.14-95.93.1', 'sp':'3', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'SLE-HPC-release-12.4'},\n {'reference':'dlm-kmp-default-4.12.14-95.93.1', 'sp':'4', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'SLE-HPC-release-12.4'},\n {'reference':'dlm-kmp-default-4.12.14-95.93.1', 'sp':'5', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'SLE-HPC-release-12.4'},\n {'reference':'gfs2-kmp-default-4.12.14-95.93.1', 'sp':'3', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'SLE-HPC-release-12.4'},\n {'reference':'gfs2-kmp-default-4.12.14-95.93.1', 'sp':'4', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'SLE-HPC-release-12.4'},\n {'reference':'gfs2-kmp-default-4.12.14-95.93.1', 'sp':'5', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'SLE-HPC-release-12.4'},\n {'reference':'ocfs2-kmp-default-4.12.14-95.93.1', 'sp':'3', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'SLE-HPC-release-12.4'},\n {'reference':'ocfs2-kmp-default-4.12.14-95.93.1', 'sp':'4', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'SLE-HPC-release-12.4'},\n {'reference':'ocfs2-kmp-default-4.12.14-95.93.1', 'sp':'5', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'SLE-HPC-release-12.4'},\n {'reference':'cluster-md-kmp-default-4.12.14-95.93.1', 'sp':'3', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'SLES_SAP-release-12.3'},\n {'reference':'cluster-md-kmp-default-4.12.14-95.93.1', 'sp':'4', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'SLES_SAP-release-12.3'},\n {'reference':'cluster-md-kmp-default-4.12.14-95.93.1', 'sp':'5', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'SLES_SAP-release-12.3'},\n {'reference':'dlm-kmp-default-4.12.14-95.93.1', 'sp':'3', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'SLES_SAP-release-12.3'},\n {'reference':'dlm-kmp-default-4.12.14-95.93.1', 'sp':'4', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'SLES_SAP-release-12.3'},\n {'reference':'dlm-kmp-default-4.12.14-95.93.1', 'sp':'5', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'SLES_SAP-release-12.3'},\n {'reference':'gfs2-kmp-default-4.12.14-95.93.1', 'sp':'3', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'SLES_SAP-release-12.3'},\n {'reference':'gfs2-kmp-default-4.12.14-95.93.1', 'sp':'4', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'SLES_SAP-release-12.3'},\n {'reference':'gfs2-kmp-default-4.12.14-95.93.1', 'sp':'5', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'SLES_SAP-release-12.3'},\n {'reference':'ocfs2-kmp-default-4.12.14-95.93.1', 'sp':'3', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'SLES_SAP-release-12.3'},\n {'reference':'ocfs2-kmp-default-4.12.14-95.93.1', 'sp':'4', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'SLES_SAP-release-12.3'},\n {'reference':'ocfs2-kmp-default-4.12.14-95.93.1', 'sp':'5', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'SLES_SAP-release-12.3'},\n {'reference':'cluster-md-kmp-default-4.12.14-95.93.1', 'sp':'3', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'SLES_SAP-release-12.4'},\n {'reference':'cluster-md-kmp-default-4.12.14-95.93.1', 'sp':'4', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'SLES_SAP-release-12.4'},\n {'reference':'cluster-md-kmp-default-4.12.14-95.93.1', 'sp':'5', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'SLES_SAP-release-12.4'},\n {'reference':'dlm-kmp-default-4.12.14-95.93.1', 'sp':'3', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'SLES_SAP-release-12.4'},\n {'reference':'dlm-kmp-default-4.12.14-95.93.1', 'sp':'4', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'SLES_SAP-release-12.4'},\n {'reference':'dlm-kmp-default-4.12.14-95.93.1', 'sp':'5', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'SLES_SAP-release-12.4'},\n {'reference':'gfs2-kmp-default-4.12.14-95.93.1', 'sp':'3', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'SLES_SAP-release-12.4'},\n {'reference':'gfs2-kmp-default-4.12.14-95.93.1', 'sp':'4', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'SLES_SAP-release-12.4'},\n {'reference':'gfs2-kmp-default-4.12.14-95.93.1', 