ID CVE-2014-7842 Type cve Reporter cve@mitre.org Modified 2017-01-03T02:59:00
Description
Race condition in arch/x86/kvm/x86.c in the Linux kernel before 3.17.4 allows guest OS users to cause a denial of service (guest OS crash) via a crafted application that performs an MMIO transaction or a PIO transaction to trigger a guest userspace emulation error report, a similar issue to CVE-2010-5313.
{"f5": [{"lastseen": "2019-05-23T20:32:18", "bulletinFamily": "software", "description": "\nF5 Product Development has assigned ID 493756 to this vulnerability, and has evaluated the currently supported releases for potential vulnerability.\n\nTo determine if your release is known to be vulnerable, the components or features that are affected by the vulnerability, and for information about releases or hotfixes that address the vulnerability, refer to the following table:\n\nProduct| Versions known to be vulnerable| Versions known to be not vulnerable| Severity| Vulnerable component or feature \n---|---|---|---|--- \nBIG-IP LTM| 12.0.0 \n11.0.0 - 11.6.0| 10.1.0 - 10.2.4| Medium| vCMP guests \nBIG-IP AAM| 12.0.0 \n11.4.0 - 11.6.0| None| Medium| vCMP guests \nBIG-IP AFM| 12.0.0 \n11.3.0 - 11.6.0| None| Medium| vCMP guests \nBIG-IP Analytics| 12.0.0 \n11.0.0 - 11.6.0| None| Medium| vCMP guests \nBIG-IP APM| 12.0.0 \n11.0.0 - 11.6.0| 10.1.0 - 10.2.4| Medium| vCMP guests \nBIG-IP ASM| 12.0.0 \n11.0.0 - 11.6.0| 10.1.0 - 10.2.4| Medium| vCMP guests \nBIG-IP DNS| 12.0.0| None| Medium| vCMP guests \nBIG-IP Edge Gateway| 11.0.0 - 11.3.0| 10.1.0 - 10.2.4| Medium| vCMP guests \nBIG-IP GTM| 11.0.0 - 11.6.0| 10.1.0 - 10.2.4| Medium| vCMP guests \nBIG-IP Link Controller| 12.0.0 \n11.0.0 - 11.6.0| 10.1.0 - 10.2.4| Medium| vCMP guests \nBIG-IP PEM| 12.0.0 \n11.3.0 - 11.6.0| None| Medium| vCMP guests \nBIG-IP PSM| 11.0.0 - 11.4.1| 10.1.0 - 10.2.4| Medium| vCMP guests \nBIG-IP WebAccelerator| 11.0.0 - 11.3.0| 10.1.0 - 10.2.4| Medium| vCMP guests \nBIG-IP WOM| 11.0.0 - 11.3.0| 10.1.0 - 10.2.4| Medium| vCMP guests \nARX| None| 6.2.0 - 6.4.0| Not vulnerable| None \nEnterprise Manager| None| 3.1.1| Not vulnerable| None \nFirePass| None| 7.0.0| Not vulnerable| None \nBIG-IQ Cloud| None| 4.0.0 - 4.5.0| Not vulnerable| None \nBIG-IQ Device| None| 4.2.0 - 4.5.0| Not vulnerable| None \nBIG-IQ Security| None| 4.0.0 - 4.5.0| Not vulnerable| None \nBIG-IQ ADC| None| 4.5.0| Not vulnerable| None \nBIG-IQ Centralized Management| None| 4.6.0| Not vulnerable| None \nBIG-IQ Cloud and Orchestration| None| 1.0.0| Not vulnerable| None \nLineRate| None| 2.5.0 - 2.6.1| Not vulnerable| None \nF5 WebSafe| None| 1.0.0| Not vulnerable| None \nTraffix SDC| None| 4.0.0 - 4.4.0 \n3.3.2 - 3.5.1| Not vulnerable| None\n\nIf you are running a version listed in the **Versions known to be vulnerable** column, you can eliminate this vulnerability by upgrading to a version listed in the **Versions known to be not vulnerable** column. If the table lists only an older version than what you are currently running, or does not list a non-vulnerable version, then no upgrade candidate currently exists.\n\nF5 responds to vulnerabilities in accordance with the **Severity** values published in the previous table. The **Severity** values and other security vulnerability parameters are defined in [K4602: Overview of the F5 security vulnerability response policy](<https://support.f5.com/csp/article/K4602>).\n\nTo mitigate this vulnerability, you can limit access to the Linux shell to trusted users only.\n\n * [K9970: Subscribing to email notifications regarding F5 products](<https://support.f5.com/csp/article/K9970>)\n * [K9957: Creating a custom RSS feed to view new and updated documents](<https://support.f5.com/csp/article/K9957>)\n * [K4918: Overview of the F5 critical issue hotfix policy](<https://support.f5.com/csp/article/K4918>)\n * [K167: Downloading software and firmware from F5](<https://support.f5.com/csp/article/K167>)\n * [K13123: Managing BIG-IP product hotfixes (11.x - 12.x)](<https://support.f5.com/csp/article/K13123>)\n * [K9502: BIG-IP hotfix matrix](<https://support.f5.com/csp/article/K9502>)\n", "modified": "2017-11-09T19:52:00", "published": "2016-01-22T03:51:00", "id": "F5:K62700573", "href": "https://support.f5.com/csp/article/K62700573", "title": "Linux kernel vulnerabilities CVE-2010-5313 and CVE-2014-7842", "type": "f5", "cvss": {"score": 4.9, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:NONE/I:NONE/A:COMPLETE/"}}, {"lastseen": "2016-09-26T17:23:27", "bulletinFamily": "software", "description": "Vulnerability Recommended Actions\n\nIf you are running a version listed in the **Versions known to be vulnerable** column, you can eliminate this vulnerability by upgrading to a version listed in the **Versions known to be not vulnerable** column. If the table lists only an older version than what you are currently running, or does not list a non-vulnerable version, then no upgrade candidate currently exists.\n\nF5 responds to vulnerabilities in accordance with the **Severity** values published in the previous table. The **Severity** values and other security vulnerability parameters are defined in SOL4602: Overview of the F5 security vulnerability response policy.\n\nTo mitigate this vulnerability, you can limit access to the Linux shell to trusted users only.\n\nSupplemental Information\n\n * SOL9970: Subscribing to email notifications regarding F5 products\n * SOL9957: Creating a custom RSS feed to view new and updated documents\n * SOL4918: Overview of the F5 critical issue hotfix policy\n * SOL167: Downloading software and firmware from F5\n * SOL13123: Managing BIG-IP product hotfixes (11.x - 12.x)\n * SOL9502: BIG-IP hotfix matrix\n", "modified": "2016-03-01T00:00:00", "published": "2016-01-21T00:00:00", "href": "http://support.f5.com/kb/en-us/solutions/public/k/62/sol62700573.html", "id": "SOL62700573", "title": "SOL62700573 - Linux kernel vulnerabilities CVE-2010-5313 and CVE-2014-7842", "type": "f5", "cvss": {"score": 4.9, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:NONE/I:NONE/A:COMPLETE/"}}], "openvas": [{"lastseen": "2019-05-29T18:36:46", "bulletinFamily": "scanner", "description": "The remote host is missing an update for the ", "modified": "2019-03-13T00:00:00", "published": "2015-01-23T00:00:00", "id": "OPENVAS:1361412562310842048", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310842048", "title": "Ubuntu Update for linux USN-2463-1", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Ubuntu Update for linux USN-2463-1\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2015 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.842048\");\n script_version(\"$Revision: 14140 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-13 13:26:09 +0100 (Wed, 13 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2015-01-23 12:58:06 +0100 (Fri, 23 Jan 2015)\");\n script_cve_id(\"CVE-2014-7842\", \"CVE-2014-8369\");\n script_tag(name:\"cvss_base\", value:\"4.9\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:L/Au:N/C:N/I:N/A:C\");\n script_name(\"Ubuntu Update for linux USN-2463-1\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'linux'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"insight\", value:\"A race condition with MMIO and PIO\ntransactions in the KVM (Kernel Virtual Machine) subsystem of the Linux kernel\nwas discovered. A guest OS user could exploit this flaw to cause a denial of service\n(guest OS crash) via a specially crafted application. (CVE-2014-7842)\n\nThe KVM (kernel virtual machine) subsystem of the Linux kernel\nmiscalculates the number of memory pages during the handling of a mapping\nfailure. A guest OS user could exploit this to cause a denial of service\n(host OS page unpinning) or possibly have unspecified other impact by\nleveraging guest OS privileges. (CVE-2014-8369)\");\n script_tag(name:\"affected\", value:\"linux on Ubuntu 12.04 LTS\");\n script_tag(name:\"solution\", value:\"Please Install the Updated Packages.\");\n script_xref(name:\"USN\", value:\"2463-1\");\n script_xref(name:\"URL\", value:\"http://www.ubuntu.com/usn/usn-2463-1/\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2015 Greenbone Networks GmbH\");\n script_family(\"Ubuntu Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/ubuntu_linux\", \"ssh/login/packages\", re:\"ssh/login/release=UBUNTU12\\.04 LTS\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nrelease = dpkg_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"UBUNTU12.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"linux-image-3.2.0-75-generic\", ver:\"3.2.0-75.110\", rls:\"UBUNTU12.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-3.2.0-75-generic-pae\", ver:\"3.2.0-75.110\", rls:\"UBUNTU12.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-3.2.0-75-highbank\", ver:\"3.2.0-75.110\", rls:\"UBUNTU12.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-3.2.0-75-omap\", ver:\"3.2.0-75.110\", rls:\"UBUNTU12.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-3.2.0-75-powerpc-smp\", ver:\"3.2.0-75.110\", rls:\"UBUNTU12.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-3.2.0-75-powerpc64-smp\", ver:\"3.2.0-75.110\", rls:\"UBUNTU12.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-3.2.0-75-virtual\", ver:\"3.2.0-75.110\", rls:\"UBUNTU12.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 4.9, "vector": "AV:L/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2019-05-29T18:36:49", "bulletinFamily": "scanner", "description": "The remote host is missing an update for the ", "modified": "2019-03-13T00:00:00", "published": "2015-01-23T00:00:00", "id": "OPENVAS:1361412562310842044", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310842044", "title": "Ubuntu Update for linux-lts-utopic USN-2467-1", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Ubuntu Update for linux-lts-utopic USN-2467-1\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2015 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.842044\");\n script_version(\"$Revision: 14140 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-13 13:26:09 +0100 (Wed, 13 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2015-01-23 12:58:01 +0100 (Fri, 23 Jan 2015)\");\n script_cve_id(\"CVE-2014-7841\", \"CVE-2014-7842\", \"CVE-2014-7843\", \"CVE-2014-8884\");\n script_tag(name:\"cvss_base\", value:\"6.1\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:L/Au:N/C:P/I:P/A:C\");\n script_name(\"Ubuntu Update for linux-lts-utopic USN-2467-1\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'linux-lts-utopic'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"insight\", value:\"A null pointer dereference flaw was discovered\nin the the Linux kernel's SCTP implementation when ASCONF is used. A remote attacker\ncould exploit this flaw to cause a denial of service (system crash) via a malformed\nINIT chunk. (CVE-2014-7841)\n\nA race condition with MMIO and PIO transactions in the KVM (Kernel Virtual\nMachine) subsystem of the Linux kernel was discovered. A guest OS user\ncould exploit this flaw to cause a denial of service (guest OS crash) via a\nspecially crafted application. (CVE-2014-7842)\n\nMiloš Prchlí k reported a flaw in how the ARM64 platform handles a single\nbyte overflow in __clear_user. A local user could exploit this flaw to\ncause a denial of service (system crash) by reading one byte beyond a\n/dev/zero page boundary. (CVE-2014-7843)\n\nA stack buffer overflow was discovered in the ioctl command handling for\nthe Technotrend/Hauppauge USB DEC devices driver. A local user could\nexploit this flaw to cause a denial of service (system crash) or possibly\ngain privileges. (CVE-2014-8884)\");\n script_tag(name:\"affected\", value:\"linux-lts-utopic on Ubuntu 14.04 LTS\");\n script_tag(name:\"solution\", value:\"Please Install the Updated Packages.\");\n script_xref(name:\"USN\", value:\"2467-1\");\n script_xref(name:\"URL\", value:\"http://www.ubuntu.com/usn/usn-2467-1/\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2015 Greenbone Networks GmbH\");\n script_family(\"Ubuntu Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/ubuntu_linux\", \"ssh/login/packages\", re:\"ssh/login/release=UBUNTU14\\.04 LTS\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nrelease = dpkg_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"UBUNTU14.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"linux-image-3.16.0-29-generic\", ver:\"3.16.0-29.39~14.04.1\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-3.16.0-29-generic-lpae\", ver:\"3.16.0-29.39~14.04.1\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-3.16.0-29-lowlatency\", ver:\"3.16.0-29.39~14.04.1\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-3.16.0-29-powerpc-e500mc\", ver:\"3.16.0-29.39~14.04.1\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-3.16.0-29-powerpc-smp\", ver:\"3.16.0-29.39~14.04.1\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-3.16.0-29-powerpc64-emb\", ver:\"3.16.0-29.39~14.04.1\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-3.16.0-29-powerpc64-smp\", ver:\"3.16.0-29.39~14.04.1\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 6.1, "vector": "AV:L/AC:L/Au:N/C:P/I:P/A:C"}}, {"lastseen": "2019-05-29T18:36:31", "bulletinFamily": "scanner", "description": "The remote host is missing an update for the ", "modified": "2019-03-13T00:00:00", "published": "2015-01-23T00:00:00", "id": "OPENVAS:1361412562310842038", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310842038", "title": "Ubuntu Update for linux-lts-trusty USN-2465-1", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Ubuntu Update for linux-lts-trusty USN-2465-1\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2015 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.842038\");\n script_version(\"$Revision: 14140 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-13 13:26:09 +0100 (Wed, 13 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2015-01-23 12:57:45 +0100 (Fri, 23 Jan 2015)\");\n script_cve_id(\"CVE-2014-7841\", \"CVE-2014-7842\", \"CVE-2014-7843\", \"CVE-2014-8884\");\n script_tag(name:\"cvss_base\", value:\"6.1\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:L/Au:N/C:P/I:P/A:C\");\n script_name(\"Ubuntu Update for linux-lts-trusty USN-2465-1\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'linux-lts-trusty'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"insight\", value:\"A null pointer dereference flaw was discovered\nin the the Linux kernel's SCTP implementation when ASCONF is used. A remote attacker\ncould exploit this flaw to cause a denial of service (system crash) via a malformed\nINIT chunk. (CVE-2014-7841)\n\nA race condition with MMIO and PIO transactions in the KVM (Kernel Virtual\nMachine) subsystem of the Linux kernel was discovered. A guest OS user\ncould exploit this flaw to cause a denial of service (guest OS crash) via a\nspecially crafted application. (CVE-2014-7842)\n\nMiloš Prchlí k reported a flaw in how the ARM64 platform handles a single\nbyte overflow in __clear_user. A local user could exploit this flaw to\ncause a denial of service (system crash) by reading one byte beyond a\n/dev/zero page boundary. (CVE-2014-7843)\n\nA stack buffer overflow was discovered in the ioctl command handling for\nthe Technotrend/Hauppauge USB DEC devices driver. A local user could\nexploit this flaw to cause a denial of service (system crash) or possibly\ngain privileges. (CVE-2014-8884)\");\n script_tag(name:\"affected\", value:\"linux-lts-trusty on Ubuntu 12.04 LTS\");\n script_tag(name:\"solution\", value:\"Please Install the Updated Packages.\");\n script_xref(name:\"USN\", value:\"2465-1\");\n script_xref(name:\"URL\", value:\"http://www.ubuntu.com/usn/usn-2465-1/\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2015 Greenbone Networks GmbH\");\n script_family(\"Ubuntu Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/ubuntu_linux\", \"ssh/login/packages\", re:\"ssh/login/release=UBUNTU12\\.04 LTS\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nrelease = dpkg_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"UBUNTU12.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"linux-image-3.13.0-44-generic\", ver:\"3.13.0-44.73~precise1\", rls:\"UBUNTU12.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-3.13.0-44-generic-lpae\", ver:\"3.13.0-44.73~precise1\", rls:\"UBUNTU12.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 6.1, "vector": "AV:L/AC:L/Au:N/C:P/I:P/A:C"}}, {"lastseen": "2019-05-29T18:36:12", "bulletinFamily": "scanner", "description": "The remote host is missing an update for the ", "modified": "2019-03-13T00:00:00", "published": "2015-01-23T00:00:00", "id": "OPENVAS:1361412562310842039", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310842039", "title": "Ubuntu Update for linux USN-2468-1", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Ubuntu Update for linux USN-2468-1\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2015 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.842039\");\n script_version(\"$Revision: 14140 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-13 13:26:09 +0100 (Wed, 13 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2015-01-23 12:57:49 +0100 (Fri, 23 Jan 2015)\");\n script_cve_id(\"CVE-2014-7841\", \"CVE-2014-7842\", \"CVE-2014-7843\", \"CVE-2014-8884\");\n script_tag(name:\"cvss_base\", value:\"6.1\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:L/Au:N/C:P/I:P/A:C\");\n script_name(\"Ubuntu Update for linux USN-2468-1\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'linux'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"insight\", value:\"A null pointer dereference flaw was discovered\nin the the Linux kernel's SCTP implementation when ASCONF is used. A remote attacker\ncould exploit this flaw to cause a denial of service (system crash) via a malformed\nINIT chunk. (CVE-2014-7841)\n\nA race condition with MMIO and PIO transactions in the KVM (Kernel Virtual\nMachine) subsystem of the Linux kernel was discovered. A guest OS user\ncould exploit this flaw to cause a denial of service (guest OS crash) via a\nspecially crafted application. (CVE-2014-7842)\n\nMiloš Prchlí k reported a flaw in how the ARM64 platform handles a single\nbyte overflow in __clear_user. A local user could exploit this flaw to\ncause a denial of service (system crash) by reading one byte beyond a\n/dev/zero page boundary. (CVE-2014-7843)\n\nA stack buffer overflow was discovered in the ioctl command handling for\nthe Technotrend/Hauppauge USB DEC devices driver. A local user could\nexploit this flaw to cause a denial of service (system crash) or possibly\ngain privileges. (CVE-2014-8884)\");\n script_tag(name:\"affected\", value:\"linux on Ubuntu 14.10\");\n script_tag(name:\"solution\", value:\"Please Install the Updated Packages.\");\n script_xref(name:\"USN\", value:\"2468-1\");\n script_xref(name:\"URL\", value:\"http://www.ubuntu.com/usn/usn-2468-1/\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2015 Greenbone Networks GmbH\");\n script_family(\"Ubuntu Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/ubuntu_linux\", \"ssh/login/packages\", re:\"ssh/login/release=UBUNTU14\\.10\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nrelease = dpkg_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"UBUNTU14.10\")\n{\n\n if ((res = isdpkgvuln(pkg:\"linux-image-3.16.0-29-generic\", ver:\"3.16.0-29.39\", rls:\"UBUNTU14.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-3.16.0-29-generic-lpae\", ver:\"3.16.0-29.39\", rls:\"UBUNTU14.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-3.16.0-29-lowlatency\", ver:\"3.16.0-29.39\", rls:\"UBUNTU14.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-3.16.0-29-powerpc-e500mc\", ver:\"3.16.0-29.39\", rls:\"UBUNTU14.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-3.16.0-29-powerpc-smp\", ver:\"3.16.0-29.39\", rls:\"UBUNTU14.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-3.16.0-29-powerpc64-emb\", ver:\"3.16.0-29.39\", rls:\"UBUNTU14.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-3.16.0-29-powerpc64-smp\", ver:\"3.16.0-29.39\", rls:\"UBUNTU14.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 6.1, "vector": "AV:L/AC:L/Au:N/C:P/I:P/A:C"}}, {"lastseen": "2019-05-29T18:37:01", "bulletinFamily": "scanner", "description": "The remote host is missing an update for the ", "modified": "2019-03-13T00:00:00", "published": "2015-01-23T00:00:00", "id": "OPENVAS:1361412562310842043", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310842043", "title": "Ubuntu Update for linux USN-2466-1", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Ubuntu Update for linux USN-2466-1\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2015 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.842043\");\n script_version(\"$Revision: 14140 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-13 13:26:09 +0100 (Wed, 13 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2015-01-23 12:57:58 +0100 (Fri, 23 Jan 2015)\");\n script_cve_id(\"CVE-2014-7841\", \"CVE-2014-7842\", \"CVE-2014-7843\", \"CVE-2014-8884\");\n script_tag(name:\"cvss_base\", value:\"6.1\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:L/Au:N/C:P/I:P/A:C\");\n script_name(\"Ubuntu Update for linux USN-2466-1\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'linux'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"insight\", value:\"A null pointer dereference flaw was\ndiscovered in the the Linux kernel's SCTP implementation when ASCONF is used. A\nremote attacker could exploit this flaw to cause a denial of service (system crash)\nvia a malformed INIT chunk. (CVE-2014-7841)\n\nA race condition with MMIO and PIO transactions in the KVM (Kernel Virtual\nMachine) subsystem of the Linux kernel was discovered. A guest OS user\ncould exploit this flaw to cause a denial of service (guest OS crash) via a\nspecially crafted application. (CVE-2014-7842)\n\nMiloš Prchlí k reported a flaw in how the ARM64 platform handles a single\nbyte overflow in __clear_user. A local user could exploit this flaw to\ncause a denial of service (system crash) by reading one byte beyond a\n/dev/zero page boundary. (CVE-2014-7843)\n\nA stack buffer overflow was discovered in the ioctl command handling for\nthe Technotrend/Hauppauge USB DEC devices driver. A local user could\nexploit this flaw to cause a denial of service (system crash) or possibly\ngain privileges. (CVE-2014-8884)\");\n script_tag(name:\"affected\", value:\"linux on Ubuntu 14.04 LTS\");\n script_tag(name:\"solution\", value:\"Please Install the Updated Packages.\");\n script_xref(name:\"USN\", value:\"2466-1\");\n script_xref(name:\"URL\", value:\"http://www.ubuntu.com/usn/usn-2466-1/\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2015 Greenbone Networks GmbH\");\n script_family(\"Ubuntu Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/ubuntu_linux\", \"ssh/login/packages\", re:\"ssh/login/release=UBUNTU14\\.04 LTS\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nrelease = dpkg_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"UBUNTU14.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"linux-image-3.13.0-44-generic\", ver:\"3.13.0-44.73\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-3.13.0-44-generic-lpae\", ver:\"3.13.0-44.73\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-3.13.0-44-lowlatency\", ver:\"3.13.0-44.73\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-3.13.0-44-powerpc-e500\", ver:\"3.13.0-44.73\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-3.13.0-44-powerpc-e500mc\", ver:\"3.13.0-44.73\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-3.13.0-44-powerpc-smp\", ver:\"3.13.0-44.73\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-3.13.0-44-powerpc64-emb\", ver:\"3.13.0-44.73\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-3.13.0-44-powerpc64-smp\", ver:\"3.13.0-44.73\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 6.1, "vector": "AV:L/AC:L/Au:N/C:P/I:P/A:C"}}, {"lastseen": "2019-05-29T18:36:21", "bulletinFamily": "scanner", "description": "The remote host is missing an update for the ", "modified": "2019-03-13T00:00:00", "published": "2015-01-23T00:00:00", "id": "OPENVAS:1361412562310842058", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310842058", "title": "Ubuntu Update for linux-ti-omap4 USN-2464-1", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Ubuntu Update for linux-ti-omap4 USN-2464-1\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2015 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.842058\");\n script_version(\"$Revision: 14140 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-13 13:26:09 +0100 (Wed, 13 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2015-01-23 12:58:43 +0100 (Fri, 23 Jan 2015)\");\n script_cve_id(\"CVE-2014-9322\", \"CVE-2014-8134\", \"CVE-2014-7842\", \"CVE-2014-8369\", \"CVE-2014-9090\");\n script_tag(name:\"cvss_base\", value:\"7.2\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_name(\"Ubuntu Update for linux-ti-omap4 USN-2464-1\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'linux-ti-omap4'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"insight\", value:\"Andy Lutomirski discovered that the Linux\nkernel does not properly handle faults associated with the Stack Segment (SS)\nregister in the x86 architecture. A local attacker could exploit this flaw to gain\nadministrative privileges. (CVE-2014-9322)\n\nAn information leak in the Linux kernel was discovered that could leak the\nhigh 16 bits of the kernel stack address on 32-bit Kernel Virtual Machine\n(KVM) paravirt guests. A user in the guest OS could exploit this leak to\nobtain information that could potentially be used to aid in attacking the\nkernel. (CVE-2014-8134)\n\nA race condition with MMIO and PIO transactions in the KVM (Kernel Virtual\nMachine) subsystem of the Linux kernel was discovered. A guest OS user\ncould exploit this flaw to cause a denial of service (guest OS crash) via a\nspecially crafted application. (CVE-2014-7842)\n\nThe KVM (kernel virtual machine) subsystem of the Linux kernel\nmiscalculates the number of memory pages during the handling of a mapping\nfailure. A guest OS user could exploit this to cause a denial of service\n(host OS page unpinning) or possibly have unspecified other impact by\nleveraging guest OS privileges. (CVE-2014-8369)\n\nAndy Lutomirski discovered that the Linux kernel does not properly handle\nfaults associated with the Stack Segment (SS) register on the x86\narchitecture. A local attacker could exploit this flaw to cause a denial of\nservice (panic). (CVE-2014-9090)\");\n script_tag(name:\"affected\", value:\"linux-ti-omap4 on Ubuntu 12.04 LTS\");\n script_tag(name:\"solution\", value:\"Please Install the Updated Packages.\");\n script_xref(name:\"USN\", value:\"2464-1\");\n script_xref(name:\"URL\", value:\"http://www.ubuntu.com/usn/usn-2464-1/\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2015 Greenbone Networks GmbH\");\n script_family(\"Ubuntu Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/ubuntu_linux\", \"ssh/login/packages\", re:\"ssh/login/release=UBUNTU12\\.04 LTS\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nrelease = dpkg_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"UBUNTU12.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"linux-image-3.2.0-1458-omap4\", ver:\"3.2.0-1458.78\", rls:\"UBUNTU12.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-05-29T18:35:05", "bulletinFamily": "scanner", "description": "Oracle Linux Local Security Checks ELSA-2016-3502", "modified": "2019-03-14T00:00:00", "published": "2016-01-11T00:00:00", "id": "OPENVAS:1361412562310122822", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310122822", "title": "Oracle Linux Local Check: ELSA-2016-3502", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: ELSA-2016-3502.nasl 14180 2019-03-14 12:29:16Z cfischer $\n#\n# Oracle Linux Local Check\n#\n# Authors:\n# Eero Volotinen <eero.volotinen@solinor.com>\n#\n# Copyright:\n# Copyright (c) 2016 Eero Volotinen, http://solinor.com\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.122822\");\n script_version(\"$Revision: 14180 $\");\n script_tag(name:\"creation_date\", value:\"2016-01-11 11:11:58 +0200 (Mon, 11 Jan 2016)\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-14 13:29:16 +0100 (Thu, 14 Mar 2019) $\");\n script_name(\"Oracle Linux Local Check: ELSA-2016-3502\");\n script_tag(name:\"insight\", value:\"ELSA-2016-3502 - Unbreakable Enterprise kernel security update. Please see the references for more insight.\");\n script_tag(name:\"solution\", value:\"Update the affected packages to the latest available version.\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"summary\", value:\"Oracle Linux Local Security Checks ELSA-2016-3502\");\n script_xref(name:\"URL\", value:\"http://linux.oracle.com/errata/ELSA-2016-3502.html\");\n script_cve_id(\"CVE-2013-7421\", \"CVE-2014-9644\", \"CVE-2014-7842\", \"CVE-2015-7613\", \"CVE-2015-5307\", \"CVE-2015-8104\");\n script_tag(name:\"cvss_base\", value:\"6.9\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:M/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/oracle_linux\", \"ssh/login/release\", re:\"ssh/login/release=OracleLinux(5|6)\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Eero Volotinen\");\n script_family(\"Oracle Linux Local Security Checks\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release) exit(0);\n\nres = \"\";\n\nif(release == \"OracleLinux5\")\n{\n if ((res = isrpmvuln(pkg:\"kernel-uek\", rpm:\"kernel-uek~2.6.39~400.264.13.el5uek\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"kernel-uek-debug\", rpm:\"kernel-uek-debug~2.6.39~400.264.13.el5uek\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"kernel-uek-debug-devel\", rpm:\"kernel-uek-debug-devel~2.6.39~400.264.13.el5uek\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"kernel-uek-devel\", rpm:\"kernel-uek-devel~2.6.39~400.264.13.el5uek\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"kernel-uek-doc\", rpm:\"kernel-uek-doc~2.6.39~400.264.13.el5uek\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"kernel-uek-firmware\", rpm:\"kernel-uek-firmware~2.6.39~400.264.13.el5uek\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n\n}\nif(release == \"OracleLinux6\")\n{\n if ((res = isrpmvuln(pkg:\"kernel-uek\", rpm:\"kernel-uek~2.6.39~400.264.13.el6uek\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"kernel-uek-debug\", rpm:\"kernel-uek-debug~2.6.39~400.264.13.el6uek\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"kernel-uek-debug-devel\", rpm:\"kernel-uek-debug-devel~2.6.39~400.264.13.el6uek\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"kernel-uek-devel\", rpm:\"kernel-uek-devel~2.6.39~400.264.13.el6uek\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"kernel-uek-doc\", rpm:\"kernel-uek-doc~2.6.39~400.264.13.el6uek\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"kernel-uek-firmware\", rpm:\"kernel-uek-firmware~2.6.39~400.264.13.el6uek\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n\n}\nif (__pkg_match) exit(99);\n exit(0);\n\n", "cvss": {"score": 6.9, "vector": "AV:L/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-05-29T18:35:35", "bulletinFamily": "scanner", "description": "The remote host is missing an update for the ", "modified": "2018-11-23T00:00:00", "published": "2016-05-11T00:00:00", "id": "OPENVAS:1361412562310871611", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310871611", "title": "RedHat Update for kernel RHSA-2016:0855-01", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# RedHat Update for kernel RHSA-2016:0855-01\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2016 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.871611\");\n script_version(\"$Revision: 12497 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-11-23 09:28:21 +0100 (Fri, 23 Nov 2018) $\");\n script_tag(name:\"creation_date\", value:\"2016-05-11 05:22:55 +0200 (Wed, 11 May 2016)\");\n script_cve_id(\"CVE-2010-5313\", \"CVE-2013-4312\", \"CVE-2014-7842\", \"CVE-2014-8134\", \"CVE-2015-5156\", \"CVE-2015-7509\", \"CVE-2015-8215\", \"CVE-2015-8324\", \"CVE-2015-8543\");\n script_tag(name:\"cvss_base\", value:\"6.9\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:M/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"RedHat Update for kernel RHSA-2016:0855-01\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'kernel'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"insight\", value:\"The kernel packages contain the Linux kernel, the core of any Linux\noperating system.\n\nSecurity Fix(es):\n\n * It was found that reporting emulation failures to user space could lead\nto either a local (CVE-2014-7842) or a L2- L1 (CVE-2010-5313) denial of\nservice. In the case of a local denial of service, an attacker must have\naccess to the MMIO area or be able to access an I/O port. Please note that\non certain systems, HPET is mapped to userspace as part of vdso (vvar) and\nthus an unprivileged user may generate MMIO transactions (and enter the\nemulator) this way. (CVE-2010-5313, CVE-2014-7842, Moderate)\n\n * It was found that the Linux kernel did not properly account file\ndescriptors passed over the unix socket against the process limit. A local\nuser could use this flaw to exhaust all available memory on the system.\n(CVE-2013-4312, Moderate)\n\n * A buffer overflow flaw was found in the way the Linux kernel's virtio-net\nsubsystem handled certain fraglists when the GRO (Generic Receive Offload)\nfunctionality was enabled in a bridged network configuration. An attacker\non the local network could potentially use this flaw to crash the system,\nor, although unlikely, elevate their privileges on the system.\n(CVE-2015-5156, Moderate)\n\n * It was found that the Linux kernel's IPv6 network stack did not properly\nvalidate the value of the MTU variable when it was set. A remote attacker\ncould potentially use this flaw to disrupt a target system's networking\n(packet loss) by setting an invalid MTU value, for example, via a\nNetworkManager daemon that is processing router advertisement packets\nrunning on the target system. (CVE-2015-8215, Moderate)\n\n * A NULL pointer dereference flaw was found in the way the Linux kernel's\nnetwork subsystem handled socket creation with an invalid protocol\nidentifier. A local user could use this flaw to crash the system.\n(CVE-2015-8543, Moderate)\n\n * It was found that the espfix functionality does not work for 32-bit KVM\nparavirtualized guests. A local, unprivileged guest user could potentially\nuse this flaw to leak kernel stack addresses. (CVE-2014-8134, Low)\n\n * A flaw was found in the way the Linux kernel's ext4 file system driver\nhandled non-journal file systems with an orphan list. An attacker with\nphysical access to the system could use this flaw to crash the system or,\nalthough unlikely, escalate their privileges on the system. (CVE-2015-7509,\nLow)\n\n * A NULL pointer dereference flaw was found in the way the Linux kernel's\next4 file system driver handled certain corrup ...\n\n Description truncated, please see the referenced URL(s) for more information.\");\n script_tag(name:\"affected\", value:\"kernel on Red Hat Enterprise Linux Desktop (v. 6),\n Red Hat Enterprise Linux Server (v. 6),\n Red Hat Enterprise Linux Workstation (v. 6)\");\n script_tag(name:\"solution\", value:\"Please Install the Updated Packages.