{"id": "CVE-2016-4581", "bulletinFamily": "NVD", "title": "CVE-2016-4581", "description": "fs/pnode.c in the Linux kernel before 4.5.4 does not properly traverse a mount propagation tree in a certain case involving a slave mount, which allows local users to cause a denial of service (NULL pointer dereference and OOPS) via a crafted series of mount system calls.\n<a href=\"http://cwe.mitre.org/data/definitions/476.html\">CWE-476: NULL Pointer Dereference</a>", "published": "2016-05-23T10:59:00", "modified": "2019-12-27T16:08:00", "cvss": {"score": 4.9, "vector": "AV:L/AC:L/Au:N/C:N/I:N/A:C"}, "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-4581", "reporter": "cve@mitre.org", "references": ["http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.5.4", "http://www.ubuntu.com/usn/USN-2998-1", "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00044.html", "https://github.com/torvalds/linux/commit/5ec0811d30378ae104f250bfc9b3640242d81e3f", "http://www.openwall.com/lists/oss-security/2016/05/11/2", "http://www.ubuntu.com/usn/USN-3000-1", "https://bugzilla.redhat.com/show_bug.cgi?id=1333712", "http://www.ubuntu.com/usn/USN-3007-1", "http://rhn.redhat.com/errata/RHSA-2016-2574.html", "http://rhn.redhat.com/errata/RHSA-2016-2584.html", "http://www.ubuntu.com/usn/USN-3005-1", "http://www.ubuntu.com/usn/USN-3006-1", "http://www.ubuntu.com/usn/USN-3003-1", "http://www.ubuntu.com/usn/USN-3001-1", "http://www.ubuntu.com/usn/USN-3004-1", "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=5ec0811d30378ae104f250bfc9b3640242d81e3f", "http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html", "http://www.ubuntu.com/usn/USN-3002-1", "http://www.ubuntu.com/usn/USN-2989-1", "http://www.oracle.com/technetwork/topics/security/ovmbulletinoct2016-3090547.html", "http://www.debian.org/security/2016/dsa-3607", "http://www.securityfocus.com/bid/90607"], "cvelist": ["CVE-2016-4581"], "type": "cve", "lastseen": "2020-12-09T20:07:39", "edition": 6, "viewCount": 20, "enchantments": {"dependencies": {"references": [{"type": "openvas", "idList": ["OPENVAS:1361412562310842790", "OPENVAS:1361412562310808414", "OPENVAS:1361412562310842794", "OPENVAS:1361412562310808319", "OPENVAS:1361412562310842779", "OPENVAS:1361412562310842787", "OPENVAS:1361412562310842797", "OPENVAS:1361412562310842786", "OPENVAS:1361412562310120692", "OPENVAS:1361412562310808336"]}, {"type": "nessus", "idList": ["ALA_ALAS-2016-703.NASL", "FEDORA_2016-A159C484E4.NASL", "UBUNTU_USN-3004-1.NASL", "UBUNTU_USN-2998-1.NASL", "UBUNTU_USN-2989-1.NASL", "UBUNTU_USN-3005-1.NASL", "FEDORA_2016-EF973EFAB7.NASL", "FEDORA_2016-06F1572324.NASL", "UBUNTU_USN-3007-1.NASL", "UBUNTU_USN-3006-1.NASL"]}, {"type": "fedora", "idList": ["FEDORA:3BDA3607A1A6", "FEDORA:16FBC6173444", "FEDORA:0A72361F0A0B"]}, {"type": "amazon", "idList": ["ALAS-2016-703"]}, {"type": "ubuntu", "idList": ["USN-3002-1", "USN-3007-1", "USN-2998-1", "USN-3006-1", "USN-3003-1", "USN-3001-1", "USN-3000-1", "USN-3004-1", "USN-3005-1", "USN-2989-1"]}, {"type": "cloudfoundry", "idList": ["CFOUNDRY:6D0A7CF1EF35A1C96485B4FC10A51978"]}, {"type": "oraclelinux", "idList": ["ELSA-2016-3596", "ELSA-2016-2574"]}, {"type": "suse", "idList": ["OPENSUSE-SU-2016:1641-1", "OPENSUSE-SU-2016:2144-1"]}, {"type": "redhat", "idList": ["RHSA-2016:2574", "RHSA-2016:2584"]}, {"type": "centos", "idList": ["CESA-2016:2574"]}, {"type": "debian", "idList": ["DEBIAN:DSA-3607-1:0BD6E"]}], "modified": "2020-12-09T20:07:39", "rev": 2}, "score": {"value": 5.3, "vector": "NONE", "modified": "2020-12-09T20:07:39", "rev": 2}, "vulnersScore": 5.3}, "cpe": ["cpe:/o:oracle:linux:6", "cpe:/o:linux:linux_kernel:4.5.3", "cpe:/o:canonical:ubuntu_linux:12.04", "cpe:/o:canonical:ubuntu_linux:16.04", "cpe:/o:canonical:ubuntu_linux:15.10", "cpe:/o:canonical:ubuntu_linux:14.04"], "affectedSoftware": [{"cpeName": "linux:linux_kernel", "name": "linux linux kernel", "operator": "le", "version": "4.5.3"}, {"cpeName": "oracle:linux", "name": "oracle linux", "operator": "eq", "version": "6"}, {"cpeName": "canonical:ubuntu_linux", "name": "canonical ubuntu linux", "operator": "eq", "version": "16.04"}, {"cpeName": "canonical:ubuntu_linux", "name": "canonical ubuntu linux", "operator": "eq", "version": "14.04"}, {"cpeName": "canonical:ubuntu_linux", "name": "canonical ubuntu linux", "operator": "eq", "version": "12.04"}, {"cpeName": "canonical:ubuntu_linux", "name": "canonical ubuntu linux", "operator": "eq", "version": "15.10"}], "cvss2": {"cvssV2": {"accessComplexity": "LOW", "accessVector": "LOCAL", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 4.9, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:L/AC:L/Au:N/C:N/I:N/A:C", "version": "2.0"}, "exploitabilityScore": 3.9, "impactScore": 6.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "MEDIUM", "userInteractionRequired": false}, "cvss3": {"cvssV3": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.0"}, "exploitabilityScore": 1.8, "impactScore": 3.6}, "cpe23": ["cpe:2.3:o:linux:linux_kernel:4.5.3:*:*:*:*:*:*:*", "cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*", "cpe:2.3:o:oracle:linux:6:*:*:*:*:*:*:*", "cpe:2.3:o:canonical:ubuntu_linux:15.10:*:*:*:*:*:*:*", "cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:lts:*:*:*", "cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*"], "cwe": ["NVD-CWE-Other"], "scheme": null, "cpeConfiguration": {"CVE_data_version": "4.0", "nodes": [{"cpe_match": [{"cpe23Uri": "cpe:2.3:o:oracle:linux:6:*:*:*:*:*:*:*", "vulnerable": true}], "operator": "OR"}, {"cpe_match": [{"cpe23Uri": "cpe:2.3:o:linux:linux_kernel:4.5.3:*:*:*:*:*:*:*", "versionEndIncluding": "4.5.3", "vulnerable": true}], "operator": "OR"}, {"cpe_match": [{"cpe23Uri": "cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*", "vulnerable": true}, {"cpe23Uri": "cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:lts:*:*:*", "vulnerable": true}, {"cpe23Uri": "cpe:2.3:o:canonical:ubuntu_linux:15.10:*:*:*:*:*:*:*", "vulnerable": true}, {"cpe23Uri": "cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*", "vulnerable": true}], "operator": "OR"}]}}

{"openvas": [{"lastseen": "2019-05-29T18:35:34", "bulletinFamily": "scanner", "cvelist": ["CVE-2016-4581", "CVE-2016-4486", "CVE-2016-4485", "CVE-2016-4482"], "description": "The remote host is missing an update for the ", "modified": "2019-03-15T00:00:00", "published": "2016-06-08T00:00:00", "id": "OPENVAS:1361412562310808319", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310808319", "type": "openvas", "title": "Fedora Update for kernel FEDORA-2016-a159c484e4", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for kernel FEDORA-2016-a159c484e4\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2016 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.808319\");\n script_version(\"$Revision: 14223 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2016-06-08 15:39:56 +0200 (Wed, 08 Jun 2016)\");\n script_cve_id(\"CVE-2016-4581\", \"CVE-2016-4485\", \"CVE-2016-4486\", \"CVE-2016-4482\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:N/A:N\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"Fedora Update for kernel FEDORA-2016-a159c484e4\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'kernel'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"affected\", value:\"kernel on Fedora 22\");\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n script_xref(name:\"FEDORA\", value:\"2016-a159c484e4\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/EXUBEDCHC3X4UZZSJYZWASEA6EDDRWGA\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2016 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC22\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC22\")\n{\n\n if ((res = isrpmvuln(pkg:\"kernel\", rpm:\"kernel~4.4.9~200.fc22\", rls:\"FC22\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2019-05-29T18:35:05", "bulletinFamily": "scanner", "cvelist": ["CVE-2016-4581", "CVE-2016-4557", "CVE-2016-4486", "CVE-2016-4569", "CVE-2016-4558", "CVE-2016-4485"], "description": "The remote host is missing an update for the ", "modified": "2019-03-15T00:00:00", "published": "2016-06-08T00:00:00", "id": "OPENVAS:1361412562310808414", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310808414", "type": "openvas", "title": "Fedora Update for kernel FEDORA-2016-ef973efab7", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for kernel FEDORA-2016-ef973efab7\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2016 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.808414\");\n script_version(\"$Revision: 14223 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2016-06-08 15:40:38 +0200 (Wed, 08 Jun 2016)\");\n script_cve_id(\"CVE-2016-4569\", \"CVE-2016-4558\", \"CVE-2016-4557\", \"CVE-2016-4581\", \"CVE-2016-4485\", \"CVE-2016-4486\");\n script_tag(name:\"cvss_base\", value:\"7.2\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"Fedora Update for kernel FEDORA-2016-ef973efab7\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'kernel'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"affected\", value:\"kernel on Fedora 24\");\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n script_xref(name:\"FEDORA\", value:\"2016-ef973efab7\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HPCQ5RJB72AYCRLNP3WS5GEP5BU3HS3C\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2016 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC24\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC24\")\n{\n\n if ((res = isrpmvuln(pkg:\"kernel\", rpm:\"kernel~4.5.4~300.fc24\", rls:\"FC24\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-03-17T22:55:38", "bulletinFamily": "scanner", "cvelist": ["CVE-2016-3961", "CVE-2016-4581", "CVE-2016-4557", "CVE-2015-8839", "CVE-2016-4486", "CVE-2016-0758", "CVE-2016-4558", "CVE-2016-4485", "CVE-2016-4565"], "description": "The remote host is missing an update announced via the referenced Security Advisory.", "modified": "2020-03-13T00:00:00", "published": "2016-10-26T00:00:00", "id": "OPENVAS:1361412562310120692", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310120692", "type": "openvas", "title": "Amazon Linux: Security Advisory (ALAS-2016-703)", "sourceData": "# Copyright (C) 2016 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) of their respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.120692\");\n script_version(\"2020-03-13T13:19:50+0000\");\n script_tag(name:\"creation_date\", value:\"2016-10-26 15:38:09 +0300 (Wed, 26 Oct 2016)\");\n script_tag(name:\"last_modification\", value:\"2020-03-13 13:19:50 +0000 (Fri, 13 Mar 2020)\");\n script_name(\"Amazon Linux: Security Advisory (ALAS-2016-703)\");\n script_tag(name:\"insight\", value:\"Multiple flaws were found in the Linux kernel. Please see the references for more information.\");\n script_tag(name:\"solution\", value:\"Run yum update kernel to update your system.\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name:\"URL\", value:\"https://alas.aws.amazon.com/ALAS-2016-703.html\");\n script_cve_id(\"CVE-2016-4557\", \"CVE-2016-3961\", \"CVE-2016-4581\", \"CVE-2016-4486\", \"CVE-2016-4485\", \"CVE-2016-4558\", \"CVE-2016-4565\", \"CVE-2016-0758\", \"CVE-2015-8839\");\n script_tag(name:\"cvss_base\", value:\"7.2\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/amazon_linux\", \"ssh/login/release\");\n script_category(ACT_GATHER_INFO);\n script_tag(name:\"summary\", value:\"The remote host is missing an update announced via the referenced Security Advisory.\");\n script_copyright(\"Copyright (C) 2016 Greenbone Networks GmbH\");\n script_family(\"Amazon Linux Local Security Checks\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"AMAZON\") {\n if(!isnull(res = isrpmvuln(pkg:\"perf-debuginfo\", rpm:\"perf-debuginfo~4.4.10~22.54.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-headers\", rpm:\"kernel-headers~4.4.10~22.54.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-tools-debuginfo\", rpm:\"kernel-tools-debuginfo~4.4.10~22.54.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"perf\", rpm:\"perf~4.4.10~22.54.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel\", rpm:\"kernel~4.4.10~22.54.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-debuginfo-common-i686\", rpm:\"kernel-debuginfo-common-i686~4.4.10~22.54.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-devel\", rpm:\"kernel-devel~4.4.10~22.54.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-tools\", rpm:\"kernel-tools~4.4.10~22.54.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-tools-devel\", rpm:\"kernel-tools-devel~4.4.10~22.54.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-debuginfo\", rpm:\"kernel-debuginfo~4.4.10~22.54.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-doc\", rpm:\"kernel-doc~4.4.10~22.54.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-debuginfo-common-x86_64\", rpm:\"kernel-debuginfo-common-x86_64~4.4.10~22.54.