'sp':'5', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'SLES_SAP-release-12.4'},\n {'reference':'kernel-default-4.12.14-95.93.1', 'sp':'4', 'cpu':'x86_64', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'SLES_SAP-release-12.4'},\n {'reference':'kernel-default-base-4.12.14-95.93.1', 'sp':'4', 'cpu':'x86_64', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'SLES_SAP-release-12.4'},\n {'reference':'kernel-default-devel-4.12.14-95.93.1', 'sp':'4', 'cpu':'x86_64', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'SLES_SAP-release-12.4'},\n {'reference':'kernel-devel-4.12.14-95.93.1', 'sp':'4', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'SLES_SAP-release-12.4'},\n {'reference':'kernel-macros-4.12.14-95.93.1', 'sp':'4', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'SLES_SAP-release-12.4'},\n {'reference':'kernel-source-4.12.14-95.93.1', 'sp':'4', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'SLES_SAP-release-12.4'},\n {'reference':'kernel-syms-4.12.14-95.93.1', 'sp':'4', 'cpu':'x86_64', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'SLES_SAP-release-12.4'},\n {'reference':'ocfs2-kmp-default-4.12.14-95.93.1', 'sp':'3', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'SLES_SAP-release-12.4'},\n {'reference':'ocfs2-kmp-default-4.12.14-95.93.1', 'sp':'4', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'SLES_SAP-release-12.4'},\n {'reference':'ocfs2-kmp-default-4.12.14-95.93.1', 'sp':'5', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'SLES_SAP-release-12.4'},\n {'reference':'cluster-md-kmp-default-4.12.14-95.93.1', 'sp':'3', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'SLES_SAP-release-12.5'},\n {'reference':'cluster-md-kmp-default-4.12.14-95.93.1', 'sp':'4', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'SLES_SAP-release-12.5'},\n {'reference':'cluster-md-kmp-default-4.12.14-95.93.1', 'sp':'5', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'SLES_SAP-release-12.5'},\n {'reference':'dlm-kmp-default-4.12.14-95.93.1', 'sp':'3', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'SLES_SAP-release-12.5'},\n {'reference':'dlm-kmp-default-4.12.14-95.93.1', 'sp':'4', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'SLES_SAP-release-12.5'},\n {'reference':'dlm-kmp-default-4.12.14-95.93.1', 'sp':'5', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'SLES_SAP-release-12.5'},\n {'reference':'gfs2-kmp-default-4.12.14-95.93.1', 'sp':'3', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'SLES_SAP-release-12.5'},\n {'reference':'gfs2-kmp-default-4.12.14-95.93.1', 'sp':'4', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'SLES_SAP-release-12.5'},\n {'reference':'gfs2-kmp-default-4.12.14-95.93.1', 'sp':'5', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'SLES_SAP-release-12.5'},\n {'reference':'ocfs2-kmp-default-4.12.14-95.93.1', 'sp':'3', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'SLES_SAP-release-12.5'},\n {'reference':'ocfs2-kmp-default-4.12.14-95.93.1', 'sp':'4', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'SLES_SAP-release-12.5'},\n {'reference':'ocfs2-kmp-default-4.12.14-95.93.1', 'sp':'5', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'SLES_SAP-release-12.5'},\n {'reference':'cluster-md-kmp-default-4.12.14-95.93.1', 'sp':'3', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'sle-ha-release-12.4'},\n {'reference':'cluster-md-kmp-default-4.12.14-95.93.1', 'sp':'4', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'sle-ha-release-12.4'},\n {'reference':'cluster-md-kmp-default-4.12.14-95.93.1', 'sp':'5', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'sle-ha-release-12.4'},\n {'reference':'dlm-kmp-default-4.12.14-95.93.1', 'sp':'3', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'sle-ha-release-12.4'},\n {'reference':'dlm-kmp-default-4.12.14-95.93.1', 'sp':'4', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'sle-ha-release-12.4'},\n {'reference':'dlm-kmp-default-4.12.14-95.93.1', 'sp':'5', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'sle-ha-release-12.4'},\n {'reference':'gfs2-kmp-default-4.12.14-95.93.1', 'sp':'3', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'sle-ha-release-12.4'},\n {'reference':'gfs2-kmp-default-4.12.14-95.93.1', 'sp':'4', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'sle-ha-release-12.4'},\n {'reference':'gfs2-kmp-default-4.12.14-95.93.1', 'sp':'5', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'sle-ha-release-12.4'},\n {'reference':'ocfs2-kmp-default-4.12.14-95.93.1', 'sp':'3', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'sle-ha-release-12.4'},\n {'reference':'ocfs2-kmp-default-4.12.14-95.93.1', 'sp':'4', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'sle-ha-release-12.4'},\n {'reference':'ocfs2-kmp-default-4.12.14-95.93.1', 'sp':'5', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'sle-ha-release-12.4'},\n {'reference':'kernel-default-kgraft-4.12.14-95.93.1', 'sp':'4', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'sle-live-patching-release-12.4'},\n {'reference':'kernel-default-kgraft-devel-4.12.14-95.93.1', 'sp':'4', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'sle-live-patching-release-12.4'},\n {'reference':'kgraft-patch-4_12_14-95_93-default-1-6.5.1', 'sp':'4', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'sle-live-patching-release-12.4'},\n {'reference':'cluster-md-kmp-default-4.12.14-95.93.1', 'sp':'3', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'sles-release-12.3'},\n {'reference':'cluster-md-kmp-default-4.12.14-95.93.1', 'sp':'4', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'sles-release-12.3'},\n {'reference':'cluster-md-kmp-default-4.12.14-95.93.1', 'sp':'5', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'sles-release-12.3'},\n {'reference':'dlm-kmp-default-4.12.14-95.93.1', 'sp':'3', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'sles-release-12.3'},\n {'reference':'dlm-kmp-default-4.12.14-95.93.1', 'sp':'4', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'sles-release-12.3'},\n {'reference':'dlm-kmp-default-4.12.14-95.93.1', 'sp':'5', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'sles-release-12.3'},\n {'reference':'gfs2-kmp-default-4.12.14-95.93.1', 'sp':'3', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'sles-release-12.3'},\n {'reference':'gfs2-kmp-default-4.12.14-95.93.1', 'sp':'4', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'sles-release-12.3'},\n {'reference':'gfs2-kmp-default-4.12.14-95.93.1', 'sp':'5', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'sles-release-12.3'},\n {'reference':'ocfs2-kmp-default-4.12.14-95.93.1', 'sp':'3', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'sles-release-12.3'},\n {'reference':'ocfs2-kmp-default-4.12.14-95.93.1', 'sp':'4', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'sles-release-12.3'},\n {'reference':'ocfs2-kmp-default-4.12.14-95.93.1', 'sp':'5', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'sles-release-12.3'},\n {'reference':'cluster-md-kmp-default-4.12.14-95.93.1', 'sp':'3', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'sles-release-12.4'},\n {'reference':'cluster-md-kmp-default-4.12.14-95.93.1', 'sp':'4', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'sles-release-12.4'},\n {'reference':'cluster-md-kmp-default-4.12.14-95.93.1', 'sp':'5', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'sles-release-12.4'},\n {'reference':'dlm-kmp-default-4.12.14-95.93.1', 'sp':'3', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'sles-release-12.4'},\n {'reference':'dlm-kmp-default-4.12.14-95.93.1', 'sp':'4', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'sles-release-12.4'},\n {'reference':'dlm-kmp-default-4.12.14-95.93.1', 'sp':'5', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'sles-release-12.4'},\n {'reference':'gfs2-kmp-default-4.12.14-95.93.1', 'sp':'3', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'sles-release-12.4'},\n {'reference':'gfs2-kmp-default-4.12.14-95.93.1', 'sp':'4', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'sles-release-12.4'},\n {'reference':'gfs2-kmp-default-4.12.14-95.93.1', 