\");\n\n script_xref(name:\"RHSA\", value:\"2016:0855-01\");\n script_xref(name:\"URL\", value:\"https://www.redhat.com/archives/rhsa-announce/2016-May/msg00023.html\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2016 Greenbone Networks GmbH\");\n script_family(\"Red Hat Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/rhel\", \"ssh/login/rpms\", re:\"ssh/login/release=RHENT_6\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release) exit(0);\n\nres = \"\";\n\nif(release == \"RHENT_6\")\n{\n\n if ((res = isrpmvuln(pkg:\"kernel\", rpm:\"kernel~2.6.32~642.el6\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-debug\", rpm:\"kernel-debug~2.6.32~642.el6\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-debug-debuginfo\", rpm:\"kernel-debug-debuginfo~2.6.32~642.el6\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-debug-devel\", rpm:\"kernel-debug-devel~2.6.32~642.el6\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-debuginfo\", rpm:\"kernel-debuginfo~2.6.32~642.el6\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-debuginfo-common-i686\", rpm:\"kernel-debuginfo-common-i686~2.6.32~642.el6\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-devel\", rpm:\"kernel-devel~2.6.32~642.el6\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-headers\", rpm:\"kernel-headers~2.6.32~642.el6\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"perf\", rpm:\"perf~2.6.32~642.el6\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"perf-debuginfo\", rpm:\"perf-debuginfo~2.6.32~642.el6\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"python-perf-debuginfo\", rpm:\"python-perf-debuginfo~2.6.32~642.el6\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-abi-whitelists\", rpm:\"kernel-abi-whitelists~2.6.32~642.el6\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-doc\", rpm:\"kernel-doc~2.6.32~642.el6\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-firmware\", rpm:\"kernel-firmware~2.6.32~642.el6\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-debuginfo-common-x86_64\", rpm:\"kernel-debuginfo-common-x86_64~2.6.32~642.el6\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}", "cvss": {"score": 6.9, "vector": "AV:L/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-01-31T18:38:16", "bulletinFamily": "scanner", "description": "The remote host is missing an update for the ", "modified": "2020-01-31T00:00:00", "published": "2015-10-16T00:00:00", "id": "OPENVAS:1361412562310850994", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310850994", "title": "SUSE: Security Advisory for Linux (SUSE-SU-2015:0652-1)", "type": "openvas", "sourceData": "# Copyright (C) 2015 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) the respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.850994\");\n script_version(\"2020-01-31T07:58:03+0000\");\n script_tag(name:\"last_modification\", value:\"2020-01-31 07:58:03 +0000 (Fri, 31 Jan 2020)\");\n script_tag(name:\"creation_date\", value:\"2015-10-16 16:19:17 +0200 (Fri, 16 Oct 2015)\");\n script_cve_id(\"CVE-2010-5313\", \"CVE-2012-6657\", \"CVE-2013-4299\", \"CVE-2013-7263\", \"CVE-2014-0181\", \"CVE-2014-3184\", \"CVE-2014-3185\", \"CVE-2014-3673\", \"CVE-2014-3687\", \"CVE-2014-3688\", \"CVE-2014-7841\", \"CVE-2014-7842\", \"CVE-2014-8160\", \"CVE-2014-8709\", \"CVE-2014-9420\", \"CVE-2014-9584\", \"CVE-2014-9585\");\n script_tag(name:\"cvss_base\", value:\"7.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:C\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"SUSE: Security Advisory for Linux (SUSE-SU-2015:0652-1)\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'Linux'\n package(s) announced via the referenced advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"The SUSE Linux Enterprise 11 Service Pack 1 LTSS kernel was updated to fix\n security issues on kernels on the x86_64 architecture.\n\n The following security bugs have been fixed:\n\n * CVE-2013-4299: Interpretation conflict in\n drivers/md/dm-snap-persistent.c in the Linux kernel through 3.11.6\n allowed remote authenticated users to obtain sensitive information\n or modify data via a crafted mapping to a snapshot block device\n (bnc#846404).\n\n * CVE-2014-8160: SCTP firewalling failed until the SCTP module was\n loaded (bnc#913059).\n\n * CVE-2014-9584: The parse_rock_ridge_inode_internal function in\n fs/isofs/rock.c in the Linux kernel before 3.18.2 did not validate a\n length value in the Extensions Reference (ER) System Use Field,\n which allowed local users to obtain sensitive information from\n kernel memory via a crafted iso9660 image (bnc#912654).\n\n * CVE-2014-9585: The vdso_addr function in arch/x86/vdso/vma.c in the\n Linux kernel through 3.18.2 did not properly choose memory locations\n for the vDSO area, which made it easier for local users to bypass\n the ASLR protection mechanism by guessing a location at the end of a\n PMD (bnc#912705).\n\n * CVE-2014-9420: The rock_continue function in fs/isofs/rock.c in the\n Linux kernel through 3.18.1 did not restrict the number of Rock\n Ridge continuation entries, which allowed local users to cause a\n denial of service (infinite loop, and system crash or hang) via a\n crafted iso9660 image (bnc#911325).\n\n * CVE-2014-0181: The Netlink implementation in the Linux kernel\n through 3.14.1 did not provide a mechanism for authorizing socket\n operations based on the opener of a socket, which allowed local\n users to bypass intended access restrictions and modify network\n configurations by using a Netlink socket for the (1) stdout or (2)\n stderr of a setuid program (bnc#875051).\n\n * CVE-2010-5313: Race condition in arch/x86/kvm/x86.c in the Linux\n kernel before 2.6.38 allowed L2 guest OS users to cause a denial of\n service (L1 guest OS crash) via a crafted instruction that triggers\n an L2 emulation failure report, a similar issue to CVE-2014-7842\n (bnc#907822).\n\n * CVE-2014-7842: Race condition in arch/x86/kvm/x86.c in the Linux\n kernel before 3.17.4 allowed guest OS users to cause a denial of\n service (guest OS crash) via a crafted application that performs an\n MMIO transaction or a PIO transaction to trigger a guest userspace\n emulation error report, a similar issue to CVE-2010-5313\n (bnc#905312).\n\n * CVE-2014-3688: The SCTP implementation in the Linux kernel before\n 3.17.4 allowed remote attackers to caus ...\n\n Description truncated, please see the referenced URL(s) for more information.\");\n\n script_tag(name:\"affected\", value:\"Linux on SUSE Linux Enterprise Server 11 SP1 LTSS\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n script_xref(name:\"SUSE-SU\", value:\"2015:0652-1\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2015 Greenbone Networks GmbH\");\n script_family(\"SuSE Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/suse\", \"ssh/login/rpms\", re:\"ssh/login/release=SLES11\\.0SP1\");\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"SLES11.0SP1\") {\n if(!isnull(res = isrpmvuln(pkg:\"kernel-default\", rpm:\"kernel-default~2.6.32.59~0.19.1\", rls:\"SLES11.0SP1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-default-base\", rpm:\"kernel-default-base~2.6.32.59~0.19.1\", rls:\"SLES11.0SP1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-default-devel\", rpm:\"kernel-default-devel~2.6.32.59~0.19.1\", rls:\"SLES11.0SP1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-source\", rpm:\"kernel-source~2.6.32.59~0.19.1\", rls:\"SLES11.0SP1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-syms\", rpm:\"kernel-syms~2.6.32.59~0.19.1\", rls:\"SLES11.0SP1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-trace\", rpm:\"kernel-trace~2.6.32.59~0.19.1\", rls:\"SLES11.0SP1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-trace-base\", rpm:\"kernel-trace-base~2.6.32.59~0.19.1\", rls:\"SLES11.0SP1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-trace-devel\", rpm:\"kernel-trace-devel~2.6.32.59~0.19.1\", rls:\"SLES11.0SP1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-ec2\", rpm:\"kernel-ec2~2.6.32.59~0.19.1\", rls:\"SLES11.0SP1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-ec2-base\", rpm:\"kernel-ec2-base~2.6.32.59~0.19.1\", rls:\"SLES11.0SP1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-ec2-devel\", rpm:\"kernel-ec2-devel~2.6.32.59~0.19.1\", rls:\"SLES11.0SP1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-xen\", rpm:\"kernel-xen~2.6.32.59~0.19.1\", rls:\"SLES11.0SP1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-xen-base\", rpm:\"kernel-xen-base~2.6.32.59~0.19.1\", rls:\"SLES11.0SP1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-xen-devel\", rpm:\"kernel-xen-devel~2.6.32.59~0.19.1\", rls:\"SLES11.0SP1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"xen-kmp-default\", rpm:\"xen-kmp-default~4.0.3_21548_18_2.6.32.59_0.19~0.9.17\", rls:\"SLES11.0SP1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"xen-kmp-trace\", rpm:\"xen-kmp-trace~4.0.3_21548_18_2.6.32.59_0.19~0.9.17\", rls:\"SLES11.0SP1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-default-man\", rpm:\"kernel-default-man~2.6.32.59~0.19.1\", rls:\"SLES11.0SP1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-pae\", rpm:\"kernel-pae~2.6.32.59~0.19.1\", rls:\"SLES11.0SP1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-pae-base\", rpm:\"kernel-pae-base~2.6.32.59~0.19.1\", rls:\"SLES11.0SP1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-pae-devel\", rpm:\"kernel-pae-devel~2.6.32.59~0.19.1\", rls:\"SLES11.0SP1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"xen-kmp-pae\", rpm:\"xen-kmp-pae~4.0.3_21548_18_2.6.32.59_0.19~0.9.17\", rls:\"SLES11.0SP1\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if(__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);\n", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2020-02-05T16:36:03", "bulletinFamily": "scanner", "description": "The remote host is missing an update for the Huawei EulerOS\n ", "modified": "2020-02-05T00:00:00", "published": "2020-01-23T00:00:00", "id": "OPENVAS:1361412562311220191529", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562311220191529", "title": "Huawei EulerOS: Security Advisory for kernel (EulerOS-SA-2019-1529)", "type": "openvas", "sourceData": "# Copyright (C) 2020 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) the respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.1.2.2019.1529\");\n script_version(\"2020-02-05T08:56:28+0000\");\n script_cve_id(\"CVE-2013-2888\", \"CVE-2013-2893\", \"CVE-2013-6376\", \"CVE-2013-7268\", \"CVE-2014-1438\", \"CVE-2014-1445\", \"CVE-2014-6417\", \"CVE-2014-7842\", \"CVE-2014-8884\", \"CVE-2015-3291\", \"CVE-2015-4170\", \"CVE-2015-8746\", \"CVE-2016-10147\", \"CVE-2016-5195\", \"CVE-2016-5400\", \"CVE-2017-12188\", \"CVE-2017-14140\", \"CVE-2017-16527\", \"CVE-2017-16528\", \"CVE-2017-9242\");\n script_tag(name:\"cvss_base\", value:\"7.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:C\");\n script_tag(name:\"last_modification\", value:\"2020-02-05 08:56:28 +0000 (Wed, 05 Feb 2020)\");\n script_tag(name:\"creation_date\", value:\"2020-01-23 12:05:48 +0000 (Thu, 23 Jan 2020)\");\n script_name(\"Huawei EulerOS: Security Advisory for kernel (EulerOS-SA-2019-1529)\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2020 Greenbone Networks GmbH\");\n script_family(\"Huawei EulerOS Local Security Checks\");\n script_dependencies(\"gb_huawei_euleros_consolidation.nasl\");\n script_mandatory_keys(\"ssh/login/euleros\", \"ssh/login/rpms\", re:\"ssh/login/release=EULEROSVIRTARM64-3\\.0\\.1\\.0\");\n\n script_xref(name:\"EulerOS-SA\", value:\"2019-1529\");\n script_xref(name:\"URL\", value:\"https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2019-1529\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the Huawei EulerOS\n 'kernel' package(s) announced via the EulerOS-SA-2019-1529 advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"The ipx_recvmsg function in net/ipx/af_ipx.c in the Linux kernel before 3.12.4 updates a certain length value without ensuring that an associated data structure has been initialized, which allows local users to obtain sensitive information from kernel memory via a (1) recvfrom, (2) recvmmsg, or (3) recvmsg system call.(CVE-2013-7268)\n\nThe move_pages system call in mm/migrate.c in the Linux kernel doesn't check the effective uid of the target process. This enables a local attacker to learn the memory layout of a setuid executable allowing mitigation of ASLR.(CVE-2017-14140)\n\nMultiple array index errors in drivers/hid/hid-core.c in the Human Interface Device (HID) subsystem in the Linux kernel through 3.11 allow physically proximate attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via a crafted device that provides an invalid Report ID.(CVE-2013-2888)\n\nIt was found that if a Non-Maskable Interrupt (NMI) occurred immediately after a SYSCALL call or before a SYSRET call with the user RSP pointing to the NMI IST stack, the kernel could skip that NMI.(CVE-2015-3291)\n\nThe sound/core/seq_device.c in the Linux kernel, before 4.13.4, allows local users to cause a denial of service (snd_rawmidi_dev_seq_free use-after-free and system crash) or possibly have unspecified other impact via a crafted USB device.(CVE-2017-16528)\n\nnet/ceph/auth_x.c in Ceph, as used in the Linux kernel before 3.16.3, does not properly consider the possibility of kmalloc failure, which allows remote attackers to cause a denial of service (system crash) or possibly have unspecified other impact via a long unencrypted auth ticket.(CVE-2014-6417)\n\nA NULL pointer dereference flaw was found in the Linux kernel: the NFSv4.2 migration code improperly initialized the kernel structure. A local, authenticated user could use this flaw to cause a panic of the NFS client (denial of service).(CVE-2015-8746)\n\nA stack-based buffer overflow flaw was found in the TechnoTrend/Hauppauge DEC USB device driver. A local user with write access to the corresponding device could use this flaw to crash the kernel or, potentially, elevate their privileges on the system.(CVE-2014-8884)\n\nA flaw was found in the linux kernel's implementation of the airspy USB device driver in which a leak was found when a subdev or SDR are plugged into the host.An attacker can create an targeted USB device which can emulate 64 of these devices. Then by emulating an additional device which continuously connects and disconnects, each connection attempt will leak memory which can not be recovered.(CVE-2016-5400)\n\nThe sou ...\n\n Description truncated. Please see the references for more information.\");\n\n script_tag(name:\"affected\", value:\"'kernel' package(s) on Huawei EulerOS Virtualization for ARM 64 3.0.1.0.\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"EULEROSVIRTARM64-3.0.1.0\") {\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel\", rpm:\"kernel~4.19.28~1.2.117\", rls:\"EULEROSVIRTARM64-3.0.1.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-devel\", rpm:\"kernel-devel~4.19.28~1.2.117\", rls:\"EULEROSVIRTARM64-3.0.1.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-headers\", rpm:\"kernel-headers~4.19.28~1.2.117\", rls:\"EULEROSVIRTARM64-3.0.1.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-tools\", rpm:\"kernel-tools~4.19.28~1.2.117\", rls:\"EULEROSVIRTARM64-3.0.1.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-tools-libs\", rpm:\"kernel-tools-libs~4.19.28~1.2.117\", rls:\"EULEROSVIRTARM64-3.0.1.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-tools-libs-devel\", rpm:\"kernel-tools-libs-devel~4.19.28~1.2.117\", rls:\"EULEROSVIRTARM64-3.0.1.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"perf\", rpm:\"perf~4.19.28~1.2.117\", rls:\"EULEROSVIRTARM64-3.0.1.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"python-perf\", rpm:\"python-perf~4.19.28~1.2.117\", rls:\"EULEROSVIRTARM64-3.0.1.0\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if (__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);\n", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}], "ubuntu": [{"lastseen": "2020-07-02T11:35:17", "bulletinFamily": "unix", "description": "A race condition with MMIO and PIO transactions in the KVM (Kernel Virtual \nMachine) subsystem of the Linux kernel was discovered. A guest OS user \ncould exploit this flaw to cause a denial of service (guest OS crash) via a \nspecially crafted application. (CVE-2014-7842)\n\nThe KVM (kernel virtual machine) subsystem of the Linux kernel \nmiscalculates the number of memory pages during the handling of a mapping \nfailure. A guest OS user could exploit this to cause a denial of service \n(host OS page unpinning) or possibly have unspecified other impact by \nleveraging guest OS privileges. (CVE-2014-8369)", "modified": "2015-01-13T00:00:00", "published": "2015-01-13T00:00:00", "id": "USN-2463-1", "href": "https://ubuntu.com/security/notices/USN-2463-1", "title": "Linux kernel vulnerabilities", "type": "ubuntu", "cvss": {"score": 4.9, "vector": "AV:L/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2020-07-02T11:35:09", "bulletinFamily": "unix", "description": "Andy Lutomirski discovered that the Linux kernel does not properly handle \nfaults associated with the Stack Segment (SS) register in the x86 \narchitecture. A local attacker could exploit this flaw to gain \nadministrative privileges. (CVE-2014-9322)\n\nAn information leak in the Linux kernel was discovered that could leak the \nhigh 16 bits of the kernel stack address on 32-bit Kernel Virtual Machine \n(KVM) paravirt guests. A user in the guest OS could exploit this leak to \nobtain information that could potentially be used to aid in attacking the \nkernel. (CVE-2014-8134)\n\nA race condition with MMIO and PIO transactions in the KVM (Kernel Virtual \nMachine) subsystem of the Linux kernel was discovered. A guest OS user \ncould exploit this flaw to cause a denial of service (guest OS crash) via a \nspecially crafted application. (CVE-2014-7842)\n\nThe KVM (kernel virtual machine) subsystem of the Linux kernel \nmiscalculates the number of memory pages during the handling of a mapping \nfailure. A guest OS user could exploit this to cause a denial of service \n(host OS page unpinning) or possibly have unspecified other impact by \nleveraging guest OS privileges. (CVE-2014-8369)\n\nAndy Lutomirski discovered that the Linux kernel does not properly handle \nfaults associated with the Stack Segment (SS) register on the x86 \narchitecture. A local attacker could exploit this flaw to cause a denial of \nservice (panic). (CVE-2014-9090)", "modified": "2015-01-13T00:00:00", "published": "2015-01-13T00:00:00", "id": "USN-2464-1", "href": "https://ubuntu.com/security/notices/USN-2464-1", "title": "Linux kernel (OMAP4) vulnerabilities", "type": "ubuntu", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-07-02T11:45:11", "bulletinFamily": "unix", "description": "A null pointer dereference flaw was discovered in the the Linux kernel's \nSCTP implementation when ASCONF is used. A remote attacker could exploit \nthis flaw to cause a denial of service (system crash) via a malformed INIT \nchunk. (CVE-2014-7841)\n\nA race condition with MMIO and PIO transactions in the KVM (Kernel Virtual \nMachine) subsystem of the Linux kernel was discovered. A guest OS user \ncould exploit this flaw to cause a denial of service (guest OS crash) via a \nspecially crafted application. (CVE-2014-7842)\n\nMilo\u0161 Prchl\u00edk reported a flaw in how the ARM64 platform handles a single \nbyte overflow in __clear_user. A local user could exploit this flaw to \ncause a denial of service (system crash) by reading one byte beyond a \n/dev/zero page boundary. (CVE-2014-7843)\n\nA stack buffer overflow was discovered in the ioctl command handling for \nthe Technotrend/Hauppauge USB DEC devices driver. A local user could \nexploit this flaw to cause a denial of service (system crash) or possibly \ngain privileges. (CVE-2014-8884)", "modified": "2015-01-13T00:00:00", "published": "2015-01-13T00:00:00", "id": "USN-2467-1", "href": "https://ubuntu.com/security/notices/USN-2467-1", "title": "Linux kernel (Utopic HWE) vulnerabilities", "type": "ubuntu", "cvss": {"score": 6.1, "vector": "AV:L/AC:L/Au:N/C:P/I:P/A:C"}}, {"lastseen": "2020-07-02T11:40:53", "bulletinFamily": "unix", "description": "A null pointer dereference flaw was discovered in the the Linux kernel's \nSCTP implementation when ASCONF is used. A remote attacker could exploit \nthis flaw to cause a denial of service (system crash) via a malformed INIT \nchunk. (CVE-2014-7841)\n\nA race condition with MMIO and PIO transactions in the KVM (Kernel Virtual \nMachine) subsystem of the Linux kernel was discovered. A guest OS user \ncould exploit this flaw to cause a denial of service (guest OS crash) via a \nspecially crafted application. (CVE-2014-7842)\n\nMilo\u0161 Prchl\u00edk reported a flaw in how the ARM64 platform handles a single \nbyte overflow in __clear_user. A local user could exploit this flaw to \ncause a denial of service (system crash) by reading one byte beyond a \n/dev/zero page boundary. (CVE-2014-7843)\n\nA stack buffer overflow was discovered in the ioctl command handling for \nthe Technotrend/Hauppauge USB DEC devices driver. A local user could \nexploit this flaw to cause a denial of service (system crash) or possibly \ngain privileges. (CVE-2014-8884)", "modified": "2015-01-13T00:00:00", "published": "2015-01-13T00:00:00", "id": "USN-2466-1", "href": "https://ubuntu.com/security/notices/USN-2466-1", "title": "Linux kernel vulnerabilities", "type": "ubuntu", "cvss": {"score": 6.1, "vector": "AV:L/AC:L/Au:N/C:P/I:P/A:C"}}, {"lastseen": "2020-07-09T00:26:01", "bulletinFamily": "unix", "description": "A null pointer dereference flaw was discovered in the the Linux kernel's \nSCTP implementation when ASCONF is used. A remote attacker could exploit \nthis flaw to cause a denial of service (system crash) via a malformed INIT \nchunk. (CVE-2014-7841)\n\nA race condition with MMIO and PIO transactions in the KVM (Kernel Virtual \nMachine) subsystem of the Linux kernel was discovered. A guest OS user \ncould exploit this flaw to cause a denial of service (guest OS crash) via a \nspecially crafted application. (CVE-2014-7842)\n\nMilo\u0161 Prchl\u00edk reported a flaw in how the ARM64 platform handles a single \nbyte overflow in __clear_user. A local user could exploit this flaw to \ncause a denial of service (system crash) by reading one byte beyond a \n/dev/zero page boundary. (CVE-2014-7843)\n\nA stack buffer overflow was discovered in the ioctl command handling for \nthe Technotrend/Hauppauge USB DEC devices driver. A local user could \nexploit this flaw to cause a denial of service (system crash) or possibly \ngain privileges. (CVE-2014-8884)", "modified": "2015-01-13T00:00:00", "published": "2015-01-13T00:00:00", "id": "USN-2468-1", "href": "https://ubuntu.com/security/notices/USN-2468-1", "title": "Linux kernel vulnerabilities", "type": "ubuntu", "cvss": {"score": 6.1, "vector": "AV:L/AC:L/Au:N/C:P/I:P/A:C"}}, {"lastseen": "2020-07-02T11:39:57", "bulletinFamily": "unix", "description": "A null pointer dereference flaw was discovered in the the Linux kernel's \nSCTP implementation when ASCONF is used. A remote attacker could exploit \nthis flaw to cause a denial of service (system crash) via a malformed INIT \nchunk. (CVE-2014-7841)\n\nA race condition with MMIO and PIO transactions in the KVM (Kernel Virtual \nMachine) subsystem of the Linux kernel was discovered. A guest OS user \ncould exploit this flaw to cause a denial of service (guest OS crash) via a \nspecially crafted application. (CVE-2014-7842)\n\nMilo\u0161 Prchl\u00edk reported a flaw in how the ARM64 platform handles a single \nbyte overflow in __clear_user. A local user could exploit this flaw to \ncause a denial of service (system crash) by reading one byte beyond a \n/dev/zero page boundary. (CVE-2014-7843)\n\nA stack buffer overflow was discovered in the ioctl command handling for \nthe Technotrend/Hauppauge USB DEC devices driver. A local user could \nexploit this flaw to cause a denial of service (system crash) or possibly \ngain privileges. (CVE-2014-8884)", "modified": "2015-01-13T00:00:00", "published": "2015-01-13T00:00:00", "id": "USN-2465-1", "href": "https://ubuntu.com/security/notices/USN-2465-1", "title": "Linux kernel (Trusty HWE) vulnerabilities", "type": "ubuntu", "cvss": {"score": 6.1, "vector": "AV:L/AC:L/Au:N/C:P/I:P/A:C"}}], "nessus": [{"lastseen": "2020-08-01T05:27:39", "bulletinFamily": "scanner", "description": "A race condition with MMIO and PIO transactions in the KVM (Kernel\nVirtual Machine) subsystem of the Linux kernel was discovered. A guest\nOS user could exploit this flaw to cause a denial of service (guest OS\ncrash) via a specially crafted application. (CVE-2014-7842)\n\nThe KVM (kernel virtual machine) subsystem of the Linux kernel\nmiscalculates the number of memory pages during the handling of a\nmapping failure. A guest OS user could exploit this to cause a denial\nof service (host OS page unpinning) or possibly have unspecified other\nimpact by leveraging guest OS privileges. (CVE-2014-8369).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "modified": "2020-08-02T00:00:00", "id": "UBUNTU_USN-2463-1.NASL", "href": "https://www.tenable.com/plugins/nessus/80511", "published": "2015-01-14T00:00:00", "title": "Ubuntu 12.04 LTS : linux vulnerabilities (USN-2463-1)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-2463-1. The text \n# itself is copyright (C) Canonical, Inc. See \n# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered \n# trademark of Canonical, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(80511);\n script_version(\"1.9\");\n script_cvs_date(\"Date: 2019/09/19 12:54:31\");\n\n script_cve_id(\"CVE-2014-7842\", \"CVE-2014-8369\");\n script_bugtraq_id(70749, 71078);\n script_xref(name:\"USN\", value:\"2463-1\");\n\n script_name(english:\"Ubuntu 12.04 LTS : linux vulnerabilities (USN-2463-1)\");\n script_summary(english:\"Checks dpkg output for updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Ubuntu host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"A race condition with MMIO and PIO transactions in the KVM (Kernel\nVirtual Machine) subsystem of the Linux kernel was discovered. A guest\nOS user could exploit this flaw to cause a denial of service (guest OS\ncrash) via a specially crafted application. (CVE-2014-7842)\n\nThe KVM (kernel virtual machine) subsystem of the Linux kernel\nmiscalculates the number of memory pages during the handling of a\nmapping failure. A guest OS user could exploit this to cause a denial\nof service (host OS page unpinning) or possibly have unspecified other\nimpact by leveraging guest OS privileges. (CVE-2014-8369).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://usn.ubuntu.com/2463-1/\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:N/I:N/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-3.2-generic\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-3.2-generic-pae\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-3.2-highbank\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-3.2-virtual\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:12.04:-:lts\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2014/11/10\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/01/13\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/01/14\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"Ubuntu Security Notice (C) 2015-2019 Canonical, Inc. / NASL script (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"linux_alt_patch_detect.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"ubuntu.inc\");\ninclude(\"ksplice.inc\");\n\nif ( ! get_kb_item(\"Host/local_checks_enabled\") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/Ubuntu/release\");\nif ( isnull(release) ) audit(AUDIT_OS_NOT, \"Ubuntu\");\nrelease = chomp(release);\nif (! preg(pattern:\"^(12\\.04)$\", string:release)) audit(AUDIT_OS_NOT, \"Ubuntu 12.04\", \"Ubuntu \" + release);\nif ( ! get_kb_item(\"Host/Debian/dpkg-l\") ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Ubuntu\", cpu);\n\nif (get_one_kb_item(\"Host/ksplice/kernel-cves\"))\n{\n rm_kb_item(name:\"Host/uptrack-uname-r\");\n cve_list = make_list(\"CVE-2014-7842\", \"CVE-2014-8369\");\n if (ksplice_cves_check(cve_list))\n {\n audit(AUDIT_PATCH_INSTALLED, \"KSplice hotfix for USN-2463-1\");\n }\n else\n {\n _ubuntu_report = ksplice_reporting_text();\n }\n}\n\nflag = 0;\n\nif (ubuntu_check(osver:\"12.04\", pkgname:\"linux-image-3.2.0-75-generic\", pkgver:\"3.2.0-75.110\")) flag++;\nif (ubuntu_check(osver:\"12.04\", pkgname:\"linux-image-3.2.0-75-generic-pae\", pkgver:\"3.2.0-75.110\")) flag++;\nif (ubuntu_check(osver:\"12.04\", pkgname:\"linux-image-3.2.0-75-highbank\", pkgver:\"3.2.0-75.110\")) flag++;\nif (ubuntu_check(osver:\"12.04\", pkgname:\"linux-image-3.2.0-75-virtual\", pkgver:\"3.2.0-75.110\")) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : ubuntu_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = ubuntu_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"linux-image-3.2-generic / linux-image-3.2-generic-pae / etc\");\n}\n", "cvss": {"score": 4.9, "vector": "AV:L/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2020-08-01T01:34:39", "bulletinFamily": "scanner", "description": "CVE-2010-5313 Race condition in arch/x86/kvm/x86.c in the Linux kernel\nbefore 2.6.38 allows L2 guest OS users to cause a denial of service\n(L1 guest OS crash) via a crafted instruction that triggers an L2\nemulation failure report, a similar issue to CVE-2014-7842.\n\nCVE-2014-7842 Race condition in arch/x86/kvm/x86.c in the Linux kernel\nbefore 3.17.4 allows guest OS users to cause a denial of service\n(guest OS crash) via a crafted application that performs an MMIO\ntransaction or a PIO transaction to trigger a guest userspace\nemulation error report, a similar issue to CVE-2010-5313.", "modified": "2020-08-02T00:00:00", "id": "F5_BIGIP_SOL62700573.NASL", "href": "https://www.tenable.com/plugins/nessus/88066", "published": "2016-01-22T00:00:00", "title": "F5 Networks BIG-IP : Linux kernel vulnerabilities (K62700573)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from F5 Networks BIG-IP Solution K62700573.\n#\n# The text description of this plugin is (C) F5 Networks.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(88066);\n script_version(\"2.9\");\n script_cvs_date(\"Date: 2019/01/04 10:03:40\");\n\n script_cve_id(\"CVE-2010-5313\", \"CVE-2014-7842\");\n script_bugtraq_id(71078, 71363);\n\n script_name(english:\"F5 Networks BIG-IP : Linux kernel vulnerabilities (K62700573)\");\n script_summary(english:\"Checks the BIG-IP version.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote device is missing a vendor-supplied security patch.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"CVE-2010-5313 Race condition in arch/x86/kvm/x86.c in the Linux kernel\nbefore 2.6.38 allows L2 guest OS users to cause a denial of service\n(L1 guest OS crash) via a crafted instruction that triggers an L2\nemulation failure report, a similar issue to CVE-2014-7842.\n\nCVE-2014-7842 Race condition in arch/x86/kvm/x86.c in the Linux kernel\nbefore 3.17.4 allows guest OS users to cause a denial of service\n(guest OS crash) via a crafted application that performs an MMIO\ntransaction or a PIO transaction to trigger a guest userspace\nemulation error report, a similar issue to CVE-2010-5313.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://support.f5.com/csp/article/K62700573\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"Upgrade to one of the non-vulnerable versions listed in the F5\nSolution K62700573.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:N/I:N/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"potential_vulnerability\", value:\"true\");\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:f5:big-ip_access_policy_manager\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:f5:big-ip_advanced_firewall_manager\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:f5:big-ip_application_acceleration_manager\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:f5:big-ip_application_security_manager\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:f5:big-ip_application_visibility_and_reporting\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:f5:big-ip_global_traffic_manager\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:f5:big-ip_link_controller\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:f5:big-ip_local_traffic_manager\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:f5:big-ip_policy_enforcement_manager\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:f5:big-ip_wan_optimization_manager\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:f5:big-ip_webaccelerator\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/h:f5:big-ip\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/h:f5:big-ip_protocol_security_manager\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/01/21\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/01/22\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"F5 Networks Local Security Checks\");\n\n script_dependencies(\"f5_bigip_detect.nbin\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/BIG-IP/hotfix\", \"Host/BIG-IP/modules\", \"Host/BIG-IP/version\", \"Settings/ParanoidReport\");\n\n exit(0);\n}\n\n\ninclude(\"f5_func.inc\");\n\nif ( ! get_kb_item(\"Host/local_checks_enabled\") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nversion = get_kb_item(\"Host/BIG-IP/version\");\nif ( ! version ) audit(AUDIT_OS_NOT, \"F5 Networks BIG-IP\");\nif ( isnull(get_kb_item(\"Host/BIG-IP/hotfix\")) ) audit(AUDIT_KB_MISSING, \"Host/BIG-IP/hotfix\");\nif ( ! get_kb_item(\"Host/BIG-IP/modules\") ) audit(AUDIT_KB_MISSING, \"Host/BIG-IP/modules\");\n\nsol = \"K62700573\";\nvmatrix = make_array();\n\nif (report_paranoia < 2) audit(AUDIT_PARANOID);\n\n# APM\nvmatrix[\"APM\"] = make_array();\nvmatrix[\"APM\"][\"affected\" ] = make_list(\"12.0.0\",\"11.0.0-11.6.0\");\nvmatrix[\"APM\"][\"unaffected\"] = make_list(\"10.1.0-10.2.4\");\n\n# ASM\nvmatrix[\"ASM\"] = make_array();\nvmatrix[\"ASM\"][\"affected\" ] = make_list(\"12.0.0\",\"11.0.0-11.6.0\");\nvmatrix[\"ASM\"][\"unaffected\"] = make_list(\"10.1.0-10.2.4\");\n\n# GTM\nvmatrix[\"GTM\"] = make_array();\nvmatrix[\"GTM\"][\"affected\" ] = make_list(\"11.0.0-11.6.0\");\nvmatrix[\"GTM\"][\"unaffected\"] = make_list(\"10.1.0-10.2.4\");\n\n# LC\nvmatrix[\"LC\"] = make_array();\nvmatrix[\"LC\"][\"affected\" ] = make_list(\"12.0.0\",\"11.0.0-11.6.0\");\nvmatrix[\"LC\"][\"unaffected\"] = make_list(\"10.1.0-10.2.4\");\n\n# LTM\nvmatrix[\"LTM\"] = make_array();\nvmatrix[\"LTM\"][\"affected\" ] = make_list(\"12.0.0\",\"11.0.0-11.6.0\");\nvmatrix[\"LTM\"][\"unaffected\"] = make_list(\"10.1.0-10.2.4\");\n\n# PSM\nvmatrix[\"PSM\"] = make_array();\nvmatrix[\"PSM\"][\"affected\" ] = make_list(\"11.0.0-11.4.1\");\nvmatrix[\"PSM\"][\"unaffected\"] = make_list(\"10.1.0-10.2.4\");\n\n# WAM\nvmatrix[\"WAM\"] = make_array();\nvmatrix[\"WAM\"][\"affected\" ] = make_list(\"11.0.0-11.3.0\");\nvmatrix[\"WAM\"][\"unaffected\"] = make_list(\"10.1.0-10.2.4\");\n\n# WOM\nvmatrix[\"WOM\"] = make_array();\nvmatrix[\"WOM\"][\"affected\" ] = make_list(\"11.0.0-11.3.0\");\nvmatrix[\"WOM\"][\"unaffected\"] = make_list(\"10.1.0-10.2.4\");\n\n\nif (bigip_is_affected(vmatrix:vmatrix, sol:sol))\n{\n if (report_verbosity > 0) security_warning(port:0, extra:bigip_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = bigip_get_tested_modules();\n audit_extra = \"For BIG-IP module(s) \" + tested + \",\";\n if (tested) audit(AUDIT_INST_VER_NOT_VULN, audit_extra, version);\n else audit(AUDIT_HOST_NOT, \"running any of the affected modules\");\n}\n", "cvss": {"score": 4.9, "vector": "AV:L/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2020-08-01T05:27:39", "bulletinFamily": "scanner", "description": "A NULL pointer dereference flaw was discovered in the the Linux\nkernel", "modified": "2020-08-02T00:00:00", "id": "UBUNTU_USN-2466-1.NASL", "href": "https://www.tenable.com/plugins/nessus/80513", "published": "2015-01-14T00:00:00", "title": "Ubuntu 14.04 LTS : linux vulnerabilities (USN-2466-1)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-2466-1. The text \n# itself is copyright (C) Canonical, Inc. See \n# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered \n# trademark of Canonical, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(80513);\n script_version(\"1.10\");\n script_cvs_date(\"Date: 2019/09/19 12:54:31\");\n\n script_cve_id(\"CVE-2014-7841\", \"CVE-2014-7842\", \"CVE-2014-7843\", \"CVE-2014-8884\");\n script_bugtraq_id(71078, 71081, 71082, 71097);\n script_xref(name:\"USN\", value:\"2466-1\");\n\n script_name(english:\"Ubuntu 14.04 LTS : linux vulnerabilities (USN-2466-1)\");\n script_summary(english:\"Checks dpkg output for updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Ubuntu host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"A NULL pointer dereference flaw was discovered in the the Linux\nkernel's SCTP implementation when ASCONF is used. A remote attacker\ncould exploit this flaw to cause a denial of service (system crash)\nvia a malformed INIT chunk. (CVE-2014-7841)\n\nA race condition with MMIO and PIO transactions in the KVM (Kernel\nVirtual Machine) subsystem of the Linux kernel was discovered. A guest\nOS user could exploit this flaw to cause a denial of service (guest OS\ncrash) via a specially crafted application. (CVE-2014-7842)\n\nMilos Prchlik reported a flaw in how the ARM64 platform handles a\nsingle byte overflow in __clear_user. A local user could exploit this\nflaw to cause a denial of service (system crash) by reading one byte\nbeyond a /dev/zero page boundary. (CVE-2014-7843)\n\nA stack buffer overflow was discovered in the ioctl command handling\nfor the Technotrend/Hauppauge USB DEC devices driver. A local user\ncould exploit this flaw to cause a denial of service (system crash) or\npossibly gain privileges. (CVE-2014-8884).