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if(__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);\n", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-05-29T18:35:36", "bulletinFamily": "scanner", "cvelist": ["CVE-2016-2069", "CVE-2016-4581", "CVE-2016-4486", "CVE-2015-4004", "CVE-2016-2187", "CVE-2016-3951", "CVE-2016-3955", "CVE-2016-4485", "CVE-2016-2117", "CVE-2016-3672"], "description": "The remote host is missing an update for the ", "modified": "2019-03-13T00:00:00", "published": "2016-06-02T00:00:00", "id": "OPENVAS:1361412562310842779", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310842779", "type": "openvas", "title": "Ubuntu Update for linux USN-2989-1", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Ubuntu Update for linux USN-2989-1\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2016 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.842779\");\n script_version(\"$Revision: 14140 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-13 13:26:09 +0100 (Wed, 13 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2016-06-02 05:21:18 +0200 (Thu, 02 Jun 2016)\");\n script_cve_id(\"CVE-2016-2117\", \"CVE-2015-4004\", \"CVE-2016-2069\", \"CVE-2016-2187\",\n \t\t\"CVE-2016-3672\", \"CVE-2016-3951\", \"CVE-2016-3955\", \"CVE-2016-4485\",\n\t\t\"CVE-2016-4486\", \"CVE-2016-4581\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"Ubuntu Update for linux USN-2989-1\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'linux'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"insight\", value:\"Justin Yackoski discovered that the Atheros\n L2 Ethernet Driver in the Linux kernel incorrectly enables scatter/gather I/O.\n A remote attacker could use this to obtain potentially sensitive information from\n kernel memory. (CVE-2016-2117)\n\n Jason A. Donenfeld discovered multiple out-of-bounds reads in the OZMO USB\n over wifi device drivers in the Linux kernel. A remote attacker could use\n this to cause a denial of service (system crash) or obtain potentially\n sensitive information from kernel memory. (CVE-2015-4004)\n\n Andy Lutomirski discovered a race condition in the Linux kernel's\n translation lookaside buffer (TLB) handling of flush events. A local\n attacker could use this to cause a denial of service or possibly leak\n sensitive information. (CVE-2016-2069)\n\n Ralf Spenneberg discovered that the Linux kernel's GTCO digitizer USB\n device driver did not properly validate endpoint descriptors. An attacker\n with physical access could use this to cause a denial of service (system\n crash). (CVE-2016-2187)\n\n Hector Marco and Ismael Ripoll discovered that the Linux kernel would\n improperly disable Address Space Layout Randomization (ASLR) for x86\n processes running in 32 bit mode if stack-consumption resource limits were\n disabled. A local attacker could use this to make it easier to exploit an\n existing vulnerability in a setuid/setgid program. (CVE-2016-3672)\n\n Andrey Konovalov discovered that the CDC Network Control Model USB driver\n in the Linux kernel did not cancel work events queued if a later error\n occurred, resulting in a use-after-free. An attacker with physical access\n could use this to cause a denial of service (system crash). (CVE-2016-3951)\n\n It was discovered that an out-of-bounds write could occur when handling\n incoming packets in the USB/IP implementation in the Linux kernel. A remote\n attacker could use this to cause a denial of service (system crash) or\n possibly execute arbitrary code. (CVE-2016-3955)\n\n Kangjie Lu discovered an information leak in the ANSI/IEEE 802.2 LLC type 2\n Support implementations in the Linux kernel. A local attacker could use\n this to obtain potentially sensitive information from kernel memory.\n (CVE-2016-4485)\n\n Kangjie Lu discovered an information leak in the routing netlink socket\n interface (rtnetlink) implementation in the Linux kernel. A local attacker\n could use this to obtain potentially sensitive information from kernel\n memory. (CVE-2016-4486)\n\n It was discovered that in some situations the Linux kernel did not handle\n propagated mounts correctly. A local unprivileged attacker could use this\n to cause a denial of service (system crash). (CVE-2016-4581)\");\n script_tag(name:\"affected\", value:\"linux on Ubuntu 14.04 LTS\");\n script_tag(name:\"solution\", value:\"Please Install the Updated Packages.\");\n\n script_xref(name:\"USN\", value:\"2989-1\");\n script_xref(name:\"URL\", value:\"http://www.ubuntu.com/usn/usn-2989-1/\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2016 Greenbone Networks GmbH\");\n script_family(\"Ubuntu Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/ubuntu_linux\", \"ssh/login/packages\", re:\"ssh/login/release=UBUNTU14\\.04 LTS\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nrelease = dpkg_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"UBUNTU14.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"linux-image-3.13.0-87-generic\", ver:\"3.13.0-87.133\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-3.13.0-87-generic-lpae\", ver:\"3.13.0-87.133\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-3.13.0-87-lowlatency\", ver:\"3.13.0-87.133\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-3.13.0-87-powerpc-e500\", ver:\"3.13.0-87.133\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-3.13.0-87-powerpc-e500mc\", ver:\"3.13.0-87.133\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-3.13.0-87-powerpc-smp\", ver:\"3.13.0-87.133\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-3.13.0-87-powerpc64-emb\", ver:\"3.13.0-87.133\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-3.13.0-87-powerpc64-smp\", ver:\"3.13.0-87.133\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-05-29T18:35:00", "bulletinFamily": "scanner", "cvelist": ["CVE-2016-4913", "CVE-2016-4581", "CVE-2016-4557", "CVE-2016-4486", "CVE-2016-0758", "CVE-2016-4569", "CVE-2016-4558", "CVE-2016-4485", "CVE-2016-4440", "CVE-2016-3713"], "description": "The remote host is missing an update for the ", "modified": "2019-03-15T00:00:00", "published": "2016-06-08T00:00:00", "id": "OPENVAS:1361412562310808336", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310808336", "type": "openvas", "title": "Fedora Update for kernel FEDORA-2016-06f1572324", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for kernel FEDORA-2016-06f1572324\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2016 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.808336\");\n script_version(\"$Revision: 14223 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2016-06-08 15:47:54 +0200 (Wed, 08 Jun 2016)\");\n script_cve_id(\"CVE-2016-0758\", \"CVE-2016-3713\", \"CVE-2016-4913\", \"CVE-2016-4440\", \"CVE-2016-4569\", \"CVE-2016-4558\", \"CVE-2016-4557\", \"CVE-2016-4581\", \"CVE-2016-4485\", \"CVE-2016-4486\");\n script_tag(name:\"cvss_base\", value:\"7.2\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"Fedora Update for kernel FEDORA-2016-06f1572324\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'kernel'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"affected\", value:\"kernel on Fedora 23\");\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n script_xref(name:\"FEDORA\", value:\"2016-06f1572324\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LO4QW3EVM74ZTHMT4PLBBCB2IU6322L2\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2016 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC23\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC23\")\n{\n\n if ((res = isrpmvuln(pkg:\"kernel\", rpm:\"kernel~4.5.5~201.fc23\", rls:\"FC23\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-05-29T18:35:43", "bulletinFamily": "scanner", "cvelist": ["CVE-2016-3961", "CVE-2016-4581", "CVE-2015-8839", "CVE-2016-4486", "CVE-2016-2187", "CVE-2016-1583", "CVE-2016-4558", "CVE-2016-4485", "CVE-2016-2117", "CVE-2016-4565"], "description": "The remote host is missing an update for the ", "modified": "2019-03-13T00:00:00", "published": "2016-06-11T00:00:00", "id": "OPENVAS:1361412562310842790", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310842790", "type": "openvas", "title": "Ubuntu Update for linux USN-3006-1", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Ubuntu Update for linux USN-3006-1\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2016 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.842790\");\n script_version(\"$Revision: 14140 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-13 13:26:09 +0100 (Wed, 13 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2016-06-11 05:26:12 +0200 (Sat, 11 Jun 2016)\");\n script_cve_id(\"CVE-2016-2117\", \"CVE-2016-1583\", \"CVE-2015-8839\", \"CVE-2016-2187\", \"CVE-2016-3961\", \"CVE-2016-4485\", \"CVE-2016-4486\", \"CVE-2016-4558\", \"CVE-2016-4565\", \"CVE-2016-4581\");\n script_tag(name:\"cvss_base\", value:\"7.2\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"Ubuntu Update for linux USN-3006-1\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'linux'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"insight\", value:\"Justin Yackoski discovered that the Atheros L2 Ethernet Driver in the Linux\nkernel incorrectly enables scatter/gather I/O. A remote attacker could use\nthis to obtain potentially sensitive information from kernel memory.\n(CVE-2016-2117)\n\nJann Horn discovered that eCryptfs improperly attempted to use the mmap()\nhandler of a lower filesystem that did not implement one, causing a\nrecursive page fault to occur. A local unprivileged attacker could use to\ncause a denial of service (system crash) or possibly execute arbitrary code\nwith administrative privileges. (CVE-2016-1583)\n\nMultiple race conditions where discovered in the Linux kernel's ext4 file\nsystem. A local user could exploit this flaw to cause a denial of service\n(disk corruption) by writing to a page that is associated with a different\nusers file after unsynchronized hole punching and page-fault handling.\n(CVE-2015-8839)\n\nRalf Spenneberg discovered that the Linux kernel's GTCO digitizer USB\ndevice driver did not properly validate endpoint descriptors. An attacker\nwith physical access could use this to cause a denial of service (system\ncrash). (CVE-2016-2187)\n\nVitaly Kuznetsov discovered that the Linux kernel did not properly suppress\nhugetlbfs support in X86 paravirtualized guests. An attacker in the guest\nOS could cause a denial of service (guest system crash). (CVE-2016-3961)\n\nKangjie Lu discovered an information leak in the ANSI/IEEE 802.2 LLC type 2\nSupport implementations in the Linux kernel. A local attacker could use\nthis to obtain potentially sensitive information from kernel memory.\n(CVE-2016-4485)\n\nKangjie Lu discovered an information leak in the routing netlink socket\ninterface (rtnetlink) implementation in the Linux kernel. A local attacker\ncould use this to obtain potentially sensitive information from kernel\nmemory. (CVE-2016-4486)\n\nJann Horn discovered that the extended Berkeley Packet Filter (eBPF)\nimplementation in the Linux kernel could overflow reference counters on\nsystems with more than 32GB of physical ram and with RLIMIT_MEMLOCK set to\ninfinite. A local unprivileged attacker could use to create a use-after-\nfree situation, causing a denial of service (system crash) or possibly gain\nadministrative privileges. (CVE-2016-4558)\n\nJann Horn discovered that the InfiniBand interfaces within the Linux kernel\ncould be coerced into overwriting kernel memory. A local unprivileged\nattacker could use this to possibly gain administrative privileges on\nsystems where InifiniBand related kernel modules are loaded.\n(CVE-2016-4565)\n\nIt was discovered that in some situations the Linux kernel did not handle\npropagated mounts correctly. A local unprivileged attacker could use this\nto cause a denial of service (system crash). (CVE-2016-4581)\");\n script_tag(name:\"affected\", value:\"linux on Ubuntu 16.04 LTS\");\n script_tag(name:\"solution\", value:\"Please Install the Updated Packages.\");\n\n script_xref(name:\"USN\", value:\"3006-1\");\n script_xref(name:\"URL\", value:\"http://www.ubuntu.com/usn/usn-3006-1/\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2016 Greenbone Networks GmbH\");\n script_family(\"Ubuntu Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/ubuntu_linux\", \"ssh/login/packages\", re:\"ssh/login/release=UBUNTU16\\.04 LTS\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nrelease = dpkg_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"UBUNTU16.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"linux-image-4.4.0-24-generic\", ver:\"4.4.0-24.43\", rls:\"UBUNTU16.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-4.4.0-24-generic-lpae\", ver:\"4.4.0-24.43\", rls:\"UBUNTU16.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-4.4.0-24-lowlatency\", ver:\"4.4.0-24.43\", rls:\"UBUNTU16.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-4.4.0-24-powerpc-e500mc\", ver:\"4.4.0-24.43\", rls:\"UBUNTU16.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-4.4.0-24-powerpc-smp\", ver:\"4.4.0-24.43\", rls:\"UBUNTU16.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-4.4.0-24-powerpc64-emb\", ver:\"4.4.0-24.43\", rls:\"UBUNTU16.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-4.4.0-24-powerpc64-smp\", ver:\"4.4.0-24.43\", rls:\"UBUNTU16.