'sp':'5', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'sles-release-12.4'},\n {'reference':'kernel-default-4.12.14-95.93.1', 'sp':'4', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'sles-release-12.4'},\n {'reference':'kernel-default-base-4.12.14-95.93.1', 'sp':'4', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'sles-release-12.4'},\n {'reference':'kernel-default-devel-4.12.14-95.93.1', 'sp':'4', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'sles-release-12.4'},\n {'reference':'kernel-default-man-4.12.14-95.93.1', 'sp':'4', 'cpu':'s390x', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'sles-release-12.4'},\n {'reference':'kernel-devel-4.12.14-95.93.1', 'sp':'4', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'sles-release-12.4'},\n {'reference':'kernel-macros-4.12.14-95.93.1', 'sp':'4', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'sles-release-12.4'},\n {'reference':'kernel-source-4.12.14-95.93.1', 'sp':'4', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'sles-release-12.4'},\n {'reference':'kernel-syms-4.12.14-95.93.1', 'sp':'4', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'sles-release-12.4'},\n {'reference':'ocfs2-kmp-default-4.12.14-95.93.1', 'sp':'3', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'sles-release-12.4'},\n {'reference':'ocfs2-kmp-default-4.12.14-95.93.1', 'sp':'4', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'sles-release-12.4'},\n {'reference':'ocfs2-kmp-default-4.12.14-95.93.1', 'sp':'5', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'sles-release-12.4'},\n {'reference':'cluster-md-kmp-default-4.12.14-95.93.1', 'sp':'3', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'sles-release-12.5'},\n {'reference':'cluster-md-kmp-default-4.12.14-95.93.1', 'sp':'4', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'sles-release-12.5'},\n {'reference':'cluster-md-kmp-default-4.12.14-95.93.1', 'sp':'5', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'sles-release-12.5'},\n {'reference':'dlm-kmp-default-4.12.14-95.93.1', 'sp':'3', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'sles-release-12.5'},\n {'reference':'dlm-kmp-default-4.12.14-95.93.1', 'sp':'4', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'sles-release-12.5'},\n {'reference':'dlm-kmp-default-4.12.14-95.93.1', 'sp':'5', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'sles-release-12.5'},\n {'reference':'gfs2-kmp-default-4.12.14-95.93.1', 'sp':'3', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'sles-release-12.5'},\n {'reference':'gfs2-kmp-default-4.12.14-95.93.1', 'sp':'4', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'sles-release-12.5'},\n {'reference':'gfs2-kmp-default-4.12.14-95.93.1', 'sp':'5', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'sles-release-12.5'},\n {'reference':'ocfs2-kmp-default-4.12.14-95.93.1', 'sp':'3', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'sles-release-12.5'},\n {'reference':'ocfs2-kmp-default-4.12.14-95.93.1', 'sp':'4', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'sles-release-12.5'},\n {'reference':'ocfs2-kmp-default-4.12.14-95.93.1', 'sp':'5', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'sles-release-12.5'}\n];\n\nvar ltss_caveat_required = FALSE;\nvar flag = 0;\nforeach package_array ( pkgs ) {\n var reference = NULL;\n var release = NULL;\n var sp = NULL;\n var cpu = NULL;\n var exists_check = NULL;\n var rpm_spec_vers_cmp = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) release = package_array['release'];\n if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) cpu = package_array['cpu'];\n if (!empty_or_null(package_array['exists_check'])) exists_check = package_array['exists_check'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (reference && release) {\n if (exists_check) {\n if (!rpm_exists(release:release, rpm:exists_check)) continue;\n if ('ltss' >< tolower(exists_check)) ltss_caveat_required = TRUE;\n }\n if (rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, rpm_spec_vers_cmp:rpm_spec_vers_cmp)) flag++;\n }\n}\n\nif (flag)\n{\n var ltss_plugin_caveat = NULL;\n if(ltss_caveat_required) ltss_plugin_caveat = '\\n' +\n 'NOTE: This vulnerability check contains fixes that apply to\\n' +\n 'packages only available in SUSE Enterprise Linux Server LTSS\\n' +\n 'repositories. Access to these package security updates require\\n' +\n 'a paid SUSE LTSS subscription.