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://usn.ubuntu.com/2466-1/\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"Update the affected linux-image-3.13-generic,\nlinux-image-3.13-generic-lpae and / or linux-image-3.13-lowlatency\npackages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:P/I:P/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-3.13-generic\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-3.13-generic-lpae\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-3.13-lowlatency\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:14.04\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2014/11/29\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/01/13\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/01/14\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"Ubuntu Security Notice (C) 2015-2019 Canonical, Inc. / NASL script (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"linux_alt_patch_detect.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"ubuntu.inc\");\ninclude(\"ksplice.inc\");\n\nif ( ! get_kb_item(\"Host/local_checks_enabled\") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/Ubuntu/release\");\nif ( isnull(release) ) audit(AUDIT_OS_NOT, \"Ubuntu\");\nrelease = chomp(release);\nif (! preg(pattern:\"^(14\\.04)$\", string:release)) audit(AUDIT_OS_NOT, \"Ubuntu 14.04\", \"Ubuntu \" + release);\nif ( ! get_kb_item(\"Host/Debian/dpkg-l\") ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Ubuntu\", cpu);\n\nif (get_one_kb_item(\"Host/ksplice/kernel-cves\"))\n{\n rm_kb_item(name:\"Host/uptrack-uname-r\");\n cve_list = make_list(\"CVE-2014-7841\", \"CVE-2014-7842\", \"CVE-2014-7843\", \"CVE-2014-8884\");\n if (ksplice_cves_check(cve_list))\n {\n audit(AUDIT_PATCH_INSTALLED, \"KSplice hotfix for USN-2466-1\");\n }\n else\n {\n _ubuntu_report = ksplice_reporting_text();\n }\n}\n\nflag = 0;\n\nif (ubuntu_check(osver:\"14.04\", pkgname:\"linux-image-3.13.0-44-generic\", pkgver:\"3.13.0-44.73\")) flag++;\nif (ubuntu_check(osver:\"14.04\", pkgname:\"linux-image-3.13.0-44-generic-lpae\", pkgver:\"3.13.0-44.73\")) flag++;\nif (ubuntu_check(osver:\"14.04\", pkgname:\"linux-image-3.13.0-44-lowlatency\", pkgver:\"3.13.0-44.73\")) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : ubuntu_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = ubuntu_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"linux-image-3.13-generic / linux-image-3.13-generic-lpae / etc\");\n}\n", "cvss": {"score": 6.1, "vector": "AV:L/AC:L/Au:N/C:P/I:P/A:C"}}, {"lastseen": "2020-03-17T23:22:40", "bulletinFamily": "scanner", "description": "The 3.17.3 stable update contains a number of important fixes across\nthe tree.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "modified": "2014-11-21T00:00:00", "id": "FEDORA_2014-15200.NASL", "href": "https://www.tenable.com/plugins/nessus/79363", "published": "2014-11-21T00:00:00", "title": "Fedora 20 : kernel-3.17.3-200.fc20 (2014-15200)", "type": "nessus", "sourceData": "#%NASL_MIN_LEVEL 80502\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory 2014-15200.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(79363);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2020/03/12\");\n\n script_cve_id(\"CVE-2014-7825\", \"CVE-2014-7826\", \"CVE-2014-7841\", \"CVE-2014-7842\", \"CVE-2014-7843\");\n script_xref(name:\"FEDORA\", value:\"2014-15200\");\n\n script_name(english:\"Fedora 20 : kernel-3.17.3-200.fc20 (2014-15200)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The 3.17.3 stable update contains a number of important fixes across\nthe tree.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1161565\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1163087\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1163744\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1163762\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2014-November/144691.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?127cad7b\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected kernel package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:kernel\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:20\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/11/16\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/11/21\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2014-2020 Tenable Network Security, Inc.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^20([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 20.x\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"FC20\", reference:\"kernel-3.17.3-200.fc20\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"kernel\");\n}\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2020-03-17T23:22:39", "bulletinFamily": "scanner", "description": "Latest upstream stable release, Linux v3.17.3. A wide variety of fixes\nacross the tree.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "modified": "2014-11-19T00:00:00", "id": "FEDORA_2014-15159.NASL", "href": "https://www.tenable.com/plugins/nessus/79319", "published": "2014-11-19T00:00:00", "title": "Fedora 21 : kernel-3.17.3-300.fc21 (2014-15159)", "type": "nessus", "sourceData": "#%NASL_MIN_LEVEL 80502\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory 2014-15159.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(79319);\n script_version(\"1.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2020/03/12\");\n\n script_cve_id(\"CVE-2014-7825\", \"CVE-2014-7826\", \"CVE-2014-7841\", \"CVE-2014-7842\", \"CVE-2014-7843\");\n script_bugtraq_id(70971, 70972, 71078, 71081, 71082);\n script_xref(name:\"FEDORA\", value:\"2014-15159\");\n\n script_name(english:\"Fedora 21 : kernel-3.17.3-300.fc21 (2014-15159)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Latest upstream stable release, Linux v3.17.3. A wide variety of fixes\nacross the tree.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1161565\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1163087\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1163744\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1163762\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2014-November/144193.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?3b5b6c61\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected kernel package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:ND/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:kernel\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:21\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/11/16\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/11/19\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2014-2020 Tenable Network Security, Inc.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^21([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 21.x\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"FC21\", reference:\"kernel-3.17.3-300.fc21\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"kernel\");\n}\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2020-08-01T05:27:39", "bulletinFamily": "scanner", "description": "A NULL pointer dereference flaw was discovered in the the Linux\nkernel", "modified": "2020-08-02T00:00:00", "id": "UBUNTU_USN-2468-1.NASL", "href": "https://www.tenable.com/plugins/nessus/80515", "published": "2015-01-14T00:00:00", "title": "Ubuntu 14.10 : linux vulnerabilities (USN-2468-1)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-2468-1. The text \n# itself is copyright (C) Canonical, Inc. See \n# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered \n# trademark of Canonical, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(80515);\n script_version(\"1.10\");\n script_cvs_date(\"Date: 2019/09/19 12:54:31\");\n\n script_cve_id(\"CVE-2014-7841\", \"CVE-2014-7842\", \"CVE-2014-7843\", \"CVE-2014-8884\");\n script_bugtraq_id(71078, 71081, 71082, 71097);\n script_xref(name:\"USN\", value:\"2468-1\");\n\n script_name(english:\"Ubuntu 14.10 : linux vulnerabilities (USN-2468-1)\");\n script_summary(english:\"Checks dpkg output for updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Ubuntu host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"A NULL pointer dereference flaw was discovered in the the Linux\nkernel's SCTP implementation when ASCONF is used. A remote attacker\ncould exploit this flaw to cause a denial of service (system crash)\nvia a malformed INIT chunk. (CVE-2014-7841)\n\nA race condition with MMIO and PIO transactions in the KVM (Kernel\nVirtual Machine) subsystem of the Linux kernel was discovered. A guest\nOS user could exploit this flaw to cause a denial of service (guest OS\ncrash) via a specially crafted application. (CVE-2014-7842)\n\nMilos Prchlik reported a flaw in how the ARM64 platform handles a\nsingle byte overflow in __clear_user. A local user could exploit this\nflaw to cause a denial of service (system crash) by reading one byte\nbeyond a /dev/zero page boundary. (CVE-2014-7843)\n\nA stack buffer overflow was discovered in the ioctl command handling\nfor the Technotrend/Hauppauge USB DEC devices driver. A local user\ncould exploit this flaw to cause a denial of service (system crash) or\npossibly gain privileges. (CVE-2014-8884).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://usn.ubuntu.com/2468-1/\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"Update the affected linux-image-3.16-generic,\nlinux-image-3.16-generic-lpae and / or linux-image-3.16-lowlatency\npackages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:P/I:P/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-3.16-generic\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-3.16-generic-lpae\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-3.16-lowlatency\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:14.10\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2014/11/29\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/01/13\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/01/14\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"Ubuntu Security Notice (C) 2015-2019 Canonical, Inc. / NASL script (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"linux_alt_patch_detect.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"ubuntu.inc\");\ninclude(\"ksplice.inc\");\n\nif ( ! get_kb_item(\"Host/local_checks_enabled\") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/Ubuntu/release\");\nif ( isnull(release) ) audit(AUDIT_OS_NOT, \"Ubuntu\");\nrelease = chomp(release);\nif (! preg(pattern:\"^(14\\.10)$\", string:release)) audit(AUDIT_OS_NOT, \"Ubuntu 14.10\", \"Ubuntu \" + release);\nif ( ! get_kb_item(\"Host/Debian/dpkg-l\") ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Ubuntu\", cpu);\n\nif (get_one_kb_item(\"Host/ksplice/kernel-cves\"))\n{\n rm_kb_item(name:\"Host/uptrack-uname-r\");\n cve_list = make_list(\"CVE-2014-7841\", \"CVE-2014-7842\", \"CVE-2014-7843\", \"CVE-2014-8884\");\n if (ksplice_cves_check(cve_list))\n {\n audit(AUDIT_PATCH_INSTALLED, \"KSplice hotfix for USN-2468-1\");\n }\n else\n {\n _ubuntu_report = ksplice_reporting_text();\n }\n}\n\nflag = 0;\n\nif (ubuntu_check(osver:\"14.10\", pkgname:\"linux-image-3.16.0-29-generic\", pkgver:\"3.16.0-29.39\")) flag++;\nif (ubuntu_check(osver:\"14.10\", pkgname:\"linux-image-3.16.0-29-generic-lpae\", pkgver:\"3.16.0-29.39\")) flag++;\nif (ubuntu_check(osver:\"14.10\", pkgname:\"linux-image-3.16.0-29-lowlatency\", pkgver:\"3.16.0-29.39\")) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : ubuntu_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = ubuntu_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"linux-image-3.16-generic / linux-image-3.16-generic-lpae / etc\");\n}\n", "cvss": {"score": 6.1, "vector": "AV:L/AC:L/Au:N/C:P/I:P/A:C"}}, {"lastseen": "2020-08-01T05:27:39", "bulletinFamily": "scanner", "description": "A NULL pointer dereference flaw was discovered in the the Linux\nkernel", "modified": "2020-08-02T00:00:00", "id": "UBUNTU_USN-2465-1.NASL", "href": "https://www.tenable.com/plugins/nessus/80512", "published": "2015-01-14T00:00:00", "title": "Ubuntu 12.04 LTS : linux-lts-trusty vulnerabilities (USN-2465-1)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-2465-1. The text \n# itself is copyright (C) Canonical, Inc. See \n# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered \n# trademark of Canonical, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(80512);\n script_version(\"1.10\");\n script_cvs_date(\"Date: 2019/09/19 12:54:31\");\n\n script_cve_id(\"CVE-2014-7841\", \"CVE-2014-7842\", \"CVE-2014-7843\", \"CVE-2014-8884\");\n script_bugtraq_id(71078, 71081, 71082, 71097);\n script_xref(name:\"USN\", value:\"2465-1\");\n\n script_name(english:\"Ubuntu 12.04 LTS : linux-lts-trusty vulnerabilities (USN-2465-1)\");\n script_summary(english:\"Checks dpkg output for updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Ubuntu host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"A NULL pointer dereference flaw was discovered in the the Linux\nkernel's SCTP implementation when ASCONF is used. A remote attacker\ncould exploit this flaw to cause a denial of service (system crash)\nvia a malformed INIT chunk. (CVE-2014-7841)\n\nA race condition with MMIO and PIO transactions in the KVM (Kernel\nVirtual Machine) subsystem of the Linux kernel was discovered. A guest\nOS user could exploit this flaw to cause a denial of service (guest OS\ncrash) via a specially crafted application. (CVE-2014-7842)\n\nMilos Prchlik reported a flaw in how the ARM64 platform handles a\nsingle byte overflow in __clear_user. A local user could exploit this\nflaw to cause a denial of service (system crash) by reading one byte\nbeyond a /dev/zero page boundary. (CVE-2014-7843)\n\nA stack buffer overflow was discovered in the ioctl command handling\nfor the Technotrend/Hauppauge USB DEC devices driver. A local user\ncould exploit this flaw to cause a denial of service (system crash) or\npossibly gain privileges. (CVE-2014-8884).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://usn.ubuntu.com/2465-1/\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"Update the affected linux-image-3.13-generic and / or\nlinux-image-3.13-generic-lpae packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:P/I:P/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-3.13-generic\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-3.13-generic-lpae\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:12.04:-:lts\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2014/11/29\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/01/13\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/01/14\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"Ubuntu Security Notice (C) 2015-2019 Canonical, Inc. / NASL script (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"linux_alt_patch_detect.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"ubuntu.inc\");\ninclude(\"ksplice.inc\");\n\nif ( ! get_kb_item(\"Host/local_checks_enabled\") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/Ubuntu/release\");\nif ( isnull(release) ) audit(AUDIT_OS_NOT, \"Ubuntu\");\nrelease = chomp(release);\nif (! preg(pattern:\"^(12\\.04)$\", string:release)) audit(AUDIT_OS_NOT, \"Ubuntu 12.04\", \"Ubuntu \" + release);\nif ( ! get_kb_item(\"Host/Debian/dpkg-l\") ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Ubuntu\", cpu);\n\nif (get_one_kb_item(\"Host/ksplice/kernel-cves\"))\n{\n rm_kb_item(name:\"Host/uptrack-uname-r\");\n cve_list = make_list(\"CVE-2014-7841\", \"CVE-2014-7842\", \"CVE-2014-7843\", \"CVE-2014-8884\");\n if (ksplice_cves_check(cve_list))\n {\n audit(AUDIT_PATCH_INSTALLED, \"KSplice hotfix for USN-2465-1\");\n }\n else\n {\n _ubuntu_report = ksplice_reporting_text();\n }\n}\n\nflag = 0;\n\nif (ubuntu_check(osver:\"12.04\", pkgname:\"linux-image-3.13.0-44-generic\", pkgver:\"3.13.0-44.73~precise1\")) flag++;\nif (ubuntu_check(osver:\"12.04\", pkgname:\"linux-image-3.13.0-44-generic-lpae\", pkgver:\"3.13.0-44.73~precise1\")) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : ubuntu_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = ubuntu_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"linux-image-3.13-generic / linux-image-3.13-generic-lpae\");\n}\n", "cvss": {"score": 6.1, "vector": "AV:L/AC:L/Au:N/C:P/I:P/A:C"}}, {"lastseen": "2020-08-01T05:27:39", "bulletinFamily": "scanner", "description": "A NULL pointer dereference flaw was discovered in the the Linux\nkernel", "modified": "2020-08-02T00:00:00", "id": "UBUNTU_USN-2467-1.NASL", "href": "https://www.tenable.com/plugins/nessus/80514", "published": "2015-01-14T00:00:00", "title": "Ubuntu 14.04 LTS : linux-lts-utopic vulnerabilities (USN-2467-1)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-2467-1. The text \n# itself is copyright (C) Canonical, Inc. See \n# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered \n# trademark of Canonical, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(80514);\n script_version(\"1.10\");\n script_cvs_date(\"Date: 2019/09/19 12:54:31\");\n\n script_cve_id(\"CVE-2014-7841\", \"CVE-2014-7842\", \"CVE-2014-7843\", \"CVE-2014-8884\");\n script_bugtraq_id(71078, 71081, 71082, 71097);\n script_xref(name:\"USN\", value:\"2467-1\");\n\n script_name(english:\"Ubuntu 14.04 LTS : linux-lts-utopic vulnerabilities (USN-2467-1)\");\n script_summary(english:\"Checks dpkg output for updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Ubuntu host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"A NULL pointer dereference flaw was discovered in the the Linux\nkernel's SCTP implementation when ASCONF is used. A remote attacker\ncould exploit this flaw to cause a denial of service (system crash)\nvia a malformed INIT chunk. (CVE-2014-7841)\n\nA race condition with MMIO and PIO transactions in the KVM (Kernel\nVirtual Machine) subsystem of the Linux kernel was discovered. A guest\nOS user could exploit this flaw to cause a denial of service (guest OS\ncrash) via a specially crafted application. (CVE-2014-7842)\n\nMilos Prchlik reported a flaw in how the ARM64 platform handles a\nsingle byte overflow in __clear_user. A local user could exploit this\nflaw to cause a denial of service (system crash) by reading one byte\nbeyond a /dev/zero page boundary. (CVE-2014-7843)\n\nA stack buffer overflow was discovered in the ioctl command handling\nfor the Technotrend/Hauppauge USB DEC devices driver. A local user\ncould exploit this flaw to cause a denial of service (system crash) or\npossibly gain privileges. (CVE-2014-8884).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://usn.ubuntu.com/2467-1/\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"Update the affected linux-image-3.16-generic,\nlinux-image-3.16-generic-lpae and / or linux-image-3.16-lowlatency\npackages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:P/I:P/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-3.16-generic\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-3.16-generic-lpae\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-3.16-lowlatency\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:14.04\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2014/11/29\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/01/13\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/01/14\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"Ubuntu Security Notice (C) 2015-2019 Canonical, Inc. / NASL script (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"linux_alt_patch_detect.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"ubuntu.inc\");\ninclude(\"ksplice.inc\");\n\nif ( ! get_kb_item(\"Host/local_checks_enabled\") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/Ubuntu/release\");\nif ( isnull(release) ) audit(AUDIT_OS_NOT, \"Ubuntu\");\nrelease = chomp(release);\nif (! preg(pattern:\"^(14\\.04)$\", string:release)) audit(AUDIT_OS_NOT, \"Ubuntu 14.04\", \"Ubuntu \" + release);\nif ( ! get_kb_item(\"Host/Debian/dpkg-l\") ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Ubuntu\", cpu);\n\nif (get_one_kb_item(\"Host/ksplice/kernel-cves\"))\n{\n rm_kb_item(name:\"Host/uptrack-uname-r\");\n cve_list = make_list(\"CVE-2014-7841\", \"CVE-2014-7842\", \"CVE-2014-7843\", \"CVE-2014-8884\");\n if (ksplice_cves_check(cve_list))\n {\n audit(AUDIT_PATCH_INSTALLED, \"KSplice hotfix for USN-2467-1\");\n }\n else\n {\n _ubuntu_report = ksplice_reporting_text();\n }\n}\n\nflag = 0;\n\nif (ubuntu_check(osver:\"14.04\", pkgname:\"linux-image-3.16.0-29-generic\", pkgver:\"3.16.0-29.39~14.04.1\")) flag++;\nif (ubuntu_check(osver:\"14.04\", pkgname:\"linux-image-3.16.0-29-generic-lpae\", pkgver:\"3.16.0-29.39~14.04.1\")) flag++;\nif (ubuntu_check(osver:\"14.04\", pkgname:\"linux-image-3.16.0-29-lowlatency\", pkgver:\"3.16.0-29.39~14.04.1\")) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : ubuntu_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = ubuntu_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"linux-image-3.16-generic / linux-image-3.16-generic-lpae / etc\");\n}\n", "cvss": {"score": 6.1, "vector": "AV:L/AC:L/Au:N/C:P/I:P/A:C"}}, {"lastseen": "2020-03-18T02:47:25", "bulletinFamily": "scanner", "description": "Security Fix(es) :\n\n - It was found that reporting emulation failures to user\n space could lead to either a local (CVE-2014-7842) or a\n L2->L1 (CVE-2010-5313) denial of service. In the case of\n a local denial of service, an attacker must have access\n to the MMIO area or be able to access an I/O port.\n Please note that on certain systems, HPET is mapped to\n userspace as part of vdso (vvar) and thus an\n unprivileged user may generate MMIO transactions (and\n enter the emulator) this way. (CVE-2010-5313,\n CVE-2014-7842, Moderate)\n\n - It was found that the Linux kernel did not properly\n account file descriptors passed over the unix socket\n against the process limit. A local user could use this\n flaw to exhaust all available memory on the system.\n (CVE-2013-4312, Moderate)\n\n - A buffer overflow flaw was found in the way the Linux\n kernel", "modified": "2016-06-17T00:00:00", "id": "SL_20160510_KERNEL_ON_SL6_X.NASL", "href": "https://www.tenable.com/plugins/nessus/91643", "published": "2016-06-17T00:00:00", "title": "Scientific Linux Security Update : kernel on SL6.x i386/x86_64 (20160510)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text is (C) Scientific Linux.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(91643);\n script_version(\"2.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2020/02/25\");\n\n script_cve_id(\"CVE-2010-5313\", \"CVE-2013-4312\", \"CVE-2014-7842\", \"CVE-2014-8134\", \"CVE-2015-5156\", \"CVE-2015-7509\", \"CVE-2015-8215\", \"CVE-2015-8324\", \"CVE-2015-8543\");\n\n script_name(english:\"Scientific Linux Security Update : kernel on SL6.x i386/x86_64 (20160510)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Scientific Linux host is missing one or more security\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Security Fix(es) :\n\n - It was found that reporting emulation failures to user\n space could lead to either a local (CVE-2014-7842) or a\n L2->L1 (CVE-2010-5313) denial of service. In the case of\n a local denial of service, an attacker must have access\n to the MMIO area or be able to access an I/O port.\n Please note that on certain systems, HPET is mapped to\n userspace as part of vdso (vvar) and thus an\n unprivileged user may generate MMIO transactions (and\n enter the emulator) this way. (CVE-2010-5313,\n CVE-2014-7842, Moderate)\n\n - It was found that the Linux kernel did not properly\n account file descriptors passed over the unix socket\n against the process limit. A local user could use this\n flaw to exhaust all available memory on the system.\n (CVE-2013-4312, Moderate)\n\n - A buffer overflow flaw was found in the way the Linux\n kernel's virtio- net subsystem handled certain fraglists\n when the GRO (Generic Receive Offload) functionality was\n enabled in a bridged network configuration. An attacker\n on the local network could potentially use this flaw to\n crash the system, or, although unlikely, elevate their\n privileges on the system. (CVE-2015-5156, Moderate)\n\n - It was found that the Linux kernel's IPv6 network stack\n did not properly validate the value of the MTU variable\n when it was set. A remote attacker could potentially use\n this flaw to disrupt a target system's networking\n (packet loss) by setting an invalid MTU value, for\n example, via a NetworkManager daemon that is processing\n router advertisement packets running on the target\n system. (CVE-2015-8215, Moderate)\n\n - A NULL pointer dereference flaw was found in the way the\n Linux kernel's network subsystem handled socket creation\n with an invalid protocol identifier. A local user could\n use this flaw to crash the system. (CVE-2015-8543,\n Moderate)\n\n - It was found that the espfix functionality does not work\n for 32-bit KVM paravirtualized guests. A local,\n unprivileged guest user could potentially use this flaw\n to leak kernel stack addresses. (CVE-2014-8134, Low)\n\n - A flaw was found in the way the Linux kernel's ext4 file\n system driver handled non-journal file systems with an\n orphan list. An attacker with physical access to the\n system could use this flaw to crash the system or,\n although unlikely, escalate their privileges on the\n system. (CVE-2015-7509, Low)\n\n - A NULL pointer dereference flaw was found in the way the\n Linux kernel's ext4 file system driver handled certain\n corrupted file system images. An attacker with physical\n access to the system could use this flaw to crash the\n system. (CVE-2015-8324, Low)\n\nNotes :\n\n - Problems have been reported with this kernel and\n VirtualBox. More info is available in the notes for the\n VirtualBox ticket here: <a\n href='https://www.virtualbox.org/ticket/14866'\n target='_blank'>https://www.virtualbox.org/ticket/14866<\n /a>\"\n );\n # https://listserv.fnal.gov/scripts/wa.exe?A2=ind1606&L=scientific-linux-errata&F=&S=&P=3658\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?87948e6e\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:kernel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:kernel-abi-whitelists\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:kernel-debug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:kernel-debug-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:kernel-debug-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:kernel-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:kernel-debuginfo-common-i686\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:kernel-debuginfo-common-x86_64\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:kernel-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:kernel-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:kernel-firmware\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:kernel-headers\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:perf\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:perf-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:python-perf\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:python-perf-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"x-cpe:/o:fermilab:scientific_linux\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2014/11/30\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/05/10\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/06/17\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2016-2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Scientific Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Scientific Linux \" >!< release) audit(AUDIT_HOST_NOT, \"running Scientific Linux\");\nos_ver = pregmatch(pattern: \"Scientific Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Scientific Linux\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^6([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Scientific Linux 6.x\", \"Scientific Linux \" + os_ver);\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu >!< \"x86_64\" && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Scientific Linux\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"SL6\", reference:\"kernel-2.6.32-642.el6\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"kernel-abi-whitelists-2.6.32-642.el6\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"kernel-debug-2.6.32-642.el6\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"kernel-debug-debuginfo-2.6.32-642.el6\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"kernel-debug-devel-2.6.32-642.el6\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"kernel-debuginfo-2.6.32-642.el6\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"kernel-debuginfo-common-i686-2.6.32-642.el6\")) flag++;\nif (rpm_check(release:\"SL6\", cpu:\"x86_64\", reference:\"kernel-debuginfo-common-x86_64-2.6.32-642.el6\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"kernel-devel-2.6.32-642.el6\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"kernel-doc-2.6.32-642.el6\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"kernel-firmware-2.6.32-642.el6\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"kernel-headers-2.6.32-642.el6\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"perf-2.6.32-642.el6\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"perf-debuginfo-2.6.32-642.el6\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"python-perf-2.6.32-642.el6\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"python-perf-debuginfo-2.6.32-642.el6\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"kernel / kernel-abi-whitelists / kernel-debug / etc\");\n}\n", "cvss": {"score": 6.9, "vector": "AV:L/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-08-01T04:11:52", "bulletinFamily": "scanner", "description": "Description of changes:\n\n[2.6.39-400.264.13.el6uek]\n- KEYS: Don", "modified": "2020-08-02T00:00:00", "id": "ORACLELINUX_ELSA-2016-3502.NASL", "href": "https://www.tenable.com/plugins/nessus/87835", "published": "2016-01-11T00:00:00", "title": "Oracle Linux 5 / 6 : Unbreakable Enterprise kernel (ELSA-2016-3502)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Oracle Linux Security Advisory ELSA-2016-3502.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(87835);\n script_version(\"2.8\");\n script_cvs_date(\"Date: 2019/09/27 13:00:37\");\n\n script_cve_id(\"CVE-2010-5313\", \"CVE-2013-7421\", \"CVE-2014-7842\", \"CVE-2014-9644\", \"CVE-2015-5307\", \"CVE-2015-7613\", \"CVE-2015-7872\", \"CVE-2015-8104\");\n\n script_name(english:\"Oracle Linux 5 / 6 : Unbreakable Enterprise kernel (ELSA-2016-3502)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Oracle Linux host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Description of changes:\n\n[2.6.39-400.264.13.el6uek]\n- KEYS: Don't permit request_key() to construct a new keyring (David \nHowells) [Orabug: 22373449] {CVE-2015-7872}\n\n[2.6.39-400.264.12.el6uek]\n- crypto: add missing crypto module aliases (Mathias Krause) [Orabug: \n22249656] {CVE-2013-7421} {CVE-2014-9644}\n- crypto: include crypto- module prefix in template (Kees Cook) \n[Orabug: 22249656] {CVE-2013-7421} {CVE-2014-9644}\n- crypto: prefix module autoloading with 'crypto-' (Kees Cook) [Orabug: \n22249656] {CVE-2013-7421} {CVE-2014-9644}\n\n[2.6.39-400.264.11.el6uek]\n- KVM: x86: Don't report guest userspace emulation error to userspace \n(Nadav Amit) [Orabug: 22249615] {CVE-2010-5313} {CVE-2014-7842}\n\n[2.6.39-400.264.9.el6uek]\n- msg_unlock() in wrong spot after applying 'Initialize msg/shm IPC \nobjects before doing ipc_addid()' (Chuck Anderson) [Orabug: 22250044] \n{CVE-2015-7613} {CVE-2015-7613}\n\n[2.6.39-400.264.8.el6uek]\n- ipc/sem.c: fully initialize sem_array before making it visible \n(Manfred Spraul) [Orabug: 22250044] {CVE-2015-7613}\n- Initialize msg/shm IPC objects before doing ipc_addid() (Linus \nTorvalds) [Orabug: 22250044] {CVE-2015-7613}\n\n[2.6.39-400.264.7.el6uek]\n- KVM: svm: unconditionally intercept #DB (Paolo Bonzini) [Orabug: \n22333698] {CVE-2015-8104} {CVE-2015-8104}\n- KVM: x86: work around infinite loop in microcode when #AC is delivered \n(Eric Northup) [Orabug: 22333689] {CVE-2015-5307} {CVE-2015-5307}\n\n[2.6.39-400.264.6.el6uek]\n- mlx4_core: Introduce restrictions for PD update (Ajaykumar \nHotchandani) - IPoIB: Drop priv->lock before calling ipoib_send() \n(Wengang Wang) - IPoIB: serialize changing on tx_outstanding (Wengang \nWang) [Orabug: 21861366] - IB/mlx4: Implement IB_QP_CREATE_USE_GFP_NOIO \n(Jiri Kosina) - IB: Add a QP creation flag to use GFP_NOIO allocations \n(Or Gerlitz) - IB: Return error for unsupported QP creation flags (Or \nGerlitz) - IB/ipoib: Calculate csum only when skb->ip_summed is \nCHECKSUM_PARTIAL (Yuval Shaia) [Orabug: 20873175]\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://oss.oracle.com/pipermail/el-errata/2016-January/005677.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://oss.oracle.com/pipermail/el-errata/2016-January/005678.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected unbreakable enterprise kernel packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:M/Au:N/C:C/I:C/A:C\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek-debug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek-debug-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek-firmware\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:5\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:6\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2014/11/29\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/01/09\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/01/11\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Oracle Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"linux_alt_patch_detect.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/OracleLinux\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\ninclude(\"ksplice.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/OracleLinux\")) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || !pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux)\", string:release)) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nos_ver = pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Oracle Linux\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(5|6)([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Oracle Linux 5 / 6\", \"Oracle Linux \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && \"ia64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Oracle Linux\", cpu);\n\nif (get_one_kb_item(\"Host/ksplice/kernel-cves\"))\n{\n rm_kb_item(name:\"Host/uptrack-uname-r\");\n cve_list = make_list(\"CVE-2010-5313\", \"CVE-2013-7421\", \"CVE-2014-7842\", \"CVE-2014-9644\", \"CVE-2015-5307\", \"CVE-2015-7613\", \"CVE-2015-7872\", \"CVE-2015-8104\"); \n if (ksplice_cves_check(cve_list))\n {\n audit(AUDIT_PATCH_INSTALLED, \"KSplice hotfix for ELSA-2016-3502\");\n }\n else\n {\n __rpm_report = ksplice_reporting_text();\n }\n}\n\nkernel_major_minor = get_kb_item(\"Host/uname/major_minor\");\nif (empty_or_null(kernel_major_minor)) exit(1, \"Unable to determine kernel major-minor level.