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-05-29T18:35:40", "bulletinFamily": "scanner", "cvelist": ["CVE-2016-3961", "CVE-2016-4581", "CVE-2015-8839", "CVE-2016-4486", "CVE-2016-2187", "CVE-2016-1583", "CVE-2016-4558", "CVE-2016-4485", "CVE-2016-2117", "CVE-2016-4565"], "description": "The remote host is missing an update for the ", "modified": "2019-03-13T00:00:00", "published": "2016-06-11T00:00:00", "id": "OPENVAS:1361412562310842786", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310842786", "type": "openvas", "title": "Ubuntu Update for linux-raspi2 USN-3007-1", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Ubuntu Update for linux-raspi2 USN-3007-1\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2016 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.842786\");\n script_version(\"$Revision: 14140 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-13 13:26:09 +0100 (Wed, 13 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2016-06-11 05:25:29 +0200 (Sat, 11 Jun 2016)\");\n script_cve_id(\"CVE-2016-2117\", \"CVE-2016-1583\", \"CVE-2015-8839\", \"CVE-2016-2187\", \"CVE-2016-3961\", \"CVE-2016-4485\", \"CVE-2016-4486\", \"CVE-2016-4558\", \"CVE-2016-4565\", \"CVE-2016-4581\");\n script_tag(name:\"cvss_base\", value:\"7.2\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"Ubuntu Update for linux-raspi2 USN-3007-1\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'linux-raspi2'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"insight\", value:\"Justin Yackoski discovered that the Atheros L2 Ethernet Driver in the Linux\nkernel incorrectly enables scatter/gather I/O. A remote attacker could use\nthis to obtain potentially sensitive information from kernel memory.\n(CVE-2016-2117)\n\nJann Horn discovered that eCryptfs improperly attempted to use the mmap()\nhandler of a lower filesystem that did not implement one, causing a\nrecursive page fault to occur. A local unprivileged attacker could use to\ncause a denial of service (system crash) or possibly execute arbitrary code\nwith administrative privileges. (CVE-2016-1583)\n\nMultiple race conditions where discovered in the Linux kernel's ext4 file\nsystem. A local user could exploit this flaw to cause a denial of service\n(disk corruption) by writing to a page that is associated with a different\nusers file after unsynchronized hole punching and page-fault handling.\n(CVE-2015-8839)\n\nRalf Spenneberg discovered that the Linux kernel's GTCO digitizer USB\ndevice driver did not properly validate endpoint descriptors. An attacker\nwith physical access could use this to cause a denial of service (system\ncrash). (CVE-2016-2187)\n\nVitaly Kuznetsov discovered that the Linux kernel did not properly suppress\nhugetlbfs support in X86 paravirtualized guests. An attacker in the guest\nOS could cause a denial of service (guest system crash). (CVE-2016-3961)\n\nKangjie Lu discovered an information leak in the ANSI/IEEE 802.2 LLC type 2\nSupport implementations in the Linux kernel. A local attacker could use\nthis to obtain potentially sensitive information from kernel memory.\n(CVE-2016-4485)\n\nKangjie Lu discovered an information leak in the routing netlink socket\ninterface (rtnetlink) implementation in the Linux kernel. A local attacker\ncould use this to obtain potentially sensitive information from kernel\nmemory. (CVE-2016-4486)\n\nJann Horn discovered that the extended Berkeley Packet Filter (eBPF)\nimplementation in the Linux kernel could overflow reference counters on\nsystems with more than 32GB of physical ram and with RLIMIT_MEMLOCK set to\ninfinite. A local unprivileged attacker could use to create a use-after-\nfree situation, causing a denial of service (system crash) or possibly gain\nadministrative privileges. (CVE-2016-4558)\n\nJann Horn discovered that the InfiniBand interfaces within the Linux kernel\ncould be coerced into overwriting kernel memory. A local unprivileged\nattacker could use this to possibly gain administrative privileges on\nsystems where InifiniBand related kernel modules are loaded.\n(CVE-2016-4565)\n\nIt was discovered that in some situations the Linux kernel did not handle\npropagated mounts correctly. A local unprivileged attacker could use this\nto cause a denial of service (system crash). (CVE-2016-4581)\");\n script_tag(name:\"affected\", value:\"linux-raspi2 on Ubuntu 16.04 LTS\");\n script_tag(name:\"solution\", value:\"Please Install the Updated Packages.\");\n\n script_xref(name:\"USN\", value:\"3007-1\");\n script_xref(name:\"URL\", value:\"http://www.ubuntu.com/usn/usn-3007-1/\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2016 Greenbone Networks GmbH\");\n script_family(\"Ubuntu Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/ubuntu_linux\", \"ssh/login/packages\", re:\"ssh/login/release=UBUNTU16\\.04 LTS\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nrelease = dpkg_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"UBUNTU16.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"linux-image-4.4.0-1012-raspi2\", ver:\"4.4.0-1012.16\", rls:\"UBUNTU16.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-05-29T18:35:30", "bulletinFamily": "scanner", "cvelist": ["CVE-2016-3961", "CVE-2016-4581", "CVE-2015-8839", "CVE-2016-4486", "CVE-2016-2187", "CVE-2016-1583", "CVE-2016-4558", "CVE-2016-4485", "CVE-2016-2117", "CVE-2016-4565"], "description": "The remote host is missing an update for the ", "modified": "2019-03-13T00:00:00", "published": "2016-06-11T00:00:00", "id": "OPENVAS:1361412562310842794", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310842794", "type": "openvas", "title": "Ubuntu Update for linux-lts-xenial USN-3005-1", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Ubuntu Update for linux-lts-xenial USN-3005-1\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2016 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.842794\");\n script_version(\"$Revision: 14140 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-13 13:26:09 +0100 (Wed, 13 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2016-06-11 05:27:17 +0200 (Sat, 11 Jun 2016)\");\n script_cve_id(\"CVE-2016-2117\", \"CVE-2016-1583\", \"CVE-2015-8839\", \"CVE-2016-2187\", \"CVE-2016-3961\", \"CVE-2016-4485\", \"CVE-2016-4486\", \"CVE-2016-4558\", \"CVE-2016-4565\", \"CVE-2016-4581\");\n script_tag(name:\"cvss_base\", value:\"7.2\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"Ubuntu Update for linux-lts-xenial USN-3005-1\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'linux-lts-xenial'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"insight\", value:\"Justin Yackoski discovered that the Atheros L2 Ethernet Driver in the Linux\nkernel incorrectly enables scatter/gather I/O. A remote attacker could use\nthis to obtain potentially sensitive information from kernel memory.\n(CVE-2016-2117)\n\nJann Horn discovered that eCryptfs improperly attempted to use the mmap()\nhandler of a lower filesystem that did not implement one, causing a\nrecursive page fault to occur. A local unprivileged attacker could use to\ncause a denial of service (system crash) or possibly execute arbitrary code\nwith administrative privileges. (CVE-2016-1583)\n\nMultiple race conditions where discovered in the Linux kernel's ext4 file\nsystem. A local user could exploit this flaw to cause a denial of service\n(disk corruption) by writing to a page that is associated with a different\nusers file after unsynchronized hole punching and page-fault handling.\n(CVE-2015-8839)\n\nRalf Spenneberg discovered that the Linux kernel's GTCO digitizer USB\ndevice driver did not properly validate endpoint descriptors. An attacker\nwith physical access could use this to cause a denial of service (system\ncrash). (CVE-2016-2187)\n\nVitaly Kuznetsov discovered that the Linux kernel did not properly suppress\nhugetlbfs support in X86 paravirtualized guests. An attacker in the guest\nOS could cause a denial of service (guest system crash). (CVE-2016-3961)\n\nKangjie Lu discovered an information leak in the ANSI/IEEE 802.2 LLC type 2\nSupport implementations in the Linux kernel. A local attacker could use\nthis to obtain potentially sensitive information from kernel memory.\n(CVE-2016-4485)\n\nKangjie Lu discovered an information leak in the routing netlink socket\ninterface (rtnetlink) implementation in the Linux kernel. A local attacker\ncould use this to obtain potentially sensitive information from kernel\nmemory. (CVE-2016-4486)\n\nJann Horn discovered that the extended Berkeley Packet Filter (eBPF)\nimplementation in the Linux kernel could overflow reference counters on\nsystems with more than 32GB of physical ram and with RLIMIT_MEMLOCK set to\ninfinite. A local unprivileged attacker could use to create a use-after-\nfree situation, causing a denial of service (system crash) or possibly gain\nadministrative privileges. (CVE-2016-4558)\n\nJann Horn discovered that the InfiniBand interfaces within the Linux kernel\ncould be coerced into overwriting kernel memory. A local unprivileged\nattacker could use this to possibly gain administrative privileges on\nsystems where InifiniBand related kernel modules are loaded.\n(CVE-2016-4565)\n\nIt was discovered that in some situations the Linux kernel did not handle\npropagated mounts correctly. A local unprivileged attacker could use this\nto cause a denial of service (system crash). (CVE-2016-4581)\");\n script_tag(name:\"affected\", value:\"linux-lts-xenial on Ubuntu 14.04 LTS\");\n script_tag(name:\"solution\", value:\"Please Install the Updated Packages.\");\n\n script_xref(name:\"USN\", value:\"3005-1\");\n script_xref(name:\"URL\", value:\"http://www.ubuntu.com/usn/usn-3005-1/\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2016 Greenbone Networks GmbH\");\n script_family(\"Ubuntu Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/ubuntu_linux\", \"ssh/login/packages\", re:\"ssh/login/release=UBUNTU14\\.04 LTS\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nrelease = dpkg_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"UBUNTU14.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"linux-image-4.4.0-24-generic\", ver:\"4.4.0-24.43~14.04.1\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-4.4.0-24-generic-lpae\", ver:\"4.4.0-24.43~14.04.1\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-4.4.0-24-lowlatency\", ver:\"4.4.0-24.43~14.04.1\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-4.4.0-24-powerpc-e500mc\", ver:\"4.4.0-24.43~14.04.1\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-4.4.0-24-powerpc-smp\", ver:\"4.4.0-24.43~14.04.1\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-4.4.0-24-powerpc64-emb\", ver:\"4.4.0-24.43~14.04.1\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-4.4.0-24-powerpc64-smp\", ver:\"4.4.0-24.43~14.04.1\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-05-29T18:35:20", "bulletinFamily": "scanner", "cvelist": ["CVE-2016-2069", "CVE-2016-4581", "CVE-2016-4486", "CVE-2015-4004", "CVE-2016-2187", "CVE-2016-1583", "CVE-2016-3951", "CVE-2016-3955", "CVE-2016-4485", "CVE-2016-2117", "CVE-2016-3672"], "description": "The remote host is missing an update for the ", "modified": "2019-03-13T00:00:00", "published": "2016-06-11T00:00:00", "id": "OPENVAS:1361412562310842797", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310842797", "type": "openvas", "title": "Ubuntu Update for linux-lts-trusty USN-2998-1", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Ubuntu Update for linux-lts-trusty USN-2998-1\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2016 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.842797\");\n script_version(\"$Revision: 14140 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-13 13:26:09 +0100 (Wed, 13 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2016-06-11 05:28:01 +0200 (Sat, 11 Jun 2016)\");\n script_cve_id(\"CVE-2016-2117\", \"CVE-2016-1583\", \"CVE-2015-4004\", \"CVE-2016-2069\", \"CVE-2016-2187\", \"CVE-2016-3672\", \"CVE-2016-3951\", \"CVE-2016-3955\", \"CVE-2016-4485\", \"CVE-2016-4486\", \"CVE-2016-4581\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"Ubuntu Update for linux-lts-trusty USN-2998-1\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'linux-lts-trusty'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"insight\", value:\"Justin Yackoski discovered that the Atheros L2 Ethernet Driver in the Linux\nkernel incorrectly enables scatter/gather I/O. A remote attacker could use\nthis to obtain potentially sensitive information from kernel memory.