\\n';\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get() + ltss_plugin_caveat\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'cluster-md-kmp-default / dlm-kmp-default / gfs2-kmp-default / etc');\n}\n", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2022-08-12T18:18:49", "description": "The remote SUSE Linux SLES15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2022:0768-1 advisory.\n\n - In gc_data_segment in fs/f2fs/gc.c in the Linux kernel before 5.16.3, special files are not considered, leading to a move_data_page NULL pointer dereference. (CVE-2021-44879)\n\n - Non-transparent sharing of branch predictor selectors between contexts in some Intel(R) Processors may allow an authorized user to potentially enable information disclosure via local access. (CVE-2022-0001)\n\n - Non-transparent sharing of branch predictor within a context in some Intel(R) Processors may allow an authorized user to potentially enable information disclosure via local access. (CVE-2022-0002)\n\n - A use-after-free vulnerability was found in rtsx_usb_ms_drv_remove in drivers/memstick/host/rtsx_usb_ms.c in memstick in the Linux kernel. In this flaw, a local attacker with a user privilege may impact system Confidentiality. This flaw affects kernel versions prior to 5.14 rc1. (CVE-2022-0487)\n\n - A vulnerability was found in the Linux kernel's cgroup_release_agent_write in the kernel/cgroup/cgroup-v1.c function. This flaw, under certain circumstances, allows the use of the cgroups v1 release_agent feature to escalate privileges and bypass the namespace isolation unexpectedly.\n (CVE-2022-0492)\n\n - A flaw null pointer dereference in the Linux kernel UDF file system functionality was found in the way user triggers udf_file_write_iter function for the malicious UDF image. A local user could use this flaw to crash the system. Actual from Linux kernel 4.2-rc1 till 5.17-rc2. (CVE-2022-0617)\n\n - A flaw was found in the way the flags member of the new pipe buffer structure was lacking proper initialization in copy_page_to_iter_pipe and push_pipe functions in the Linux kernel and could thus contain stale values. An unprivileged local user could use this flaw to write to pages in the page cache backed by read only files and as such escalate their privileges on the system. (CVE-2022-0847)\n\n - An issue was discovered in fs/nfs/dir.c in the Linux kernel before 5.16.5. If an application sets the O_DIRECTORY flag, and tries to open a regular file, nfs_atomic_open() performs a regular lookup. If a regular file is found, ENOTDIR should occur, but the server instead returns uninitialized data in the file descriptor. (CVE-2022-24448)\n\n - An issue was discovered in the Linux kernel before 5.16.5. There is a memory leak in yam_siocdevprivate in drivers/net/hamradio/yam.c. (CVE-2022-24959)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {"score": 7.8, "vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"}, "published": "2022-03-09T00:00:00", "type": "nessus", "title": "SUSE SLES15 Security Update : kernel (SUSE-SU-2022:0768-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2021-44879", "CVE-2022-0001", "CVE-2022-0002", "CVE-2022-0487", "CVE-2022-0492", "CVE-2022-0617", "CVE-2022-0644", "CVE-2022-0847", "CVE-2022-24448", "CVE-2022-24959"], "modified": "2022-08-12T00:00:00", "cpe": ["p-cpe:2.3:a:novell:suse_linux:cluster-md-kmp-default:*:*:*:*:*:*:*", "p-cpe:2.3:a:novell:suse_linux:dlm-kmp-default:*:*:*:*:*:*:*", "p-cpe:2.3:a:novell:suse_linux:reiserfs-kmp-default:*:*:*:*:*:*:*", "p-cpe:2.3:a:novell:suse_linux:kernel-default-man:*:*:*:*:*:*:*", "p-cpe:2.3:a:novell:suse_linux:kernel-macros:*:*:*:*:*:*:*", "p-cpe:2.3:a:novell:suse_linux:kernel-default-base:*:*:*:*:*:*