\");\nexpected_kernel_major_minor = \"2.6\";\nif (kernel_major_minor != expected_kernel_major_minor)\n audit(AUDIT_OS_NOT, \"running kernel level \" + expected_kernel_major_minor + \", it is running kernel level \" + kernel_major_minor);\n\nflag = 0;\nif (rpm_exists(release:\"EL5\", rpm:\"kernel-uek-2.6.39\") && rpm_check(release:\"EL5\", reference:\"kernel-uek-2.6.39-400.264.13.el5uek\")) flag++;\nif (rpm_exists(release:\"EL5\", rpm:\"kernel-uek-debug-2.6.39\") && rpm_check(release:\"EL5\", reference:\"kernel-uek-debug-2.6.39-400.264.13.el5uek\")) flag++;\nif (rpm_exists(release:\"EL5\", rpm:\"kernel-uek-debug-devel-2.6.39\") && rpm_check(release:\"EL5\", reference:\"kernel-uek-debug-devel-2.6.39-400.264.13.el5uek\")) flag++;\nif (rpm_exists(release:\"EL5\", rpm:\"kernel-uek-devel-2.6.39\") && rpm_check(release:\"EL5\", reference:\"kernel-uek-devel-2.6.39-400.264.13.el5uek\")) flag++;\nif (rpm_exists(release:\"EL5\", rpm:\"kernel-uek-doc-2.6.39\") && rpm_check(release:\"EL5\", reference:\"kernel-uek-doc-2.6.39-400.264.13.el5uek\")) flag++;\nif (rpm_exists(release:\"EL5\", rpm:\"kernel-uek-firmware-2.6.39\") && rpm_check(release:\"EL5\", reference:\"kernel-uek-firmware-2.6.39-400.264.13.el5uek\")) flag++;\n\nif (rpm_exists(release:\"EL6\", rpm:\"kernel-uek-2.6.39\") && rpm_check(release:\"EL6\", reference:\"kernel-uek-2.6.39-400.264.13.el6uek\")) flag++;\nif (rpm_exists(release:\"EL6\", rpm:\"kernel-uek-debug-2.6.39\") && rpm_check(release:\"EL6\", reference:\"kernel-uek-debug-2.6.39-400.264.13.el6uek\")) flag++;\nif (rpm_exists(release:\"EL6\", rpm:\"kernel-uek-debug-devel-2.6.39\") && rpm_check(release:\"EL6\", reference:\"kernel-uek-debug-devel-2.6.39-400.264.13.el6uek\")) flag++;\nif (rpm_exists(release:\"EL6\", rpm:\"kernel-uek-devel-2.6.39\") && rpm_check(release:\"EL6\", reference:\"kernel-uek-devel-2.6.39-400.264.13.el6uek\")) flag++;\nif (rpm_exists(release:\"EL6\", rpm:\"kernel-uek-doc-2.6.39\") && rpm_check(release:\"EL6\", reference:\"kernel-uek-doc-2.6.39-400.264.13.el6uek\")) flag++;\nif (rpm_exists(release:\"EL6\", rpm:\"kernel-uek-firmware-2.6.39\") && rpm_check(release:\"EL6\", reference:\"kernel-uek-firmware-2.6.39-400.264.13.el6uek\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"affected kernel\");\n}\n", "cvss": {"score": 6.9, "vector": "AV:L/AC:M/Au:N/C:C/I:C/A:C"}}], "securityvulns": [{"lastseen": "2018-08-31T11:09:58", "bulletinFamily": "software", "description": "DoS via SCTP, TechnoTrend/Hauppauge DEC USB driver buffer overflow, invalid registers handling in x86, ASLR bypass.", "modified": "2014-12-21T00:00:00", "published": "2014-12-21T00:00:00", "id": "SECURITYVULNS:VULN:14146", "href": "https://vulners.com/securityvulns/SECURITYVULNS:VULN:14146", "title": "Linux kernel multiple security vulnerabilities", "type": "securityvulns", "cvss": {"score": 6.1, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:COMPLETE/"}}, {"lastseen": "2018-08-31T11:10:56", "bulletinFamily": "software", "description": "\r\n\r\n-----BEGIN PGP SIGNED MESSAGE-----\r\nHash: SHA1\r\n\r\n _______________________________________________________________________\r\n\r\n Mandriva Linux Security Advisory MDVSA-2015:027\r\n http://www.mandriva.com/en/support/security/\r\n _______________________________________________________________________\r\n\r\n Package : kernel\r\n Date : January 16, 2015\r\n Affected: Business Server 1.0\r\n _______________________________________________________________________\r\n\r\n Problem Description:\r\n\r\n Multiple vulnerabilities has been found and corrected in the Linux\r\n kernel:\r\n \r\n The SCTP implementation in the Linux kernel before 3.17.4 allows\r\n remote attackers to cause a denial of service (memory consumption) by\r\n triggering a large number of chunks in an association's output queue,\r\n as demonstrated by ASCONF probes, related to net/sctp/inqueue.c and\r\n net/sctp/sm_statefuns.c (CVE-2014-3688=.\r\n \r\n Buffer overflow in net/ceph/auth_x.c in Ceph, as used in the Linux\r\n kernel before 3.16.3, allows remote attackers to cause a denial of\r\n service (memory corruption and panic) or possibly have unspecified\r\n other impact via a long unencrypted auth ticket (CVE-2014-6416).\r\n \r\n net/ceph/auth_x.c in Ceph, as used in the Linux kernel before 3.16.3,\r\n does not properly consider the possibility of kmalloc failure, which\r\n allows remote attackers to cause a denial of service (system crash)\r\n or possibly have unspecified other impact via a long unencrypted auth\r\n ticket (CVE-2014-6417).\r\n \r\n net/ceph/auth_x.c in Ceph, as used in the Linux kernel before\r\n 3.16.3, does not properly validate auth replies, which allows remote\r\n attackers to cause a denial of service (system crash) or possibly\r\n have unspecified other impact via crafted data from the IP address\r\n of a Ceph Monitor (CVE-2014-6418).\r\n \r\n The sctp_process_param function in net/sctp/sm_make_chunk.c in the\r\n SCTP implementation in the Linux kernel before 3.17.4, when ASCONF\r\n is used, allows remote attackers to cause a denial of service (NULL\r\n pointer dereference and system crash) via a malformed INIT chunk\r\n (CVE-2014-7841).\r\n \r\n Race condition in arch/x86/kvm/x86.c in the Linux kernel before 3.17.4\r\n allows guest OS users to cause a denial of service (guest OS crash)\r\n via a crafted application that performs an MMIO transaction or a\r\n PIO transaction to trigger a guest userspace emulation error report,\r\n a similar issue to CVE-2010-5313 (CVE-2014-7842).\r\n \r\n arch/x86/kernel/tls.c in the Thread Local Storage (TLS) implementation\r\n in the Linux kernel through 3.18.1 allows local users to bypass the\r\n espfix protection mechanism, and consequently makes it easier for\r\n local users to bypass the ASLR protection mechanism, via a crafted\r\n application that makes a set_thread_area system call and later reads\r\n a 16-bit value (CVE-2014-8133).\r\n \r\n Stack-based buffer overflow in the\r\n ttusbdecfe_dvbs_diseqc_send_master_cmd function in\r\n drivers/media/usb/ttusb-dec/ttusbdecfe.c in the Linux kernel before\r\n 3.17.4 allows local users to cause a denial of service (system crash)\r\n or possibly gain privileges via a large message length in an ioctl call\r\n (CVE-2014-8884).\r\n \r\n The do_double_fault function in arch/x86/kernel/traps.c in the Linux\r\n kernel through 3.17.4 does not properly handle faults associated with\r\n the Stack Segment (SS) segment register, which allows local users\r\n to cause a denial of service (panic) via a modify_ldt system call,\r\n as demonstrated by sigreturn_32 in the linux-clock-tests test suite\r\n (CVE-2014-9090).\r\n \r\n arch/x86/kernel/entry_64.S in the Linux kernel before 3.17.5 does\r\n not properly handle faults associated with the Stack Segment (SS)\r\n segment register, which allows local users to gain privileges by\r\n triggering an IRET instruction that leads to access to a GS Base\r\n address from the wrong space (CVE-2014-9322).\r\n \r\n The __switch_to function in arch/x86/kernel/process_64.c in the Linux\r\n kernel through 3.18.1 does not ensure that Thread Local Storage (TLS)\r\n descriptors are loaded before proceeding with other steps, which makes\r\n it easier for local users to bypass the ASLR protection mechanism via\r\n a crafted application that reads a TLS base address (CVE-2014-9419).\r\n \r\n The rock_continue function in fs/isofs/rock.c in the Linux kernel\r\n through 3.18.1 does not restrict the number of Rock Ridge continuation\r\n entries, which allows local users to cause a denial of service\r\n (infinite loop, and system crash or hang) via a crafted iso9660 image\r\n (CVE-2014-9420).\r\n \r\n Race condition in the key_gc_unused_keys function in security/keys/gc.c\r\n in the Linux kernel through 3.18.2 allows local users to cause a denial\r\n of service (memory corruption or panic) or possibly have unspecified\r\n other impact via keyctl commands that trigger access to a key structure\r\n member during garbage collection of a key (CVE-2014-9529).\r\n \r\n The parse_rock_ridge_inode_internal function in fs/isofs/rock.c in\r\n the Linux kernel before 3.18.2 does not validate a length value in\r\n the Extensions Reference (ER) System Use Field, which allows local\r\n users to obtain sensitive information from kernel memory via a crafted\r\n iso9660 image (CVE-2014-9584).\r\n \r\n The vdso_addr function in arch/x86/vdso/vma.c in the Linux kernel\r\n through 3.18.2 does not properly choose memory locations for the\r\n vDSO area, which makes it easier for local users to bypass the ASLR\r\n protection mechanism by guessing a location at the end of a PMD\r\n (CVE-2014-9585).\r\n \r\n The updated packages provides a solution for these security issues.\r\n _______________________________________________________________________\r\n\r\n References:\r\n\r\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3688\r\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6416\r\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6417\r\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6418\r\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-7841\r\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-7842\r\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8133\r\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8884\r\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9090\r\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9322\r\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9419\r\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9420\r\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9529\r\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9584\r\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9585\r\n _______________________________________________________________________\r\n\r\n Updated Packages:\r\n\r\n Mandriva Business Server 1/X86_64:\r\n 84b2f7fd994f5ed9738484492cf1f6fb mbs1/x86_64/cpupower-3.4.105-2.1.mbs1.x86_64.rpm\r\n 3b7822069fb7f64c5954038f2a352816 mbs1/x86_64/kernel-firmware-3.4.105-2.1.mbs1.noarch.rpm\r\n 137bd01930fe4bdc9d1b7f095fd3237e mbs1/x86_64/kernel-headers-3.4.105-2.1.mbs1.x86_64.rpm\r\n 66eb79923df892f0492dc8b4011e3f47 mbs1/x86_64/kernel-server-3.4.105-2.1.mbs1.x86_64.rpm\r\n 6f24362ea683103e480874c2ff93407a mbs1/x86_64/kernel-server-devel-3.4.105-2.1.mbs1.x86_64.rpm\r\n 36aee1a085a5083200a7ffbd5da543f6 mbs1/x86_64/kernel-source-3.4.105-2.mbs1.noarch.rpm\r\n 93aef55bcc1f02263e07541db93b45ce mbs1/x86_64/lib64cpupower0-3.4.105-2.1.mbs1.x86_64.rpm\r\n f73d1f80d3d0db90a63d3889b71cc60f mbs1/x86_64/lib64cpupower-devel-3.4.105-2.1.mbs1.x86_64.rpm\r\n 854eb4e04b196c33441ce932ba48dfc7 mbs1/x86_64/perf-3.4.105-2.1.mbs1.x86_64.rpm \r\n 4727802fbd1d77523b157b7fd36177ea mbs1/SRPMS/cpupower-3.4.105-2.1.mbs1.src.rpm\r\n 1f2e120416115a646e0026e6079ac9df mbs1/SRPMS/kernel-firmware-3.4.105-2.1.mbs1.src.rpm\r\n cf4f1bbc72cb9369162703efa7b5adc3 mbs1/SRPMS/kernel-headers-3.4.105-2.1.mbs1.src.rpm\r\n 145c57c74bc2346e9435284873062057 mbs1/SRPMS/kernel-server-3.4.105-2.1.mbs1.src.rpm\r\n 7154bb874ff6fd31772fa2e03fc0a186 mbs1/SRPMS/kernel-source-3.4.105-2.mbs1.src.rpm\r\n acd00535b878c07c70ac0b2680d1b9cc mbs1/SRPMS/perf-3.4.105-2.1.mbs1.src.rpm\r\n _______________________________________________________________________\r\n\r\n To upgrade automatically use MandrivaUpdate or urpmi. The verification\r\n of md5 checksums and GPG signatures is performed automatically for you.\r\n\r\n All packages are signed by Mandriva for security. You can obtain the\r\n GPG public key of the Mandriva Security Team by executing:\r\n\r\n gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98\r\n\r\n You can view other update advisories for Mandriva Linux at:\r\n\r\n http://www.mandriva.com/en/support/security/advisories/\r\n\r\n If you want to report vulnerabilities, please contact\r\n\r\n security_(at)_mandriva.com\r\n _______________________________________________________________________\r\n\r\n Type Bits/KeyID Date User ID\r\n pub 1024D/22458A98 2000-07-10 Mandriva Security Team\r\n <security*mandriva.com>\r\n-----BEGIN PGP SIGNATURE-----\r\nVersion: GnuPG v1.4.12 (GNU/Linux)\r\n\r\niD8DBQFUuULOmqjQ0CJFipgRAmTfAJ40ZrILR8XPoduEMKuokkZuOV2rXwCg424o\r\nPM+ddh+qKQrHCeweXyb+AdU=\r\n=zMRK\r\n-----END PGP SIGNATURE-----\r\n\r\n", "modified": "2015-01-18T00:00:00", "published": "2015-01-18T00:00:00", "id": "SECURITYVULNS:DOC:31621", "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:31621", "title": "[ MDVSA-2015:027 ] kernel", "type": "securityvulns", "cvss": {"score": 7.8, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:COMPLETE/"}}], "oraclelinux": [{"lastseen": "2019-05-29T18:39:03", "bulletinFamily": "unix", "description": "[2.6.39-400.264.13]\n- KEYS: Don't permit request_key() to construct a new keyring (David Howells) [Orabug: 22373449] {CVE-2015-7872}\n[2.6.39-400.264.12]\n- crypto: add missing crypto module aliases (Mathias Krause) [Orabug: 22249656] {CVE-2013-7421} {CVE-2014-9644}\n- crypto: include crypto- module prefix in template (Kees Cook) [Orabug: 22249656] {CVE-2013-7421} {CVE-2014-9644}\n- crypto: prefix module autoloading with 'crypto-' (Kees Cook) [Orabug: 22249656] {CVE-2013-7421} {CVE-2014-9644}\n[2.6.39-400.264.11]\n- KVM: x86: Don't report guest userspace emulation error to userspace (Nadav Amit) [Orabug: 22249615] {CVE-2010-5313} {CVE-2014-7842}\n[2.6.39-400.264.9]\n- msg_unlock() in wrong spot after applying 'Initialize msg/shm IPC objects before doing ipc_addid()' (Chuck Anderson) [Orabug: 22250044] {CVE-2015-7613} {CVE-2015-7613}\n[2.6.39-400.264.8]\n- ipc/sem.c: fully initialize sem_array before making it visible (Manfred Spraul) [Orabug: 22250044] {CVE-2015-7613}\n- Initialize msg/shm IPC objects before doing ipc_addid() (Linus Torvalds) [Orabug: 22250044] {CVE-2015-7613}\n[2.6.39-400.264.7]\n- KVM: svm: unconditionally intercept #DB (Paolo Bonzini) [Orabug: 22333698] {CVE-2015-8104} {CVE-2015-8104}\n- KVM: x86: work around infinite loop in microcode when #AC is delivered (Eric Northup) [Orabug: 22333689] {CVE-2015-5307} {CVE-2015-5307}\n[2.6.39-400.264.6]\n- mlx4_core: Introduce restrictions for PD update (Ajaykumar Hotchandani) \n- IPoIB: Drop priv->lock before calling ipoib_send() (Wengang Wang) \n- IPoIB: serialize changing on tx_outstanding (Wengang Wang) [Orabug: 21861366] \n- IB/mlx4: Implement IB_QP_CREATE_USE_GFP_NOIO (Jiri Kosina) \n- IB: Add a QP creation flag to use GFP_NOIO allocations (Or Gerlitz) \n- IB: Return error for unsupported QP creation flags (Or Gerlitz) \n- IB/ipoib: Calculate csum only when skb->ip_summed is CHECKSUM_PARTIAL (Yuval Shaia) [Orabug: 20873175]", "modified": "2016-01-08T00:00:00", "published": "2016-01-08T00:00:00", "id": "ELSA-2016-3502", "href": "http://linux.oracle.com/errata/ELSA-2016-3502.html", "title": "Unbreakable Enterprise kernel security update", "type": "oraclelinux", "cvss": {"score": 6.9, "vector": "AV:L/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-05-29T18:34:42", "bulletinFamily": "unix", "description": "[2.6.32-642]\n- [scsi] fc: revert - ensure scan_work isnt active when freeing fc_rport (Ewan Milne) [1326447]\n- [netdrv] ixgbe: Update ixgbe driver to use __netdev_pick_tx in ixgbe_select_queue (John Greene) [1310749]\n- [netdrv] mlx5e: Fix adding vlan rule with vid zero twice (Kamal Heib) [1322809]\n[2.6.32-641]\n- [netdrv] ixgbe: restore proper CHECKSUM_UNNECESSARY behavior for LRO packets (Neil Horman) [1318426]\n- [netdrv] revert ' net/mlx5_core: Add pci error handlers to mlx5_core driver' (Don Dutile) [1324599]\n- [x86] kernel: espfix not working for 32-bit KVM paravirt guests (Jacob Tanenbaum) [1172767] {CVE-2014-8134}\n[2.6.32-640]\n- [net] use GFP_ATOMIC in dst_ops_extend_register (Sabrina Dubroca) [1323252]\n- [kernel] revert 'sched: core: Use hrtimer_start_expires' (Jiri Olsa) [1324318]\n- [kernel] Revert 'Cleanup bandwidth timers' (Jiri Olsa) [1324318]\n- [kernel] revert 'fair: Test list head instead of list entry in throttle_cfs_rq' (Jiri Olsa) [1324318]\n- [kernel] revert 'sched, perf: Fix periodic timers' (Jiri Olsa) [1324318]\n- [kernel] Revert 'fix KABI break' (Jiri Olsa) [1324318]\n[2.6.32-639]\n- [input] wacom: fix ExpressKeys remote events (Aristeu Rozanski) [1318027]\n- [fs] revert 'writeback: remove wb_list' (Jeff Moyer) [1322297]\n- [fs] revert 'writeback: bdi_writeback_task must set task state before calling schedule' (Jeff Moyer) [1322297]\n- [fs] revert 'writeback: merge bdi_writeback_task and bdi_start_fn' (Jeff Moyer) [1322297]\n- [fs] revert 'writeback: harmonize writeback threads naming' (Jeff Moyer) [1322297]\n- [fs] revert 'writeback: fix possible race when creating bdi threads' (Jeff Moyer) [1322297]\n- [fs] revert 'writeback: do not lose wake-ups in the forker thread - 1' (Jeff Moyer) [1322297]\n- [fs] revert 'writeback: do not lose wake-ups in the forker thread - 2' (Jeff Moyer) [1322297]\n- [fs] revert 'writeback: do not lose wake-ups in bdi threads' (Jeff Moyer) [1322297]\n- [fs] revert 'writeback: simplify bdi code a little' (Jeff Moyer) [1322297]\n- [fs] revert 'writeback: do not remove bdi from bdi_list' (Jeff Moyer) [1322297]\n- [fs] revert 'writeback: move last_active to bdi' (Jeff Moyer) [1322297]\n- [fs] revert 'writeback: restructure bdi forker loop a little' (Jeff Moyer) [1322297]\n- [fs] revert 'writeback: move bdi threads exiting logic to the forker thread' (Jeff Moyer) [1322297]\n- [fs] revert 'writeback: prevent unnecessary bdi threads wakeups' (Jeff Moyer) [1322297]\n- [fs] revert 'writeback: optimize periodic bdi thread wakeups' (Jeff Moyer) [1322297]\n- [fs] revert 'writeback: remove unnecessary init_timer call' (Jeff Moyer) [1322297]\n- [fs] revert 'writeback: cleanup bdi_register' (Jeff Moyer) [1322297]\n- [fs] revert 'writeback: fix bad _bh spinlock nesting' (Jeff Moyer) [1322297]\n- [fs] revert 'writeback: do not lose wakeup events when forking bdi threads' (Jeff Moyer) [1322297]\n- [fs] revert 'writeback: Fix lost wake-up shutting down writeback thread' (Jeff Moyer) [1322297]\n- [mm] revert 'backing-dev: ensure wakeup_timer is deleted' (Jeff Moyer) [1322297]\n- [perf] revert: perf changes out of 'sched, perf: Fix periodic timers' (Jiri Olsa) [1322488]\n[2.6.32-638]\n- [mm] hugetlb: prevent BUG_ON in hugetlb_fault -> hugetlb_cow (Dave Anderson) [1303495]\n- [mm] hugetlb: fix race condition in hugetlb_fault (Dave Anderson) [1303495]\n- [s390] kdump: fix wrong BUG_ON statement (Hendrik Brueckner) [1321316]\n- [scsi] cxgb4i: Increased the value of MAX_IMM_TX_PKT_LEN from 128 to 256 bytes (Sai Vemuri) [1320193]\n- [fs] nfs: fix a regression causing deadlock in nfs_wb_page_cancel() (Benjamin Coddington) [1135601]\n- [netdrv] cxgb4/ethtool: Get/set rx checksum (Sai Vemuri) [1225167]\n- [netdrv] cxgb4vf:The RX checksum feature was not completely ported to cxgb4vf driver (Sai Vemuri) [1225167]\n- [netdrv] cxgb4/cxgb4vf: Enable GRO (Sai Vemuri) [1225167]\n- [netdrv] cxgb4: Enable RX checksum offload flag (Sai Vemuri) [1225167]\n- [netdrv] cxgb4: Report correct link speed for unsupported ones (Sai Vemuri) [1296467]\n- [netdrv] cxgb4: Use vmalloc, if kmalloc fails (Sai Vemuri) [1296473]\n- [netdrv] cxgb4: Enhance driver to update FW, when FW is too old (Sai Vemuri) [1296472]\n[2.6.32-637]\n- [netdrv] mlx4-en: add missing patch to init rss_rings in get_profile (Don Dutile) [1321164]\n- [netdrv] mlx4-en: disable traffic class queueing by default (Don Dutile) [1321164]\n- [netdrv] mlx4_core: Fix mailbox leak in error flow when performing update qp (Don Dutile) [1321164]\n- [x86] nmi/64: Fix a paravirt stack-clobbering bug in the NMI code (Denys Vlasenko) [1259581] {CVE-2015-5157}\n- [x86] nmi/64: Switch stacks on userspace NMI entry (Denys Vlasenko) [1259581] {CVE-2015-5157}\n[2.6.32-636]\n- [netdrv] mlx4_en: Choose time-stamping shift value according to HW frequency (Kamal Heib) [1320448]\n- [fs] anon_inodes implement dname (Aristeu Rozanski) [1296019]\n- [net] packet: set transport header before doing xmit (John Greene) [1309526]\n- [net] tuntap: set transport header before passing it to kernel (John Greene) [1309526]\n- [netdrv] macvtap: set transport header before passing skb to lower device (John Greene) [1309526]\n- [net] ipv6: tcp: add rcu locking in tcp_v6_send_synack() (Jakub Sitnicki) [1312740]\n- [net] ipv6: sctp: add rcu protection around np->opt (Jakub Sitnicki) [1312740]\n- [net] ipv6: add complete rcu protection around np->opt (Jakub Sitnicki) [1312740]\n- [net] dccp: remove unnecessary codes in ipv6.c (Jakub Sitnicki) [1312740]\n- [net] ipv6: remove unnecessary codes in tcp_ipv6.c (Jakub Sitnicki) [1312740]\n- [net] ipv6: Refactor update of IPv6 flowi destination address for srcrt (RH) option (Jakub Sitnicki) [1312740]\n- [net] ipv6: protect flow label renew against GC (Sabrina Dubroca) [1313231]\n- [net] ipv6: fix possible deadlock in ip6_fl_purge / ip6_fl_gc (Sabrina Dubroca) [1313231]\n- [perf] annotate: Support full source file paths for srcline fix (Jiri Olsa) [1304472 1304479]\n- [perf] tools: Support full source file paths for srcline (Jiri Olsa) [1304472 1304479]\n- [perf] annotate: Fix -i option, which is currently ignored (Jiri Olsa) [1304472 1304479]\n[2.6.32-635]\n- [mm] backing-dev: ensure wakeup_timer is deleted (Jeff Moyer) [1318930]\n- [hv] vss: run only on supported host versions (Vitaly Kuznetsov) [1319813]\n- [sound] hda: Fix internal speaker for HP Z240 (Jaroslav Kysela) [1316673]\n- [perf] trace: Fix race condition at the end of started workloads (Jiri Olsa) [1302928]\n- [fs] nfsd: Combine decode operations for v4 and v4.1 (J. Bruce Fields) [1314536]\n- [hv] revert 'vmbus: avoid scheduling in interrupt context in vmbus_initiate_unload' (Vitaly Kuznetsov) [1318882]\n- [hv] revert 'vmbus: dont loose HVMSG_TIMER_EXPIRED messages' (Vitaly Kuznetsov) [1318882]\n- [hv] revert 'vmbus: avoid unneeded compiler optimizations in vmbus_wait_for_unload' (Vitaly Kuznetsov) [1318882]\n- [hv] revert 'vmbus: remove code duplication in message handling' (Vitaly Kuznetsov) [1318882]\n- [hv] revert 'vmbus: avoid wait_for_completion on crash' (Vitaly Kuznetsov) [1318882]\n[2.6.32-634]\n- [scsi] cxgbi: Convert over to dst_neigh_lookup (Sai Vemuri) [1296461]\n- [netdrv] cxgb4: For T4, dont read the Firmware Mailbox Control register (Sai Vemuri) [1296469]\n- [netdrv] cxgb4: Use ACCES_ONCE macro to read queues consumer index (Sai Vemuri) [1296484]\n- [netdrv] cxgb4: prevent simultaneous execution of service_ofldq (Sai Vemuri) [1296483]\n- [netdrv] cxgb4: Adds PCI device id for new T5 adapters (Sai Vemuri) [1296481]\n- [netdrv] cxgb4: Dont disallow turning off auto-negotiation (Sai Vemuri) [1296476]\n- [mm] check if section present during memory block registering (Xunlei Pang) [1297840]\n- [tty] ldisc: Close/Reopen race prevention should check tty->ldisc (Denys Vlasenko) [1312383]\n- [fs] proc-vmcore: wrong data type casting fix (Baoquan He) [1312206]\n- [infiniband] iw_cxgb3: Ignore positive return values from the ofld send functions (Sai Vemuri) [1296999]\n- [netdrv] cxgb4: Deal with wrap-around of queue for Work request (Sai Vemuri) [1296482]\n- [infiniband] iw_cxgb4: detect fatal errors while creating listening filters (Sai Vemuri) [1296480]\n- [md] dm snapshot: suspend merging snapshot when doing exception handover (Mike Snitzer) [1177389]\n- [md] dm snapshot: suspend origin when doing exception handover (Mike Snitzer) [1177389]\n- [md] dm snapshot: allocate a per-target structure for snapshot-origin target (Mike Snitzer) [1177389]\n- [md] dm: fix a race condition in dm_get_md (Mike Snitzer) [1177389]\n- [infiniband] iw_cxgb4: pass the ord/ird in connect reply events (Sai Vemuri) [1296478]\n- [infiniband] iw_cxgb4: fix misuse of ep->ord for minimum ird calculation (Sai Vemuri) [1296478]\n- [infiniband] iw_cxgb4: reverse the ord/ird in the ESTABLISHED upcall (Sai Vemuri) [1296478]\n- [usb] Revert 'Revert 'Update USB default wakeup settings'' (Torez Smith) [1319081]\n- [netdrv] ibmveth: add support for TSO6 (Gustavo Duarte) [1318412]\n[2.6.32-633]\n- [s390] lib: export udelay_simple for systemtap (Hendrik Brueckner) [1233912]\n- [netdrv] ixgbe: fix RSS limit for X550 (John Greene) [1314583]\n- [netdrv] mlx4_core: Fix error message deprecation for ConnectX-2 cards (Don Dutile) [1316013]\n- [dm] thin metadata: dont issue prefetches if a transaction abort has failed (Mike Snitzer) [1310661]\n- [scsi] be2iscsi: Add warning message for unsupported adapter (Maurizio Lombardi) [1253016]\n- [scsi] be2iscsi: Revert 'Add warning message for, unsupported adapter' (Maurizio Lombardi) [1253016]\n- [scsi] hpsa: update copyright information (Joseph Szczypek) [1315469]\n- [scsi] hpsa: correct abort tmf for hba devices (Joseph Szczypek) [1315469]\n- [scsi] hpsa: correct ioaccel2 sg chain len (Joseph Szczypek) [1315469]\n- [scsi] hpsa: fix physical target reset (Joseph Szczypek) [1315469]\n- [scsi] hpsa: fix hpsa_adjust_hpsa_scsi_table (Joseph Szczypek) [1315469]\n- [scsi] hpsa: correct transfer length for 6 byte read/write commands (Joseph Szczypek) [1315469]\n- [scsi] hpsa: abandon rescans on memory alloaction failures (Joseph Szczypek) [1315469]\n- [scsi] hpsa: allow driver requested rescans (Joseph Szczypek) [1315469]\n[2.6.32-632]\n- [s390] dasd: fix incorrect locking order for LCU device add/remove (Hendrik Brueckner) [1315740]\n- [s390] dasd: fix hanging device after LCU change (Hendrik Brueckner) [1315729]\n- [s390] dasd: prevent incorrect length error under z/VM after PAV changes (Hendrik Brueckner) [1313774]\n- [netdrv] igb: Fix VLAN tag stripping on Intel i350 (Corinna Vinschen) [1210699]\n- [netdrv] 3c59x: mask LAST_FRAG bit from length field in ring (Neil Horman) [1309210]\n- [ata] ahci: Remove obsolete Intel Lewisburg SATA RAID device IDs (Steve Best) [1317045]\n- [pci] fix truncation of resource size to 32 bits (Myron Stowe) [1316345]\n- [pci] fix pci_resource_alignment prototype (Myron Stowe) [1316345]\n- [sound] hda: Fix headphone mic input on a few Dell ALC293 machines (Jaroslav Kysela) [1315932]\n- [sound] hda: Add some FIXUP quirks for white noise on Dell laptop (Jaroslav Kysela) [1315932]\n- [sound] hda: Fix the white noise on Dell laptop (Jaroslav Kysela) [1315932]\n- [sound] hda: one Dell machine needs the headphone white noise fixup (Jaroslav Kysela) [1315932]\n- [sound] hda: Fix audio crackles on Dell Latitude E7x40 (Jaroslav Kysela) [1315932]\n- [fs] xfs: Avoid pathological backwards allocation (Bill ODonnell) [1302777]\n[2.6.32-631]\n- [input] synaptics: handle spurious release of trackstick buttons, again (Benjamin Tissoires) [1317808]\n- [hv] kvp: fix IP Failover (Vitaly Kuznetsov) [1312290]\n- [hv] util: Pass the channel information during the init call (Vitaly Kuznetsov) [1312290]\n- [hv] utils: Invoke the poll function after handshake (Vitaly Kuznetsov) [1312290]\n- [hv] utils: run polling callback always in interrupt context (Vitaly Kuznetsov) [1312290]\n- [hv] util: Increase the timeout for util services (Vitaly Kuznetsov) [1312290]\n[2.6.32-630]\n- [mm] avoid hangs in lru_add_drain_all (Vitaly Kuznetsov) [1314683]\n- [net] esp{4, 6}: fix potential MTU calculation overflows (Herbert Xu) [1304313]\n- [net] xfrm: take net hdr len into account for esp payload size calculation (Herbert Xu) [1304313]\n[2.6.32-629]\n- [x86] acpi: Avoid SRAT table checks for Hyper-V VMs (Vitaly Kuznetsov) [1312711]\n- [infiniband] ipoib: For sendonly join free the multicast group on leave (Don Dutile) [1315382]\n- [infiniband] ipoib: increase the max mcast backlog queue (Don Dutile) [1315382]\n- [infiniband] ipoib: Make sendonly multicast joins create the mcast group (Don Dutile) [1315382]\n- [infiniband] ipoib: Expire sendonly multicast joins (Don Dutile) [1315382]\n- [infiniband] ipoib: Clean up send-only multicast joins (Don Dutile) [1315382]\n- [infiniband] ipoib: Suppress warning for send only join failures (Don Dutile) [1315382]\n- [drm] i915: shut up gen8+ SDE irq dmesg noise (Rob Clark) [1313681]\n- [drm] i915: fix the SDE irq dmesg warnings properly (Rob Clark) [1313681]\n- [hv] vmbus: avoid wait_for_completion on crash (Vitaly Kuznetsov) [1301903]\n- [hv] vmbus: remove code duplication in message handling (Vitaly Kuznetsov) [1301903]\n- [hv] vmbus: avoid unneeded compiler optimizations in vmbus_wait_for_unload (Vitaly Kuznetsov) [1301903]\n- [hv] vmbus: dont loose HVMSG_TIMER_EXPIRED messages (Vitaly Kuznetsov) [1301903]\n- [hv] vmbus: avoid scheduling in interrupt context in vmbus_initiate_unload (Vitaly Kuznetsov) [1301903]\n[2.6.32-628]\n- [netdrv] bnx2x: fix crash on big-endian when adding VLAN (Michal Schmidt) [1311433]\n- [sound] alsa hda: only sync BCLK to the display clock for Haswell & Broadwell (Jaroslav Kysela) [1313672]\n- [sound] alsa hda: add component support (Jaroslav Kysela) [1313672]\n- [sound] alsa hda: pass intel_hda to all i915 interface functions (Jaroslav Kysela) [1313672]\n- [netdrv] igb: fix race accessing page->_count (Corinna Vinschen) [1315402]\n- [netdrv] igb: fix recent VLAN changes that would leave VLANs disabled after reset (Corinna Vinschen) [1309968]\n- [mm] always decrement anon_vma degree when the vma list is empty (Jerome Marchand) [1309898]\n[2.6.32-627]\n- [net] rds: restore return value in rds_cmsg_rdma_args (Don Dutile) [1313089]\n- [net] rds: Fix assertion level from fatal to warning (Don Dutile) [1313089]\n- [netdrv] be2net: dont enable multicast flag in be_enable_if_filters routine (Ivan Vecera) [1309157]\n- [net] unix: correctly track in-flight fds in sending process user_struct (Hannes Frederic Sowa) [1313052] {CVE-2016-2550}\n- [net] sctp: Prevent soft lockup when sctp_accept() is called during a timeout event (Jacob Tanenbaum) [1297422] {CVE-2015-8767}\n[2.6.32-626]\n- [fs] nfsv4: OPEN must handle the NFS4ERR_IO return code correctly (Benjamin Coddington) [1272687]\n- [fs] quota: fix unwanted soft limit enforcement (Lukas Czerner) [1304603]\n- [fs] xfs: flush entire last page of old EOF on truncate up (Brian Foster) [1308482]\n- [fs] xfs: truncate_setsize should be outside transactions (Brian Foster) [1308482]\n- [scsi] megaraid: overcome a fw deficiency (Maurizio Lombardi) [1294983]\n- [scsi] megaraid_sas: Add an i/o barrier (Tomas Henzl) [1294983]\n- [scsi] megaraid_sas: Fix SMAP issue (Tomas Henzl) [1294983]\n- [scsi] megaraid_sas: Fix for IO failing post OCR in SRIOV environment (Tomas Henzl) [1294983]\n- [scsi] megaraid: fix null pointer check in megasas_detach_one() (Tomas Henzl) [1294983]\n- [scsi] megaraid_sas: driver version upgrade (Tomas Henzl) [1294983]\n- [scsi] megaraid_sas: SPERC OCR changes (Tomas Henzl) [1294983]\n- [scsi] megaraid_sas: Introduce module parameter for SCSI command timeout (Tomas Henzl) [1294983]\n- [scsi] megaraid_sas: MFI adapter OCR changes (Tomas Henzl) [1294983]\n- [scsi] megaraid_sas: Make adprecovery variable atomic (Tomas Henzl) [1294983]\n- [scsi] megaraid_sas: IO throttling support (Tomas Henzl) [1294983]\n- [scsi] megaraid_sas: Dual queue depth support (Tomas Henzl) [1294983]\n- [scsi] megaraid_sas: Code optimization build_and_issue_cmd return-type (Tomas Henzl) [1294983]\n- [scsi] megaraid_sas: Reply Descriptor Post Queue (RDPQ) support (Tomas Henzl) [1294983]\n- [scsi] megaraid_sas: Fastpath region lock bypass (Tomas Henzl) [1294983]\n- [scsi] megaraid_sas: Update device queue depth based on interface type (Tomas Henzl) [1294983]\n- [scsi] megaraid_sas: Task management support (Tomas Henzl) [1294983]\n- [scsi] megaraid_sas: Syncing request flags macro names with firmware (Tomas Henzl) [1294983]\n- [scsi] megaraid_sas: MFI IO timeout handling (Tomas Henzl) [1294983]\n- [scsi] megaraid_sas: Do not allow PCI access during OCR (Tomas Henzl) [1294983]\n- [scsi] hpsa: check for a null phys_disk pointer in ioaccel2 path (Joseph Szczypek) [1311728]\n[2.6.32-625]\n- [netdrv] cxgb4 : Patch to fix kernel panic on pinging over vlan interface (Sai Vemuri) [1303493]\n- [x86] mm: Improve AMD Bulldozer ASLR workaround (Rik van Riel) [1240883]\n- [x86] Properly export MSR values in kernel headers (Jacob Tanenbaum) [1298255]\n- [netdrv] tehuti: Firmware filename is tehuti/bdx.bin (Ivan Vecera) [1235961]\n- [netdrv] ixgbe: convert to ndo_fix_features (John Greene) [1279522]\n- [drm] revert 'drm: Use vblank timestamps to guesstimate how many vblanks were missed' (Lyude Paul) [1300086]\n- [fs] writeback: Fix lost wake-up shutting down writeback thread (Jeff Moyer) [1111683]\n- [fs] writeback: do not lose wakeup events when forking bdi threads (Jeff Moyer) [1111683]\n- [fs] writeback: fix bad _bh spinlock nesting (Jeff Moyer) [1111683]\n- [fs] writeback: cleanup bdi_register (Jeff Moyer) [1111683]\n- [fs] writeback: remove unnecessary init_timer call (Jeff Moyer) [1111683]\n- [fs] writeback: optimize periodic bdi thread wakeups (Jeff Moyer) [1111683]\n- [fs] writeback: prevent unnecessary bdi threads wakeups (Jeff Moyer) [1111683]\n- [fs] writeback: move bdi threads exiting logic to the forker thread (Jeff Moyer) [1111683]\n- [fs] writeback: restructure bdi forker loop a little (Jeff Moyer) [1111683]\n- [fs] writeback: move last_active to bdi (Jeff Moyer) [1111683]\n- [fs] writeback: do not remove bdi from bdi_list (Jeff Moyer) [1111683]\n- [fs] writeback: simplify bdi code a little (Jeff Moyer) [1111683]\n- [fs] writeback: do not lose wake-ups in bdi threads (Jeff Moyer) [1111683]\n- [fs] writeback: do not lose wake-ups in the forker thread - 2 (Jeff Moyer) [1111683]\n- [fs] writeback: do not lose wake-ups in the forker thread - 1 (Jeff Moyer) [1111683]\n- [fs] writeback: fix possible race when creating bdi threads (Jeff Moyer) [1111683]\n- [fs] writeback: harmonize writeback threads naming (Jeff Moyer) [1111683]\n- [fs] writeback: merge bdi_writeback_task and bdi_start_fn (Jeff Moyer) [1111683]\n- [fs] writeback: bdi_writeback_task must set task state before calling schedule (Jeff Moyer) [1111683]\n- [fs] writeback: remove wb_list (Jeff Moyer) [1111683]\n- [drm] i915: Change WARN_ON(!wm_changed) to I915_STATE_WARN_ON (Lyude Paul) [1309888]\n- [drm] i915: Quiet down state checks (Lyude Paul) [1309888]\n- [drm] i915: Fix a few of the !wm_changed warnings (Lyude Paul) [1309888]\n[2.6.32-624]\n- [netdrv] tg3: Fix for tg3 transmit queue 0 timed out when too many gso_segs (Ivan Vecera) [1222426]\n- [netdrv] bna: fix list corruption (Ivan Vecera) [1310957]\n- [netdrv] cxgb4 : Add cxgb4 T4/T5 firmware version 1.14.4.0, hardcode driver to the same (Sai Vemuri) [1270347]\n- [drm] i915: WaRsDisableCoarsePowerGating (Rob Clark) [1302269]\n- [drm] i915/skl: Add SKL GT4 PCI IDs (Rob Clark) [1302269]\n[2.6.32-623]\n- [perf] revert 'perf/x86/intel uncore: Move uncore_box_init() out of driver initialization' (Jiri Olsa) [1313062]\n- [net] udp: move logic out of udp[46]_ufo_send_check (Sabrina Dubroca) [1299975]\n- [netdrv] hv_netvsc: Restore needed_headroom request (Vitaly Kuznetsov) [1305000]\n- [net] pktgen: fix null ptr deref in skb allocation (Vitaly Kuznetsov) [1305000]\n- [net] pktgen: Observe needed_headroom of the device (Vitaly Kuznetsov) [1305000]\n- [net] pktgen: ipv6: numa: consolidate skb allocation to pktgen_alloc_skb (Vitaly Kuznetsov) [1305000]\n- [net] pktgen: fix crash with vlan and packet size less than 46 (Vitaly Kuznetsov) [1305000]\n- [net] pktgen: speedup fragmented skbs (Vitaly Kuznetsov) [1305000]\n- [net] pktgen: correct uninitialized queue_map (Vitaly Kuznetsov) [1305000]\n- [net] pktgen node allocation (Vitaly Kuznetsov) [1305000]\n- [net] af_unix: Guard against other == sk in unix_dgram_sendmsg (Jakub Sitnicki) [1309241]\n- [net] veth: dont modify ip_summed; doing so treats packets with bad checksums as good (Sabrina Dubroca) [1308586]\n- [net] ipv6: udp: use sticky pktinfo egress ifindex on connect() (Xin Long) [1301475]\n- [net] provide default_advmss() methods to blackhole dst_ops (Paolo Abeni) [1305068]\n- [net] sctp: translate network order to host order when users get a hmacid (Xin Long) [1303822]\n- [powerpc] pseries: Make 32-bit MSI quirk work on systems lacking firmware support (Oded Gabbay) [1303678]\n- [powerpc] pseries: Force 32 bit MSIs for devices that require it (Oded Gabbay) [1303678]\n- [netdrv] bnxt_en: Fix zero padding of tx push data (John Linville) [1310301]\n- [netdrv] bnxt_en: Failure to update PHY is not fatal condition (John Linville) [1310301]\n- [netdrv] bnxt_en: Remove unnecessary call to update PHY settings (John Linville) [1310301]\n- [netdrv] bnxt_en: Poll link at the end of __bnxt_open_nic (John Linville) [1310301]\n- [netdrv] bnxt_en: Reduce default ring sizes (John Linville) [1310301]\n- [netdrv] bnxt_en: Fix implementation of tx push operation (John Linville) [1310301]\n- [netdrv] bnxt_en: Remove 20G support and advertise only 40GbaseCR4 (John Linville) [1310301]\n- [netdrv] bnxt_en: Cleanup and Fix flow control setup logic (John Linville) [1310301]\n- [netdrv] bnxt_en: Fix ethtool autoneg logic (John Linville) [1310301]\n[2.6.32-622]\n- [netdrv] bonding: Fix ARP monitor validation (Jarod Wilson) [1244170]\n- [netdrv] sfc: only use RSS filters if were using RSS (Jarod Wilson) [1304311]\n- [dm] delay: fix RHEL6 specific bug when establishing future 'expires' time (Mike Snitzer) [1311615]\n- [ata] Adding Intel Lewisburg device IDs for SATA (Steve Best) [1310237]\n- [i2c] i801: Adding Intel Lewisburg support for iTCO (Rui Wang) [1304872]\n- [x86] Mark Grangeville ixgbe PCI ID 15AE (1 gig PHY) unsupported (Steve Best) [1310585]\n- [kernel] lockd: properly convert be32 values in debug messages (Harshula Jayasuriya) [1289848]\n- [i2c] convert i2c-isch to platform_device (Prarit Bhargava) [1211747]\n- [tty] do not reset masters packet mode (Denys Vlasenko) [1308660]\n- [block] dont assume last put of shared tags is for the host (Jeff Moyer) [1300538]\n- [netdrv] i40evf: use pages correctly in Rx (Stefan Assmann) [1293754]\n- [netdrv] i40e: fix bug in dma sync (Stefan Assmann) [1293754]\n- [sched] fix KABI break (Seth Jennings) [1230310]\n- [sched] fair: Test list head instead of list entry in throttle_cfs_rq (Seth Jennings) [1230310]\n- [sched] sched,perf: Fix periodic timers (Seth Jennings) [1230310]\n- [sched] sched: debug: Remove the cfs bandwidth timer_active printout (Seth Jennings) [1230310]\n- [sched] Cleanup bandwidth timers (Seth Jennings) [1230310]\n- [sched] sched: core: Use hrtimer_start_expires (Seth Jennings) [1230310]\n- [sched] fair: Fix unlocked reads of some cfs_b->quota/period (Seth Jennings) [1230310]\n- [sched] Fix potential near-infinite distribute_cfs_runtime loop (Seth Jennings) [1230310]\n- [sched] fair: Fix tg_set_cfs_bandwidth deadlock on rq->lock (Seth Jennings) [1230310]\n- [sched] Fix hrtimer_cancel/rq->lock deadlock (Seth Jennings) [1230310]\n- [sched] Fix cfs_bandwidth misuse of hrtimer_expires_remaining (Seth Jennings) [1230310]\n- [sched] Refine the code in unthrottle_cfs_rq (Seth Jennings) [1230310]\n- [sched] Update rq clock earlier in unthrottle_cfs_rq (Seth Jennings) [1230310]\n- [drm] radeon: mask out WC from BO on unsupported arches (Oded Gabbay) [1303678]\n- [drm] add helper to check for wc memory support (Oded Gabbay) [1303678]\n- [acpi] pci: Account for ARI in _PRT lookups (Ivan Vecera) [1311421]\n- [pci] Move pci_ari_enabled() to global header (Ivan Vecera) [1311421]\n- [acpi] tpm, tpm_tis: fix tpm_tis ACPI detection issue with TPM 2.0 (Jerry Snitselaar) [1309641]\n- [acpi] Centralized processing of ACPI device resources (Jerry Snitselaar) [1309641]\n- [acpi] acpi: Add device resources interpretation code to ACPI core (Jerry Snitselaar) [1309641]\n- [netdrv] cxgb4 : Fix for the kernel panic caused by calling t4_enable_vi_params (Sai Vemuri) [1303493]\n- [mm] Remove false WARN_ON from pagecache_isize_extended (Brian Foster) [1205014]\n[2.6.32-621]\n- [netdrv] net/mlx4_en: Wake TX queues only when theres enough room (Don Dutile) [1309893]\n- [netdrv] revert ' net/mlx4_core: Fix mailbox leak in error flow when performing update qp' (Don Dutile) [1309893]\n- [netdrv] revert 'mlx4-en: add missing patch to init rss_rings in get_profile' (Don Dutile) [1309893]\n- [netdrv] revert 'mlx4-en: disable traffic class queueing by default' (Don Dutile) [1309893]\n[2.6.32-620]\n- [netdrv] mlx4-en: disable traffic class queueing by default (Don Dutile) [1309893]\n- [netdrv] mlx4-en: add missing patch to init rss_rings in get_profile (Don Dutile) [1309893]\n- [netdrv] net/mlx4_core: Fix mailbox leak in error flow when performing update qp (Don Dutile) [1309893]\n[2.6.32-619]\n- [netdrv] cxgb4: add device ID for few T5 adapters (Sai Vemuri) [1252598]\n- [netdrv] cxgb4: Fix for write-combining stats configuration (Sai Vemuri) [1252598]\n- [netdrv] cxgb4: Fix tx flit calculation (Sai Vemuri) [1252598]\n- [netdrv] cxgb4: changes for new firmware 1.14.4.0 (Sai Vemuri) [1252598]\n- [netdrv] cxgb4: memory corruption in debugfs (Sai Vemuri) [1252598]\n- [netdrv] cxgb4: Force uninitialized state if FW in adapter is unsupported (Sai Vemuri) [1252598]\n- [netdrv] cxgb4: Add MPS tracing support (Sai Vemuri) [1252598]\n- [netdrv] cxgb4: Add some more details to sge qinfo (Sai Vemuri) [1252598]\n- [netdrv] cxgb4: missing curly braces in t4_setup_debugfs (Sai Vemuri) [1252598]\n- [netdrv] cxgb4: Add support to dump edc bist status (Sai Vemuri) [1252598]\n- [netdrv] cxgb4: Add debugfs support to dump meminfo (Sai Vemuri) [1252598]\n- [netdrv] cxgb4vf: Read correct FL congestion threshold for T5 and T6 (Sai Vemuri) [1252598]\n- [netdrv] cxgb4: Allow firmware flash, only if cxgb4 is the master driver (Sai Vemuri) [1252598]\n- [netdrv] cxgb4: Add debugfs entry to enable backdoor access (Sai Vemuri) [1252598]\n- [netdrv] cxgb4vf: Fix check to use new User Doorbell mechanism (Sai Vemuri) [1252598]\n- [netdrv] cxgb4: Enable cim_la dump to support T6 (Sai Vemuri) [1252598]\n- [netdrv] cxgb4: Read stats for only available channels (Sai Vemuri) [1252598]\n- [netdrv] cxgb4: Update register ranges for T6 adapter (Sai Vemuri) [1252598]\n- [netdrv] cxgb4: Dont use entire L2T table, use only its slice (Sai Vemuri) [1252598]\n- [netdrv] cxgb4: Add PCI device ids for few more T5 and T6 adapters (Sai Vemuri) [1252598]\n- [netdrv] cxgb4: Fix incorrect sequence numbers shown in devlog (Sai Vemuri) [1252598]\n- [netdrv] cxgb4: Add PCI device ID for custom T522 & T520 adapter (Sai Vemuri) [1252598]\n- [infiniband] iw_cxgb4: support for bar2 qid densities exceeding the page size (Sai Vemuri) [1252598]\n- [netdrv] cxgb4: Support for user mode bar2 mappings with T4 (Sai Vemuri) [1252598]\n- [netdrv] cxgb4: Add debugfs entry to dump channel rate (Sai Vemuri) [1252598]\n- [netdrv] cxgb4: Add debugfs entry to dump CIM PIF logic analyzer contents (Sai Vemuri) [1252598]\n- [netdrv] cxgb4: Add a debugfs entry to dump CIM MA logic analyzer logs (Sai Vemuri) [1252598]\n- [netdrv] cxgb4: Fix static checker warning (Sai Vemuri) [1252598]\n- [netdrv] cxgb4: Use FW LDST cmd to access TP_PIO_ADDR, TP_PIO_DATA register first (Sai Vemuri) [1252598]\n- [netdrv] cxgb4: program pci completion timeout (Sai Vemuri) [1252598]\n- [netdrv] cxgb4: Set mac addr from vpd, when we cant contact firmware (Sai Vemuri) [1252598]\n- [netdrv] cxgb4: Rename t4_link_start to t4_link_l1cfg (Sai Vemuri) [1252598]\n- [netdrv] cxgb4: Add sge ec context flush service (Sai Vemuri) [1252598]\n- [netdrv] cxgb4: Free Virtual Interfaces in remove routine (Sai Vemuri) [1252598]\n- [netdrv] cxgb4: Remove WOL get/set ethtool support (Sai Vemuri) [1252598]\n- [netdrv] cxgb4: Add support to dump loopback port stats (Sai Vemuri) [1252598]\n- [netdrv] cxgb4: Add support in ethtool to dump channel stats (Sai Vemuri) [1252598]\n- [netdrv] cxgb4: Add ethtool support to get adapter stats (Sai Vemuri) [1252598]\n- [netdrv] cxgb4vf: Adds SRIOV driver changes for T6 adapter (Sai Vemuri) [1252598]\n- [netdrv] cxgb4: Adds support for T6 adapter (Sai Vemuri) [1252598]\n- [netdrv] cxgb4: Add is_t6 macro and T6 register ranges (Sai Vemuri) [1252598]\n- [netdrv] cxgb4: remove unused fn to enable/disable db coalescing (Sai Vemuri) [1252598]\n- [netdrv] cxgb4vf: function and argument name cleanup (Sai Vemuri) [1252598]\n- [netdrv] cxgb4: Add debugfs facility to inject FL starvation (Sai Vemuri) [1252598]\n- [netdrv] cxgb4: Add PHY firmware support for T420-BT cards (Sai Vemuri) [1252598]\n- [netdrv] cxgb4: Update T4/T5 adapter register ranges (Sai Vemuri) [1252598]\n- [netdrv] cxgb4: Optimize and cleanup setup memory window code (Sai Vemuri) [1252598]\n- [netdrv] cxgb4: replace ntohs, ntohl and htons, htonl calls with the generic byteorder (Sai Vemuri) [1252598]\n- [netdrv] cxgb4: Remove dead function t4_read_edc and t4_read_mc (Sai Vemuri) [1252598]\n- [netdrv] cxgb4vf: Cleanup macros, add comments and add new MACROS (Sai Vemuri) [1252598]\n- [netdrv] cxgb4: Initialize RSS mode for all Ports (Sai Vemuri) [1252598]\n- [netdrv] cxgb4: Discard the packet if the length is greater than mtu (Sai Vemuri) [1252598]\n- [netdrv] cxgb4: Move SGE Ingress DMA state monitor (Don Dutile) [1252598]\n- [netdrv] cxgb4: Add device node to ULD info (Don Dutile) [1252598]\n- [netdrv] cxgb4: Pass in a Congestion Channel Map to t4_sge_alloc_rxq (Sai Vemuri) [1252598]\n- [netdrv] cxgb4: Enable congestion notification from SGE for IQs and FLs (Sai Vemuri) [1252598]\n- [netdrv] cxgb4: Make sure that Freelist size is larger than Egress Congestion Threshold (Sai Vemuri) [1252598]\n- [infiniband] iw_cxgb4: Cleanup register defines/MACROS (Sai Vemuri) [1252598]\n- [netdrv] cxgb4vf: Fix sparse warnings (Sai Vemuri) [1252598]\n- [netdrv] cxgb4: Improve IEEE DCBx support, other minor open-lldp fixes (Sai Vemuri) [1252598]\n- [scsi] cxgb4i: Call into recently added cxgb4 ipv6 api (Sai Vemuri) [1252598]\n- [netdrv] cxgb4vf: Fix queue allocation for 40G adapter (Sai Vemuri) [1252598]\n- [netdrv] cxgb4vf: Initialize mdio_addr before using it (Sai Vemuri) [1252598]\n- [netdrv] cxgb4vf: Fix ethtool get_settings for VF driver (Sai Vemuri) [1252598]\n- [netdrv] csiostor: Cleanup macros/register defines related to port and VI (Sai Vemuri) [1252598]\n- [netdrv] cxgb4 : Fix DCB priority groups being returned in wrong order (Sai Vemuri) [1252598]\n- [netdrv] cxgb4: dcb open-lldp interop fixes (Sai Vemuri) [1252598]\n- [netdrv] cxgb4 : Fix bug in DCB app deletion (Sai Vemuri) [1252598]\n- [netdrv] cxgb4 : Handle dcb enable correctly (Sai Vemuri) [1252598]\n- [netdrv] cxgb4 : Improve handling of DCB negotiation or loss thereof (Sai Vemuri) [1252598]\n- [netdrv] cxgb4: IEEE fixes for DCBx state machine (Sai Vemuri) [1252598]\n- [netdrv] cxgb4: Fix endian bug introduced in cxgb4 dcb patchset (Sai Vemuri) [1252598]\n- [netdrv] cxgb4 : Makefile & Kconfig changes for DCBx support (Sai Vemuri) [1252598]\n- [netdrv] cxgb4 : Integrate DCBx support into cxgb4 module. Register dbcnl_ops to give access to DCBx functions (Sai Vemuri) [1252598]\n- [netdrv] cxgb4 : Add DCBx support codebase and dcbnl_ops (Sai Vemuri) [1252598]\n- [netdrv] cxgb4 : Update fw interface file for DCBx support. Adds all the required fields to fw interface to communicate DCBx info (Sai Vemuri) [1252598]\n[2.6.32-618]\n- [documentation] filesystems: describe the shared memory usage/accounting (Rodrigo Freire) [1293615]\n- [kernel] Fix cgclear failure when encountering the rpciod kernel thread (Larry Woodman) [1220828]\n- [netdrv] qlcnic: constify qlcnic_mbx_ops structure (Harish Patil) [1252119]\n- [netdrv] net: qlcnic: delete redundant memsets (Harish Patil) [1252119]\n- [netdrv] qlcnic: Update version to 5.3.63 (Harish Patil) [1252119]\n- [netdrv] qlcnic: Dont use kzalloc unncecessarily for allocating large chunk of memory (Harish Patil) [1252119]\n- [netdrv] qlcnic: Add new VF device ID 0x8C30 (Harish Patil) [1252119]\n- [netdrv] qlcnic: Print firmware minidump buffer and template header addresses (Harish Patil) [1252119]\n- [netdrv] qlcnic: Add support to enable capability to extend minidump for iSCSI (Harish Patil) [1252119]\n- [netdrv] qlcnic: Rearrange ordering of header files inclusion (Harish Patil) [1252119]\n- [netdrv] qlcnic: Fix corruption while copying (Harish Patil) [1252119]\n- [netdrv] net: qlcnic: Deletion of unnecessary memset (Harish Patil) [1252119]\n- [netdrv] net: qlcnic: clean up sysfs error codes (Harish Patil) [1252119]\n- [netdrv] qlcnic: codespell comment spelling fixes (Harish Patil) [1252119]\n- [netdrv] qlcnic: Fix typo in printk messages (Harish Patil) [1252119]\n- [netdrv] qlcnic: Fix trivial typo in comment (Harish Patil) [1252119]\n- [netdrv] qlogic: Deletion of unnecessary checks before two function calls (Harish Patil) [1252119]\n- [netdrv] qlcnic: Fix dump_skb output (Harish Patil) [1252119]\n- [virt] kvm: x86: Dont report guest userspace emulation error to userspace (Bandan Das) [1163764] {CVE-2010-5313 CVE-2014-7842}\n- [virt] kvm: inject #UD if instruction emulation fails and exit to userspace (Bandan Das) [1163764] {CVE-2010-5313 CVE-2014-7842}\n- [netdrv] iwlwifi: Add new PCI IDs for the 8260 series (John Linville) [1286871 1308636]\n- [netdrv] iwlwifi: pcie: fix (again) prepare card flow (John Linville) [1286871 1308636]\n- [netdrv] nl80211: Fix potential memory leak from parse_acl_data (John Linville) [1286871 1308636]\n- [netdrv] mac80211: fix divide by zero when NOA update (John Linville) [1286871 1308636]\n- [netdrv] mac80211: allow null chandef in tracing (John Linville) [1286871 1308636]\n- [netdrv] mac80211: fix driver RSSI event calculations (John Linville) [1286871 1308636]\n- [netdrv] mac80211: Fix local deauth while associating (John Linville) [1286871 1308636]\n- [fs] xfs: ensure WB_SYNC_ALL writeback handles partial pages correctly (Brian Foster) [747564]\n- [fs] mm: introduce set_page_writeback_keepwrite() (Brian Foster) [747564]\n- [fs] xfs: always log the inode on unwritten extent conversion (Zorro Lang) [1018465]\n- [fs] vfs: fix data corruption when blocksize < pagesize for mmaped data (Lukas Czerner) [1205014]\n[2.6.32-617]\n- [infiniband] rdma/ocrdma: Bump up ocrdma version number to 11.0.0.0 (Don Dutile) [1253021]\n- [infiniband] rdma/ocrdma: Prevent CQ-Doorbell floods (Don Dutile) [1253021]\n- [infiniband] rdma/ocrdma: Check resource ids received in Async CQE (Don Dutile) [1253021]\n- [infiniband] rdma/ocrdma: Avoid a possible crash in ocrdma_rem_port_stats (Don Dutile) [1253021]\n- [kernel] driver core : Fix use after free of dev->parent in device_shutdown (Tomas Henzl) [1303215]\n- [kernel] driver core: fix shutdown races with probe/remove (Tomas Henzl) [1303215]\n- [kernel] driver core: Protect device shutdown from hot unplug events (Tomas Henzl) [1303215]\n- [netdrv] bnx2x: Add new device ids under the Qlogic vendor (Michal Schmidt) [1304252]\n- [kernel] klist: fix starting point removed bug in klist iterators (Ewan Milne) [1190273]\n- [md] raid1: extend spinlock to protect raid1_end_read_request against inconsistencies (Jes Sorensen) [1309154]\n- [md] raid1: fix test for 'was read error from last working device' (Jes Sorensen) [1309154]\n- [s390] cio: update measurement characteristics (Hendrik Brueckner) [1304257]\n- [s390] cio: ensure consistent measurement state (Hendrik Brueckner) [1304257]\n- [s390] cio: fix measurement characteristics memleak (Hendrik Brueckner) [1304257]\n- [fs] pipe: fix offset and len mismatch on pipe_iov_copy_to_user failure (Seth Jennings) [1302223] {CVE-2016-0774}\n[2.6.32-616]\n- [kernel] isolcpus: Output warning when the 'isolcpus=' kernel parameter is invalid (Prarit Bhargava) [1304216]\n- [mmc] Prevent 1.8V switch for SD hosts that dont support UHS modes (Petr Oros) [1307065]\n- [mmc] sdhci-pci-o2micro: Fix Dell E5440 issue (Petr Oros) [1307065]\n- [mmc] sdhci-pci-o2micro: Add SeaBird SeaEagle SD3 support (Petr Oros) [1307065]\n- [watchdog] hung task debugging: Inject NMI when hung and going to panic (Don Zickus) [1305919]\n- [watchdog] add sysctl knob hardlockup_panic (Don Zickus) [1305919]\n- [watchdog] perform all-CPU backtrace in case of hard lockup (Don Zickus) [1305919]\n- [drm] i915: Drop intel_update_sprite_watermarks (Lyude) [1306425]\n- [drm] i915: Setup DDI clk for MST on SKLi (Lyude) [1306425]\n- [drm] i915: Explicitly check for eDP in skl_ddi_pll_select (Lyude) [1306425]\n- [drm] i915: Dont skip mst encoders in skl_ddi_pll_select (Lyude) [1306425]\n- [scsi] qla2xxx: Set relogin flag when we fail to queue login requests (Chad Dupuis) [1306033]\n- [s390] kernel/syscalls: correct syscall number for __NR_setns (Hendrik Brueckner) [1219586]\n- [edac] sb_edac: fix channel/csrow emulation on Broadwell (Aristeu Rozanski) [1301230]\n- [usb] xhci: Workaround to get Intel xHCI reset working more reliably (Gopal Tiwari) [1146875]\n- [fs] revert revert 'dlm: print kernel message when we get an error from kernel_sendpage' (Robert S Peterson) [1264492]\n- [fs] revert '[fs] dlm: Replace nodeid_to_addr with kernel_getpeername' (Robert S Peterson) [1264492]\n- [s390] sclp: Determine HSA size dynamically for zfcpdump (Hendrik Brueckner) [1303557]\n- [s390] sclp: Move declarations for sclp_sdias into separate header file (Hendrik Brueckner) [1303557]\n- [netdrv] mlx4_en: add missing tx_queue init in en_start_port (Don Dutile) [1304016]\n[2.6.32-615]\n- [s390] qeth: initialize net_device with carrier off (Hendrik Brueckner) [1198666]\n- [netdrv] Add rtlwifi driver from linux 4.3 (Stanislaw Gruszka) [1245452 1263386 1289574 761525]\n[2.6.32-614]\n- [powerpc] pseries: Limit EPOW reset event warnings (Gustavo Duarte) [1300202]\n- [perf] tools: Do not show trace command if its not compiled in (Jiri Olsa) [1212539]\n- [perf] tools spec: Disable trace command on ppc arch (Jiri Olsa) [1212539]\n- [netdrv] mlx4_en: Fix the blueflame in TX path (Kamal Heib) [1295872 1303661 1303863 1304272]\n- [netdrv] mlx4_en: Fix HW timestamp init issue upon system startup (Kamal Heib) [1295872 1304272]\n- [netdrv] mlx4_en: Remove dependency between timestamping capability and service_task (Kamal Heib) [1295872 1304272]\n- [netdrv] mlx5_core: Fix trimming down IRQ number (Kamal Heib) [1304272]\n- [x86] Mark Intel Broadwell-DE SoC supported (Steve Best) [1253856]\n- [s390] zfcpdump: Fix collecting of registers (Hendrik Brueckner) [1303558]\n- [s390] dasd: fix failfast for disconnected devices (Hendrik Brueckner) [1303559]\n- [netdrv] bnxt_en: Fix crash in bnxt_free_tx_skbs() during tx timeout (John Linville) [1303703]\n- [netdrv] bnxt_en: Exclude rx_drop_pkts hw counter from the stacks rx_dropped counter (John Linville) [1303703]\n- [netdrv] bnxt_en: Ring free response from close path should use completion ring (John Linville) [1303703]\n- [block] Fix q_suspended logic error for io submission (David Milburn) [1227342]\n- [block] nvme: No lock while DMA mapping data (David Milburn) [1227342]", "modified": "2016-05-16T00:00:00", "published": "2016-05-16T00:00:00", "id": "ELSA-2016-0855", "href": "http://linux.oracle.com/errata/ELSA-2016-0855.html", "title": "kernel security, bug fix, and enhancement update", "type": "oraclelinux", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-05-29T18:34:13", "bulletinFamily": "unix", "description": "[3.10.0-327.OL7]\n- Oracle Linux certificates (Alexey Petrenko)\n[3.10.0-327]\n- [mm] free compound page with correct order (Andrea Arcangeli) [1274867]\n- [netdrv] revert 'ixgbe: Refactor busy poll socket code to address multiple issues' (John Greene) [1261275]\n- [powerpc] dma: dma_set_coherent_mask() should not be GPL only (Gustavo Duarte) [1275976]\n[3.10.0-326]\n- [md] dm-cache: the CLEAN_SHUTDOWN flag was not being set (Mike Snitzer) [1274450]\n- [md] dm-btree: fix leak of bufio-backed block in btree_split_beneath error path (Mike Snitzer) [1274393]\n- [md] dm-btree-remove: fix a bug when rebalancing nodes after removal (Mike Snitzer) [1274396]\n- [fs] nfsd: fix duplicated destroy_delegation code introduced by backport ('J. Bruce Fields') [1273228]\n- [fs] xfs: validate transaction header length on log recovery (Brian Foster) [1164135]\n- [net] ipv6: don't use CHECKSUM_PARTIAL on MSG_MORE/UDP_CORK sockets (Hannes Frederic Sowa) [1271759]\n- [net] add length argument to skb_copy_and_csum_datagram_iovec (Sabrina Dubroca) [1269228]\n- [x86] kvm: fix edge EOI and IOAPIC reconfig race (Radim Krcmar) [1271333]\n- [x86] kvm: set KVM_REQ_EVENT when updating IRR (Radim Krcmar) [1271333]\n- [kernel] Initialize msg/shm IPC objects before doing ipc_addid() (Lennert Buytenhek) [1271507] {CVE-2015-7613}\n[3.10.0-325]\n- [fs] nfsd: ensure that delegation stateid hash references are only put once ('J. Bruce Fields') [1233284]\n- [fs] nfsd: ensure that the ol stateid hash reference is only put once ('J. Bruce Fields') [1233284]\n- [fs] nfsv4: Fix a nograce recovery hang (Benjamin Coddington) [1264478]\n- [fs] vfs: Test for and handle paths that are unreachable from their mnt_root ('Eric W. Biederman') [1209371] {CVE-2015-2925}\n- [fs] dcache: Handle escaped paths in prepend_path ('Eric W. Biederman') [1209371] {CVE-2015-2925}\n- [fs] xfs: add an xfs_zero_eof() tracepoint (Brian Foster) [1260383]\n- [fs] xfs: always drain dio before extending aio write submission (Brian Foster) [1260383]\n- [md] dm-cache: fix NULL pointer when switching from cleaner policy (Mike Snitzer) [1269959]\n- [mm] Temporary fix for BUG_ON() triggered by THP vs. gup() race (David Gibson) [1268999]\n- [hid] usbhid: improve handling of Clear-Halt and reset (Don Zickus) [1260123]\n- [drm] qxl: fix framebuffer dirty rectangle tracking (Gerd Hoffmann) [1268293]\n- [s390] hmcdrv: fix interrupt registration (Hendrik Brueckner) [1262735]\n- [block] blk-mq: fix deadlock when reading cpu_list (Jeff Moyer) [1260615]\n- [block] blk-mq: avoid inserting requests before establishing new mapping (Jeff Moyer) [1260615]\n- [block] blk-mq: fix q->mq_usage_counter access race (Jeff Moyer) [1260615]\n- [block] blk-mq: Fix use after of free q->mq_map (Jeff Moyer) [1260615]\n- [block] blk-mq: fix sysfs registration/unregistration race (Jeff Moyer) [1260615]\n- [block] blk-mq: avoid setting hctx->tags->cpumask before allocation (Jeff Moyer) [1260615]\n- [netdrv] cxgb4: Enhance driver to update FW, when FW is too old (Sai Vemuri) [1077966]\n- [netdrv] cxgb4: Force uninitialized state if FW in adapter is unsupported (Sai Vemuri) [1077966]\n- [powerpc] revert 'Use the POWER8 Micro Partition Prefetch Engine in KVM HV on POWER8' (Thomas Huth) [1269653]\n[3.10.0-324]\n- [netdrv] i40e/i40evf: set AQ count after memory allocation (Neil Horman) [1267663]\n- [netdrv] i40e: fix offload of GRE tunnels (Neil Horman) [1267663]\n- [netdrv] i40evf: don't blow away MAC address (Neil Horman) [1267663]\n- [netdrv] i40e/i40evf: grab the AQ spinlocks before clearing registers (Neil Horman) [1267663]\n- [netdrv] i40e: Fix a memory leak in X722 rss config path (Neil Horman) [1267663]\n- [netdrv] i40evf: Use numa_mem_id() to better support memoryless node (Neil Horman) [1267663]\n- [netdrv] i40e: Use numa_mem_id() to better support memoryless node (Neil Horman) [1267663]\n- [netdrv] i40e: fix 32 bit build warnings (Neil Horman) [1267663]\n- [netdrv] i40e: fix kbuild warnings (Neil Horman) [1267663]\n- [netdrv] i40evf: tweak init timing (Neil Horman) [1267663]\n- [netdrv] i40e: warn on double free (Neil Horman) [1267663]\n- [netdrv] i40e: refactor interrupt enable (Neil Horman) [1267663]\n- [netdrv] i40e: Strip VEB stats if they are disabled in HW (Neil Horman) [1267663]\n- [netdrv] i40e/i40evf: add new device id 1588 (Neil Horman) [1267663]\n- [netdrv] i40e: Remove useless message (Neil Horman) [1267663]\n- [netdrv] i40e: limit debugfs io ops (Neil Horman) [1267663]\n- [netdrv] i40e: use QOS field consistently (Neil Horman) [1267663]\n- [netdrv] i40e: count drops in netstat interface (Neil Horman) [1267663]\n- [netdrv] i40e/i40evf: fix Tx hang workaround code (Neil Horman) [1267663]\n- [netdrv] i40e: fixup padding issue in get_cee_dcb_cfg_v1_resp (Neil Horman) [1267663]\n- [netdrv] i40e: Fix a port VLAN configuration bug (Neil Horman) [1267663]\n- [netdrv] i40e/i40evf: fix up type clash in i40e_aq_rc_to_posix conversion (Neil Horman) [1267663]\n- [netdrv] i40e: rtnl_lock called twice in i40e_pci_error_resume() (Neil Horman) [1267663]\n- [netdrv] i40evf: missing rtnl_unlock in i40evf_resume() (Neil Horman) [1267663]\n[3.10.0-323]\n- [scsi] report 'INQUIRY result too short' once (Vitaly Kuznetsov) [1254049]\n- [scsi] scsi_scan: don't dump trace when scsi_prep_async_scan() is called twice (Vitaly Kuznetsov) [1254049]\n- [fs] userfaultfd: add missing mmput() in error path (Andrea Arcangeli) [1263480]\n- [mm] check if section present during memory block registering (Jan Stancek) [1256723]\n- [mm] avoid setting up anonymous pages into file mapping (Larry Woodman) [1261582]\n- [mm] add p[te|md] revert 'protnone helpers for use by NUMA balancing' (Thomas Huth) [1256718]\n- [powerpc] revert 'mm: convert p[te|md]_numa users to p[te|md]_protnone_numa' (Thomas Huth) [1256718]\n- [powerpc] revert 'mm: add paranoid warnings for unexpected DSISR_PROTFAULT' (Thomas Huth) [1256718]\n- [mm] revert 'convert p[te|md]_mknonnuma and remaining page table manipulations' (Thomas Huth) [1256718]\n- [mm] revert 'numa: Do not mark PTEs pte_numa when splitting huge pages' (Thomas Huth) [1256718]\n- [mm] revert 'remove remaining references to NUMA hinting bits and helpers' (Thomas Huth) [1256718]\n- [mm] revert 'numa: do not trap faults on the huge zero page' (Thomas Huth) [1256718]\n- [mm] revert 'numa: add paranoid check around pte_protnone_numa' (Thomas Huth) [1256718]\n- [mm] revert 'numa: avoid unnecessary TLB flushes when setting NUMA hinting entries' (Thomas Huth) [1256718]\n- [powerpc] mm: Change the swap encoding in pte (Thomas Huth) [1256718]\n- [x86] perf: Fix multi-segment problem of perf_event_intel_uncore (Jiri Olsa) [1257825]\n- [lib] partially revert '[lib] vsprintf: implement bitmap printing through '*pb[l]'' (Maurizio Lombardi) [1260118]\n- [drm] radeon: update no_64bit_msi flag for certain ASICs (Oded Gabbay) [1262429]\n- [drm] nouveau: fbcon: take runpm reference when userspace has an open fd (Ben Skeggs) [1176163]\n- [drm] qxl: validate monitors config modes (Dave Airlie) [1242847]\n- [drm] radeon: don't attempt WC mappings on powerpc (Dave Airlie) [1262429]\n- [drm] drm/qxl: recreate the primary surface when the bo is not primary (Dave Airlie) [1258301]\n- [drm] qxl: only report first monitor as connected if we have no state (Dave Airlie) [1258301]\n- [drm] dp_mst: drop cancel work sync in the mstb destroy path (Dave Airlie) [1251331]\n- [drm] dp_mst: split connector registration into two parts (Dave Airlie) [1251331]\n- [drm] dp_mst: update the link_address_sent before sending the link address (Dave Airlie) [1251331]\n- [drm] dp_mst: fixup handling hotplug on port removal (Dave Airlie) [1251331]\n- [drm] dp_mst: don't pass port into the path builder function (Dave Airlie) [1251331]\n- [drm] dp_mst: make functions that always return 0 return void (Dave Airlie) [1251331]\n- [kernel] uprobes: fix kABI broken by the exported return_instance (Oleg Nesterov) [1207373]\n- [kernel] uprobes: Make arch_uretprobe_is_alive(RP_CHECK_CALL) more clever (Oleg Nesterov) [1207373]\n- [kernel] uprobes: Add the 'enum rp_check ctx' arg to arch_uretprobe_is_alive() (Oleg Nesterov) [1207373]\n- [kernel] uprobes: Change prepare_uretprobe() to (try to) flush the dead frames (Oleg Nesterov) [1207373]\n- [kernel] uprobes: Change handle_trampoline() to flush the frames invalidated by longjmp() (Oleg Nesterov) [1207373]\n- [kernel] uprobes: Reimplement arch_uretprobe_is_alive() (Oleg Nesterov) [1207373]\n- [kernel] uprobes: Export 'struct return_instance', introduce arch_uretprobe_is_alive() (Oleg Nesterov) [1207373]\n- [kernel] uprobes: Change handle_trampoline() to find the next chain beforehand (Oleg Nesterov) [1207373]\n- [kernel] uprobes: Change prepare_uretprobe() to use uprobe_warn() (Oleg Nesterov) [1207373]\n- [kernel] uprobes: Send SIGILL if handle_trampoline() fails (Oleg Nesterov) [1207373]\n- [kernel] uprobes: Introduce free_ret_instance() (Oleg Nesterov) [1207373]\n- [kernel] uprobes: Introduce get_uprobe() (Oleg Nesterov) [1207373]\n- [kernel] lockdep: Fix a race between /proc/lock_stat and module unload (Jerome Marchand) [1183891]\n- [kernel] lockdep: Fix the module unload key range freeing logic (Jerome Marchand) [1183891]\n- [kernel] module: Free lock-classes if parse_args failed (Jerome Marchand) [1183891]\n- [cpufreq] revert 'intel_pstate: honor user space min_perf_pct override on resume' (Prarit Bhargava) [1269518]\n[3.10.0-322]\n- [fs] nfs: fix v4.2 SEEK on files over 2 gigs ('J. Bruce Fields') [1262181]\n- [fs] nfs: verify open flags before allowing open (Benjamin Coddington) [1164431]\n- [fs] nfsv4.1: Fix pnfs_put_lseg races (Benjamin Coddington) [1263155]\n- [fs] nfsv4.1: pnfs_send_layoutreturn should use GFP_NOFS (Benjamin Coddington) [1263155]\n- [fs] nfsv4.1: Pin the inode and super block in asynchronous layoutreturns (Benjamin Coddington) [1263155]\n- [fs] nfsv4.1: Pin the inode and super block in asynchronous layoutcommit (Benjamin Coddington) [1263155]\n- [md] raid0: apply base queue limits *before* disk_stack_limits (Jes Sorensen) [1265182]\n- [net] revert 'ipv6: Don't reduce hop limit for an interface' (Sabrina Dubroca) [1258324]\n- [x86] kvmclock: abolish PVCLOCK_COUNTS_FROM_ZERO (Radim Krcmar) [1263030]\n- [x86] revert 'kvm: x86: zero kvmclock_offset when vcpu0 initializes kvmclock system MSR' (Radim Krcmar) [1263030]\n- [x86] kvm: svm: reset mmu on VCPU reset (Igor Mammedov) [1255217]\n- [edac] sb_edac: correctly fetch DIMM width on Ivy Bridge and Haswell (Aristeu Rozanski) [1112413]\n- [edac] sb_edac: look harder for DDRIO on Haswell systems (Aristeu Rozanski) [1112413]\n- [tools] perf-trace: Fix race condition at the end of started workloads (Jiri Olsa) [1250068]\n- [netdrv] cxgb4: Fix tx flit calculation (Sai Vemuri) [1266248]\n- [netdrv] igb: assume MSI-X interrupts during initialization (Stefan Assmann) [1263625]\n- [cpufreq] intel_pstate: disable Skylake processors (Prarit Bhargava) [1267343]\n- [infiniband] mlx4: Report checksum offload cap for RAW QP when query device (Doug Ledford) [1265795]\n- [infiniband] core: Add support of checksum capability reporting for RC and RAW (Doug Ledford) [1265795]\n[3.10.0-321]\n- [netdrv] i40e/i40evf: check for stopped admin queue (Stefan Assmann) [1267255]\n- [netdrv] i40e/i40evf: refactor tx timeout logic (Stefan Assmann) [1267255]\n- [netdrv] i40e/i40evf: Bump i40e to 1.3.21 and i40evf to 1.3.13 (Stefan Assmann) [1267255]\n- [netdrv] i40e/i40evf: add get AQ result command to nvmupdate utility (Stefan Assmann) [1267255]\n- [netdrv] i40e/i40evf: add exec_aq command to nvmupdate utility (Stefan Assmann) [1267255]\n- [netdrv] i40e/i40evf: add wait states to NVM state machine (Stefan Assmann) [1267255]\n- [netdrv] i40e/i40evf: add GetStatus command for nvmupdate (Stefan Assmann) [1267255]\n- [netdrv] i40e/i40evf: add handling of writeback descriptor (Stefan Assmann) [1267255]\n- [netdrv] i40e/i40evf: save aq writeback for future inspection (Stefan Assmann) [1267255]\n- [netdrv] i40e/i40evf: Bump i40e to 1.3.9 and i40evf to 1.3.5 (Stefan Assmann) [1267255]\n- [netdrv] i40e/i40evf: Cache the CEE TLV status returned from firmware (Stefan Assmann) [1267255]\n- [netdrv] i40e/i40evf: add VIRTCHNL_VF_OFFLOAD flag (Stefan Assmann) [1267255]\n- [netdrv] i40evf: Remove PF specific register definitions from the VF (Stefan Assmann) [1267255]\n- [netdrv] i40evf: Use the correct defines to match the VF registers (Stefan Assmann) [1267255]\n- [netdrv] i40e/i40evf: Add capability to gather VEB per TC stats (Stefan Assmann) [1267255]\n- [netdrv] i40e/i40evf: Add TX/RX outer UDP checksum support for X722 (Stefan Assmann) [1267255]\n- [netdrv] i40e/i40evf: Add support for writeback on ITR feature for X722 (Stefan Assmann) [1267255]\n- [netdrv] i40e/i40evf: RSS changes for X722 (Stefan Assmann) [1267255]\n- [netdrv] i40e/i40evf: Update register.h file for X722 (Stefan Assmann) [1267255]\n- [netdrv] i40e/i40evf: Update FW API with X722 support (Stefan Assmann) [1267255]\n- [netdrv] i40e/i40evf: Add flags for X722 capabilities (Stefan Assmann) [1267255]\n- [netdrv] i40e/i40evf: Add device ids for X722 (Stefan Assmann) [1267255]\n- [netdrv] i40e: use BIT and BIT_ULL macros (Stefan Assmann) [1267255]\n- [netdrv] i40e: clean up error status messages (Stefan Assmann) [1267255]\n- [netdrv] i40evf: support virtual channel API version 1.1 (Stefan Assmann) [1267255]\n- [netdrv] i40evf: handle big resets (Stefan Assmann) [1267255]\n- [netdrv] i40e/i40evf: add macros for virtual channel API version and device capability (Stefan Assmann) [1267255]\n- [netdrv] i40e: add VF capabilities to virtual channel interface (Stefan Assmann) [1267255]\n- [netdrv] i40e/i40evf: Fix and refactor dynamic ITR code (Stefan Assmann) [1267255]\n- [netdrv] i40e/i40evf: Bump version to 1.3.6 for i40e and 1.3.2 for i40evf (Stefan Assmann) [1267255]\n- [netdrv] i40e/i40evf: Add support for pre-allocated pages for PD (Stefan Assmann) [1267255]\n- [netdrv] i40evf: add MAC address filter in open, not init (Stefan Assmann) [1267255]\n- [netdrv] i40evf: don't delete all the filters (Stefan Assmann) [1267255]\n- [netdrv] i40e/i40evf: Update the admin queue command header (Stefan Assmann) [1267255]\n- [netdrv] i40evf: Allow for an abundance of vectors (Stefan Assmann) [1267255]\n- [netdrv] i40e/i40evf: improve Tx performance with a small tweak (Stefan Assmann) [1267255]\n- [netdrv] i40e/i40evf: Update Flex-10 related device/function capabilities (Stefan Assmann) [1267255]\n- [netdrv] i40e/i40evf: Add stats to track FD ATR and SB dynamic enable state (Stefan Assmann) [1267255]\n- [netdrv] i40e: Fix for recursive RTNL lock during PROMISC change (Stefan Assmann) [1267254]\n- [netdrv] i40e: Fix RS bit update in Tx path and disable force WB workaround (Stefan Assmann) [1267254]\n- [netdrv] i40e: add GRE tunnel type to csum encoding (Stefan Assmann) [1267254]\n- [netdrv] i40e/i40evf: refactor tx timeout logic (Stefan Assmann) [1267254]\n- [netdrv] i40e: Move i40e_get_head into header file (Stefan Assmann) [1267254]\n- [netdrv] i40e/i40evf: check for stopped admin queue (Stefan Assmann) [1267254]\n- [netdrv] i40e: fix VLAN inside VXLAN (Stefan Assmann) [1267254]\n- [netdrv] i40e/i40evf: Bump i40e to 1.3.21 and i40evf to 1.3.13 (Stefan Assmann) [1267254]\n- [netdrv] i40e/i40evf: add get AQ result command to nvmupdate utility (Stefan Assmann) [1267254]\n- [netdrv] i40e/i40evf: add exec_aq command to nvmupdate utility (Stefan Assmann) [1267254]\n- [netdrv] i40e/i40evf: add wait states to NVM state machine (Stefan Assmann) [1267254]\n- [netdrv] i40e/i40evf: add GetStatus command for nvmupdate (Stefan Assmann) [1267254]\n- [netdrv] i40e/i40evf: add handling of writeback descriptor (Stefan Assmann) [1267254]\n- [netdrv] i40e/i40evf: save aq writeback for future inspection (Stefan Assmann) [1267254]\n- [netdrv] i40e: rename variable to prevent clash of understanding (Stefan Assmann) [1267254]\n- [netdrv] i40e/i40evf: Bump i40e to 1.3.9 and i40evf to 1.3.5 (Stefan Assmann) [1267254]\n- [netdrv] i40e/i40evf: Cache the CEE TLV status returned from firmware (Stefan Assmann) [1267254]\n- [netdrv] i40e/i40evf: add VIRTCHNL_VF_OFFLOAD flag (Stefan Assmann) [1267254]\n- [netdrv] i40e: Remove redundant and unneeded messages (Stefan Assmann) [1267254]\n- [netdrv] i40e: correct spelling error (Stefan Assmann) [1267254]\n- [netdrv] i40e: Fix comment for ethtool diagnostic link test (Stefan Assmann) [1267254]\n- [netdrv] i40e/i40evf: Add capability to gather VEB per TC stats (Stefan Assmann) [1267254]\n- [netdrv] i40e: Fix ethtool offline diagnostic with netqueues (Stefan Assmann) [1267254]\n- [netdrv] i40e: Fix legacy interrupt mode in the driver (Stefan Assmann) [1267254]\n- [netdrv] i40e: Move function calls to i40e_shutdown instead of i40e_suspend (Stefan Assmann) [1267254]\n- [netdrv] i40e: add RX to port CRC errors label (Stefan Assmann) [1267254]\n- [netdrv] i40e: don't degrade __le16 (Stefan Assmann) [1267254]\n- [netdrv] i40e: Add AQ commands for NVM Update for X722 (Stefan Assmann) [1267254]\n- [netdrv] i40e/i40evf: Add ATR HW eviction support for X722 (Stefan Assmann) [1267254]\n- [netdrv] i40e: Add IWARP support for X722 (Stefan Assmann) [1267254]\n- [netdrv] i40e/i40evf: Add TX/RX outer UDP checksum support for X722 (Stefan Assmann) [1267254]\n- [netdrv] i40e/i40evf: Add support for writeback on ITR feature for X722 (Stefan Assmann) [1267254]\n- [netdrv] i40e/i40evf: RSS changes for X722 (Stefan Assmann) [1267254]\n- [netdrv] i40e/i40evf: Update register.h file for X722 (Stefan Assmann) [1267254]\n- [netdrv] i40e/i40evf: Update FW API with X722 support (Stefan Assmann) [1267254]\n- [netdrv] i40e/i40evf: Add flags for X722 capabilities (Stefan Assmann) [1267254]\n- [netdrv] i40e/i40evf: Add device ids for X722 (Stefan Assmann) [1267254]\n- [netdrv] i40e: use BIT and BIT_ULL macros (Stefan Assmann) [1267254]\n- [netdrv] i40e: provide correct API version to older VF drivers (Stefan Assmann) [1267254]\n- [netdrv] i40e: support virtual channel API 1.1 (Stefan Assmann) [1267254]\n- [netdrv] i40e/i40evf: add macros for virtual channel API version and device capability (Stefan Assmann) [1267254]\n- [netdrv] i40e: add VF capabilities to virtual channel interface (Stefan Assmann) [1267254]\n- [netdrv] i40e: clean up unneeded gotos (Stefan Assmann) [1267254]\n- [netdrv] i40e/i40evf: Fix and refactor dynamic ITR code (Stefan Assmann) [1267254]\n- [netdrv] i40e: only report generic filters in get_ts_info (Stefan Assmann) [1267254]\n- [netdrv] i40e/i40evf: Bump version to 1.3.6 for i40e and 1.3.2 for i40evf (Stefan Assmann) [1267254]\n- [netdrv] i40e: Refine an error message to avoid confusion (Stefan Assmann) [1267254]\n- [netdrv] i40e/i40evf: Add support for pre-allocated pages for PD (Stefan Assmann) [1267254]\n- [netdrv] i40e: un-disable VF after reset (Stefan Assmann) [1267254]\n- [netdrv] i40e: do a proper reset when disabling a VF (Stefan Assmann) [1267254]\n- [netdrv] i40e: correctly program filters for VFs (Stefan Assmann) [1267254]\n- [netdrv] i40e/i40evf: Update the admin queue command header (Stefan Assmann) [1267254]\n- [netdrv] i40e: Remove incorrect #ifdef's (Stefan Assmann) [1267254]\n- [netdrv] i40e: ignore duplicate port VLAN requests (Stefan Assmann) [1267254]\n- [netdrv] i40e/i40evf: improve Tx performance with a small tweak (Stefan Assmann) [1267254]\n- [netdrv] i40e/i40evf: Update Flex-10 related device/function capabilities (Stefan Assmann) [1267254]\n- [netdrv] i40e/i40evf: Add stats to track FD ATR and SB dynamic enable state (Stefan Assmann) [1267254]\n- [netdrv] i40e: Implement ndo_features_check() (Stefan Assmann) [1267254]\n[3.10.0-320]\n- [md] raid1: Avoid raid1 resync getting stuck (Jes Sorensen) [1256954]\n- [fs] gfs2: fallocate: do not rely on file_update_time to mark the inode dirty (Andrew Price) [1264521]\n- [fs] gfs2: Update timestamps on fallocate (Andrew Price) [1264521]\n- [fs] gfs2: Update i_size properly on fallocate (Andrew Price) [1264521]\n- [fs] gfs2: Use inode_newsize_ok and get_write_access in fallocate (Andrew Price) [1264521]\n- [fs] revert 'nfs: Make close(2) asynchronous when closing NFS O_DIRECT files' (Benjamin Coddington) [1263385]\n- [fs] gfs2: Average in only non-zero round-trip times for congestion stats (Robert S Peterson) [1162821]\n- [fs] lockd: fix rpcbind crash on lockd startup failure ('J. Bruce Fields') [1253782]\n- [fs] Failing to send a CLOSE if file is opened WRONLY and server reboots on a 4.x mount (Benjamin Coddington) [1263376]\n- [fs] fsnotify: fix oops in fsnotify_clear_marks_by_group_flags() (Lukas Czerner) [1247436]\n- [net] sctp: fix race on protocol/netns initialization (Marcelo Leitner) [1251807] {CVE-2015-5283}\n- [x86] Mark Broadwell-DE SoC Supported (Prarit Bhargava) [1131685]\n- [kernel] sched,numa: limit amount of virtual memory scanned in task_numa_work (Rik van Riel) [1261722]\n- [drivers] base: show nohz_full cpus in sysfs (Rik van