\n(CVE-2016-2117)\n\nJann Horn discovered that eCryptfs improperly attempted to use the mmap()\nhandler of a lower filesystem that did not implement one, causing a\nrecursive page fault to occur. A local unprivileged attacker could use to\ncause a denial of service (system crash) or possibly execute arbitrary code\nwith administrative privileges. (CVE-2016-1583)\n\nJason A. Donenfeld discovered multiple out-of-bounds reads in the OZMO USB\nover wifi device drivers in the Linux kernel. A remote attacker could use\nthis to cause a denial of service (system crash) or obtain potentially\nsensitive information from kernel memory. (CVE-2015-4004)\n\nAndy Lutomirski discovered a race condition in the Linux kernel's\ntranslation lookaside buffer (TLB) handling of flush events. A local\nattacker could use this to cause a denial of service or possibly leak\nsensitive information. (CVE-2016-2069)\n\nRalf Spenneberg discovered that the Linux kernel's GTCO digitizer USB\ndevice driver did not properly validate endpoint descriptors. An attacker\nwith physical access could use this to cause a denial of service (system\ncrash). (CVE-2016-2187)\n\nHector Marco and Ismael Ripoll discovered that the Linux kernel would\nimproperly disable Address Space Layout Randomization (ASLR) for x86\nprocesses running in 32 bit mode if stack-consumption resource limits were\ndisabled. A local attacker could use this to make it easier to exploit an\nexisting vulnerability in a setuid/setgid program. (CVE-2016-3672)\n\nAndrey Konovalov discovered that the CDC Network Control Model USB driver\nin the Linux kernel did not cancel work events queued if a later error\noccurred, resulting in a use-after-free. An attacker with physical access\ncould use this to cause a denial of service (system crash). (CVE-2016-3951)\n\nIt was discovered that an out-of-bounds write could occur when handling\nincoming packets in the USB/IP implementation in the Linux kernel. A remote\nattacker could use this to cause a denial of service (system crash) or\npossibly execute arbitrary code. (CVE-2016-3955)\n\nKangjie Lu discovered an information leak in the ANSI/IEEE 802.2 LLC type 2\nSupport implementations in the Linux kernel. A local attacker could use\nthis to obtain potentially sensitive information from kernel memory.\n(CVE-2016-4485)\n\nKangjie Lu discovered an information leak in the routing netlink socket\ninterface (rtnetlink) implementation in the Linux kerne ...\n\n Description truncated, please see the referenced URL(s) for more information.\");\n script_tag(name:\"affected\", value:\"linux-lts-trusty on Ubuntu 12.04 LTS\");\n script_tag(name:\"solution\", value:\"Please Install the Updated Packages.\");\n\n script_xref(name:\"USN\", value:\"2998-1\");\n script_xref(name:\"URL\", value:\"http://www.ubuntu.com/usn/usn-2998-1/\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2016 Greenbone Networks GmbH\");\n script_family(\"Ubuntu Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/ubuntu_linux\", \"ssh/login/packages\", re:\"ssh/login/release=UBUNTU12\\.04 LTS\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nrelease = dpkg_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"UBUNTU12.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"linux-image-3.13.0-88-generic\", ver:\"3.13.0-88.135~precise1\", rls:\"UBUNTU12.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-3.13.0-88-generic-lpae\", ver:\"3.13.0-88.135~precise1\", rls:\"UBUNTU12.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-05-29T18:35:49", "bulletinFamily": "scanner", "cvelist": ["CVE-2016-3961", "CVE-2016-4581", "CVE-2016-4486", "CVE-2015-4004", "CVE-2016-2187", "CVE-2016-1583", "CVE-2016-3951", "CVE-2016-3955", "CVE-2016-4485", "CVE-2016-2117", "CVE-2016-4565", "CVE-2016-3672"], "description": "The remote host is missing an update for the ", "modified": "2019-03-13T00:00:00", "published": "2016-06-11T00:00:00", "id": "OPENVAS:1361412562310842796", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310842796", "type": "openvas", "title": "Ubuntu Update for linux-lts-vivid USN-3001-1", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Ubuntu Update for linux-lts-vivid USN-3001-1\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2016 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.842796\");\n script_version(\"$Revision: 14140 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-13 13:26:09 +0100 (Wed, 13 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2016-06-11 05:27:47 +0200 (Sat, 11 Jun 2016)\");\n script_cve_id(\"CVE-2016-2117\", \"CVE-2016-1583\", \"CVE-2015-4004\", \"CVE-2016-2187\", \"CVE-2016-3672\", \"CVE-2016-3951\", \"CVE-2016-3955\", \"CVE-2016-3961\", \"CVE-2016-4485\", \"CVE-2016-4486\", \"CVE-2016-4565\", \"CVE-2016-4581\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"Ubuntu Update for linux-lts-vivid USN-3001-1\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'linux-lts-vivid'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"insight\", value:\"Justin Yackoski discovered that the Atheros L2 Ethernet Driver in the Linux\nkernel incorrectly enables scatter/gather I/O. A remote attacker could use\nthis to obtain potentially sensitive information from kernel memory.\n(CVE-2016-2117)\n\nJann Horn discovered that eCryptfs improperly attempted to use the mmap()\nhandler of a lower filesystem that did not implement one, causing a\nrecursive page fault to occur. A local unprivileged attacker could use to\ncause a denial of service (system crash) or possibly execute arbitrary code\nwith administrative privileges. (CVE-2016-1583)\n\nJason A. Donenfeld discovered multiple out-of-bounds reads in the OZMO USB\nover wifi device drivers in the Linux kernel. A remote attacker could use\nthis to cause a denial of service (system crash) or obtain potentially\nsensitive information from kernel memory. (CVE-2015-4004)\n\nRalf Spenneberg discovered that the Linux kernel's GTCO digitizer USB\ndevice driver did not properly validate endpoint descriptors. An attacker\nwith physical access could use this to cause a denial of service (system\ncrash). (CVE-2016-2187)\n\nHector Marco and Ismael Ripoll discovered that the Linux kernel would\nimproperly disable Address Space Layout Randomization (ASLR) for x86\nprocesses running in 32 bit mode if stack-consumption resource limits were\ndisabled. A local attacker could use this to make it easier to exploit an\nexisting vulnerability in a setuid/setgid program. (CVE-2016-3672)\n\nAndrey Konovalov discovered that the CDC Network Control Model USB driver\nin the Linux kernel did not cancel work events queued if a later error\noccurred, resulting in a use-after-free. An attacker with physical access\ncould use this to cause a denial of service (system crash). (CVE-2016-3951)\n\nIt was discovered that an out-of-bounds write could occur when handling\nincoming packets in the USB/IP implementation in the Linux kernel. A remote\nattacker could use this to cause a denial of service (system crash) or\npossibly execute arbitrary code. (CVE-2016-3955)\n\nVitaly Kuznetsov discovered that the Linux kernel did not properly suppress\nhugetlbfs support in X86 paravirtualized guests. An attacker in the guest\nOS could cause a denial of service (guest system crash). (CVE-2016-3961)\n\nKangjie Lu discovered an information leak in the ANSI/IEEE 802.2 LLC type 2\nSupport implementations in the Linux kernel. A local attacker could use\nthis to obtain potentially sensitive information from kernel memory.\n(CVE-2016-4485)\n\nKangjie Lu discovered an information leak in the routing netlink socket\ninterface (rtnetlink) implementation in the Linux kernel. A local attacker\nco ...\n\n Description truncated, please see the referenced URL(s) for more information.\");\n script_tag(name:\"affected\", value:\"linux-lts-vivid on Ubuntu 14.04 LTS\");\n script_tag(name:\"solution\", value:\"Please Install the Updated Packages.\");\n\n script_xref(name:\"USN\", value:\"3001-1\");\n script_xref(name:\"URL\", value:\"http://www.ubuntu.com/usn/usn-3001-1/\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2016 Greenbone Networks GmbH\");\n script_family(\"Ubuntu Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/ubuntu_linux\", \"ssh/login/packages\", re:\"ssh/login/release=UBUNTU14\\.04 LTS\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nrelease = dpkg_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"UBUNTU14.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"linux-image-3.19.0-61-generic\", ver:\"3.19.0-61.69~14.04.1\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-3.19.0-61-generic-lpae\", ver:\"3.19.0-61.69~14.04.1\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-3.19.0-61-lowlatency\", ver:\"3.19.0-61.69~14.04.1\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-3.19.0-61-powerpc-e500mc\", ver:\"3.19.0-61.69~14.04.1\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-3.19.0-61-powerpc-smp\", ver:\"3.19.0-61.69~14.04.1\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-3.19.0-61-powerpc64-emb\", ver:\"3.19.0-61.69~14.04.1\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-3.19.0-61-powerpc64-smp\", ver:\"3.19.0-61.69~14.04.1\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}], "fedora": [{"lastseen": "2020-12-21T08:17:53", "bulletinFamily": "unix", "cvelist": ["CVE-2016-4482", "CVE-2016-4485", "CVE-2016-4486", "CVE-2016-4581"], "description": "The kernel meta package ", "modified": "2016-05-16T14:56:10", "published": "2016-05-16T14:56:10", "id": "FEDORA:16FBC6173444", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 22 Update: kernel-4.4.9-200.fc22", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2020-12-21T08:17:53", "bulletinFamily": "unix", "cvelist": ["CVE-2016-4485", "CVE-2016-4486", "CVE-2016-4557", "CVE-2016-4558", "CVE-2016-4569", "CVE-2016-4581"], "description": "The kernel meta package ", "modified": "2016-05-14T23:33:19", "published": "2016-05-14T23:33:19", "id": "FEDORA:3BDA3607A1A6", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 24 Update: kernel-4.5.4-300.fc24", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-12-21T08:17:53", "bulletinFamily": "unix", "cvelist": ["CVE-2016-0758", "CVE-2016-3713", "CVE-2016-4440", "CVE-2016-4485", "CVE-2016-4486", "CVE-2016-4557", "CVE-2016-4558", "CVE-2016-4569", "CVE-2016-4581", "CVE-2016-4913"], "description": "The kernel meta package ", "modified": "2016-06-02T15:04:03", "published": "2016-06-02T15:04:03", "id": "FEDORA:0A72361F0A0B", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 23 Update: kernel-4.5.5-201.fc23", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}], "nessus": [{"lastseen": "2021-01-12T10:14:36", "description": "The 4.4.9 update contains an number of important fixes across the tree\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as\npossible without introducing additional issues.", "edition": 18, "cvss3": {"score": 7.5, "vector": "AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"}, "published": "2016-07-14T00:00:00", "title": "Fedora 22 : kernel (2016-a159c484e4)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2016-4581", "CVE-2016-4486", "CVE-2016-4485", "CVE-2016-4482"], "modified": "2016-07-14T00:00:00", "cpe": ["p-cpe:/a:fedoraproject:fedora:kernel", "cpe:/o:fedoraproject:fedora:22"], "id": "FEDORA_2016-A159C484E4.NASL", "href": "https://www.tenable.com/plugins/nessus/92133", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory FEDORA-2016-a159c484e4.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(92133);\n script_version(\"1.7\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2016-4482\", \"CVE-2016-4485\", \"CVE-2016-4486\", \"CVE-2016-4581\");\n script_xref(name:\"FEDORA\", value:\"2016-a159c484e4\");\n\n script_name(english:\"Fedora 22 : kernel (2016-a159c484e4)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The 4.4.9 update contains an number of important fixes across the tree\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as\npossible without introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bodhi.fedoraproject.org/updates/FEDORA-2016-a159c484e4\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected kernel package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:kernel\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:22\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2016/05/23\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/05/16\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/07/14\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2016-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"linux_alt_patch_detect.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\ninclude(\"ksplice.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = pregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^22([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 22\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nif (get_one_kb_item(\"Host/ksplice/kernel-cves\"))\n{\n rm_kb_item(name:\"Host/uptrack-uname-r\");\n cve_list = make_list(\"CVE-2016-4482\", \"CVE-2016-4485\", \"CVE-2016-4486\", \"CVE-2016-4581\");\n if (ksplice_cves_check(cve_list))\n {\n audit(AUDIT_PATCH_INSTALLED, \"KSplice hotfix for FEDORA-2016-a159c484e4\");\n }\n else\n {\n __rpm_report = ksplice_reporting_text();\n }\n}\n\nflag = 0;\nif (rpm_check(release:\"FC22\", reference:\"kernel-4.4.9-200.fc22\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"kernel\");\n}\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2021-01-12T10:15:01", "description": "The 4.5.4 stable update contains a number of important fixes across\nthe tree.