:*", "p-cpe:2.3:a:novell:suse_linux:kernel-default-devel:*:*:*:*:*:*:*", "p-cpe:2.3:a:novell:suse_linux:kernel-default:*:*:*:*:*:*:*", "p-cpe:2.3:a:novell:suse_linux:kernel-obs-build:*:*:*:*:*:*:*", "p-cpe:2.3:a:novell:suse_linux:kernel-syms:*:*:*:*:*:*:*", "p-cpe:2.3:a:novell:suse_linux:kernel-livepatch-4_12_14-197_108-default:*:*:*:*:*:*:*", "p-cpe:2.3:a:novell:suse_linux:kernel-default-livepatch:*:*:*:*:*:*:*", "p-cpe:2.3:a:novell:suse_linux:kernel-source:*:*:*:*:*:*:*", "p-cpe:2.3:a:novell:suse_linux:gfs2-kmp-default:*:*:*:*:*:*:*", "cpe:2.3:o:novell:suse_linux:15:*:*:*:*:*:*:*", "p-cpe:2.3:a:novell:suse_linux:kernel-default-livepatch-devel:*:*:*:*:*:*:*", "p-cpe:2.3:a:novell:suse_linux:ocfs2-kmp-default:*:*:*:*:*:*:*", "p-cpe:2.3:a:novell:suse_linux:kernel-devel:*:*:*:*:*:*:*"], "id": "SUSE_SU-2022-0768-1.NASL", "href": "https://www.tenable.com/plugins/nessus/158751", "sourceData": "#%NASL_MIN_LEVEL 70300\n##\n# (C) Tenable, Inc.\n#\n# The package checks in this plugin were extracted from\n# SUSE update advisory SUSE-SU-2022:0768-1. The text itself\n# is copyright (C) SUSE.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(158751);\n script_version(\"1.8\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/08/12\");\n\n script_cve_id(\n \"CVE-2021-44879\",\n \"CVE-2022-0001\",\n \"CVE-2022-0002\",\n \"CVE-2022-0487\",\n \"CVE-2022-0492\",\n \"CVE-2022-0617\",\n \"CVE-2022-0644\",\n \"CVE-2022-0847\",\n \"CVE-2022-24448\",\n \"CVE-2022-24959\"\n );\n script_xref(name:\"SuSE\", value:\"SUSE-SU-2022:0768-1\");\n script_xref(name:\"CISA-KNOWN-EXPLOITED\", value:\"2022/05/16\");\n\n script_name(english:\"SUSE SLES15 Security Update : kernel (SUSE-SU-2022:0768-1)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote SUSE host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote SUSE Linux SLES15 host has packages installed that are affected by multiple vulnerabilities as referenced in\nthe SUSE-SU-2022:0768-1 advisory.\n\n - In gc_data_segment in fs/f2fs/gc.c in the Linux kernel before 5.16.3, special files are not considered,\n leading to a move_data_page NULL pointer dereference. (CVE-2021-44879)\n\n - Non-transparent sharing of branch predictor selectors between contexts in some Intel(R) Processors may\n allow an authorized user to potentially enable information disclosure via local access. (CVE-2022-0001)\n\n - Non-transparent sharing of branch predictor within a context in some Intel(R) Processors may allow an\n authorized user to potentially enable information disclosure via local access. (CVE-2022-0002)\n\n - A use-after-free vulnerability was found in rtsx_usb_ms_drv_remove in drivers/memstick/host/rtsx_usb_ms.c\n in memstick in the Linux kernel. In this flaw, a local attacker with a user privilege may impact system\n Confidentiality. This flaw affects kernel versions prior to 5.14 rc1. (CVE-2022-0487)\n\n - A vulnerability was found in the Linux kernel's cgroup_release_agent_write in the\n kernel/cgroup/cgroup-v1.c function. This flaw, under certain circumstances, allows the use of the cgroups\n v1 release_agent feature to escalate privileges and bypass the namespace isolation unexpectedly.\n (CVE-2022-0492)\n\n - A flaw null pointer dereference in the Linux kernel UDF file system functionality was found in the way\n user triggers udf_file_write_iter function for the malicious UDF image. A local user could use this flaw\n to crash the system. Actual from Linux kernel 4.2-rc1 till 5.17-rc2. (CVE-2022-0617)\n\n - A flaw was found in the way the flags member of the new pipe buffer structure was lacking proper\n initialization in copy_page_to_iter_pipe and push_pipe functions in the Linux kernel and could thus\n contain stale values. An unprivileged local user could use this flaw to write to pages in the page cache\n backed by read only files and as such escalate their privileges on the system. (CVE-2022-0847)\n\n - An issue was discovered in fs/nfs/dir.c in the Linux kernel before 5.16.5. If an application sets the\n O_DIRECTORY flag, and tries to open a regular file, nfs_atomic_open() performs