Riel) [1212618]\n- [drivers] base: show isolated cpus in sysfs (Rik van Riel) [1212618]\n- [cpufreq] intel_pstate: add quirk to disable HWP on Skylake-S processors (Jerry Snitselaar) [1263069]\n- [drivers] core: Add symlink to device-tree from devices with an OF node (Gustavo Duarte) [1258828]\n- [powerpc] device: Add dev_of_node() accessor (Gustavo Duarte) [1258828]\n- [powerpc] iommu: Support 'hybrid' iommu/direct DMA ops for coherent_mask < dma_mask (Gustavo Duarte) [1246880]\n- [powerpc] iommu: Cleanup setting of DMA base/offset (Gustavo Duarte) [1246880]\n- [powerpc] iommu: Remove dma_data union (Gustavo Duarte) [1246880]\n- [powerpc] kvm: book3s-hv: Fix handling of interrupted VCPUs (Thomas Huth) [1263568]\n- [powerpc] kvm: Take the kvm->srcu lock in kvmppc_h_logical_ci_load/store() (Thomas Huth) [1263577]\n[3.10.0-319]\n- [netdrv] cxgb4: Make necessary changes after reverting FCoE (Sai Vemuri) [1258657]\n- [netdrv] revert 'cxgb4: add cxgb4_fcoe.c for FCoE' (Sai Vemuri) [1258657]\n- [infiniband] iw_cxgb4: Cleanup register defines/MACROS (Sai Vemuri) [1251611]\n- [infiniband] iw_cxgb4: 32b platform fixes (Sai Vemuri) [1251611]\n- [infiniband] iw_cxgb4: use BAR2 GTS register for T5 kernel mode CQs (Sai Vemuri) [1251611]\n- [infiniband] iw_cxgb4: enforce qp/cq id requirements (Sai Vemuri) [1251611]\n- [netdrv] cxgb4: Fix incorrect sequence numbers shown in devlog (Sai Vemuri) [1251611]\n- [netdrv] cxgb4: remove unused fn to enable/disable db coalescing (Sai Vemuri) [1251611]\n- [netdrv] cxgb4/cxgb4vf: function and argument name cleanup (Sai Vemuri) [1251611]\n- [netdrv] cxgb4: Add debugfs facility to inject FL starvation (Sai Vemuri) [1251611]\n- [netdrv] cxgb4: Add PHY firmware support for T420-BT cards (Sai Vemuri) [1251611]\n- [netdrv] cxgb4: Update T4/T5 adapter register ranges (Sai Vemuri) [1251611]\n- [netdrv] cxgb4: Optimize and cleanup setup memory window code (Sai Vemuri) [1251611]\n- [netdrv] cxgb4: replace ntoh{s, l} and hton{s, l} calls with the generic byteorder (Sai Vemuri) [1251611]\n- [netdrv] cxgb4: Remove dead function t4_read_edc and t4_read_mc (Sai Vemuri) [1251611]\n- [netdrv] cxgb4/cxgb4vf: Cleanup macros, add comments and add new MACROS (Sai Vemuri) [1251611]\n- [netdrv] cxgb3/4/4vf: Update drivers to use dma_rmb/wmb where appropriate (Sai Vemuri) [1251611]\n- [netdrv] cxgb4: add cxgb4_fcoe.c for FCoE (Sai Vemuri) [1251611]\n- [infiniband] iw_cxgb4: Remove negative advice dmesg warnings (Sai Vemuri) [1251611]\n- [netdrv] cxgb4: Initialize RSS mode for all Ports (Sai Vemuri) [1251611]\n- [netdrv] cxgb4: Discard the packet if the length is greater than mtu (Sai Vemuri) [1251611]\n- [netdrv] cxgb4: Move SGE Ingress DMA state monitor code to a new routine (Sai Vemuri) [1251611]\n- [netdrv] cxgb4: Add device node to ULD info (Sai Vemuri) [1251611]\n- [netdrv] cxgb4: Pass in a Congestion Channel Map to t4_sge_alloc_rxq() (Sai Vemuri) [1251611]\n- [netdrv] cxgb4: Enable congestion notification from SGE for IQs and FLs (Sai Vemuri) [1251611]\n- [netdrv] cxgb4: Make sure that Freelist size is larger than Egress Congestion Threshold (Sai Vemuri) [1251611]\n- [netdrv] cxgb4: drop __GFP_NOFAIL allocation (Sai Vemuri) [1251611]\n- [netdrv] cxgb4: Fix MC1 memory offset calculation (Sai Vemuri) [1251611]\n- [netdrv] cxgb4: Don't call t4_slow_intr_handler when we're not the Master PF (Sai Vemuri) [1251611]\n- [netdrv] cxgb4: Add comment for calculate tx flits and sge length code (Sai Vemuri) [1251611]\n- [netdrv] cxgb4: Use device node in page allocation (Sai Vemuri) [1251611]\n- [netdrv] cxgb4: Freelist starving threshold varies from adapter to adapter (Sai Vemuri) [1251611]\n- [netdrv] cxgb4: Increased the value of MAX_IMM_TX_PKT_LEN from 128 to 256 bytes (Sai Vemuri) [1251611]\n- [netdrv] cxgb4: Move ethtool related code to a separate file (Sai Vemuri) [1251611]\n- [netdrv] cxgb4: Fix to dump devlog, even if FW is crashed (Sai Vemuri) [1251611]\n- [netdrv] cxgb4: Firmware macro changes for fw verison 1.13.32.0 (Sai Vemuri) [1251611]\n- [infiniband] cxgb4: Serialize CQ event upcalls with CQ destruction (Sai Vemuri) [1251611]\n- [infiniband] cxgb4: Don't hang threads forever waiting on WR replies (Sai Vemuri) [1251611]\n- [netdrv] cxgb4vf: Fix sparse warnings (Sai Vemuri) [1251611]\n- [netdrv] cxgb4: Disable interrupts and napi before unregistering netdev (Sai Vemuri) [1251611]\n- [netdrv] cxgb4: Allocate dynamic mem. for egress and ingress queue maps (Sai Vemuri) [1251611]\n- [netdrv] cxgb4: Fix frame size warning for 32 bit arch (Sai Vemuri) [1251611]\n- [netdrv] cxgb4/cxgb4vf/csiostor: Make PCI Device ID Tables be 'const' (Sai Vemuri) [1251611]\n- [netdrv] cxgb4: Add device ID for new adapter (Sai Vemuri) [1251611]\n- [netdrv] cxgb4: fix coccinelle warnings (Sai Vemuri) [1251611]\n- [netdrv] cxgb4: Try and provide an RDMA CIQ per cpu (Sai Vemuri) [1251611]\n- [netdrv] cxgb4: Use pci_enable_msix_range() instead of pci_enable_msix() (Sai Vemuri) [1251611]\n- [netdrv] cxgb4: Move offload Rx queue allocation to separate function (Sai Vemuri) [1251611]\n- [netdrv] cxgb4: Fix PCI-E Memory window interface for big-endian systems (Sai Vemuri) [1251611]\n- [netdrv] cxgb4: Add support in cxgb4 to get expansion rom version via ethtool (Sai Vemuri) [1251611]\n- [netdrv] cxgb4: Fix trace observed while dumping clip_tbl (Sai Vemuri) [1251611]\n- [netdrv] cxgb4: Add support in debugfs to dump the congestion control table (Sai Vemuri) [1251611]\n- [netdrv] cxgb4: Add support to dump mailbox content in debugfs (Sai Vemuri) [1251611]\n- [netdrv] cxgb4: Add support for ULP RX logic analyzer output in debugfs (Sai Vemuri) [1251611]\n- [netdrv] cxgb4: Added support in debugfs to display TP logic analyzer output (Sai Vemuri) [1251611]\n- [netdrv] cxgb4: Add support in debugfs to display sensor information (Sai Vemuri) [1251611]\n- [netdrv] chelsio: cxgb4: fix sparse warning (Sai Vemuri) [1251611]\n- [netdrv] cxgb4: Delete an unnecessary check before the function call 'release_firmware' (Sai Vemuri) [1251611]\n- [netdrv] cxgb4: Add low latency socket busy_poll support (Sai Vemuri) [1251611]\n- [netdrv] cxgb4: Improve IEEE DCBx support, other minor open-lldp fixes (Sai Vemuri) [1251611]\n- [netdrv] cxgb4: Remove preprocessor check for CONFIG_CXGB4_DCB (Sai Vemuri) [1251611]\n- [netdrv] cxgb4: Move firmware version MACRO to t4fw_version.h (Sai Vemuri) [1251611]\n- [netdrv] cxgb4: Added support in debugfs to dump different timer and clock values of the adapter (Sai Vemuri) [1251611]\n- [netdrv] cxgb4: Added support in debugfs to dump PM module stats (Sai Vemuri) [1251611]\n- [netdrv] cxgb4: Addded support in debugfs to dump CIM outbound queue content (Sai Vemuri) [1251611]\n- [netdrv] cxgb4: Added support in debugfs to dump cim ingress bound queue contents (Sai Vemuri) [1251611]\n- [netdrv] cxgb4: Added support in debugfs to dump sge_qinfo (Sai Vemuri) [1251611]\n- [netdrv] cxgb4: Fixes cxgb4_inet6addr_notifier unregister call (Sai Vemuri) [1251611]\n- [netdrv] mode_t whack-a-mole: chelsio (Sai Vemuri) [1251611]\n- [netdrv] cxgb4: Add debugfs options to dump the rss key, config for PF, VF, etc (Sai Vemuri) [1251611]\n- [netdrv] cxgb4: Add debugfs entry to dump the contents of the flash (Sai Vemuri) [1251611]\n- [netdrv] cxgb4: Update ipv6 address handling api (Sai Vemuri) [1251611]\n- [netdrv] cxgb4: Ripping out old hard-wired initialization code in driver (Sai Vemuri) [1251611]\n- [netdrv] iw_cxgb4/cxgb4/cxgb4vf/cxgb4i/csiostor: Cleanup register defines/macros related to all other cpl messages (Sai Vemuri) [1251611]\n- [netdrv] iw_cxgb4/cxgb4/cxgb4i: Cleanup register defines/MACROS related to CM CPL messages (Sai Vemuri) [1251611]\n- [netdrv] cxgb4: Add support for mps_tcam debugfs (Sai Vemuri) [1251611]\n- [netdrv] cxgb4: Add support for cim_qcfg entry in debugfs (Sai Vemuri) [1251611]\n- [netdrv] cxgb4: Add support for cim_la entry in debugfs (Sai Vemuri) [1251611]\n- [netdrv] cxgb4: Add support for devlog (Sai Vemuri) [1251611]\n- [netdrv] cxgb4: Add PCI device ID for new T5 adapter (Sai Vemuri) [1251611]\n- [netdrv] cxgb4/cxgb4vf/csiostor: Cleanup PL, XGMAC, SF and MC related register defines (Sai Vemuri) [1251611]\n- [netdrv] cxgb4/csiostor: Cleanup TP, MPS and TCAM related register defines (Sai Vemuri) [1251611]\n- [netdrv] cxgb4/cxg4vf/csiostor: Cleanup MC, MA and CIM related register defines (Sai Vemuri) [1251611]\n- [netdrv] cxgb4/cxgb4vf/csiostor: Cleanup SGE and PCI related register defines (Sai Vemuri) [1251611]\n- [infiniband] cxgb4/cxgb4vf/csiostor: Cleanup SGE register defines (Sai Vemuri) [1251611]\n- [netdrv] cxgb4: Fix decoding QSA module for ethtool get settings (Sai Vemuri) [1251611]\n- [netdrv] cxgb4: Add support for QSA modules (Sai Vemuri) [1251611]\n- [netdrv] cxgb4/csiostor: Don't use MASTER_MUST for fw_hello call (Sai Vemuri) [1251611]\n- [netdrv] cxgb4/cxgb4vf: global named must be unique (Sai Vemuri) [1251611]\n- [netdrv] cxgb4: Update firmware version after flashing it via ethtool (Sai Vemuri) [1251611]\n- [netdrv] cxgb4/cxgb4vf: Use new interfaces to calculate BAR2 SGE Queue Register addresses (Sai Vemuri) [1251611]\n- [netdrv] cxgb4/cxgb4vf: Add code to calculate T5 BAR2 Offsets for SGE Queue Registers (Sai Vemuri) [1251611]\n- [netdrv] cxgb4vf: Add and initialize some sge params for VF driver (Sai Vemuri) [1251611]\n- [netdrv] cxgb4: Update FW version string to match FW binary version 1.12.25.0 (Sai Vemuri) [1251611]\n- [netdrv] cxgb4: Add a check for flashing FW using ethtool (Sai Vemuri) [1251611]\n- [netdrv] cxgb4: Fill in supported link mode for SFP modules (Sai Vemuri) [1251611]\n- [netdrv] cxgb4/cxgb4vf/csiostor: Add T4/T5 PCI ID Table (Sai Vemuri) [1251611]\n- [infiniband] cxgb4/cxgb4vf/csiostor: Cleanup macros/register defines related to PCIE, RSS and FW (Sai Vemuri) [1251611]\n- [netdrv] cxgb4/cxgb4vf/csiostor: Cleanup macros/register defines related to port and VI (Sai Vemuri) [1251611]", "modified": "2015-11-24T00:00:00", "published": "2015-11-24T00:00:00", "id": "ELSA-2015-2152", "href": "http://linux.oracle.com/errata/ELSA-2015-2152.html", "title": "kernel security, bug fix, and enhancement update", "type": "oraclelinux", "cvss": {"score": 6.9, "vector": "AV:L/AC:M/Au:N/C:C/I:C/A:C"}}], "centos": [{"lastseen": "2019-12-20T18:24:49", "bulletinFamily": "unix", "description": "**CentOS Errata and Security Advisory** CESA-2016:0855\n\n\nThe kernel packages contain the Linux kernel, the core of any Linux operating system.\n\nSecurity Fix(es):\n\n* It was found that reporting emulation failures to user space could lead to either a local (CVE-2014-7842) or a L2->L1 (CVE-2010-5313) denial of service. In the case of a local denial of service, an attacker must have access to the MMIO area or be able to access an I/O port. Please note that on certain systems, HPET is mapped to userspace as part of vdso (vvar) and thus an unprivileged user may generate MMIO transactions (and enter the emulator) this way. (CVE-2010-5313, CVE-2014-7842, Moderate)\n\n* It was found that the Linux kernel did not properly account file descriptors passed over the unix socket against the process limit. A local user could use this flaw to exhaust all available memory on the system. (CVE-2013-4312, Moderate)\n\n* A buffer overflow flaw was found in the way the Linux kernel's virtio-net subsystem handled certain fraglists when the GRO (Generic Receive Offload) functionality was enabled in a bridged network configuration. An attacker on the local network could potentially use this flaw to crash the system, or, although unlikely, elevate their privileges on the system. (CVE-2015-5156, Moderate)\n\n* It was found that the Linux kernel's IPv6 network stack did not properly validate the value of the MTU variable when it was set. A remote attacker could potentially use this flaw to disrupt a target system's networking (packet loss) by setting an invalid MTU value, for example, via a NetworkManager daemon that is processing router advertisement packets running on the target system. (CVE-2015-8215, Moderate)\n\n* A NULL pointer dereference flaw was found in the way the Linux kernel's network subsystem handled socket creation with an invalid protocol identifier. A local user could use this flaw to crash the system. (CVE-2015-8543, Moderate)\n\n* It was found that the espfix functionality does not work for 32-bit KVM paravirtualized guests. A local, unprivileged guest user could potentially use this flaw to leak kernel stack addresses. (CVE-2014-8134, Low)\n\n* A flaw was found in the way the Linux kernel's ext4 file system driver handled non-journal file systems with an orphan list. An attacker with physical access to the system could use this flaw to crash the system or, although unlikely, escalate their privileges on the system. (CVE-2015-7509, Low)\n\n* A NULL pointer dereference flaw was found in the way the Linux kernel's ext4 file system driver handled certain corrupted file system images. An attacker with physical access to the system could use this flaw to crash the system. (CVE-2015-8324, Low)\n\nRed Hat would like to thank Nadav Amit for reporting CVE-2010-5313 and CVE-2014-7842, Andy Lutomirski for reporting CVE-2014-8134, and Dmitriy Monakhov (OpenVZ) for reporting CVE-2015-8324. The CVE-2015-5156 issue was discovered by Jason Wang (Red Hat).\n\nAdditional Changes:\n\n* Refer to Red Hat Enterprise Linux 6.8 Release Notes for information on new kernel features and known issues, and Red Hat Enterprise Linux Technical Notes for information on device driver updates, important changes to external kernel parameters, notable bug fixes, and technology previews. Both of these documents are linked to in the References section.\n\n**Merged security bulletin from advisories:**\nhttp://lists.centos.org/pipermail/centos-cr-announce/2016-May/009055.html\n\n**Affected packages:**\nkernel\nkernel-abi-whitelists\nkernel-debug\nkernel-debug-devel\nkernel-devel\nkernel-doc\nkernel-firmware\nkernel-headers\nperf\npython-perf\n\n**Upstream details at:**\nhttps://rhn.redhat.com/errata/RHSA-2016-0855.html", "modified": "2016-05-16T10:16:52", "published": "2016-05-16T10:16:52", "href": "http://lists.centos.org/pipermail/centos-cr-announce/2016-May/009055.html", "id": "CESA-2016:0855", "title": "kernel, perf, python security update", "type": "centos", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-12-20T18:28:58", "bulletinFamily": "unix", "description": "**CentOS Errata and Security Advisory** CESA-2015:2152\n\n\nThe kernel packages contain the Linux kernel, the core of any Linux\noperating system.\n\n* A flaw was found in the way the Linux kernel's file system implementation\nhandled rename operations in which the source was inside and the\ndestination was outside of a bind mount. A privileged user inside a\ncontainer could use this flaw to escape the bind mount and, potentially,\nescalate their privileges on the system. (CVE-2015-2925, Important)\n\n* A race condition flaw was found in the way the Linux kernel's IPC\nsubsystem initialized certain fields in an IPC object structure that were\nlater used for permission checking before inserting the object into a\nglobally visible list. A local, unprivileged user could potentially use\nthis flaw to elevate their privileges on the system. (CVE-2015-7613,\nImportant)\n\n* It was found that reporting emulation failures to user space could lead\nto either a local (CVE-2014-7842) or a L2->L1 (CVE-2010-5313) denial of\nservice. In the case of a local denial of service, an attacker must have\naccess to the MMIO area or be able to access an I/O port. (CVE-2010-5313,\nCVE-2014-7842, Moderate)\n\n* A flaw was found in the way the Linux kernel's KVM subsystem handled\nnon-canonical addresses when emulating instructions that change the RIP\n(for example, branches or calls). A guest user with access to an I/O or\nMMIO region could use this flaw to crash the guest. (CVE-2014-3647,\nModerate)\n\n* It was found that the Linux kernel memory resource controller's (memcg)\nhandling of OOM (out of memory) conditions could lead to deadlocks.\nAn attacker could use this flaw to lock up the system. (CVE-2014-8171,\nModerate)\n\n* A race condition flaw was found between the chown and execve system\ncalls. A local, unprivileged user could potentially use this flaw to\nescalate their privileges on the system. (CVE-2015-3339, Moderate)\n\n* A flaw was discovered in the way the Linux kernel's TTY subsystem handled\nthe tty shutdown phase. A local, unprivileged user could use this flaw to\ncause a denial of service on the system. (CVE-2015-4170, Moderate)\n\n* A NULL pointer dereference flaw was found in the SCTP implementation.\nA local user could use this flaw to cause a denial of service on the system\nby triggering a kernel panic when creating multiple sockets in parallel\nwhile the system did not have the SCTP module loaded. (CVE-2015-5283,\nModerate)\n\n* A flaw was found in the way the Linux kernel's perf subsystem retrieved\nuserlevel stack traces on PowerPC systems. A local, unprivileged user could\nuse this flaw to cause a denial of service on the system. (CVE-2015-6526,\nModerate)\n\n* A flaw was found in the way the Linux kernel's Crypto subsystem handled\nautomatic loading of kernel modules. A local user could use this flaw to\nload any installed kernel module, and thus increase the attack surface of\nthe running kernel. (CVE-2013-7421, CVE-2014-9644, Low)\n\n* An information leak flaw was found in the way the Linux kernel changed\ncertain segment registers and thread-local storage (TLS) during a context\nswitch. A local, unprivileged user could use this flaw to leak the user\nspace TLS base address of an arbitrary process. (CVE-2014-9419, Low)\n\n* It was found that the Linux kernel KVM subsystem's sysenter instruction\nemulation was not sufficient. An unprivileged guest user could use this\nflaw to escalate their privileges by tricking the hypervisor to emulate a\nSYSENTER instruction in 16-bit mode, if the guest OS did not initialize the\nSYSENTER model-specific registers (MSRs). Note: Certified guest operating\nsystems for Red Hat Enterprise Linux with KVM do initialize the SYSENTER\nMSRs and are thus not vulnerable to this issue when running on a KVM\nhypervisor. (CVE-2015-0239, Low)\n\n* A flaw was found in the way the Linux kernel handled the securelevel\nfunctionality after performing a kexec operation. A local attacker could\nuse this flaw to bypass the security mechanism of the\nsecurelevel/secureboot combination. (CVE-2015-7837, Low)\n\n**Merged security bulletin from advisories:**\nhttp://lists.centos.org/pipermail/centos-cr-announce/2015-November/008547.html\n\n**Affected packages:**\nkernel\nkernel-abi-whitelists\nkernel-debug\nkernel-debug-devel\nkernel-devel\nkernel-doc\nkernel-headers\nkernel-tools\nkernel-tools-libs\nkernel-tools-libs-devel\nperf\npython-perf\n\n**Upstream details at:**\nhttps://rhn.redhat.com/errata/RHSA-2015-2152.html", "modified": "2015-11-30T19:36:22", "published": "2015-11-30T19:36:22", "href": "http://lists.centos.org/pipermail/centos-cr-announce/2015-November/008547.html", "id": "CESA-2015:2152", "title": "kernel, perf, python security update", "type": "centos", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}], "redhat": [{"lastseen": "2019-12-11T13:31:54", "bulletinFamily": "unix", "description": "The kernel packages contain the Linux kernel, the core of any Linux operating system.\n\nSecurity Fix(es):\n\n* It was found that reporting emulation failures to user space could lead to either a local (CVE-2014-7842) or a L2->L1 (CVE-2010-5313) denial of service. In the case of a local denial of service, an attacker must have access to the MMIO area or be able to access an I/O port. Please note that on certain systems, HPET is mapped to userspace as part of vdso (vvar) and thus an unprivileged user may generate MMIO transactions (and enter the emulator) this way. (CVE-2010-5313, CVE-2014-7842, Moderate)\n\n* It was found that the Linux kernel did not properly account file descriptors passed over the unix socket against the process limit. A local user could use this flaw to exhaust all available memory on the system. (CVE-2013-4312, Moderate)\n\n* A buffer overflow flaw was found in the way the Linux kernel's virtio-net subsystem handled certain fraglists when the GRO (Generic Receive Offload) functionality was enabled in a bridged network configuration. An attacker on the local network could potentially use this flaw to crash the system, or, although unlikely, elevate their privileges on the system. (CVE-2015-5156, Moderate)\n\n* It was found that the Linux kernel's IPv6 network stack did not properly validate the value of the MTU variable when it was set. A remote attacker could potentially use this flaw to disrupt a target system's networking (packet loss) by setting an invalid MTU value, for example, via a NetworkManager daemon that is processing router advertisement packets running on the target system. (CVE-2015-8215, Moderate)\n\n* A NULL pointer dereference flaw was found in the way the Linux kernel's network subsystem handled socket creation with an invalid protocol identifier. A local user could use this flaw to crash the system. (CVE-2015-8543, Moderate)\n\n* It was found that the espfix functionality does not work for 32-bit KVM paravirtualized guests. A local, unprivileged guest user could potentially use this flaw to leak kernel stack addresses. (CVE-2014-8134, Low)\n\n* A flaw was found in the way the Linux kernel's ext4 file system driver handled non-journal file systems with an orphan list. An attacker with physical access to the system could use this flaw to crash the system or, although unlikely, escalate their privileges on the system. (CVE-2015-7509, Low)\n\n* A NULL pointer dereference flaw was found in the way the Linux kernel's ext4 file system driver handled certain corrupted file system images. An attacker with physical access to the system could use this flaw to crash the system. (CVE-2015-8324, Low)\n\nRed Hat would like to thank Nadav Amit for reporting CVE-2010-5313 and CVE-2014-7842, Andy Lutomirski for reporting CVE-2014-8134, and Dmitriy Monakhov (OpenVZ) for reporting CVE-2015-8324. The CVE-2015-5156 issue was discovered by Jason Wang (Red Hat).\n\nAdditional Changes:\n\n* Refer to Red Hat Enterprise Linux 6.8 Release Notes for information on new kernel features and known issues, and Red Hat Enterprise Linux Technical Notes for information on device driver updates, important changes to external kernel parameters, notable bug fixes, and technology previews. Both of these documents are linked to in the References section.", "modified": "2018-06-06T20:24:16", "published": "2016-05-10T10:42:32", "id": "RHSA-2016:0855", "href": "https://access.redhat.com/errata/RHSA-2016:0855", "type": "redhat", "title": "(RHSA-2016:0855) Moderate: kernel security, bug fix, and enhancement update", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-12-11T13:32:20", "bulletinFamily": "unix", "description": "The kernel packages contain the Linux kernel, the core of any Linux\noperating system.\n\n* A flaw was found in the way the Linux kernel's file system implementation\nhandled rename operations in which the source was inside and the\ndestination was outside of a bind mount. A privileged user inside a\ncontainer could use this flaw to escape the bind mount and, potentially,\nescalate their privileges on the system. (CVE-2015-2925, Important)\n\n* A race condition flaw was found in the way the Linux kernel's IPC\nsubsystem initialized certain fields in an IPC object structure that were\nlater used for permission checking before inserting the object into a\nglobally visible list. A local, unprivileged user could potentially use\nthis flaw to elevate their privileges on the system. (CVE-2015-7613,\nImportant)\n\n* It was found that reporting emulation failures to user space could lead\nto either a local (CVE-2014-7842) or a L2->L1 (CVE-2010-5313) denial of\nservice. In the case of a local denial of service, an attacker must have\naccess to the MMIO area or be able to access an I/O port. (CVE-2010-5313,\nCVE-2014-7842, Moderate)\n\n* A flaw was found in the way the Linux kernel's KVM subsystem handled\nnon-canonical addresses when emulating instructions that change the RIP\n(for example, branches or calls). A guest user with access to an I/O or\nMMIO region could use this flaw to crash the guest. (CVE-2014-3647,\nModerate)\n\n* It was found that the Linux kernel memory resource controller's (memcg)\nhandling of OOM (out of memory) conditions could lead to deadlocks.\nAn attacker could use this flaw to lock up the system. (CVE-2014-8171,\nModerate)\n\n* A race condition flaw was found between the chown and execve system\ncalls. A local, unprivileged user could potentially use this flaw to\nescalate their privileges on the system. (CVE-2015-3339, Moderate)\n\n* A flaw was discovered in the way the Linux kernel's TTY subsystem handled\nthe tty shutdown phase. A local, unprivileged user could use this flaw to\ncause a denial of service on the system. (CVE-2015-4170, Moderate)\n\n* A NULL pointer dereference flaw was found in the SCTP implementation.\nA local user could use this flaw to cause a denial of service on the system\nby triggering a kernel panic when creating multiple sockets in parallel\nwhile the system did not have the SCTP module loaded. (CVE-2015-5283,\nModerate)\n\n* A flaw was found in the way the Linux kernel's perf subsystem retrieved\nuserlevel stack traces on PowerPC systems. A local, unprivileged user could\nuse this flaw to cause a denial of service on the system. (CVE-2015-6526,\nModerate)\n\n* A flaw was found in the way the Linux kernel's Crypto subsystem handled\nautomatic loading of kernel modules. A local user could use this flaw to\nload any installed kernel module, and thus increase the attack surface of\nthe running kernel. (CVE-2013-7421, CVE-2014-9644, Low)\n\n* An information leak flaw was found in the way the Linux kernel changed\ncertain segment registers and thread-local storage (TLS) during a context\nswitch. A local, unprivileged user could use this flaw to leak the user\nspace TLS base address of an arbitrary process. (CVE-2014-9419, Low)\n\n* It was found that the Linux kernel KVM subsystem's sysenter instruction\nemulation was not sufficient. An unprivileged guest user could use this\nflaw to escalate their privileges by tricking the hypervisor to emulate a\nSYSENTER instruction in 16-bit mode, if the guest OS did not initialize the\nSYSENTER model-specific registers (MSRs). Note: Certified guest operating\nsystems for Red Hat Enterprise Linux with KVM do initialize the SYSENTER\nMSRs and are thus not vulnerable to this issue when running on a KVM\nhypervisor. (CVE-2015-0239, Low)\n\n* A flaw was found in the way the Linux kernel handled the securelevel\nfunctionality after performing a kexec operation. A local attacker could\nuse this flaw to bypass the security mechanism of the\nsecurelevel/secureboot combination. (CVE-2015-7837, Low)", "modified": "2018-04-12T03:32:39", "published": "2015-11-20T00:35:51", "id": "RHSA-2015:2152", "href": "https://access.redhat.com/errata/RHSA-2015:2152", "type": "redhat", "title": "(RHSA-2015:2152) Important: kernel security, bug fix, and enhancement update", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}], "suse": [{"lastseen": "2016-09-04T11:57:20", "bulletinFamily": "unix", "description": "The SUSE Linux Enterprise 11 Service Pack 1 LTSS kernel was updated to fix\n security issues on kernels on the x86_64 architecture.\n\n The following security bugs have been fixed:\n\n * CVE-2013-4299: Interpretation conflict in\n drivers/md/dm-snap-persistent.c in the Linux kernel through 3.11.6\n allowed remote authenticated users to obtain sensitive information\n or modify data via a crafted mapping to a snapshot block device\n (bnc#846404).\n * CVE-2014-8160: SCTP firewalling failed until the SCTP module was\n loaded (bnc#913059).\n * CVE-2014-9584: The parse_rock_ridge_inode_internal function in\n fs/isofs/rock.c in the Linux kernel before 3.18.2 did not validate a\n length value in the Extensions Reference (ER) System Use Field,\n which allowed local users to obtain sensitive information from\n kernel memory via a crafted iso9660 image (bnc#912654).\n * CVE-2014-9585: The vdso_addr function in arch/x86/vdso/vma.c in the\n Linux kernel through 3.18.2 did not properly choose memory locations\n for the vDSO area, which made it easier for local users to bypass\n the ASLR protection mechanism by guessing a location at the end of a\n PMD (bnc#912705).\n * CVE-2014-9420: The rock_continue function in fs/isofs/rock.c in the\n Linux kernel through 3.18.1 did not restrict the number of Rock\n Ridge continuation entries, which allowed local users to cause a\n denial of service (infinite loop, and system crash or hang) via a\n crafted iso9660 image (bnc#911325).\n * CVE-2014-0181: The Netlink implementation in the Linux kernel\n through 3.14.1 did not provide a mechanism for authorizing socket\n operations based on the opener of a socket, which allowed local\n users to bypass intended access restrictions and modify network\n configurations by using a Netlink socket for the (1) stdout or (2)\n stderr of a setuid program (bnc#875051).\n * CVE-2010-5313: Race condition in arch/x86/kvm/x86.c in the Linux\n kernel before 2.6.38 allowed L2 guest OS users to cause a denial of\n service (L1 guest OS crash) via a crafted instruction that triggers\n an L2 emulation failure report, a similar issue to CVE-2014-7842\n (bnc#907822).\n * CVE-2014-7842: Race condition in arch/x86/kvm/x86.c in the Linux\n kernel before 3.17.4 allowed guest OS users to cause a denial of\n service (guest OS crash) via a crafted application that performs an\n MMIO transaction or a PIO transaction to trigger a guest userspace\n emulation error report, a similar issue to CVE-2010-5313\n (bnc#905312).\n * CVE-2014-3688: The SCTP implementation in the Linux kernel before\n 3.17.4 allowed remote attackers to cause a denial of service (memory\n consumption) by triggering a large number of chunks in an\n associations output queue, as demonstrated by ASCONF probes, related\n to net/sctp/inqueue.c and net/sctp/sm_statefuns.c (bnc#902351).\n * CVE-2014-3687: The sctp_assoc_lookup_asconf_ack function in\n net/sctp/associola.c in the SCTP implementation in the Linux kernel\n through 3.17.2 allowed remote attackers to cause a denial of service\n (panic) via duplicate ASCONF chunks that trigger an incorrect uncork\n within the side-effect interpreter (bnc#902349).\n * CVE-2014-3673: The SCTP implementation in the Linux kernel through\n 3.17.2 allowed remote attackers to cause a denial of service (system\n crash) via a malformed ASCONF chunk, related to\n net/sctp/sm_make_chunk.c and net/sctp/sm_statefuns.c (bnc#902346).\n * CVE-2014-7841: The sctp_process_param function in\n net/sctp/sm_make_chunk.c in the SCTP implementation in the Linux\n kernel before 3.17.4, when ASCONF is used, allowed remote attackers\n to cause a denial of service (NULL pointer dereference and system\n crash) via a malformed INIT chunk (bnc#905100).\n * CVE-2014-8709: The ieee80211_fragment function in net/mac80211/tx.c\n in the Linux kernel before 3.13.5 did not properly maintain a\n certain tail pointer, which allowed remote attackers to obtain\n sensitive cleartext information by reading packets (bnc#904700).\n * CVE-2013-7263: The Linux kernel before 3.12.4 updated certain length\n values before ensuring that associated data structures have been\n initialized, which allowed local users to obtain sensitive\n information from kernel stack memory via a (1) recvfrom, (2)\n recvmmsg, or (3) recvmsg system call, related to net/ipv4/ping.c,\n net/ipv4/raw.c, net/ipv4/udp.c, net/ipv6/raw.c, and net/ipv6/udp.c\n (bnc#857643).\n * CVE-2012-6657: The sock_setsockopt function in net/core/sock.c in\n the Linux kernel before 3.5.7 did not ensure that a keepalive action\n is associated with a stream socket, which allowed local users to\n cause a denial of service (system crash) by leveraging the ability\n to create a raw socket (bnc#896779).\n * CVE-2014-3185: Multiple buffer overflows in the\n command_port_read_callback function in\n drivers/usb/serial/whiteheat.c in the Whiteheat USB Serial Driver in\n the Linux kernel before 3.16.2 allowed physically proximate\n attackers to execute arbitrary code or cause a denial of service\n (memory corruption and system crash) via a crafted device that\n provides a large amount of (1) EHCI or (2) XHCI data associated with\n a bulk response (bnc#896391).\n * CVE-2014-3184: The report_fixup functions in the HID subsystem in\n the Linux kernel before 3.16.2 might allow physically proximate\n attackers to cause a denial of service (out-of-bounds write) via a\n crafted device that provides a small report descriptor, related to\n (1) drivers/hid/hid-cherry.c, (2) drivers/hid/hid-kye.c, (3)\n drivers/hid/hid-lg.c, (4) drivers/hid/hid-monterey.c, (5)\n drivers/hid/hid-petalynx.c, and (6) drivers/hid/hid-sunplus.c\n (bnc#896390).\n\n The following non-security bugs have been fixed:\n\n * KVM: SVM: Make Use of the generic guest-mode functions (bnc#907822).\n * KVM: inject #UD if instruction emulation fails and exit to userspace\n (bnc#907822).\n * block: Fix bogus partition statistics reports (bnc#885077\n bnc#891211).\n * block: skip request queue cleanup if no elevator is assigned\n (bnc#899338).\n * isofs: Fix unchecked printing of ER records.\n * Re-enable nested-spinlocks-backport patch for xen (bnc#908870).\n * time, ntp: Do not update time_state in middle of leap second\n (bnc#912916).\n * timekeeping: Avoid possible deadlock from clock_was_set_delayed\n (bnc#771619, bnc#915335).\n * udf: Check component length before reading it.\n * udf: Check path length when reading symlink.\n * udf: Verify i_size when loading inode.\n * udf: Verify symlink size before loading it.\n * vt: prevent race between modifying and reading unicode map\n (bnc#915826).\n * writeback: Do not sync data dirtied after sync start (bnc#833820).\n * xfs: Avoid blocking on inode flush in background inode reclaim\n (bnc#892235).\n\n Security Issues:\n\n * CVE-2010-5313\n <<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-5313\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-5313</a>>\n * CVE-2012-6657\n <<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-6657\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-6657</a>>\n * CVE-2013-4299\n <<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4299\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4299</a>>\n * CVE-2013-7263\n <<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-7263\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-7263</a>>\n * CVE-2014-0181\n <<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0181\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0181</a>>\n * CVE-2014-3184\n <<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3184\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3184</a>>\n * CVE-2014-3185\n <<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3185\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3185</a>>\n * CVE-2014-3673\n <<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3673\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3673</a>>\n * CVE-2014-3687\n <<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3687\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3687</a>>\n * CVE-2014-3688\n <<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3688\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3688</a>>\n * CVE-2014-7841\n <<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-7841\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-7841</a>>\n * CVE-2014-7842\n <<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-7842\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-7842</a>>\n * CVE-2014-8160\n <<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8160\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8160</a>>\n * CVE-2014-8709\n <<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8709\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8709</a>>\n * CVE-2014-9420\n <<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9420\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9420</a>>\n * CVE-2014-9584\n <<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9584\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9584</a>>\n * CVE-2014-9585\n <<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9585\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9585</a>>\n", "modified": "2015-04-02T02:06:32", "published": "2015-04-02T02:06:32", "id": "SUSE-SU-2015:0652-1", "href": "http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00000.html", "type": "suse", "title": "Security update for Linux kernel (important)", "cvss": {"score": 7.8, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:COMPLETE/"}}, {"lastseen": "2016-09-04T11:48:25", "bulletinFamily": "unix", "description": "The SUSE Linux Enterprise 11 SP3 Realtime kernel was updated to receive\n various security and bugfixes.