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as\npossible without introducing additional issues.", "edition": 21, "cvss3": {"score": 7.8, "vector": "AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"}, "published": "2016-07-14T00:00:00", "title": "Fedora 24 : kernel (2016-ef973efab7)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2016-4581", "CVE-2016-4557", "CVE-2016-4486", "CVE-2016-4569", "CVE-2016-4558", "CVE-2016-4485"], "modified": "2016-07-14T00:00:00", "cpe": ["p-cpe:/a:fedoraproject:fedora:kernel", "cpe:/o:fedoraproject:fedora:24"], "id": "FEDORA_2016-EF973EFAB7.NASL", "href": "https://www.tenable.com/plugins/nessus/92195", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory FEDORA-2016-ef973efab7.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(92195);\n script_version(\"1.10\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2016-4485\", \"CVE-2016-4486\", \"CVE-2016-4557\", \"CVE-2016-4558\", \"CVE-2016-4569\", \"CVE-2016-4581\");\n script_xref(name:\"FEDORA\", value:\"2016-ef973efab7\");\n\n script_name(english:\"Fedora 24 : kernel (2016-ef973efab7)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The 4.5.4 stable update contains a number of important fixes across\nthe tree.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as\npossible without introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bodhi.fedoraproject.org/updates/FEDORA-2016-ef973efab7\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected kernel package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:F/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:F/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'Linux BPF doubleput UAF Privilege Escalation');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:kernel\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:24\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2016/05/23\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/05/14\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/07/14\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2016-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"linux_alt_patch_detect.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\ninclude(\"ksplice.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = pregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^24([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 24\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nif (get_one_kb_item(\"Host/ksplice/kernel-cves\"))\n{\n rm_kb_item(name:\"Host/uptrack-uname-r\");\n cve_list = make_list(\"CVE-2016-4485\", \"CVE-2016-4486\", \"CVE-2016-4557\", \"CVE-2016-4558\", \"CVE-2016-4569\", \"CVE-2016-4581\");\n if (ksplice_cves_check(cve_list))\n {\n audit(AUDIT_PATCH_INSTALLED, \"KSplice hotfix for FEDORA-2016-ef973efab7\");\n }\n else\n {\n __rpm_report = ksplice_reporting_text();\n }\n}\n\nflag = 0;\nif (rpm_check(release:\"FC24\", reference:\"kernel-4.5.4-300.fc24\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"kernel\");\n}\n", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-01-01T01:19:20", "description": "The Linux kernel did not properly suppress hugetlbfs support in x86 PV\nguests, which could allow local PV guest users to cause a denial of\nservice (guest OS crash) by attempting to access a hugetlbfs mapped\narea. (CVE-2016-3961 / XSA-174)\n\nA flaw was found in the way the Linux kernel's ASN.1 DER decoder\nprocessed certain certificate files with tags of indefinite length. A\nlocal, unprivileged user could use a specially crafted X.509\ncertificate DER file to crash the system or, potentially, escalate\ntheir privileges on the system. (CVE-2016-0758)\n\nMultiple race conditions in the ext4 filesystem implementation in the\nLinux kernel before 4.5 allow local users to cause a denial of service\n(disk corruption) by writing to a page that is associated with a\ndifferent user's file after unsynchronized hole punching and\npage-fault handling. (CVE-2015-8839)\n\nThe following flaws were also fixed in this version :\n\nCVE-2016-4557 : Use after free vulnerability via double fdput\n\nCVE-2016-4581 : Slave being first propagated copy causes oops in\npropagate_mnt\n\nCVE-2016-4486 : Information leak in rtnetlink\n\nCVE-2016-4485 : Information leak in llc module\n\nCVE-2016-4558 : bpf: refcnt overflow\n\nCVE-2016-4565 : infiniband: Unprivileged process can overwrite kernel\nmemory using rdma_ucm.ko\n\nCVE-2016-0758 : tags with indefinite length can corrupt pointers in\nasn1_find_indefinite_length()\n\nCVE-2015-8839 : ext4 filesystem page fault race condition with\nfallocate call.", "edition": 27, "cvss3": {"score": 7.8, "vector": "AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"}, "published": "2016-05-19T00:00:00", "title": "Amazon Linux AMI : kernel (ALAS-2016-703)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2016-3961", "CVE-2016-4581", "CVE-2016-4557", "CVE-2015-8839", "CVE-2016-4486", "CVE-2016-0758", "CVE-2016-4558", "CVE-2016-4485", "CVE-2016-4565"], "modified": "2021-01-02T00:00:00", "cpe": ["p-cpe:/a:amazon:linux:kernel-tools-debuginfo", "p-cpe:/a:amazon:linux:kernel", "p-cpe:/a:amazon:linux:kernel-doc", "p-cpe:/a:amazon:linux:perf", "p-cpe:/a:amazon:linux:kernel-tools", "p-cpe:/a:amazon:linux:kernel-devel", "p-cpe:/a:amazon:linux:kernel-debuginfo-common-x86_64", "p-cpe:/a:amazon:linux:kernel-debuginfo", "p-cpe:/a:amazon:linux:kernel-debuginfo-common-i686", "p-cpe:/a:amazon:linux:perf-debuginfo", "p-cpe:/a:amazon:linux:kernel-tools-devel", "p-cpe:/a:amazon:linux:kernel-headers", "cpe:/o:amazon:linux"], "id": "ALA_ALAS-2016-703.NASL", "href": "https://www.tenable.com/plugins/nessus/91241", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Amazon Linux AMI Security Advisory ALAS-2016-703.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(91241);\n script_version(\"2.7\");\n script_cvs_date(\"Date: 2019/04/11 17:23:06\");\n\n script_cve_id(\"CVE-2015-8839\", \"CVE-2016-0758\", \"CVE-2016-3961\", \"CVE-2016-4485\", \"CVE-2016-4486\", \"CVE-2016-4557\", \"CVE-2016-4558\", \"CVE-2016-4565\", \"CVE-2016-4581\");\n script_xref(name:\"ALAS\", value:\"2016-703\");\n\n script_name(english:\"Amazon Linux AMI : kernel (ALAS-2016-703)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Amazon Linux AMI host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The Linux kernel did not properly suppress hugetlbfs support in x86 PV\nguests, which could allow local PV guest users to cause a denial of\nservice (guest OS crash) by attempting to access a hugetlbfs mapped\narea. (CVE-2016-3961 / XSA-174)\n\nA flaw was found in the way the Linux kernel's ASN.1 DER decoder\nprocessed certain certificate files with tags of indefinite length. A\nlocal, unprivileged user could use a specially crafted X.509\ncertificate DER file to crash the system or, potentially, escalate\ntheir privileges on the system. (CVE-2016-0758)\n\nMultiple race conditions in the ext4 filesystem implementation in the\nLinux kernel before 4.5 allow local users to cause a denial of service\n(disk corruption) by writing to a page that is associated with a\ndifferent user's file after unsynchronized hole punching and\npage-fault handling. (CVE-2015-8839)\n\nThe following flaws were also fixed in this version :\n\nCVE-2016-4557 : Use after free vulnerability via double fdput\n\nCVE-2016-4581 : Slave being first propagated copy causes oops in\npropagate_mnt\n\nCVE-2016-4486 : Information leak in rtnetlink\n\nCVE-2016-4485 : Information leak in llc module\n\nCVE-2016-4558 : bpf: refcnt overflow\n\nCVE-2016-4565 : infiniband: Unprivileged process can overwrite kernel\nmemory using rdma_ucm.ko\n\nCVE-2016-0758 : tags with indefinite length can corrupt pointers in\nasn1_find_indefinite_length()\n\nCVE-2015-8839 : ext4 filesystem page fault race condition with\nfallocate call.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://alas.aws.amazon.com/ALAS-2016-703.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Run 'yum update kernel' to update your system.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:F/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:F/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'Linux BPF doubleput UAF Privilege Escalation');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:kernel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:kernel-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:kernel-debuginfo-common-i686\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:kernel-debuginfo-common-x86_64\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:kernel-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:kernel-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:kernel-headers\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:kernel-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:kernel-tools-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:kernel-tools-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:perf\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:perf-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:amazon:linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/05/18\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/05/19\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Amazon Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/AmazonLinux/release\", \"Host/AmazonLinux/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/AmazonLinux/release\");\nif (isnull(release) || !strlen(release)) audit(AUDIT_OS_NOT, \"Amazon Linux\");\nos_ver = pregmatch(pattern: \"^AL(A|\\d)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Amazon Linux\");\nos_ver = os_ver[1];\nif (os_ver != \"A\")\n{\n if (os_ver == 'A') os_ver = 'AMI';\n audit(AUDIT_OS_NOT, \"Amazon Linux AMI\", \"Amazon Linux \" + os_ver);\n}\n\nif (!get_kb_item(\"Host/AmazonLinux/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (rpm_check(release:\"ALA\", reference:\"kernel-4.4.10-22.54.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"kernel-debuginfo-4.4.10-22.54.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", cpu:\"i686\", reference:\"kernel-debuginfo-common-i686-4.4.10-22.54.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", cpu:\"x86_64\", reference:\"kernel-debuginfo-common-x86_64-4.4.10-22.54.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"kernel-devel-4.4.10-22.54.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"kernel-doc-4.4.10-22.54.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"kernel-headers-4.4.10-22.54.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"kernel-tools-4.4.10-22.54.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"kernel-tools-debuginfo-4.4.10-22.54.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"kernel-tools-devel-4.4.10-22.54.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"perf-4.4.10-22.54.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"perf-debuginfo-4.4.10-22.54.amzn1\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"kernel / kernel-debuginfo / kernel-debuginfo-common-i686 / etc\");\n}\n", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-01-12T10:13:58", "description": "The 4.5.5 stable update contains a number of important fixes across\nthe tree.\n\n----\n\nThe 4.5.4 stable update contains a number of important fixes across\nthe tree.\n\n----\n\nThe 4.5.3 stable rebase contains enhanced hardware support, additional\nfeatures, and a number of important fixes across the tree.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as\npossible without introducing additional issues.", "edition": 21, "cvss3": {"score": 7.8, "vector": "AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"}, "published": "2016-07-14T00:00:00", "title": "Fedora 23 : kernel (2016-06f1572324)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2016-4913", "CVE-2016-4581", "CVE-2016-4557", "CVE-2016-4486", "CVE-2016-0758", "CVE-2016-4569", "CVE-2016-4558", "CVE-2016-4485", "CVE-2016-4440", "CVE-2016-3713"], "modified": "2016-07-14T00:00:00", "cpe": ["p-cpe:/a:fedoraproject:fedora:kernel", "cpe:/o:fedoraproject:fedora:23"], "id": "FEDORA_2016-06F1572324.NASL", "href": "https://www.tenable.com/plugins/nessus/92055", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory FEDORA-2016-06f1572324.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(92055);\n script_version(\"1.10\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2016-0758\", \"CVE-2016-3713\", \"CVE-2016-4440\", \"CVE-2016-4485\", \"CVE-2016-4486\", \"CVE-2016-4557\", \"CVE-2016-4558\", \"CVE-2016-4569\", \"CVE-2016-4581\", \"CVE-2016-4913\");\n script_xref(name:\"FEDORA\", value:\"2016-06f1572324\");\n\n script_name(english:\"Fedora 23 : kernel (2016-06f1572324)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The 4.5.5 stable update contains a number of important fixes across\nthe tree.\n\n----\n\nThe 4.5.4 stable update contains a number of important fixes across\nthe tree.\n\n----\n\nThe 4.5.3 stable rebase contains enhanced hardware support, additional\nfeatures, and a number of important fixes across the tree.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as\npossible without introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bodhi.fedoraproject.org/updates/FEDORA-2016-06f1572324\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected kernel package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:F/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:F/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'Linux BPF doubleput UAF Privilege Escalation');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:kernel\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:23\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2016/05/23\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/06/02\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/07/14\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2016-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"linux_alt_patch_detect.