a regular lookup. If a\n regular file is found, ENOTDIR should occur, but the server instead returns uninitialized data in the file\n descriptor. (CVE-2022-24448)\n\n - An issue was discovered in the Linux kernel before 5.16.5. There is a memory leak in yam_siocdevprivate in\n drivers/net/hamradio/yam.c. (CVE-2022-24959)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1185973\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1191580\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1194516\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1195536\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1195543\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1195612\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1195840\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1195897\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1195908\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1195949\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1195987\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1196079\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1196155\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1196584\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1196612\");\n # https://lists.suse.com/pipermail/sle-security-updates/2022-March/010395.html\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?97530c70\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-44879\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-0001\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-0002\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-0487\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-0492\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-0617\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-0644\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-0847\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-24448\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-24959\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2022-0847\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'Dirty Pipe Local Privilege Escalation via CVE-2022-0847');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_canvas\", value:\"true\");\n script_set_attribute(attribute:\"canvas_package\", value:\"CANVAS\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2022/02/04\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2022/03/09\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/03/09\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:2.3:a:novell:suse_linux:cluster-md-kmp-default:*:*:*:*:*:*:*\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:2.3:a:novell:suse_linux:dlm-kmp-default:*:*:*:*:*:*:*\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:2.3:a:novell:suse_linux:reiserfs-kmp-default:*:*:*:*:*:*:*\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:2.3:a:novell:suse_linux:kernel-default-man:*:*:*:*:*:*:*\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:2.3:a:novell:suse_linux:kernel-macros:*:*:*:*:*:*:*\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:2.3:a:novell:suse_linux:kernel-default-base:*:*:*:*:*:*:*\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:2.3:a:novell:suse_linux:kernel-default-devel:*:*:*:*:*:*:*\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:2.3:a:novell:suse_linux:kernel-default:*:*:*:*:*:*:*\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:2.3:a:novell:suse_linux:kernel-obs-build:*:*:*:*:*:*:*\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:2.3:a:novell:suse_linux:kernel-syms:*:*:*:*:*:*:*\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:2.3:a:novell:suse_linux:kernel-livepatch-4_12_14-197_108-default:*:*:*:*:*:*:*\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:2.3:a:novell:suse_linux:kernel-default-livepatch:*:*:*:*:*:*:*\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:2.3:a:novell:suse_linux:kernel-source:*:*:*:*:*:*:*\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:2.3:a:novell:suse_linux:gfs2-kmp-default:*:*:*:*:*:*:*\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:2.3:o:novell:suse_linux:15:*:*:*:*:*:*:*\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:2.3:a:novell:suse_linux:kernel-default-livepatch-devel:*:*:*:*:*:*:*\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:2.3:a:novell:suse_linux:ocfs2-kmp-default:*:*:*:*:*:*:*\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:2.3:a:novell:suse_linux:kernel-devel:*:*:*:*:*:*:*\");\n