\n\n The following security bugs have been fixed:\n\n *\n\n CVE-2015-1593: An integer overflow in the stack randomization on\n 64-bit systems lead to less effective stack ASLR on those systems.\n (bsc#917839)\n\n *\n\n CVE-2014-8160: iptables rules could be bypassed if the specific\n network protocol module was not loaded, allowing e.g. SCTP to bypass the\n firewall if the sctp protocol was not enabled. (bsc#913059)\n\n *\n\n CVE-2014-7822: A flaw was found in the way the Linux kernels\n splice() system call validated its parameters. On certain file systems, a\n local, unprivileged user could have used this flaw to write past the\n maximum file size, and thus crash the system. (bnc#915322)\n\n *\n\n CVE-2014-9419: The __switch_to function in\n arch/x86/kernel/process_64.c in the Linux kernel did not ensure that\n Thread Local Storage (TLS) descriptors are loaded before proceeding with\n other steps, which made it easier for local users to bypass the ASLR\n protection mechanism via a crafted application that reads a TLS base\n address (bnc#911326).\n\n *\n\n CVE-2014-9584: The parse_rock_ridge_inode_internal function in\n fs/isofs/rock.c in the Linux kernel did not validate a length value in the\n Extensions Reference (ER) System Use Field, which allowed local users to\n obtain sensitive information from kernel memory via a crafted iso9660\n image (bnc#912654).\n\n *\n\n CVE-2014-9585: The vdso_addr function in arch/x86/vdso/vma.c in the\n Linux kernel did not properly choose memory locations for the vDSO area,\n which made it easier for local users to bypass the ASLR protection\n mechanism by guessing a location at the end of a PMD (bnc#912705).\n\n *\n\n CVE-2014-8559: The d_walk function in fs/dcache.c in the Linux\n kernel did not properly maintain the semantics of rename_lock, which\n allowed local users to cause a denial of service (deadlock and system\n hang) via a crafted application (bnc#903640).\n\n *\n\n CVE-2014-9420: The rock_continue function in fs/isofs/rock.c in the\n Linux kernel did not restrict the number of Rock Ridge continuation\n entries, which allowed local users to cause a denial of service (infinite\n loop, and system crash or hang) via a crafted iso9660 image (bsc#911325).\n\n *\n\n CVE-2014-8134: The paravirt_ops_setup function in\n arch/x86/kernel/kvm.c in the Linux kernel used an improper\n paravirt_enabled setting for KVM guest kernels, which made it easier for\n guest OS users to bypass the ASLR protection mechanism via a crafted\n application that reads a 16-bit value (bnc#907818 909077 909078).\n\n *\n\n CVE-2014-8369: The kvm_iommu_map_pages function in virt/kvm/iommu.c\n in the Linux kernel miscalculated the number of pages during the handling\n of a mapping failure, which allowed guest OS users to cause a denial of\n service (host OS page unpinning) or possibly have unspecified other impact\n by leveraging guest OS privileges. NOTE: this vulnerability exists because\n of an incorrect fix for CVE-2014-3601 (bsc#902675).\n\n *\n\n CVE-2014-3690: arch/x86/kvm/vmx.c in the KVM subsystem in the Linux\n kernel on Intel processors did not ensure that the value in the CR4\n control register remains the same after a VM entry, which allowed host OS\n users to kill arbitrary processes or cause a denial of service (system\n disruption) by leveraging /dev/kvm access, as demonstrated by PR_SET_TSC\n prctl calls within a modified copy of QEMU (bnc#902232).\n\n *\n\n CVE-2014-7842: Race condition in arch/x86/kvm/x86.c in the Linux\n kernel allowed guest OS users to cause a denial of service (guest OS\n crash) via a crafted application that performs an MMIO transaction or a\n PIO transaction to trigger a guest userspace emulation error report, a\n similar issue to CVE-2010-5313 (bnc#905312).\n\n *\n\n CVE-2014-0181: The Netlink implementation in the Linux kernel did\n not provide a mechanism for authorizing socket operations based on the\n opener of a socket, which allowed local users to bypass intended\n access restrictions and modify network configurations by using a Netlink\n socket for the (1) stdout or (2) stderr of a setuid program (bnc#875051).\n\n *\n\n CVE-2014-3688: The SCTP implementation in the Linux kernel allowed\n remote attackers to cause a denial of service (memory consumption) by\n triggering a large number of chunks in an associations output queue, as\n demonstrated by ASCONF probes, related to net/sctp/inqueue.c and\n net/sctp/sm_statefuns.c (bnc#902351).\n\n *\n\n CVE-2014-7970: The pivot_root implementation in fs/namespace.c in\n the Linux kernel did not properly interact with certain locations of a\n chroot directory, which allowed local users to cause a denial of service\n (mount-tree loop) via . (dot) values in both arguments to the pivot_root\n system call (bnc#900644).\n\n *\n\n CVE-2014-3687: The sctp_assoc_lookup_asconf_ack function in\n net/sctp/associola.c in the SCTP implementation in the Linux kernel\n allowed remote attackers to cause a denial of service (panic) via\n duplicate ASCONF chunks that trigger an incorrect uncork within the\n side-effect interpreter (bnc#902349 904899).\n\n The following non-security bugs have been fixed:\n\n * ACPI idle: permit sparse C-state sub-state numbers\n (bnc#908550,FATE#317933).\n * ALSA : hda - not use assigned converters for all unused pins\n (FATE#317933).\n * ALSA: hda - Add Device IDs for Intel Wildcat Point-LP PCH\n (FATE#317347).\n * ALSA: hda - Fix onboard audio on Intel H97/Z97 chipsets\n (FATE#317347).\n * ALSA: hda - add PCI IDs for Intel BayTrail (FATE#317347).\n * ALSA: hda - add PCI IDs for Intel Braswell (FATE#317347).\n * ALSA: hda - add codec ID for Braswell display audio codec\n (FATE#317933).\n * ALSA: hda - add codec ID for Broadwell display audio codec\n (FATE#317933).\n * ALSA: hda - add codec ID for Valleyview2 display codec (FATE#317933).\n * ALSA: hda - define is_haswell() to check if a display audio codec is\n Haswell (FATE#317933).\n * ALSA: hda - hdmi: Re-setup pin and infoframe on plug-in on all\n codecs (FATE#317933).\n * ALSA: hda - not choose assigned converters for unused pins of\n Valleyview (FATE#317933).\n * ALSA: hda - rename function not_share_unassigned_cvt() (FATE#317933).\n * ALSA: hda - unmute pin amplifier in infoframe setup for Haswell\n (FATE#317933).\n * ALSA: hda - verify pin:converter connection on unsol event for HSW\n and VLV (FATE#317933).\n * ALSA: hda - verify pin:cvt connection on preparing a stream for\n Intel HDMI codec (FATE#317933).\n * ALSA: hda/hdmi - apply Valleyview fix-ups to Cherryview display\n codec (FATE#317933).\n * ALSA: hda/hdmi - apply all Haswell fix-ups to Broadwell display\n codec (FATE#317933).\n * ALSA: hda_intel: Add Device IDs for Intel Sunrise Point PCH\n (FATE#317347).\n * ALSA: hda_intel: Add DeviceIDs for Sunrise Point-LP (FATE#317347).\n * Add support for AdvancedSilicon HID multitouch screen (2149:36b1)\n (FATE#317933).\n * Disable switching to bootsplash at oops/panic (bnc#877593).\n * Do not trigger congestion wait on dirty-but-not-writeout pages (VM\n Performance, bnc#909093, bnc#910517).\n * Fix HDIO_DRIVE_* ioctl() regression (bnc#833588, bnc#905799)\n * Fix Module.supported handling for external modules (bnc#905304).\n * Fix zero freq if frequency is requested too quickly in a row\n (bnc#908572).\n * Fix zero freq if frequency is requested too quickly in a row\n (bnc#908572).\n * Fixup kABI after\n patches.fixes/writeback-do-not-sync-data-dirtied-after-sync-start.patch (bn\n c#833820).\n * Force native backlight for HP POS machines (bnc#908551,FATE#317933).\n * HID: use multi input quirk for 22b9:2968 (FATE#317933).\n * IPoIB: Use a private hash table for path lookup in xmit path\n (bsc#907196).\n * Import kabi files from kernel 3.0.101-0.40\n * KEYS: Fix stale key registration at error path (bnc#908163).\n * NFS: Add sequence_priviliged_ops for nfs4_proc_sequence()\n (bnc#864401).\n * NFS: do not use STABLE writes during writeback (bnc#816099).\n * NFSv4.1 handle DS stateid errors (bnc#864401).\n * NFSv4.1: Do not decode skipped layoutgets (bnc#864411).\n * NFSv4.1: Fix a race in the pNFS return-on-close code (bnc#864409).\n * NFSv4.1: Fix an ABBA locking issue with session and state\n serialisation (bnc#864409).\n * NFSv4.1: We must release the sequence id when we fail to get a\n session slot (bnc#864401).\n * NFSv4: Do not accept delegated opens when a delegation recall is in\n effect (bnc#864409).\n * NFSv4: Ensure correct locking when accessing the "^a" list\n (bnc#864401).\n * NFSv4: Fix another reboot recovery race (bnc#916982).\n * Preserve kabi checksum of path_is_under().\n * Refresh patches.drivers/HID-multitouch-add-support-for-Atmel-212c.\n Fix the non-working touchsreen (bnc#909740)\n * Revert "drm/i915: Calculate correct stolen size for GEN7+"\n (bnc#908550,FATE#317933).\n * SUNRPC: Do not allow low priority tasks to pre-empt higher priority\n ones (bnc#864401).\n * SUNRPC: When changing the queue priority, ensure that we change the\n owner (bnc#864401).\n * Setting rbd and libceph as supported drivers (bsc#917884)\n * The bug number in\n patches.fixes/timekeeping-avoid-possible-deadlock-from-clock_was_set.patch\n changed from bsc#771619 to bsc#915335.\n * audit: efficiency fix 1: only wake up if queue shorter than backlog\n limit (bnc#908393).\n * audit: efficiency fix 2: request exclusive wait since all need same\n resource (bnc#908393).\n * audit: fix endless wait in audit_log_start() (bnc#908393).\n * audit: make use of remaining sleep time from wait_for_auditd\n (bnc#908393).\n * audit: refactor hold queue flush (bnc#908393).\n * audit: reset audit backlog wait time after error recovery\n (bnc#908393).\n * audit: wait_for_auditd() should use TASK_UNINTERRUPTIBLE\n (bnc#908393).\n * block: rbd: use NULL instead of 0 (FATE#318328 bsc#917884).\n * block: replace strict_strtoul() with kstrtoul() (FATE#318328\n bsc#917884).\n * bonding: propagate LRO disabling down to slaves (bnc#829110\n bnc#891277 bnc#904053).\n * cciss: fix broken mutex usage in ioctl (bnc#910013).\n * ceph: Add necessary clean up if invalid reply received in\n handle_reply() (FATE#318328 bsc#917884).\n * ceph: remove bogus extern (FATE#318328 bsc#917884).\n * config: Disable CONFIG_RCU_FAST_NO_HZ (bnc#884817) This option has\n been verified to be racy vs hotplug, and is irrelevant to SLE in any\n case.\n * coredump: ensure the fpu state is flushed for proper multi-threaded\n core dump (bnc#904671).\n * crush: CHOOSE_LEAF -> CHOOSELEAF throughout (FATE#318328 bsc#917884).\n * crush: add SET_CHOOSE_TRIES rule step (FATE#318328 bsc#917884).\n * crush: add note about r in recursive choose (FATE#318328 bsc#917884).\n * crush: add set_choose_local_[fallback_]tries steps (FATE#318328\n bsc#917884).\n * crush: apply chooseleaf_tries to firstn mode too (FATE#318328\n bsc#917884).\n * crush: attempts -> tries (FATE#318328 bsc#917884).\n * crush: clarify numrep vs endpos (FATE#318328 bsc#917884).\n * crush: eliminate CRUSH_MAX_SET result size limitation (FATE#318328\n bsc#917884).\n * crush: factor out (trivial) crush_destroy_rule() (FATE#318328\n bsc#917884).\n * crush: fix crush_choose_firstn comment (FATE#318328 bsc#917884).\n * crush: fix some comments (FATE#318328 bsc#917884).\n * crush: generalize descend_once (FATE#318328 bsc#917884).\n * crush: new SET_CHOOSE_LEAF_TRIES command (FATE#318328 bsc#917884).\n * crush: pass parent r value for indep call (FATE#318328 bsc#917884).\n * crush: pass weight vector size to map function (FATE#318328\n bsc#917884).\n * crush: reduce scope of some local variables (FATE#318328 bsc#917884).\n * crush: return CRUSH_ITEM_UNDEF for failed placements with indep\n (FATE#318328 bsc#917884).\n * crush: strip firstn conditionals out of crush_choose, rename\n (FATE#318328 bsc#917884).\n * crush: use breadth-first search for indep mode (FATE#318328\n bsc#917884).\n * crypto: add missing crypto module aliases (bsc#914423).\n * crypto: include crypto- module prefix in template (bsc#914423).\n * crypto: kernel oops at insmod of the z90crypt device driver\n (bnc#909088, LTC#119591).\n * crypto: prefix module autoloading with "crypto-" (bsc#914423).\n * dm raid: add region_size parameter (bnc#895841).\n * do not do blind d_drop() in nfs_prime_dcache() (bnc#908069\n bnc#896484).\n * drm/cirrus: Fix cirrus drm driver for fbdev + qemu\n (bsc#909846,bnc#856760).\n * drm/i915: split PCI IDs out into i915_drm.h v4\n (bnc#908550,FATE#317933).\n * fix dcache exit scaling (bnc#876594).\n * infiniband: ipoib: Sanitize neighbour handling in ipoib_main.c\n (bsc#907196).\n * iommu/vt-d: Fix an off-by-one bug in __domain_mapping() (bsc#908825).\n * ipoib: Convert over to dev_lookup_neigh_skb() (bsc#907196).\n * ipoib: Need to do dst_neigh_lookup_skb() outside of priv->lock\n (bsc#907196).\n * ipv6: fix net reference leak in IPv6 conntrack reassembly\n (bnc#865419).\n * isofs: Fix unchecked printing of ER records.\n * kABI: protect console include in consolemap.\n * kabi fix (bnc#864404).\n * kabi, mm: prevent endless growth of anon_vma hierarchy (bnc#904242).\n * kernel/audit.c: avoid negative sleep durations (bnc#908393).\n * kernel: 3215 tty close crash (bnc#915209, LTC#120873).\n * kernel: incorrect clock_gettime result (bnc#915209, LTC#121184).\n * kvm: Do not expose MONITOR cpuid as available (bnc#887597)\n * kvm: iommu: Add cond_resched to legacy device assignment code\n (bnc#910159).\n * libceph: CEPH_OSD_FLAG_* enum update (FATE#318328 bsc#917884).\n * libceph: add ceph_kv{malloc,free}() and switch to them (FATE#318328\n bsc#917884).\n * libceph: add ceph_pg_pool_by_id() (FATE#318328 bsc#917884).\n * libceph: add function to ensure notifies are complete (FATE#318328\n bsc#917884).\n * libceph: add process_one_ticket() helper (FATE#318328 bsc#917884).\n * libceph: all features fields must be u64 (FATE#318328 bsc#917884).\n * libceph: block I/O when PAUSE or FULL osd map flags are set\n (FATE#318328 bsc#917884).\n * libceph: call r_unsafe_callback when unsafe reply is received\n (FATE#318328 bsc#917884).\n * libceph: create_singlethread_workqueue() does not return ERR_PTRs\n (FATE#318328 bsc#917884).\n * libceph: do not hard code max auth ticket len (FATE#318328\n bsc#917884).\n * libceph: dout() is missing a newline (FATE#318328 bsc#917884).\n * libceph: factor out logic from ceph_osdc_start_request()\n (FATE#318328 bsc#917884).\n * libceph: fix error handling in ceph_osdc_init() (FATE#318328\n bsc#917884).\n * libceph: fix preallocation check in get_reply() (FATE#318328\n bsc#917884).\n * libceph: fix safe completion (FATE#318328 bsc#917884).\n * libceph: follow redirect replies from osds (FATE#318328 bsc#917884).\n * libceph: follow {read,write}_tier fields on osd request submission\n (FATE#318328 bsc#917884).\n * libceph: gracefully handle large reply messages from the mon\n (FATE#318328 bsc#917884).\n * libceph: introduce and start using oid abstraction (FATE#318328\n bsc#917884).\n * libceph: rename MAX_OBJ_NAME_SIZE to CEPH_MAX_OID_NAME_LEN\n (FATE#318328 bsc#917884).\n * libceph: rename ceph_msg::front_max to front_alloc_len (FATE#318328\n bsc#917884).\n * libceph: rename ceph_osd_request::r_{oloc,oid} to r_base_{oloc,oid}\n (FATE#318328 bsc#917884).\n * libceph: rename front to front_len in get_reply() (FATE#318328\n bsc#917884).\n * libceph: replace ceph_calc_ceph_pg() with ceph_oloc_oid_to_pg()\n (FATE#318328 bsc#917884).\n * libceph: resend all writes after the osdmap loses the full flag\n (FATE#318328 bsc#917884).\n * libceph: start using oloc abstraction (FATE#318328 bsc#917884).\n * libceph: take map_sem for read in handle_reply() (FATE#318328\n bsc#917884).\n * libceph: update ceph_features.h (FATE#318328 bsc#917884).\n * libceph: use CEPH_MON_PORT when the specified port is 0 (FATE#318328\n bsc#917884).\n * libiscsi: Added new boot entries in the session sysfs (FATE#316723\n bsc#914355)\n * mei: ME hardware reset needs to be synchronized (bnc#876086).\n * mei: add 9 series PCH mei device ids (bnc#876086).\n * mei: add hw start callback (bnc#876086).\n * mei: cancel stall timers in mei_reset (bnc#876086).\n * mei: do not have to clean the state on power up (bnc#876086).\n * mei: limit the number of consecutive resets (bnc#876086).\n * mei: me: add Lynx Point Wellsburg work station device id\n (bnc#876086).\n * mei: me: clear interrupts on the resume path (bnc#876086).\n * mei: me: do not load the driver if the FW does not support MEI\n interface (bnc#876086).\n * mei: me: fix hardware reset flow (bnc#876086).\n * mei: me: read H_CSR after asserting reset (bnc#876086).\n * mm, vmscan: prevent kswapd livelock due to pfmemalloc-throttled\n process being killed (VM Functionality bnc#910150).\n * mm: fix BUG in __split_huge_page_pmd (bnc#906586).\n * mm: fix corner case in anon_vma endless growing prevention\n (bnc#904242).\n * mm: prevent endless growth of anon_vma hierarchy (bnc#904242).\n * mm: vmscan: count only dirty pages as congested (VM Performance,\n bnc#910517).\n * net, sunrpc: suppress allocation warning in rpc_malloc()\n (bnc#904659).\n * net: 8021q/bluetooth/bridge/can/ceph: Remove extern from function\n prototypes (FATE#318328 bsc#917884).\n * net: handle more general stacking in dev_disable_lro() (bnc#829110\n bnc#891277 bnc#904053).\n * netfilter: do not drop packet on insert collision (bnc#907611).\n * nf_conntrack: avoid reference leak in __ipv6_conntrack_in()\n (bnc#865419).\n * nfs_prime_dcache needs fh to be set (bnc#908069 bnc#896484).\n * nfsd: fix EXDEV checking in rename (bnc#915791).\n * pnfs: defer release of pages in layoutget (bnc#864411).\n * proc_sys_revalidate: fix Oops on NULL nameidata (bnc#907551).\n * qlge: fix an "&&" vs "||" bug (bsc#912171).\n * rbd: Fix error recovery in rbd_obj_read_sync() (FATE#318328\n bsc#917884).\n * rbd: Use min_t() to fix comparison of distinct pointer types warning\n (FATE#318328 bsc#917884).\n * rbd: add "minor" sysfs rbd device attribute (FATE#318328 bsc#917884).\n * rbd: add support for single-major device number allocation scheme\n (FATE#318328 bsc#917884).\n * rbd: clean up a few things in the refresh path (FATE#318328\n bsc#917884).\n * rbd: complete notifies before cleaning up osd_client and rbd_dev\n (FATE#318328 bsc#917884).\n * rbd: do not destroy ceph_opts in rbd_add() (FATE#318328 bsc#917884).\n * rbd: do not hold ctl_mutex to get/put device (FATE#318328\n bsc#917884).\n * rbd: drop an unsafe assertion (FATE#318328 bsc#917884).\n * rbd: drop original request earlier for existence check (FATE#318328\n bsc#917884).\n * rbd: enable extended devt in single-major mode (FATE#318328\n bsc#917884).\n * rbd: fetch object order before using it (FATE#318328 bsc#917884).\n * rbd: fix I/O error propagation for reads (FATE#318328 bsc#917884).\n * rbd: fix a couple warnings (FATE#318328 bsc#917884).\n * rbd: fix buffer size for writes to images with snapshots\n (FATE#318328 bsc#917884).\n * rbd: fix cleanup in rbd_add() (FATE#318328 bsc#917884).\n * rbd: fix error handling from rbd_snap_name() (FATE#318328\n bsc#917884).\n * rbd: fix error paths in rbd_img_request_fill() (FATE#318328\n bsc#917884).\n * rbd: fix null dereference in dout (FATE#318328 bsc#917884).\n * rbd: fix use-after free of rbd_dev->disk (FATE#318328 bsc#917884).\n * rbd: flush dcache after zeroing page data (FATE#318328 bsc#917884).\n * rbd: ignore unmapped snapshots that no longer exist (FATE#318328\n bsc#917884).\n * rbd: introduce rbd_dev_header_unwatch_sync() and switch to it\n (FATE#318328 bsc#917884).\n * rbd: make rbd_obj_notify_ack() synchronous (FATE#318328 bsc#917884).\n * rbd: protect against concurrent unmaps (FATE#318328 bsc#917884).\n * rbd: protect against duplicate client creation (FATE#318328\n bsc#917884).\n * rbd: rbd_device::dev_id is an int, format it as such (FATE#318328\n bsc#917884).\n * rbd: refactor rbd_init() a bit (FATE#318328 bsc#917884).\n * rbd: send snapshot context with writes (FATE#318328 bsc#917884).\n * rbd: set removing flag while holding list lock (FATE#318328\n bsc#917884).\n * rbd: switch to ida for rbd id assignments (FATE#318328 bsc#917884).\n * rbd: take a little credit (FATE#318328 bsc#917884).\n * rbd: tear down watch request if rbd_dev_device_setup() fails\n (FATE#318328 bsc#917884).\n * rbd: tweak "loaded" message and module description (FATE#318328\n bsc#917884).\n * rbd: use reference counts for image requests (FATE#318328\n bsc#917884).\n * rbd: use rwsem to protect header updates (FATE#318328 bsc#917884).\n * rbd: use the correct length for format 2 object names (FATE#318328\n bsc#917884).\n * rpm/kernel-binary.spec.in: Own the modules directory in the devel\n package (bnc#910322)\n * scsi_dh_alua: add missing hunk in alua_set_params() (bnc#846656).\n * scsifront: avoid acquiring same lock twice if ring is full.\n * sd: medium access timeout counter fails to reset (bnc#894213).\n * storvsc: ring buffer failures may result in I/O freeze\n * swap: fix shmem swapping when more than 8 areas (bnc#903096).\n * timekeeping: Avoid possible deadlock from clock_was_set_delayed\n (bsc#771619).\n * tty: Fix memory leak in virtual console when enable unicode\n translation (bnc#916515).\n * udf: Check component length before reading it.\n * udf: Check path length when reading symlink.\n * udf: Verify i_size when loading inode.\n * udf: Verify symlink size before loading it.\n * udp: Add MIB counters for rcvbuferrors (bnc#909565).\n * usb: xhci: rework root port wake bits if controller is not allowed\n to wakeup (bsc#909264).\n * virtio_net: drop dst reference before transmitting a packet\n (bnc#882470).\n * vt: push the tty_lock down into the map handling (bnc#915826).\n * workqueue: Make rescuer thread process more works (bnc#900279).\n * x86, xsave: remove thread_has_fpu() bug check in\n __sanitize_i387_state() (bnc#904671).\n * x86-64/MCE: flip CPU and bank numbers in log message.\n * x86/UV: Fix NULL pointer dereference in uv_flush_tlb_others() if the\n "^a" boot option is used (bsc#909092).\n * x86/UV: Fix conditional in gru_exit() (bsc#909095).\n * x86/early quirk: use gen6 stolen detection for VLV\n (bnc#908550,FATE#317933).\n * x86/gpu: Print the Intel graphics stolen memory range (bnc#908550).\n * x86/hpet: Make boot_hpet_disable extern (bnc#908550,FATE#317933).\n * x86/intel: Add quirk to disable HPET for the Baytrail platform\n (bnc#908550,FATE#317933).\n * x86/uv: Fix UV2 BAU legacy mode (bsc#909092).\n * x86/uv: Fix the UV BAU destination timeout period (bsc#909092).\n * x86/uv: Implement UV BAU runtime enable and disable control via\n /proc/sgi_uv/ (bsc#909092).\n * x86/uv: Update the UV3 TLB shootdown logic (bsc#909092).\n * x86/uv: Work around UV2 BAU hangs (bsc#909092).\n * x86: UV BAU: Avoid NULL pointer reference in ptc_seq_show\n (bsc#911181).\n * x86: UV BAU: Increase maximum CPUs per socket/hub (bsc#911181).\n * x86: add early quirk for reserving Intel graphics stolen memory v5\n (bnc#908550,FATE#317933).\n * x86: irq: Check for valid irq descriptor in\n check_irq_vectors_for_cpu_disable (bnc#914726).\n * xen-privcmd-hcall-preemption: Fix EFLAGS.IF access.\n * xfs: re-enable non-blocking behaviour in xfs_map_blocks (bnc#900279).\n * xfs: recheck buffer pinned status after push trylock failure\n (bnc#907338).\n * xfs: remove log force from xfs_buf_trylock() (bnc#907338).\n * xhci: fix incorrect type in assignment in\n handle_device_notification() (bsc#910321).\n * zcrypt: Number of supported ap domains is not retrievable\n (bnc#915209, LTC#120788).\n\n Security Issues:\n\n * CVE-2013-7263\n <<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-7263\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-7263</a>>\n * CVE-2014-0181\n <<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0181\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0181</a>>\n * CVE-2014-3687\n <<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3687\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3687</a>>\n * CVE-2014-3688\n <<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3688\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3688</a>>\n * CVE-2014-3690\n <<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3690\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3690</a>>\n * CVE-2014-4608\n <<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4608\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4608</a>>\n * CVE-2014-7822\n <<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-7822\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-7822</a>>\n * CVE-2014-7842\n <<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-7842\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-7842</a>>\n * CVE-2014-7970\n <<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-7970\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-7970</a>>\n * CVE-2014-8133\n <<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8133\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8133</a>>\n * CVE-2014-8134\n <<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8134\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8134</a>>\n * CVE-2014-8160\n <<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8160\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8160</a>>\n * CVE-2014-8369\n <<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8369\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8369</a>>\n * CVE-2014-8559\n <<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8559\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8559</a>>\n * CVE-2014-9090\n <<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9090\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9090</a>>\n * CVE-2014-9322\n <<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9322\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9322</a>>\n * CVE-2014-9419\n <<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9419\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9419</a>>\n * CVE-2014-9420\n <<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9420\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9420</a>>\n * CVE-2014-9584\n <<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9584\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9584</a>>\n * CVE-2014-9585\n <<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9585\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9585</a>>\n * CVE-2015-1593\n <<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1593\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1593</a>>\n", "modified": "2015-04-20T21:05:00", "published": "2015-04-20T21:05:00", "href": "http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00015.html", "id": "SUSE-SU-2015:0736-1", "type": "suse", "title": "Security update for Real Time Linux Kernel (important)", "cvss": {"score": 7.8, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:COMPLETE/"}}, {"lastseen": "2016-09-04T12:08:20", "bulletinFamily": "unix", "description": "The SUSE Linux Enterprise 11 SP3 kernel has been updated to receive\n various security and bugfixes.\n\n New features enabled:\n\n * The Ceph and rbd remote network block device drivers are now enabled\n and supported, to serve as client for SUSE Enterprise Storage 1.0.\n (FATE#318328)\n * Support to selected Bay Trail CPUs used in Point of Service Hardware\n was enabled. (FATE#317933)\n * Broadwell Legacy Audio, HDMI Audio and DisplayPort Audio support\n (Audio Driver: HD-A HDMI/DP Audio/HDA Analog/DSP) was enabled.\n (FATE#317347)\n\n The following security bugs have been fixed:\n\n * CVE-2015-1593: An integer overflow in the stack randomization on\n 64-bit systems lead to less effective stack ASLR on those systems.\n (bsc#917839)\n * CVE-2014-8160: iptables rules could be bypassed if the specific\n network protocol module was not loaded, allowing e.g. SCTP to bypass\n the firewall if the sctp protocol was not enabled. (bsc#913059)\n * CVE-2014-7822: A flaw was found in the way the Linux kernels\n splice() system call validated its parameters. On certain file\n systems, a local, unprivileged user could have used this flaw to\n write past the maximum file size, and thus crash the system.\n (bnc#915322)\n * CVE-2014-9419: The __switch_to function in\n arch/x86/kernel/process_64.c in the Linux kernel did not ensure that\n Thread Local Storage (TLS) descriptors are loaded before proceeding\n with other steps, which made it easier for local users to bypass the\n ASLR protection mechanism via a crafted application that reads a TLS\n base address (bnc#911326).\n * CVE-2014-9584: The parse_rock_ridge_inode_internal function in\n fs/isofs/rock.c in the Linux kernel did not validate a length value\n in the Extensions Reference (ER) System Use Field, which allowed\n local users to obtain sensitive information from kernel memory via a\n crafted iso9660 image (bnc#912654).\n * CVE-2014-9585: The vdso_addr function in arch/x86/vdso/vma.c in the\n Linux kernel did not properly choose memory locations for the vDSO\n area, which made it easier for local users to bypass the ASLR\n protection mechanism by guessing a location at the end of a PMD\n (bnc#912705).\n * CVE-2014-8559: The d_walk function in fs/dcache.c in the Linux\n kernel did not properly maintain the semantics of rename_lock, which\n allowed local users to cause a denial of service (deadlock and\n system hang) via a crafted application (bnc#903640).\n * CVE-2014-9420: The rock_continue function in fs/isofs/rock.c in the\n Linux kernel did not restrict the number of Rock Ridge continuation\n entries, which allowed local users to cause a denial of service\n (infinite loop, and system crash or hang) via a crafted iso9660\n image (bsc#911325).\n * CVE-2014-8134: The paravirt_ops_setup function in\n arch/x86/kernel/kvm.c in the Linux kernel used an improper\n paravirt_enabled setting for KVM guest kernels, which made it easier\n for guest OS users to bypass the ASLR protection mechanism via a\n crafted application that reads a 16-bit value (bnc#907818 909077\n 909078).\n * CVE-2014-8369: The kvm_iommu_map_pages function in virt/kvm/iommu.c\n in the Linux kernel miscalculated the number of pages during the\n handling of a mapping failure, which allowed guest OS users to cause\n a denial of service (host OS page unpinning) or possibly have\n unspecified other impact by leveraging guest OS privileges. NOTE:\n this vulnerability exists because of an incorrect fix for\n CVE-2014-3601 (bsc#902675).\n * CVE-2014-3690: arch/x86/kvm/vmx.c in the KVM subsystem in the Linux\n kernel on Intel processors did not ensure that the value in the CR4\n control register remains the same after a VM entry, which allowed\n host OS users to kill arbitrary processes or cause a denial of\n service (system disruption) by leveraging /dev/kvm access, as\n demonstrated by PR_SET_TSC prctl calls within a modified copy of\n QEMU (bnc#902232).\n * CVE-2014-7842: Race condition in arch/x86/kvm/x86.c in the Linux\n kernel allowed guest OS users to cause a denial of service (guest OS\n crash) via a crafted application that performs an MMIO transaction\n or a PIO transaction to trigger a guest userspace emulation error\n report, a similar issue to CVE-2010-5313 (bnc#905312).\n * CVE-2014-0181: The Netlink implementation in the Linux kernel did\n not provide a mechanism for authorizing socket operations based on\n the\n opener of a socket, which allowed local users to bypass intended\n access restrictions and modify network configurations by using a Netlink\n socket for the (1) stdout or (2) stderr of a setuid program (bnc#875051).\n * CVE-2014-3688: The SCTP implementation in the Linux kernel allowed\n remote attackers to cause a denial of service (memory consumption)\n by triggering a large number of chunks in an associations output\n queue, as demonstrated by ASCONF probes, related to\n net/sctp/inqueue.c and net/sctp/sm_statefuns.c (bnc#902351).\n * CVE-2014-7970: The pivot_root implementation in fs/namespace.c in\n the Linux kernel did not properly interact with certain locations of\n a chroot directory, which allowed local users to cause a denial of\n service (mount-tree loop) via . (dot) values in both arguments to\n the pivot_root system call (bnc#900644).\n * CVE-2014-3687: The sctp_assoc_lookup_asconf_ack function in\n net/sctp/associola.c in the SCTP implementation in the Linux kernel\n allowed remote attackers to cause a denial of service (panic) via\n duplicate ASCONF chunks that trigger an incorrect uncork within the\n side-effect interpreter (bnc#902349, bnc#904899).\n\n The following non-security bugs have been fixed:\n\n * ACPI idle: permit sparse C-state sub-state numbers\n (bnc#908550,FATE#317933).\n * ALSA : hda - not use assigned converters for all unused pins\n (FATE#317933).\n * ALSA: hda - Add Device IDs for Intel Wildcat Point-LP PCH\n (FATE#317347).\n * ALSA: hda - Fix onboard audio on Intel H97/Z97 chipsets\n (FATE#317347).\n * ALSA: hda - add PCI IDs for Intel BayTrail (FATE#317347).\n * ALSA: hda - add PCI IDs for Intel Braswell (FATE#317347).\n * ALSA: hda - add codec ID for Braswell display audio codec\n (FATE#317933).\n * ALSA: hda - add codec ID for Broadwell display audio codec\n (FATE#317933).\n * ALSA: hda - add codec ID for Valleyview2 display codec (FATE#317933).\n * ALSA: hda - define is_haswell() to check if a display audio codec is\n Haswell (FATE#317933).\n * ALSA: hda - hdmi: Re-setup pin and infoframe on plug-in on all\n codecs (FATE#317933).\n * ALSA: hda - not choose assigned converters for unused pins of\n Valleyview (FATE#317933).\n * ALSA: hda - rename function not_share_unassigned_cvt() (FATE#317933).\n * ALSA: hda - unmute pin amplifier in infoframe setup for Haswell\n (FATE#317933).\n * ALSA: hda - verify pin:converter connection on unsol event for HSW\n and VLV (FATE#317933).\n * ALSA: hda - verify pin:cvt connection on preparing a stream for\n Intel HDMI codec (FATE#317933).\n * ALSA: hda/hdmi - apply Valleyview fix-ups to Cherryview display\n codec (FATE#317933).\n * ALSA: hda/hdmi - apply all Haswell fix-ups to Broadwell display\n codec (FATE#317933).\n * ALSA: hda_intel: Add Device IDs for Intel Sunrise Point PCH\n (FATE#317347).\n * ALSA: hda_intel: Add DeviceIDs for Sunrise Point-LP (FATE#317347).\n * Add support for AdvancedSilicon HID multitouch screen (2149:36b1)\n (FATE#317933).\n * Disable switching to bootsplash at oops/panic (bnc#877593).\n * Do not trigger congestion wait on dirty-but-not-writeout pages (VM\n Performance, bnc#909093, bnc#910517).\n * Fix HDIO_DRIVE_* ioctl() regression (bnc#833588, bnc#905799)\n * Fix Module.supported handling for external modules (bnc#905304).\n * Fix zero freq if frequency is requested too quickly in a row\n (bnc#908572).\n * Fix zero freq if frequency is requested too quickly in a row\n (bnc#908572).\n * Fixup kABI after\n patches.fixes/writeback-do-not-sync-data-dirtied-after-sync-start.patch (bn\n c#833820).\n * Force native backlight for HP POS machines (bnc#908551,FATE#317933).\n * HID: use multi input quirk for 22b9:2968 (FATE#317933).\n * IPoIB: Use a private hash table for path lookup in xmit path\n (bsc#907196).\n * Import kabi files from kernel 3.0.101-0.40\n * KEYS: Fix stale key registration at error path (bnc#908163).\n * NFS: Add sequence_priviliged_ops for nfs4_proc_sequence()\n (bnc#864401).\n * NFS: do not use STABLE writes during writeback (bnc#816099).\n * NFSv4.1 handle DS stateid errors (bnc#864401).\n * NFSv4.1: Do not decode skipped layoutgets (bnc#864411).\n * NFSv4.1: Fix a race in the pNFS return-on-close code (bnc#864409).\n * NFSv4.1: Fix an ABBA locking issue with session and state\n serialisation (bnc#864409).\n * NFSv4.1: We must release the sequence id when we fail to get a\n session slot (bnc#864401).\n * NFSv4: Do not accept delegated opens when a delegation recall is in\n effect (bnc#864409).\n * NFSv4: Ensure correct locking when accessing the "^a" list\n (bnc#864401).\n * NFSv4: Fix another reboot recovery race (bnc#916982).\n * Preserve kabi checksum of path_is_under().\n * Refresh patches.drivers/HID-multitouch-add-support-for-Atmel-212c.\n Fix the non-working touchsreen (bnc#909740)\n * Revert "drm/i915: Calculate correct stolen size for GEN7+"\n (bnc#908550,FATE#317933).\n * SUNRPC: Do not allow low priority tasks to pre-empt higher priority\n ones (bnc#864401).\n * SUNRPC: When changing the queue priority, ensure that we change the\n owner (bnc#864401).\n * Setting rbd and libceph as supported drivers (bsc#917884)\n * audit: efficiency fix 1: only wake up if queue shorter than backlog\n limit (bnc#908393).\n * audit: efficiency fix 2: request exclusive wait since all need same\n resource (bnc#908393).