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\ninclude(\"ksplice.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = pregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^23([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 23\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nif (get_one_kb_item(\"Host/ksplice/kernel-cves\"))\n{\n rm_kb_item(name:\"Host/uptrack-uname-r\");\n cve_list = make_list(\"CVE-2016-0758\", \"CVE-2016-3713\", \"CVE-2016-4440\", \"CVE-2016-4485\", \"CVE-2016-4486\", \"CVE-2016-4557\", \"CVE-2016-4558\", \"CVE-2016-4569\", \"CVE-2016-4581\", \"CVE-2016-4913\");\n if (ksplice_cves_check(cve_list))\n {\n audit(AUDIT_PATCH_INSTALLED, \"KSplice hotfix for FEDORA-2016-06f1572324\");\n }\n else\n {\n __rpm_report = ksplice_reporting_text();\n }\n}\n\nflag = 0;\nif (rpm_check(release:\"FC23\", reference:\"kernel-4.5.5-201.fc23\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"kernel\");\n}\n", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-01-01T06:43:47", "description": "Justin Yackoski discovered that the Atheros L2 Ethernet Driver in the\nLinux kernel incorrectly enables scatter/gather I/O. A remote attacker\ncould use this to obtain potentially sensitive information from kernel\nmemory. (CVE-2016-2117)\n\nJann Horn discovered that eCryptfs improperly attempted to use the\nmmap() handler of a lower filesystem that did not implement one,\ncausing a recursive page fault to occur. A local unprivileged attacker\ncould use to cause a denial of service (system crash) or possibly\nexecute arbitrary code with administrative privileges. (CVE-2016-1583)\n\nMultiple race conditions where discovered in the Linux kernel's ext4\nfile system. A local user could exploit this flaw to cause a denial of\nservice (disk corruption) by writing to a page that is associated with\na different users file after unsynchronized hole punching and\npage-fault handling. (CVE-2015-8839)\n\nRalf Spenneberg discovered that the Linux kernel's GTCO digitizer USB\ndevice driver did not properly validate endpoint descriptors. An\nattacker with physical access could use this to cause a denial of\nservice (system crash). (CVE-2016-2187)\n\nVitaly Kuznetsov discovered that the Linux kernel did not properly\nsuppress hugetlbfs support in X86 paravirtualized guests. An attacker\nin the guest OS could cause a denial of service (guest system crash).\n(CVE-2016-3961)\n\nKangjie Lu discovered an information leak in the ANSI/IEEE 802.2 LLC\ntype 2 Support implementations in the Linux kernel. A local attacker\ncould use this to obtain potentially sensitive information from kernel\nmemory. (CVE-2016-4485)\n\nKangjie Lu discovered an information leak in the routing netlink\nsocket interface (rtnetlink) implementation in the Linux kernel. A\nlocal attacker could use this to obtain potentially sensitive\ninformation from kernel memory. (CVE-2016-4486)\n\nJann Horn discovered that the extended Berkeley Packet Filter (eBPF)\nimplementation in the Linux kernel could overflow reference counters\non systems with more than 32GB of physical ram and with RLIMIT_MEMLOCK\nset to infinite. A local unprivileged attacker could use to create a\nuse-after- free situation, causing a denial of service (system crash)\nor possibly gain administrative privileges. (CVE-2016-4558)\n\nJann Horn discovered that the InfiniBand interfaces within the Linux\nkernel could be coerced into overwriting kernel memory. A local\nunprivileged attacker could use this to possibly gain administrative\nprivileges on systems where InifiniBand related kernel modules are\nloaded. (CVE-2016-4565)\n\nIt was discovered that in some situations the Linux kernel did not\nhandle propagated mounts correctly. A local unprivileged attacker\ncould use this to cause a denial of service (system crash).\n(CVE-2016-4581).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "edition": 26, "cvss3": {"score": 7.8, "vector": "AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"}, "published": "2016-06-10T00:00:00", "title": "Ubuntu 16.04 LTS : linux-raspi2 vulnerabilities (USN-3007-1)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2016-3961", "CVE-2016-4581", "CVE-2015-8839", "CVE-2016-4486", "CVE-2016-2187", "CVE-2016-1583", "CVE-2016-4558", "CVE-2016-4485", "CVE-2016-2117", "CVE-2016-4565"], "modified": "2021-01-02T00:00:00", "cpe": ["cpe:/o:canonical:ubuntu_linux:16.04", "p-cpe:/a:canonical:ubuntu_linux:linux-image-4.4-raspi2"], "id": "UBUNTU_USN-3007-1.NASL", "href": "https://www.tenable.com/plugins/nessus/91569", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-3007-1. The text \n# itself is copyright (C) Canonical, Inc. See \n# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered \n# trademark of Canonical, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(91569);\n script_version(\"2.8\");\n script_cvs_date(\"Date: 2019/09/18 12:31:45\");\n\n script_cve_id(\"CVE-2015-8839\", \"CVE-2016-1583\", \"CVE-2016-2117\", \"CVE-2016-2187\", \"CVE-2016-3961\", \"CVE-2016-4485\", \"CVE-2016-4486\", \"CVE-2016-4558\", \"CVE-2016-4565\", \"CVE-2016-4581\");\n script_xref(name:\"USN\", value:\"3007-1\");\n\n script_name(english:\"Ubuntu 16.04 LTS : linux-raspi2 vulnerabilities (USN-3007-1)\");\n script_summary(english:\"Checks dpkg output for updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Ubuntu host is missing a security-related patch.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Justin Yackoski discovered that the Atheros L2 Ethernet Driver in the\nLinux kernel incorrectly enables scatter/gather I/O. A remote attacker\ncould use this to obtain potentially sensitive information from kernel\nmemory. (CVE-2016-2117)\n\nJann Horn discovered that eCryptfs improperly attempted to use the\nmmap() handler of a lower filesystem that did not implement one,\ncausing a recursive page fault to occur. A local unprivileged attacker\ncould use to cause a denial of service (system crash) or possibly\nexecute arbitrary code with administrative privileges. (CVE-2016-1583)\n\nMultiple race conditions where discovered in the Linux kernel's ext4\nfile system. A local user could exploit this flaw to cause a denial of\nservice (disk corruption) by writing to a page that is associated with\na different users file after unsynchronized hole punching and\npage-fault handling. (CVE-2015-8839)\n\nRalf Spenneberg discovered that the Linux kernel's GTCO digitizer USB\ndevice driver did not properly validate endpoint descriptors. An\nattacker with physical access could use this to cause a denial of\nservice (system crash). (CVE-2016-2187)\n\nVitaly Kuznetsov discovered that the Linux kernel did not properly\nsuppress hugetlbfs support in X86 paravirtualized guests. An attacker\nin the guest OS could cause a denial of service (guest system crash).\n(CVE-2016-3961)\n\nKangjie Lu discovered an information leak in the ANSI/IEEE 802.2 LLC\ntype 2 Support implementations in the Linux kernel. A local attacker\ncould use this to obtain potentially sensitive information from kernel\nmemory. (CVE-2016-4485)\n\nKangjie Lu discovered an information leak in the routing netlink\nsocket interface (rtnetlink) implementation in the Linux kernel. A\nlocal attacker could use this to obtain potentially sensitive\ninformation from kernel memory. (CVE-2016-4486)\n\nJann Horn discovered that the extended Berkeley Packet Filter (eBPF)\nimplementation in the Linux kernel could overflow reference counters\non systems with more than 32GB of physical ram and with RLIMIT_MEMLOCK\nset to infinite. A local unprivileged attacker could use to create a\nuse-after- free situation, causing a denial of service (system crash)\nor possibly gain administrative privileges. (CVE-2016-4558)\n\nJann Horn discovered that the InfiniBand interfaces within the Linux\nkernel could be coerced into overwriting kernel memory. A local\nunprivileged attacker could use this to possibly gain administrative\nprivileges on systems where InifiniBand related kernel modules are\nloaded. (CVE-2016-4565)\n\nIt was discovered that in some situations the Linux kernel did not\nhandle propagated mounts correctly. A local unprivileged attacker\ncould use this to cause a denial of service (system crash).\n(CVE-2016-4581).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://usn.ubuntu.com/3007-1/\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected linux-image-4.4-raspi2 package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-4.4-raspi2\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:16.04\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2016/04/15\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/06/10\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/06/10\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"Ubuntu Security Notice (C) 2016-2019 Canonical, Inc. / NASL script (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"linux_alt_patch_detect.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"ubuntu.inc\");\ninclude(\"ksplice.inc\");\n\nif ( ! get_kb_item(\"Host/local_checks_enabled\") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/Ubuntu/release\");\nif ( isnull(release) ) audit(AUDIT_OS_NOT, \"Ubuntu\");\nrelease = chomp(release);\nif (! preg(pattern:\"^(16\\.04)$\", string:release)) audit(AUDIT_OS_NOT, \"Ubuntu 16.04\", \"Ubuntu \" + release);\nif ( ! get_kb_item(\"Host/Debian/dpkg-l\") ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Ubuntu\", cpu);\n\nif (get_one_kb_item(\"Host/ksplice/kernel-cves\"))\n{\n rm_kb_item(name:\"Host/uptrack-uname-r\");\n cve_list = make_list(\"CVE-2015-8839\", \"CVE-2016-1583\", \"CVE-2016-2117\", \"CVE-2016-2187\", \"CVE-2016-3961\", \"CVE-2016-4485\", \"CVE-2016-4486\", \"CVE-2016-4558\", \"CVE-2016-4565\", \"CVE-2016-4581\");\n if (ksplice_cves_check(cve_list))\n {\n audit(AUDIT_PATCH_INSTALLED, \"KSplice hotfix for USN-3007-1\");\n }\n else\n {\n _ubuntu_report = ksplice_reporting_text();\n }\n}\n\nflag = 0;\n\nif (ubuntu_check(osver:\"16.04\", pkgname:\"linux-image-4.4.0-1012-raspi2\", pkgver:\"4.4.0-1012.16\")) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : ubuntu_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = ubuntu_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"linux-image-4.4-raspi2\");\n}\n", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-01-01T06:43:43", "description": "Justin Yackoski discovered that the Atheros L2 Ethernet Driver in the\nLinux kernel incorrectly enables scatter/gather I/O. A remote attacker\ncould use this to obtain potentially sensitive information from kernel\nmemory. (CVE-2016-2117)\n\nJason A. Donenfeld discovered multiple out-of-bounds reads in the OZMO\nUSB over wifi device drivers in the Linux kernel. A remote attacker\ncould use this to cause a denial of service (system crash) or obtain\npotentially sensitive information from kernel memory. (CVE-2015-4004)\n\nAndy Lutomirski discovered a race condition in the Linux kernel's\ntranslation lookaside buffer (TLB) handling of flush events. A local\nattacker could use this to cause a denial of service or possibly leak\nsensitive information. (CVE-2016-2069)\n\nRalf Spenneberg discovered that the Linux kernel's GTCO digitizer USB\ndevice driver did not properly validate endpoint descriptors. An\nattacker with physical access could use this to cause a denial of\nservice (system crash). (CVE-2016-2187)\n\nHector Marco and Ismael Ripoll discovered that the Linux kernel would\nimproperly disable Address Space Layout Randomization (ASLR) for x86\nprocesses running in 32 bit mode if stack-consumption resource limits\nwere disabled. A local attacker could use this to make it easier to\nexploit an existing vulnerability in a setuid/setgid program.\n(CVE-2016-3672)\n\nAndrey Konovalov discovered that the CDC Network Control Model USB\ndriver in the Linux kernel did not cancel work events queued if a\nlater error occurred, resulting in a use-after-free. An attacker with\nphysical access could use this to cause a denial of service (system\ncrash). (CVE-2016-3951)\n\nIt was discovered that an out-of-bounds write could occur when\nhandling incoming packets in the USB/IP implementation in the Linux\nkernel. A remote attacker could use this to cause a denial of service\n(system crash) or possibly execute arbitrary code. (CVE-2016-3955)\n\nKangjie Lu discovered an information leak in the ANSI/IEEE 802.2 LLC\ntype 2 Support implementations in the Linux kernel. A local attacker\ncould use this to obtain potentially sensitive information from kernel\nmemory. (CVE-2016-4485)\n\nKangjie Lu discovered an information leak in the routing netlink\nsocket interface (rtnetlink) implementation in the Linux kernel. A\nlocal attacker could use this to obtain potentially sensitive\ninformation from kernel memory. (CVE-2016-4486)\n\nIt was discovered that in some situations the Linux kernel did not\nhandle propagated mounts correctly. A local unprivileged attacker\ncould use this to cause a denial of service (system crash).