script_set_attribute(attribute:\"thorough_tests\", value:\"false\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"SuSE Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"linux_alt_patch_detect.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude('audit.inc');\ninclude('global_settings.inc');\ninclude('misc_func.inc');\ninclude('rpm.inc');\ninclude('ksplice.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar release = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nvar os_ver = pregmatch(pattern: \"^(SLE(S|D)\\d+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'SUSE');\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLES15)$\", string:os_ver)) audit(AUDIT_OS_NOT, 'SUSE SLES15', 'SUSE ' + os_ver);\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'SUSE ' + os_ver, cpu);\n\nvar sp = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(sp)) sp = \"0\";\nif (os_ver == \"SLES15\" && (! preg(pattern:\"^(1)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLES15 SP1\", os_ver + \" SP\" + sp);\n\nvar pkgs = [\n {'reference':'cluster-md-kmp-default-4.12.14-197.108.1', 'sp':'1', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'SLES_SAP-release-15.1'},\n {'reference':'dlm-kmp-default-4.12.14-197.108.1', 'sp':'1', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'SLES_SAP-release-15.1'},\n {'reference':'gfs2-kmp-default-4.12.14-197.108.1', 'sp':'1', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'SLES_SAP-release-15.1'},\n {'reference':'kernel-default-4.12.14-197.108.1', 'sp':'1', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'SLES_SAP-release-15.1'},\n {'reference':'kernel-default-base-4.12.14-197.108.1', 'sp':'1', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'SLES_SAP-release-15.1'},\n {'reference':'kernel-default-devel-4.12.14-197.108.1', 'sp':'1', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'SLES_SAP-release-15.1'},\n {'reference':'kernel-default-livepatch-4.12.14-197.108.1', 'sp':'1', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'SLES_SAP-release-15.1'},\n {'reference':'kernel-default-livepatch-devel-4.12.14-197.108.1', 'sp':'1', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'SLES_SAP-release-15.1'},\n {'reference':'kernel-devel-4.12.14-197.108.1', 'sp':'1', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'SLES_SAP-release-15.1'},\n {'reference':'kernel-livepatch-4_12_14-197_108-default-1-3.3.1', 'sp':'1', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'SLES_SAP-release-15.1'},\n {'reference':'kernel-macros-4.12.14-197.108.1', 'sp':'1', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'SLES_SAP-release-15.1'},\n {'reference':'kernel-obs-build-4.12.14-197.108.1', 'sp':'1', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'SLES_SAP-release-15.1'},\n {'reference':'kernel-source-4.12.14-197.108.1', 'sp':'1', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'SLES_SAP-release-15.1'},\n {'reference':'kernel-syms-4.12.14-197.108.1', 'sp':'1', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'SLES_SAP-release-15.1'},\n {'reference':'ocfs2-kmp-default-4.12.14-197.108.1', 'sp':'1', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'SLES_SAP-release-15.1'},\n {'reference':'reiserfs-kmp-default-4.12.14-197.108.1', 'sp':'1', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'SLES_SAP-release-15.1'},\n {'reference':'kernel-default-4.12.14-197.108.1', 'sp':'1', 'cpu':'aarch64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'SLE_HPC-ESPOS-release-1'},\n {'reference':'kernel-default-4.12.14-197.108.1', 'sp':'1', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE,
Important: kernel