\n * audit: fix endless wait in audit_log_start() (bnc#908393).\n * audit: make use of remaining sleep time from wait_for_auditd\n (bnc#908393).\n * audit: refactor hold queue flush (bnc#908393).\n * audit: reset audit backlog wait time after error recovery\n (bnc#908393).\n * audit: wait_for_auditd() should use TASK_UNINTERRUPTIBLE\n (bnc#908393).\n * block: rbd: use NULL instead of 0 (FATE#318328 bsc#917884).\n * block: replace strict_strtoul() with kstrtoul() (FATE#318328\n bsc#917884).\n * bonding: propagate LRO disabling down to slaves (bnc#829110\n bnc#891277 bnc#904053).\n * cciss: fix broken mutex usage in ioctl (bnc#910013).\n * ceph: Add necessary clean up if invalid reply received in\n handle_reply() (FATE#318328 bsc#917884).\n * ceph: remove bogus extern (FATE#318328 bsc#917884).\n * config: Disable CONFIG_RCU_FAST_NO_HZ (bnc#884817) This option has\n been verified to be racy vs hotplug, and is irrelevant to SLE in any\n case.\n * coredump: ensure the fpu state is flushed for proper multi-threaded\n core dump (bnc#904671).\n * crush: CHOOSE_LEAF -> CHOOSELEAF throughout (FATE#318328 bsc#917884).\n * crush: add SET_CHOOSE_TRIES rule step (FATE#318328 bsc#917884).\n * crush: add note about r in recursive choose (FATE#318328 bsc#917884).\n * crush: add set_choose_local_[fallback_]tries steps (FATE#318328\n bsc#917884).\n * crush: apply chooseleaf_tries to firstn mode too (FATE#318328\n bsc#917884).\n * crush: attempts -> tries (FATE#318328 bsc#917884).\n * crush: clarify numrep vs endpos (FATE#318328 bsc#917884).\n * crush: eliminate CRUSH_MAX_SET result size limitation (FATE#318328\n bsc#917884).\n * crush: factor out (trivial) crush_destroy_rule() (FATE#318328\n bsc#917884).\n * crush: fix crush_choose_firstn comment (FATE#318328 bsc#917884).\n * crush: fix some comments (FATE#318328 bsc#917884).\n * crush: generalize descend_once (FATE#318328 bsc#917884).\n * crush: new SET_CHOOSE_LEAF_TRIES command (FATE#318328 bsc#917884).\n * crush: pass parent r value for indep call (FATE#318328 bsc#917884).\n * crush: pass weight vector size to map function (FATE#318328\n bsc#917884).\n * crush: reduce scope of some local variables (FATE#318328 bsc#917884).\n * crush: return CRUSH_ITEM_UNDEF for failed placements with indep\n (FATE#318328 bsc#917884).\n * crush: strip firstn conditionals out of crush_choose, rename\n (FATE#318328 bsc#917884).\n * crush: use breadth-first search for indep mode (FATE#318328\n bsc#917884).\n * crypto: add missing crypto module aliases (bsc#914423).\n * crypto: include crypto- module prefix in template (bsc#914423).\n * crypto: kernel oops at insmod of the z90crypt device driver\n (bnc#909088, LTC#119591).\n * crypto: prefix module autoloading with "crypto-" (bsc#914423).\n * dm raid: add region_size parameter (bnc#895841).\n * do not do blind d_drop() in nfs_prime_dcache() (bnc#908069\n bnc#896484).\n * drm/cirrus: Fix cirrus drm driver for fbdev + qemu\n (bsc#909846,bnc#856760).\n * drm/i915: split PCI IDs out into i915_drm.h v4\n (bnc#908550,FATE#317933).\n * fix dcache exit scaling (bnc#876594).\n * infiniband: ipoib: Sanitize neighbour handling in ipoib_main.c\n (bsc#907196).\n * iommu/vt-d: Fix an off-by-one bug in __domain_mapping() (bsc#908825).\n * ipoib: Convert over to dev_lookup_neigh_skb() (bsc#907196).\n * ipoib: Need to do dst_neigh_lookup_skb() outside of priv->lock\n (bsc#907196).\n * ipv6: fix net reference leak in IPv6 conntrack reassembly\n (bnc#865419).\n * isofs: Fix unchecked printing of ER records.\n * kABI: protect console include in consolemap.\n * kabi fix (bnc#864404).\n * kabi, mm: prevent endless growth of anon_vma hierarchy (bnc#904242).\n * kernel/audit.c: avoid negative sleep durations (bnc#908393).\n * kernel: 3215 tty close crash (bnc#915209, LTC#120873).\n * kernel: incorrect clock_gettime result (bnc#915209, LTC#121184).\n * kvm: Do not expose MONITOR cpuid as available (bnc#887597)\n * kvm: iommu: Add cond_resched to legacy device assignment code\n (bnc#910159).\n * libceph: CEPH_OSD_FLAG_* enum update (FATE#318328 bsc#917884).\n * libceph: add ceph_kv{malloc,free}() and switch to them (FATE#318328\n bsc#917884).\n * libceph: add ceph_pg_pool_by_id() (FATE#318328 bsc#917884).\n * libceph: add function to ensure notifies are complete (FATE#318328\n bsc#917884).\n * libceph: add process_one_ticket() helper (FATE#318328 bsc#917884).\n * libceph: all features fields must be u64 (FATE#318328 bsc#917884).\n * libceph: block I/O when PAUSE or FULL osd map flags are set\n (FATE#318328 bsc#917884).\n * libceph: call r_unsafe_callback when unsafe reply is received\n (FATE#318328 bsc#917884).\n * libceph: create_singlethread_workqueue() does not return ERR_PTRs\n (FATE#318328 bsc#917884).\n * libceph: do not hard code max auth ticket len (FATE#318328\n bsc#917884).\n * libceph: dout() is missing a newline (FATE#318328 bsc#917884).\n * libceph: factor out logic from ceph_osdc_start_request()\n (FATE#318328 bsc#917884).\n * libceph: fix error handling in ceph_osdc_init() (FATE#318328\n bsc#917884).\n * libceph: fix preallocation check in get_reply() (FATE#318328\n bsc#917884).\n * libceph: fix safe completion (FATE#318328 bsc#917884).\n * libceph: follow redirect replies from osds (FATE#318328 bsc#917884).\n * libceph: follow {read,write}_tier fields on osd request submission\n (FATE#318328 bsc#917884).\n * libceph: gracefully handle large reply messages from the mon\n (FATE#318328 bsc#917884).\n * libceph: introduce and start using oid abstraction (FATE#318328\n bsc#917884).\n * libceph: rename MAX_OBJ_NAME_SIZE to CEPH_MAX_OID_NAME_LEN\n (FATE#318328 bsc#917884).\n * libceph: rename ceph_msg::front_max to front_alloc_len (FATE#318328\n bsc#917884).\n * libceph: rename ceph_osd_request::r_{oloc,oid} to r_base_{oloc,oid}\n (FATE#318328 bsc#917884).\n * libceph: rename front to front_len in get_reply() (FATE#318328\n bsc#917884).\n * libceph: replace ceph_calc_ceph_pg() with ceph_oloc_oid_to_pg()\n (FATE#318328 bsc#917884).\n * libceph: resend all writes after the osdmap loses the full flag\n (FATE#318328 bsc#917884).\n * libceph: start using oloc abstraction (FATE#318328 bsc#917884).\n * libceph: take map_sem for read in handle_reply() (FATE#318328\n bsc#917884).\n * libceph: update ceph_features.h (FATE#318328 bsc#917884).\n * libceph: use CEPH_MON_PORT when the specified port is 0 (FATE#318328\n bsc#917884).\n * libiscsi: Added new boot entries in the session sysfs (FATE#316723\n bsc#914355)\n * mei: ME hardware reset needs to be synchronized (bnc#876086).\n * mei: add 9 series PCH mei device ids (bnc#876086).\n * mei: add hw start callback (bnc#876086).\n * mei: cancel stall timers in mei_reset (bnc#876086).\n * mei: do not have to clean the state on power up (bnc#876086).\n * mei: limit the number of consecutive resets (bnc#876086).\n * mei: me: add Lynx Point Wellsburg work station device id\n (bnc#876086).\n * mei: me: clear interrupts on the resume path (bnc#876086).\n * mei: me: do not load the driver if the FW does not support MEI\n interface (bnc#876086).\n * mei: me: fix hardware reset flow (bnc#876086).\n * mei: me: read H_CSR after asserting reset (bnc#876086).\n * mm, vmscan: prevent kswapd livelock due to pfmemalloc-throttled\n process being killed (VM Functionality bnc#910150).\n * mm: fix BUG in __split_huge_page_pmd (bnc#906586).\n * mm: fix corner case in anon_vma endless growing prevention\n (bnc#904242).\n * mm: prevent endless growth of anon_vma hierarchy (bnc#904242).\n * mm: vmscan: count only dirty pages as congested (VM Performance,\n bnc#910517).\n * net, sunrpc: suppress allocation warning in rpc_malloc()\n (bnc#904659).\n * net: 8021q/bluetooth/bridge/can/ceph: Remove extern from function\n prototypes (FATE#318328 bsc#917884).\n * net: handle more general stacking in dev_disable_lro() (bnc#829110\n bnc#891277 bnc#904053).\n * netfilter: do not drop packet on insert collision (bnc#907611).\n * nf_conntrack: avoid reference leak in __ipv6_conntrack_in()\n (bnc#865419).\n * nfs_prime_dcache needs fh to be set (bnc#908069 bnc#896484).\n * nfsd: fix EXDEV checking in rename (bnc#915791).\n * pnfs: defer release of pages in layoutget (bnc#864411).\n * proc_sys_revalidate: fix Oops on NULL nameidata (bnc#907551).\n * qlge: fix an "&&" vs "||" bug (bsc#912171).\n * rbd: Fix error recovery in rbd_obj_read_sync() (FATE#318328\n bsc#917884).\n * rbd: Use min_t() to fix comparison of distinct pointer types warning\n (FATE#318328 bsc#917884).\n * rbd: add "minor" sysfs rbd device attribute (FATE#318328 bsc#917884).\n * rbd: add support for single-major device number allocation scheme\n (FATE#318328 bsc#917884).\n * rbd: clean up a few things in the refresh path (FATE#318328\n bsc#917884).\n * rbd: complete notifies before cleaning up osd_client and rbd_dev\n (FATE#318328 bsc#917884).\n * rbd: do not destroy ceph_opts in rbd_add() (FATE#318328 bsc#917884).\n * rbd: do not hold ctl_mutex to get/put device (FATE#318328\n bsc#917884).\n * rbd: drop an unsafe assertion (FATE#318328 bsc#917884).\n * rbd: drop original request earlier for existence check (FATE#318328\n bsc#917884).\n * rbd: enable extended devt in single-major mode (FATE#318328\n bsc#917884).\n * rbd: fetch object order before using it (FATE#318328 bsc#917884).\n * rbd: fix I/O error propagation for reads (FATE#318328 bsc#917884).\n * rbd: fix a couple warnings (FATE#318328 bsc#917884).\n * rbd: fix buffer size for writes to images with snapshots\n (FATE#318328 bsc#917884).\n * rbd: fix cleanup in rbd_add() (FATE#318328 bsc#917884).\n * rbd: fix error handling from rbd_snap_name() (FATE#318328\n bsc#917884).\n * rbd: fix error paths in rbd_img_request_fill() (FATE#318328\n bsc#917884).\n * rbd: fix null dereference in dout (FATE#318328 bsc#917884).\n * rbd: fix use-after free of rbd_dev->disk (FATE#318328 bsc#917884).\n * rbd: flush dcache after zeroing page data (FATE#318328 bsc#917884).\n * rbd: ignore unmapped snapshots that no longer exist (FATE#318328\n bsc#917884).\n * rbd: introduce rbd_dev_header_unwatch_sync() and switch to it\n (FATE#318328 bsc#917884).\n * rbd: make rbd_obj_notify_ack() synchronous (FATE#318328 bsc#917884).\n * rbd: protect against concurrent unmaps (FATE#318328 bsc#917884).\n * rbd: protect against duplicate client creation (FATE#318328\n bsc#917884).\n * rbd: rbd_device::dev_id is an int, format it as such (FATE#318328\n bsc#917884).\n * rbd: refactor rbd_init() a bit (FATE#318328 bsc#917884).\n * rbd: send snapshot context with writes (FATE#318328 bsc#917884).\n * rbd: set removing flag while holding list lock (FATE#318328\n bsc#917884).\n * rbd: switch to ida for rbd id assignments (FATE#318328 bsc#917884).\n * rbd: take a little credit (FATE#318328 bsc#917884).\n * rbd: tear down watch request if rbd_dev_device_setup() fails\n (FATE#318328 bsc#917884).\n * rbd: tweak "loaded" message and module description (FATE#318328\n bsc#917884).\n * rbd: use reference counts for image requests (FATE#318328\n bsc#917884).\n * rbd: use rwsem to protect header updates (FATE#318328 bsc#917884).\n * rbd: use the correct length for format 2 object names (FATE#318328\n bsc#917884).\n * rpm/kernel-binary.spec.in: Own the modules directory in the devel\n package (bnc#910322)\n * scsi_dh_alua: add missing hunk in alua_set_params() (bnc#846656).\n * scsifront: avoid acquiring same lock twice if ring is full.\n * sd: medium access timeout counter fails to reset (bnc#894213).\n * storvsc: ring buffer failures may result in I/O freeze\n * swap: fix shmem swapping when more than 8 areas (bnc#903096).\n * timekeeping: Avoid possible deadlock from clock_was_set_delayed\n (bsc#771619).\n * tty: Fix memory leak in virtual console when enable unicode\n translation (bnc#916515).\n * udf: Check component length before reading it.\n * udf: Check path length when reading symlink.\n * udf: Verify i_size when loading inode.\n * udf: Verify symlink size before loading it.\n * udp: Add MIB counters for rcvbuferrors (bnc#909565).\n * usb: xhci: rework root port wake bits if controller is not allowed\n to wakeup (bsc#909264).\n * virtio_net: drop dst reference before transmitting a packet\n (bnc#882470).\n * vt: push the tty_lock down into the map handling (bnc#915826).\n * workqueue: Make rescuer thread process more works (bnc#900279).\n * x86, xsave: remove thread_has_fpu() bug check in\n __sanitize_i387_state() (bnc#904671).\n * x86-64/MCE: flip CPU and bank numbers in log message.\n * x86/UV: Fix NULL pointer dereference in uv_flush_tlb_others() if the\n "^a" boot option is used (bsc#909092).\n * x86/UV: Fix conditional in gru_exit() (bsc#909095).\n * x86/early quirk: use gen6 stolen detection for VLV\n (bnc#908550,FATE#317933).\n * x86/gpu: Print the Intel graphics stolen memory range (bnc#908550).\n * x86/hpet: Make boot_hpet_disable extern (bnc#908550,FATE#317933).\n * x86/intel: Add quirk to disable HPET for the Baytrail platform\n (bnc#908550,FATE#317933).\n * x86/uv: Fix UV2 BAU legacy mode (bsc#909092).\n * x86/uv: Fix the UV BAU destination timeout period (bsc#909092).\n * x86/uv: Implement UV BAU runtime enable and disable control via\n /proc/sgi_uv/ (bsc#909092).\n * x86/uv: Update the UV3 TLB shootdown logic (bsc#909092).\n * x86/uv: Work around UV2 BAU hangs (bsc#909092).\n * x86: UV BAU: Avoid NULL pointer reference in ptc_seq_show\n (bsc#911181).\n * x86: UV BAU: Increase maximum CPUs per socket/hub (bsc#911181).\n * x86: add early quirk for reserving Intel graphics stolen memory v5\n (bnc#908550,FATE#317933).\n * x86: irq: Check for valid irq descriptor in\n check_irq_vectors_for_cpu_disable (bnc#914726).\n * xen-privcmd-hcall-preemption: Fix EFLAGS.IF access.\n * xfs: re-enable non-blocking behaviour in xfs_map_blocks (bnc#900279).\n * xfs: recheck buffer pinned status after push trylock failure\n (bnc#907338).\n * xfs: remove log force from xfs_buf_trylock() (bnc#907338).\n * xhci: fix incorrect type in assignment in\n handle_device_notification() (bsc#910321).\n * zcrypt: Number of supported ap domains is not retrievable\n (bnc#915209, LTC#120788).\n\n Security Issues:\n\n * CVE-2013-7263\n <<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-7263\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-7263</a>>\n * CVE-2014-0181\n <<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0181\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0181</a>>\n * CVE-2014-3687\n <<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3687\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3687</a>>\n * CVE-2014-3688\n <<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3688\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3688</a>>\n * CVE-2014-3690\n <<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3690\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3690</a>>\n * CVE-2014-4608\n <<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4608\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4608</a>>\n * CVE-2014-7822\n <<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-7822\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-7822</a>>\n * CVE-2014-7842\n <<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-7842\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-7842</a>>\n * CVE-2014-7970\n <<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-7970\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-7970</a>>\n * CVE-2014-8133\n <<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8133\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8133</a>>\n * CVE-2014-8134\n <<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8134\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8134</a>>\n * CVE-2014-8160\n <<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8160\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8160</a>>\n * CVE-2014-8369\n <<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8369\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8369</a>>\n * CVE-2014-8559\n <<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8559\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8559</a>>\n * CVE-2014-9090\n <<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9090\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9090</a>>\n * CVE-2014-9322\n <<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9322\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9322</a>>\n * CVE-2014-9419\n <<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9419\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9419</a>>\n * CVE-2014-9420\n <<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9420\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9420</a>>\n * CVE-2014-9584\n <<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9584\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9584</a>>\n * CVE-2014-9585\n <<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9585\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9585</a>>\n * CVE-2015-1593\n <<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1593\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1593</a>>\n", "modified": "2015-03-24T07:04:48", "published": "2015-03-24T07:04:48", "id": "SUSE-SU-2015:0581-1", "href": "http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00028.html", "title": "Security update for the Linux Kernel (important)", "type": "suse", "cvss": {"score": 7.8, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:COMPLETE/"}}, {"lastseen": "2016-09-04T11:50:51", "bulletinFamily": "unix", "description": "The SUSE Linux Enterprise 11 Service Pack 2 LTSS kernel has been updated\n to fix security issues on kernels on the x86_64 architecture.\n\n The following security bugs have been fixed:\n\n * CVE-2012-4398: The __request_module function in kernel/kmod.c in the\n Linux kernel before 3.4 did not set a certain killable attribute,\n which allowed local users to cause a denial of service (memory\n consumption) via a crafted application (bnc#779488).\n * CVE-2013-2893: The Human Interface Device (HID) subsystem in the\n Linux kernel through 3.11, when CONFIG_LOGITECH_FF,\n CONFIG_LOGIG940_FF, or CONFIG_LOGIWHEELS_FF is enabled, allowed\n physically proximate attackers to cause a denial of service\n (heap-based out-of-bounds write) via a crafted device, related to\n (1) drivers/hid/hid-lgff.c, (2) drivers/hid/hid-lg3ff.c, and (3)\n drivers/hid/hid-lg4ff.c (bnc#835839).\n * CVE-2013-2897: Multiple array index errors in\n drivers/hid/hid-multitouch.c in the Human Interface Device (HID)\n subsystem in the Linux kernel through 3.11, when\n CONFIG_HID_MULTITOUCH is enabled, allowed physically proximate\n attackers to cause a denial of service (heap memory corruption, or\n NULL pointer dereference and OOPS) via a crafted device (bnc#835839).\n * CVE-2013-2899: drivers/hid/hid-picolcd_core.c in the Human Interface\n Device (HID) subsystem in the Linux kernel through 3.11, when\n CONFIG_HID_PICOLCD is enabled, allowed physically proximate\n attackers to cause a denial of service (NULL pointer dereference and\n OOPS) via a crafted device (bnc#835839).\n * CVE-2013-2929: The Linux kernel before 3.12.2 did not properly use\n the get_dumpable function, which allowed local users to bypass\n intended ptrace restrictions or obtain sensitive information from\n IA64 scratch registers via a crafted application, related to\n kernel/ptrace.c and arch/ia64/include/asm/processor.h (bnc#847652).\n * CVE-2013-7263: The Linux kernel before 3.12.4 updates certain length\n values before ensuring that associated data structures have been\n initialized, which allowed local users to obtain sensitive\n information from kernel stack memory via a (1) recvfrom, (2)\n recvmmsg, or (3) recvmsg system call, related to net/ipv4/ping.c,\n net/ipv4/raw.c, net/ipv4/udp.c, net/ipv6/raw.c, and net/ipv6/udp.c\n (bnc#857643).\n * CVE-2014-0131: Use-after-free vulnerability in the skb_segment\n function in net/core/skbuff.c in the Linux kernel through 3.13.6\n allowed attackers to obtain sensitive information from kernel memory\n by leveraging the absence of a certain orphaning operation\n (bnc#867723).\n * CVE-2014-0181: The Netlink implementation in the Linux kernel\n through 3.14.1 did not provide a mechanism for authorizing socket\n operations based on the opener of a socket, which allowed local\n users to bypass intended access restrictions and modify network\n configurations by using a Netlink socket for the (1) stdout or (2)\n stderr of a setuid program (bnc#875051).\n * CVE-2014-2309: The ip6_route_add function in net/ipv6/route.c in the\n Linux kernel through 3.13.6 did not properly count the addition of\n routes, which allowed remote attackers to cause a denial of service\n (memory consumption) via a flood of ICMPv6 Router Advertisement\n packets (bnc#867531).\n * CVE-2014-3181: Multiple stack-based buffer overflows in the\n magicmouse_raw_event function in drivers/hid/hid-magicmouse.c in the\n Magic Mouse HID driver in the Linux kernel through 3.16.3 allowed\n physically proximate attackers to cause a denial of service (system\n crash) or possibly execute arbitrary code via a crafted device that\n provides a large amount of (1) EHCI or (2) XHCI data associated with\n an event (bnc#896382).\n * CVE-2014-3184: The report_fixup functions in the HID subsystem in\n the Linux kernel before 3.16.2 might have allowed physically\n proximate attackers to cause a denial of service (out-of-bounds\n write) via a crafted device that provides a small report descriptor,\n related to (1) drivers/hid/hid-cherry.c, (2) drivers/hid/hid-kye.c,\n (3) drivers/hid/hid-lg.c, (4) drivers/hid/hid-monterey.c, (5)\n drivers/hid/hid-petalynx.c, and (6) drivers/hid/hid-sunplus.c\n (bnc#896390).\n * CVE-2014-3185: Multiple buffer overflows in the\n command_port_read_callback function in\n drivers/usb/serial/whiteheat.c in the Whiteheat USB Serial Driver in\n the Linux kernel before 3.16.2 allowed physically proximate\n attackers to execute arbitrary code or cause a denial of service\n (memory corruption and system crash) via a crafted device that\n provides a large amount of (1) EHCI or (2) XHCI data associated with\n a bulk response (bnc#896391).\n * CVE-2014-3186: Buffer overflow in the picolcd_raw_event function in\n devices/hid/hid-picolcd_core.c in the PicoLCD HID device driver in\n the Linux kernel through 3.16.3, as used in Android on Nexus 7\n devices, allowed physically proximate attackers to cause a denial of\n service (system crash) or possibly execute arbitrary code via a\n crafted device that sends a large report (bnc#896392).\n * CVE-2014-3601: The kvm_iommu_map_pages function in virt/kvm/iommu.c\n in the Linux kernel through 3.16.1 miscalculates the number of pages\n during the handling of a mapping failure, which allowed guest OS\n users to (1) cause a denial of service (host OS memory corruption)\n or possibly have unspecified other impact by triggering a large gfn\n value or (2) cause a denial of service (host OS memory consumption)\n by triggering a small gfn value that leads to permanently pinned\n pages (bnc#892782).\n * CVE-2014-3610: The WRMSR processing functionality in the KVM\n subsystem in the Linux kernel through 3.17.2 did not properly handle\n the writing of a non-canonical address to a model-specific register,\n which allowed guest OS users to cause a denial of service (host OS\n crash) by leveraging guest OS privileges, related to the\n wrmsr_interception function in arch/x86/kvm/svm.c and the\n handle_wrmsr function in arch/x86/kvm/vmx.c (bnc#899192).\n * CVE-2014-3646: arch/x86/kvm/vmx.c in the KVM subsystem in the Linux\n kernel through 3.17.2 did not have an exit handler for the INVVPID\n instruction, which allowed guest OS users to cause a denial of\n service (guest OS crash) via a crafted application (bnc#899192).\n * CVE-2014-3647: arch/x86/kvm/emulate.c in the KVM subsystem in the\n Linux kernel through 3.17.2 did not properly perform RIP changes,\n which allowed guest OS users to cause a denial of service (guest OS\n crash) via a crafted application (bnc#899192).\n * CVE-2014-3673: The SCTP implementation in the Linux kernel through\n 3.17.2 allowed remote attackers to cause a denial of service (system\n crash) via a malformed ASCONF chunk, related to\n net/sctp/sm_make_chunk.c and net/sctp/sm_statefuns.c (bnc#902346).\n * CVE-2014-3687: The sctp_assoc_lookup_asconf_ack function in\n net/sctp/associola.c in the SCTP implementation in the Linux kernel\n through 3.17.2 allowed remote attackers to cause a denial of service\n (panic) via duplicate ASCONF chunks that trigger an incorrect uncork\n within the side-effect interpreter (bnc#902349).\n * CVE-2014-3688: The SCTP implementation in the Linux kernel before\n 3.17.4 allowed remote attackers to cause a denial of service (memory\n consumption) by triggering a large number of chunks in an\n associations output queue, as demonstrated by ASCONF probes, related\n to net/sctp/inqueue.c and net/sctp/sm_statefuns.c (bnc#902351).\n * CVE-2014-3690: arch/x86/kvm/vmx.c in the KVM subsystem in the Linux\n kernel before 3.17.2 on Intel processors did not ensure that the\n value in the CR4 control register remains the same after a VM entry,\n which allowed host OS users to kill arbitrary processes or cause a\n denial of service (system disruption) by leveraging /dev/kvm access,\n as demonstrated by PR_SET_TSC prctl calls within a modified copy of\n QEMU (bnc#902232).\n * CVE-2014-4608: Multiple integer overflows in the\n lzo1x_decompress_safe function in lib/lzo/lzo1x_decompress_safe.c in\n the LZO decompressor in the Linux kernel before 3.15.2 allowed\n context-dependent attackers to cause a denial of service (memory\n corruption) via a crafted Literal Run (bnc#883948).\n * CVE-2014-4943: The PPPoL2TP feature in net/l2tp/l2tp_ppp.c in the\n Linux kernel through 3.15.6 allowed local users to gain privileges\n by leveraging data-structure differences between an l2tp socket and\n an inet socket (bnc#887082).\n * CVE-2014-5471: Stack consumption vulnerability in the\n parse_rock_ridge_inode_internal function in fs/isofs/rock.c in the\n Linux kernel through 3.16.1 allowed local users to cause a denial of\n service (uncontrolled recursion, and system crash or reboot) via a\n crafted iso9660 image with a CL entry referring to a directory entry\n that has a CL entry (bnc#892490).\n * CVE-2014-5472: The parse_rock_ridge_inode_internal function in\n fs/isofs/rock.c in the Linux kernel through 3.16.1 allowed local\n users to cause a denial of service (unkillable mount process) via a\n crafted iso9660 image with a self-referential CL entry (bnc#892490).\n * CVE-2014-7826: kernel/trace/trace_syscalls.c in the Linux kernel\n through 3.17.2 did not properly handle private syscall numbers\n during use of the ftrace subsystem, which allowed local users to\n gain privileges or cause a denial of service (invalid pointer\n dereference) via a crafted application (bnc#904013).\n * CVE-2014-7841: The sctp_process_param function in\n net/sctp/sm_make_chunk.c in the SCTP implementation in the Linux\n kernel before 3.17.4, when ASCONF is used, allowed remote attackers\n to cause a denial of service (NULL pointer dereference and system\n crash) via a malformed INIT chunk (bnc#905100).\n * CVE-2014-7842: Race condition in arch/x86/kvm/x86.c in the Linux\n kernel before 3.17.4 allowed guest OS users to cause a denial of\n service (guest OS crash) via a crafted application that performs an\n MMIO transaction or a PIO transaction to trigger a guest userspace\n emulation error report, a similar issue to CVE-2010-5313\n (bnc#905312).\n * CVE-2014-8134: The paravirt_ops_setup function in\n arch/x86/kernel/kvm.c in the Linux kernel through 3.18 uses an\n improper paravirt_enabled setting for KVM guest kernels, which made\n it easier for guest OS users to bypass the ASLR protection mechanism\n via a crafted application that reads a 16-bit value (bnc#909078).\n * CVE-2014-8369: The kvm_iommu_map_pages function in virt/kvm/iommu.c\n in the Linux kernel through 3.17.2 miscalculates the number of pages\n during the handling of a mapping failure, which allowed guest OS\n users to cause a denial of service (host OS page unpinning) or\n possibly have unspecified other impact by leveraging guest OS\n privileges. NOTE: this vulnerability exists because of an incorrect\n fix for CVE-2014-3601 (bnc#902675).\n * CVE-2014-8559: The d_walk function in fs/dcache.c in the Linux\n kernel through 3.17.2 did not properly maintain the semantics of\n rename_lock, which allowed local users to cause a denial of service\n (deadlock and system hang) via a crafted application (bnc#903640).\n * CVE-2014-8709: The ieee80211_fragment function in net/mac80211/tx.c\n in the Linux kernel before 3.13.5 did not properly maintain a\n certain tail pointer, which allowed remote attackers to obtain\n sensitive cleartext information by reading packets (bnc#904700).\n * CVE-2014-9584: The parse_rock_ridge_inode_internal function in\n fs/isofs/rock.c in the Linux kernel before 3.18.2 did not validate a\n length value in the Extensions Reference (ER) System Use Field,\n which allowed local users to obtain sensitive information from\n kernel memory via a crafted iso9660 image (bnc#912654).\n * CVE-2014-9585: The vdso_addr function in arch/x86/vdso/vma.c in the\n Linux kernel through 3.18.2 did not properly choose memory locations\n for the vDSO area, which made it easier for local users to bypass\n the ASLR protection mechanism by guessing a location at the end of a\n PMD (bnc#912705).\n\n The following non-security bugs have been fixed:\n\n * Fix HDIO_DRIVE_* ioctl() Linux 3.9 regression (bnc#833588,\n bnc#905799).\n * HID: add usage_index in struct hid_usage (bnc#835839).\n * Revert PM / reboot: call syscore_shutdown() after\n disable_nonboot_cpus() Reduce time to shutdown large machines\n (bnc#865442 bnc#907396).\n * Revert kernel/sys.c: call disable_nonboot_cpus() in kernel_restart()\n Reduce time to shutdown large machines (bnc#865442 bnc#907396).\n * dm-mpath: fix panic on deleting sg device (bnc#870161).\n * futex: Unlock hb->lock in futex_wait_requeue_pi() error path (fix\n bnc#880892).\n * handle more than just WS2008 in heartbeat negotiation (bnc#901885).\n * memcg: do not expose uninitialized mem_cgroup_per_node to world\n (bnc#883096).\n * mm: fix BUG in __split_huge_page_pmd (bnc#906586).\n * pagecachelimit: reduce lru_lock congestion for heavy parallel\n reclaim fix (bnc#895680, bnc#907189).\n * s390/3215: fix hanging console issue (bnc#898693, bnc#897995,\n LTC#115466).\n * s390/cio: improve cio_commit_config (bnc#864049, bnc#898693,\n LTC#104168).\n * scsi_dh_alua: disable ALUA handling for non-disk devices\n (bnc#876633).\n * target/rd: Refactor rd_build_device_space + rd_release_device_space.\n * timekeeping: Avoid possible deadlock from clock_was_set_delayed\n (bnc#771619, bnc#915335).\n * xfs: recheck buffer pinned status after push trylock failure\n (bnc#907338).\n * xfs: remove log force from xfs_buf_trylock() (bnc#907338).\n\n Security Issues:\n\n * CVE-2012-4398\n <<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4398\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4398</a>>\n * CVE-2013-2893\n <<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2893\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2893</a>>\n * CVE-2013-2897\n <<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2897\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2897</a>>\n * CVE-2013-2899\n <<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2899\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2899</a>>\n * CVE-2013-2929\n <<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2929\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2929</a>>\n * CVE-2013-7263\n <<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-7263\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-7263</a>>\n * CVE-2014-0131\n <<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0131\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0131</a>>\n * CVE-2014-0181\n <<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0181\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0181</a>>\n * CVE-2014-2309\n <<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2309\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2309</a>>\n * CVE-2014-3181\n <<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3181\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3181</a>>\n * CVE-2014-3184\n <<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3184\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3184</a>>\n * CVE-2014-3185\n <<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3185\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3185</a>>\n * CVE-2014-3186\n <<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3186\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3186</a>>\n * CVE-2014-3601\n <<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3601\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3601</a>>\n * CVE-2014-3610\n <<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3610\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3610</a>>\n * CVE-2014-3646\n <<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3646\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3646</a>>\n * CVE-2014-3647\n <<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3647\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3647</a>>\n * CVE-2014-3673\n <<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3673\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3673</a>>\n * CVE-2014-3687\n <<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3687\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3687</a>>\n * CVE-2014-3688\n <<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3688\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3688</a>>\n * CVE-2014-3690\n <<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3690\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3690</a>>\n * CVE-2014-4608\n <<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4608\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4608</a>>\n * CVE-2014-4943\n <<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4943\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4943</a>>\n * CVE-2014-5471\n <<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-5471\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-5471</a>>\n * CVE-2014-5472\n <<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-5472\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-5472</a>>\n * CVE-2014-7826\n <<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-7826\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-7826</a>>\n * CVE-2014-7841\n <<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-7841\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-7841</a>>\n * CVE-2014-7842\n <<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-7842\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-7842</a>>\n * CVE-2014-8134\n <<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8134\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8134</a>>\n * CVE-2014-8369\n <<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8369\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8369</a>>\n * CVE-2014-8559\n <<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8559\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8559</a>>\n * CVE-2014-8709\n <<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8709\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8709</a>>\n * CVE-2014-9584\n <<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9584\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9584</a>>\n * CVE-2014-9585\n <<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9585\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9585</a>>\n", "modified": "2015-03-11T20:05:42", "published": "2015-03-11T20:05:42", "id": "SUSE-SU-2015:0481-1", "href": "http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00010.html", "title": "Security update for Linux kernel (important)", "type": "suse", "cvss": {"score": 7.8, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:COMPLETE/"}}, {"lastseen": "2016-09-04T11:56:36", "bulletinFamily": "unix", "description": "kernel update for Evergreen 11.4, includes leap second deadlock fix and\n fixes for other security and stability issues\n\n", "modified": "2015-03-21T15:04:43", "published": "2015-03-21T15:04:43", "id": "OPENSUSE-SU-2015:0566-1", "href": "http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00025.html", "title": "kernel update for Evergreen 11.4, includes leap second deadlock fix (important)", "type": "suse", "cvss": {"score": 7.8, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:COMPLETE/"}}]}