\n(CVE-2016-4581).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "edition": 28, "cvss3": {"score": 9.8, "vector": "AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2016-06-01T00:00:00", "title": "Ubuntu 14.04 LTS : linux vulnerabilities (USN-2989-1)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2016-2069", "CVE-2016-4581", "CVE-2016-4486", "CVE-2015-4004", "CVE-2016-2187", "CVE-2016-3951", "CVE-2016-3955", "CVE-2016-4485", "CVE-2016-2117", "CVE-2016-3672"], "modified": "2021-01-02T00:00:00", "cpe": ["p-cpe:/a:canonical:ubuntu_linux:linux-image-3.13-generic", "p-cpe:/a:canonical:ubuntu_linux:linux-image-3.13-generic-lpae", "p-cpe:/a:canonical:ubuntu_linux:linux-image-3.13-lowlatency", "cpe:/o:canonical:ubuntu_linux:14.04"], "id": "UBUNTU_USN-2989-1.NASL", "href": "https://www.tenable.com/plugins/nessus/91425", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-2989-1. The text \n# itself is copyright (C) Canonical, Inc. See \n# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered \n# trademark of Canonical, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(91425);\n script_version(\"2.11\");\n script_cvs_date(\"Date: 2019/09/18 12:31:45\");\n\n script_cve_id(\"CVE-2015-4004\", \"CVE-2016-2069\", \"CVE-2016-2117\", \"CVE-2016-2187\", \"CVE-2016-3672\", \"CVE-2016-3951\", \"CVE-2016-3955\", \"CVE-2016-4485\", \"CVE-2016-4486\", \"CVE-2016-4581\");\n script_xref(name:\"USN\", value:\"2989-1\");\n\n script_name(english:\"Ubuntu 14.04 LTS : linux vulnerabilities (USN-2989-1)\");\n script_summary(english:\"Checks dpkg output for updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Ubuntu host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Justin Yackoski discovered that the Atheros L2 Ethernet Driver in the\nLinux kernel incorrectly enables scatter/gather I/O. A remote attacker\ncould use this to obtain potentially sensitive information from kernel\nmemory. (CVE-2016-2117)\n\nJason A. Donenfeld discovered multiple out-of-bounds reads in the OZMO\nUSB over wifi device drivers in the Linux kernel. A remote attacker\ncould use this to cause a denial of service (system crash) or obtain\npotentially sensitive information from kernel memory. (CVE-2015-4004)\n\nAndy Lutomirski discovered a race condition in the Linux kernel's\ntranslation lookaside buffer (TLB) handling of flush events. A local\nattacker could use this to cause a denial of service or possibly leak\nsensitive information. (CVE-2016-2069)\n\nRalf Spenneberg discovered that the Linux kernel's GTCO digitizer USB\ndevice driver did not properly validate endpoint descriptors. An\nattacker with physical access could use this to cause a denial of\nservice (system crash). (CVE-2016-2187)\n\nHector Marco and Ismael Ripoll discovered that the Linux kernel would\nimproperly disable Address Space Layout Randomization (ASLR) for x86\nprocesses running in 32 bit mode if stack-consumption resource limits\nwere disabled. A local attacker could use this to make it easier to\nexploit an existing vulnerability in a setuid/setgid program.\n(CVE-2016-3672)\n\nAndrey Konovalov discovered that the CDC Network Control Model USB\ndriver in the Linux kernel did not cancel work events queued if a\nlater error occurred, resulting in a use-after-free. An attacker with\nphysical access could use this to cause a denial of service (system\ncrash). (CVE-2016-3951)\n\nIt was discovered that an out-of-bounds write could occur when\nhandling incoming packets in the USB/IP implementation in the Linux\nkernel. A remote attacker could use this to cause a denial of service\n(system crash) or possibly execute arbitrary code. (CVE-2016-3955)\n\nKangjie Lu discovered an information leak in the ANSI/IEEE 802.2 LLC\ntype 2 Support implementations in the Linux kernel. A local attacker\ncould use this to obtain potentially sensitive information from kernel\nmemory. (CVE-2016-4485)\n\nKangjie Lu discovered an information leak in the routing netlink\nsocket interface (rtnetlink) implementation in the Linux kernel. A\nlocal attacker could use this to obtain potentially sensitive\ninformation from kernel memory. (CVE-2016-4486)\n\nIt was discovered that in some situations the Linux kernel did not\nhandle propagated mounts correctly. A local unprivileged attacker\ncould use this to cause a denial of service (system crash).\n(CVE-2016-4581).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://usn.ubuntu.com/2989-1/\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"Update the affected linux-image-3.13-generic,\nlinux-image-3.13-generic-lpae and / or linux-image-3.13-lowlatency\npackages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-3.13-generic\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-3.13-generic-lpae\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-3.13-lowlatency\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:14.04\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2015/06/07\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/06/01\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/06/01\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"Ubuntu Security Notice (C) 2016-2019 Canonical, Inc. / NASL script (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"linux_alt_patch_detect.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"ubuntu.inc\");\ninclude(\"ksplice.inc\");\n\nif ( ! get_kb_item(\"Host/local_checks_enabled\") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/Ubuntu/release\");\nif ( isnull(release) ) audit(AUDIT_OS_NOT, \"Ubuntu\");\nrelease = chomp(release);\nif (! preg(pattern:\"^(14\\.04)$\", string:release)) audit(AUDIT_OS_NOT, \"Ubuntu 14.04\", \"Ubuntu \" + release);\nif ( ! get_kb_item(\"Host/Debian/dpkg-l\") ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Ubuntu\", cpu);\n\nif (get_one_kb_item(\"Host/ksplice/kernel-cves\"))\n{\n rm_kb_item(name:\"Host/uptrack-uname-r\");\n cve_list = make_list(\"CVE-2015-4004\", \"CVE-2016-2069\", \"CVE-2016-2117\", \"CVE-2016-2187\", \"CVE-2016-3672\", \"CVE-2016-3951\", \"CVE-2016-3955\", \"CVE-2016-4485\", \"CVE-2016-4486\", \"CVE-2016-4581\");\n if (ksplice_cves_check(cve_list))\n {\n audit(AUDIT_PATCH_INSTALLED, \"KSplice hotfix for USN-2989-1\");\n }\n else\n {\n _ubuntu_report = ksplice_reporting_text();\n }\n}\n\nflag = 0;\n\nif (ubuntu_check(osver:\"14.04\", pkgname:\"linux-image-3.13.0-87-generic\", pkgver:\"3.13.0-87.133\")) flag++;\nif (ubuntu_check(osver:\"14.04\", pkgname:\"linux-image-3.13.0-87-generic-lpae\", pkgver:\"3.13.0-87.133\")) flag++;\nif (ubuntu_check(osver:\"14.04\", pkgname:\"linux-image-3.13.0-87-lowlatency\", pkgver:\"3.13.0-87.133\")) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : ubuntu_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = ubuntu_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"linux-image-3.13-generic / linux-image-3.13-generic-lpae / etc\");\n}\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-01-01T06:43:46", "description": "Justin Yackoski discovered that the Atheros L2 Ethernet Driver in the\nLinux kernel incorrectly enables scatter/gather I/O. A remote attacker\ncould use this to obtain potentially sensitive information from kernel\nmemory. (CVE-2016-2117)\n\nJann Horn discovered that eCryptfs improperly attempted to use the\nmmap() handler of a lower filesystem that did not implement one,\ncausing a recursive page fault to occur. A local unprivileged attacker\ncould use to cause a denial of service (system crash) or possibly\nexecute arbitrary code with administrative privileges. (CVE-2016-1583)\n\nMultiple race conditions where discovered in the Linux kernel's ext4\nfile system. A local user could exploit this flaw to cause a denial of\nservice (disk corruption) by writing to a page that is associated with\na different users file after unsynchronized hole punching and\npage-fault handling. (CVE-2015-8839)\n\nRalf Spenneberg discovered that the Linux kernel's GTCO digitizer USB\ndevice driver did not properly validate endpoint descriptors. An\nattacker with physical access could use this to cause a denial of\nservice (system crash). (CVE-2016-2187)\n\nVitaly Kuznetsov discovered that the Linux kernel did not properly\nsuppress hugetlbfs support in X86 paravirtualized guests. An attacker\nin the guest OS could cause a denial of service (guest system crash).\n(CVE-2016-3961)\n\nKangjie Lu discovered an information leak in the ANSI/IEEE 802.2 LLC\ntype 2 Support implementations in the Linux kernel. A local attacker\ncould use this to obtain potentially sensitive information from kernel\nmemory. (CVE-2016-4485)\n\nKangjie Lu discovered an information leak in the routing netlink\nsocket interface (rtnetlink) implementation in the Linux kernel. A\nlocal attacker could use this to obtain potentially sensitive\ninformation from kernel memory. (CVE-2016-4486)\n\nJann Horn discovered that the extended Berkeley Packet Filter (eBPF)\nimplementation in the Linux kernel could overflow reference counters\non systems with more than 32GB of physical ram and with RLIMIT_MEMLOCK\nset to infinite. A local unprivileged attacker could use to create a\nuse-after- free situation, causing a denial of service (system crash)\nor possibly gain administrative privileges. (CVE-2016-4558)\n\nJann Horn discovered that the InfiniBand interfaces within the Linux\nkernel could be coerced into overwriting kernel memory. A local\nunprivileged attacker could use this to possibly gain administrative\nprivileges on systems where InifiniBand related kernel modules are\nloaded. (CVE-2016-4565)\n\nIt was discovered that in some situations the Linux kernel did not\nhandle propagated mounts correctly. A local unprivileged attacker\ncould use this to cause a denial of service (system crash).\n(CVE-2016-4581).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "edition": 28, "cvss3": {"score": 7.8, "vector": "AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"}, "published": "2016-06-10T00:00:00", "title": "Ubuntu 14.04 LTS : linux-lts-xenial vulnerabilities (USN-3005-1)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2016-3961", "CVE-2016-4581", "CVE-2015-8839", "CVE-2016-4486", "CVE-2016-2187", "CVE-2016-1583", "CVE-2016-4558", "CVE-2016-4485", "CVE-2016-2117", "CVE-2016-4565"], "modified": "2021-01-02T00:00:00", "cpe": ["p-cpe:/a:canonical:ubuntu_linux:linux-image-4.4-lowlatency", "p-cpe:/a:canonical:ubuntu_linux:linux-image-4.4-generic-lpae", "p-cpe:/a:canonical:ubuntu_linux:linux-image-4.4-generic", "cpe:/o:canonical:ubuntu_linux:14.04"], "id": "UBUNTU_USN-3005-1.NASL", "href": "https://www.tenable.com/plugins/nessus/91567", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-3005-1. The text \n# itself is copyright (C) Canonical, Inc. See \n# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered \n# trademark of Canonical, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(91567);\n script_version(\"2.11\");\n script_cvs_date(\"Date: 2019/09/18 12:31:45\");\n\n script_cve_id(\"CVE-2015-8839\", \"CVE-2016-1583\", \"CVE-2016-2117\", \"CVE-2016-2187\", \"CVE-2016-3961\", \"CVE-2016-4485\", \"CVE-2016-4486\", \"CVE-2016-4558\", \"CVE-2016-4565\", \"CVE-2016-4581\");\n script_xref(name:\"USN\", value:\"3005-1\");\n\n script_name(english:\"Ubuntu 14.04 LTS : linux-lts-xenial vulnerabilities (USN-3005-1)\");\n script_summary(english:\"Checks dpkg output for updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Ubuntu host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Justin Yackoski discovered that the Atheros L2 Ethernet Driver in the\nLinux kernel incorrectly enables scatter/gather I/O. A remote attacker\ncould use this to obtain potentially sensitive information from kernel\nmemory. (CVE-2016-2117)\n\nJann Horn discovered that eCryptfs improperly attempted to use the\nmmap() handler of a lower filesystem that did not implement one,\ncausing a recursive page fault to occur. A local unprivileged attacker\ncould use to cause a denial of service (system crash) or possibly\nexecute arbitrary code with administrative privileges. (CVE-2016-1583)\n\nMultiple race conditions where discovered in the Linux kernel's ext4\nfile system. A local user could exploit this flaw to cause a denial of\nservice (disk corruption) by writing to a page that is associated with\na different users file after unsynchronized hole punching and\npage-fault handling. (CVE-2015-8839)\n\nRalf Spenneberg discovered that the Linux kernel's GTCO digitizer USB\ndevice driver did not properly validate endpoint descriptors. An\nattacker with physical access could use this to cause a denial of\nservice (system crash). (CVE-2016-2187)\n\nVitaly Kuznetsov discovered that the Linux kernel did not properly\nsuppress hugetlbfs support in X86 paravirtualized guests. An attacker\nin the guest OS could cause a denial of service (guest system crash).\n(CVE-2016-3961)\n\nKangjie Lu discovered an information leak in the ANSI/IEEE 802.2 LLC\ntype 2 Support implementations in the Linux kernel. A local attacker\ncould use this to obtain potentially sensitive information from kernel\nmemory. (CVE-2016-4485)\n\nKangjie Lu discovered an information leak in the routing netlink\nsocket interface (rtnetlink) implementation in the Linux kernel. A\nlocal attacker could use this to obtain potentially sensitive\ninformation from kernel memory. (CVE-2016-4486)\n\nJann Horn discovered that the extended Berkeley Packet Filter (eBPF)\nimplementation in the Linux kernel could overflow reference counters\non systems with more than 32GB of physical ram and with RLIMIT_MEMLOCK\nset to infinite. A local unprivileged attacker could use to create a\nuse-after- free situation, causing a denial of service (system crash)\nor possibly gain administrative privileges. (CVE-2016-4558)\n\nJann Horn discovered that the InfiniBand interfaces within the Linux\nkernel could be coerced into overwriting kernel memory. A local\nunprivileged attacker could use this to possibly gain administrative\nprivileges on systems where InifiniBand related kernel modules are\nloaded. (CVE-2016-4565)\n\nIt was discovered that in some situations the Linux kernel did not\nhandle propagated mounts correctly. A local unprivileged attacker\ncould use this to cause a denial of service (system crash).\n(CVE-2016-4581).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://usn.ubuntu.com/3005-1/\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"Update the affected linux-image-4.4-generic,\nlinux-image-4.4-generic-lpae and / or linux-image-4.4-lowlatency\npackages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-4.4-generic\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-4.4-generic-lpae\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-4.4-lowlatency\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:14.04\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2016/04/15\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/06/10\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/06/10\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"Ubuntu Security Notice (C) 2016-2019 Canonical, Inc. / NASL script (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"linux_alt_patch_detect.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"ubuntu.inc\");\ninclude(\"ksplice.inc\");\n\nif ( ! get_kb_item(\"Host/local_checks_enabled\") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/Ubuntu/release\");\nif ( isnull(release) ) audit(AUDIT_OS_NOT, \"Ubuntu\");\nrelease = chomp(release);\nif (! preg(pattern:\"^(14\\.04)$\", string:release)) audit(AUDIT_OS_NOT, \"Ubuntu 14.04\", \"Ubuntu \" + release);\nif ( ! get_kb_item(\"Host/Debian/dpkg-l\") ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Ubuntu\", cpu);\n\nif (get_one_kb_item(\"Host/ksplice/kernel-cves\"))\n{\n rm_kb_item(name:\"Host/uptrack-uname-r\");\n cve_list = make_list(\"CVE-2015-8839\", \"CVE-2016-1583\", \"CVE-2016-2117\", \"CVE-2016-2187\", \"CVE-2016-3961\", \"CVE-2016-4485\", \"CVE-2016-4486\", \"CVE-2016-4558\", \"CVE-2016-4565\", \"CVE-2016-4581\");\n if (ksplice_cves_check(cve_list))\n {\n audit(AUDIT_PATCH_INSTALLED, \"KSplice hotfix for USN-3005-1\");\n }\n else\n {\n _ubuntu_report = ksplice_reporting_text();\n }\n}\n\nflag = 0;\n\nif (ubuntu_check(osver:\"14.04\", pkgname:\"linux-image-4.4.0-24-generic\", pkgver:\"4.4.0-24.43~14.04.1\")) flag++;\nif (ubuntu_check(osver:\"14.04\", pkgname:\"linux-image-4.4.0-24-generic-lpae\", pkgver:\"4.4.0-24.43~14.04.1\")) flag++;\nif (ubuntu_check(osver:\"14.04\", pkgname:\"linux-image-4.4.0-24-lowlatency\", pkgver:\"4.4.0-24.43~14.04.1\")) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : ubuntu_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = ubuntu_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"linux-image-4.4-generic / linux-image-4.4-generic-lpae / etc\");\n}\n", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-01-01T06:43:46", "description": "Justin Yackoski discovered that the Atheros L2 Ethernet Driver in the\nLinux kernel incorrectly enables scatter/gather I/O. A remote attacker\ncould use this to obtain potentially sensitive information from kernel\nmemory. (CVE-2016-2117)\n\nJann Horn discovered that eCryptfs improperly attempted to use the\nmmap() handler of a lower filesystem that did not implement one,\ncausing a recursive page fault to occur. A local unprivileged attacker\ncould use to cause a denial of service (system crash) or possibly\nexecute arbitrary code with administrative privileges. (CVE-2016-1583)\n\nMultiple race conditions where discovered in the Linux kernel's ext4\nfile system. A local user could exploit this flaw to cause a denial of\nservice (disk corruption) by writing to a page that is associated with\na different users file after unsynchronized hole punching and\npage-fault handling. (CVE-2015-8839)\n\nRalf Spenneberg discovered that the Linux kernel's GTCO digitizer USB\ndevice driver did not properly validate endpoint descriptors. An\nattacker with physical access could use this to cause a denial of\nservice (system crash). (CVE-2016-2187)\n\nVitaly Kuznetsov discovered that the Linux kernel did not properly\nsuppress hugetlbfs support in X86 paravirtualized guests. An attacker\nin the guest OS could cause a denial of service (guest system crash).\n(CVE-2016-3961)\n\nKangjie Lu discovered an information leak in the ANSI/IEEE 802.2 LLC\ntype 2 Support implementations in the Linux kernel. A local attacker\ncould use this to obtain potentially sensitive information from kernel\nmemory. (CVE-2016-4485)\n\nKangjie Lu discovered an information leak in the routing netlink\nsocket interface (rtnetlink) implementation in the Linux kernel. A\nlocal attacker could use this to obtain potentially sensitive\ninformation from kernel memory. (CVE-2016-4486)\n\nJann Horn discovered that the extended Berkeley Packet Filter (eBPF)\nimplementation in the Linux kernel could overflow reference counters\non systems with more than 32GB of physical ram and with RLIMIT_MEMLOCK\nset to infinite. A local unprivileged attacker could use to create a\nuse-after- free situation, causing a denial of service (system crash)\nor possibly gain administrative privileges. (CVE-2016-4558)\n\nJann Horn discovered that the InfiniBand interfaces within the Linux\nkernel could be coerced into overwriting kernel memory. A local\nunprivileged attacker could use this to possibly gain administrative\nprivileges on systems where InifiniBand related kernel modules are\nloaded. (CVE-2016-4565)\n\nIt was discovered that in some situations the Linux kernel did not\nhandle propagated mounts correctly. A local unprivileged attacker\ncould use this to cause a denial of service (system crash).\n(CVE-2016-4581).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "edition": 28, "cvss3": {"score": 7.8, "vector": "AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"}, "published": "2016-06-10T00:00:00", "title": "Ubuntu 16.04 LTS : linux vulnerabilities (USN-3006-1)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2016-3961", "CVE-2016-4581", "CVE-2015-8839", "CVE-2016-4486", "CVE-2016-2187", "CVE-2016-1583", "CVE-2016-4558", "CVE-2016-4485", "CVE-2016-2117", "CVE-2016-4565"], "modified": "2021-01-02T00:00:00", "cpe": ["p-cpe:/a:canonical:ubuntu_linux:linux-image-4.4-lowlatency", "cpe:/o:canonical:ubuntu_linux:16.04", "p-cpe:/a:canonical:ubuntu_linux:linux-image-4.4-generic-lpae", "p-cpe:/a:canonical:ubuntu_linux:linux-image-4.4-generic"], "id": "UBUNTU_USN-3006-1.NASL", "href": "https://www.tenable.com/plugins/nessus/91568", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-3006-1. The text \n# itself is copyright (C) Canonical, Inc. See \n# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered \n# trademark of Canonical, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(91568);\n script_version(\"2.11\");\n script_cvs_date(\"Date: 2019/09/18 12:31:45\");\n\n script_cve_id(\"CVE-2015-8839\", \"CVE-2016-1583\", \"CVE-2016-2117\", \"CVE-2016-2187\", \"CVE-2016-3961\", \"CVE-2016-4485\", \"CVE-2016-4486\", \"CVE-2016-4558\", \"CVE-2016-4565\", \"CVE-2016-4581\");\n script_xref(name:\"USN\", value:\"3006-1\");\n\n script_name(english:\"Ubuntu 16.04 LTS : linux vulnerabilities (USN-3006-1)\");\n script_summary(english:\"Checks dpkg output for updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Ubuntu host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Justin Yackoski discovered that the Atheros L2 Ethernet Driver in the\nLinux kernel incorrectly enables scatter/gather I/O. A remote attacker\ncould use this to obtain potentially sensitive information from kernel\nmemory. (CVE-2016-2117)\n\nJann Horn discovered that eCryptfs improperly attempted to use the\nmmap() handler of a lower filesystem that did not implement one,\ncausing a recursive page fault to occur. A local unprivileged attacker\ncould use to cause a denial of service (system crash) or possibly\nexecute arbitrary code with administrative privileges. (CVE-2016-1583)\n\nMultiple race conditions where discovered in the Linux kernel's ext4\nfile system. A local user could exploit this flaw to cause a denial of\nservice (disk corruption) by writing to a page that is associated with\na different users file after unsynchronized hole punching and\npage-fault handling. (CVE-2015-8839)\n\nRalf Spenneberg discovered that the Linux kernel's GTCO digitizer USB\ndevice driver did not properly validate endpoint descriptors. An\nattacker with physical access could use this to cause a denial of\nservice (system crash). (CVE-2016-2187)\n\nVitaly Kuznetsov discovered that the Linux kernel did not properly\nsuppress hugetlbfs support in X86 paravirtualized guests. An attacker\nin the guest OS could cause a denial of service (guest system crash).\n(CVE-2016-3961)\n\nKangjie Lu discovered an information leak in the ANSI/IEEE 802.2 LLC\ntype 2 Support implementations in the Linux kernel. A local attacker\ncould use this to obtain potentially sensitive information from kernel\nmemory. (CVE-2016-4485)\n\nKangjie Lu discovered an information leak in the routing netlink\nsocket interface (rtnetlink) implementation in the Linux kernel. A\nlocal attacker could use this to obtain potentially sensitive\ninformation from kernel memory. (CVE-2016-4486)\n\nJann Horn discovered that the extended Berkeley Packet Filter (eBPF)\nimplementation in the Linux kernel could overflow reference counters\non systems with more than 32GB of physical ram and with RLIMIT_MEMLOCK\nset to infinite. A local unprivileged attacker could use to create a\nuse-after- free situation, causing a denial of service (system crash)\nor possibly gain administrative privileges. (CVE-2016-4558)\n\nJann Horn discovered that the InfiniBand interfaces within the Linux\nkernel could be coerced into overwriting kernel memory. A local\nunprivileged attacker could use this to possibly gain administrative\nprivileges on systems where InifiniBand related kernel modules are\nloaded. (CVE-2016-4565)\n\nIt was discovered that in some situations the Linux kernel did not\nhandle propagated mounts correctly. A local unprivileged attacker\ncould use this to cause a denial of service (system crash).\n(CVE-2016-4581).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://usn.ubuntu.com/3006-1/\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"Update the affected linux-image-4.4-generic,\nlinux-image-4.4-generic-lpae and / or linux-image-4.4-lowlatency\npackages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-4.4-generic\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-4.4-generic-lpae\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-4.4-lowlatency\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:16.04\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2016/04/15\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/06/10\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/06/10\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"Ubuntu Security Notice (C) 2016-2019 Canonical, Inc. / NASL script (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"linux_alt_patch_detect.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"ubuntu.inc\");\ninclude(\"ksplice.inc\");\n\nif ( ! get_kb_item(\"Host/local_checks_enabled\") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/Ubuntu/release\");\nif ( isnull(release) ) audit(AUDIT_OS_NOT, \"Ubuntu\");\nrelease = chomp(release);\nif (! preg(pattern:\"^(16\\.04)$\", string:release)) audit(AUDIT_OS_NOT, \"Ubuntu 16.04\", \"Ubuntu \" + release);\nif ( ! get_kb_item(\"Host/Debian/dpkg-l\") ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Ubuntu\", cpu);\n\nif (get_one_kb_item(\"Host/ksplice/kernel-cves\"))\n{\n rm_kb_item(name:\"Host/uptrack-uname-r\");\n cve_list = make_list(\"CVE-2015-8839\", \"CVE-2016-1583\", \"CVE-2016-2117\", \"CVE-2016-2187\", \"CVE-2016-3961\", \"CVE-2016-4485\", \"CVE-2016-4486\", \"CVE-2016-4558\", \"CVE-2016-4565\", \"CVE-2016-4581\");\n if (ksplice_cves_check(cve_list))\n {\n audit(AUDIT_PATCH_INSTALLED, \"KSplice hotfix for USN-3006-1\");\n }\n else\n {\n _ubuntu_report = ksplice_reporting_text();\n }\n}\n\nflag = 0;\n\nif (ubuntu_check(osver:\"16.04\", pkgname:\"linux-image-4.4.0-24-generic\", pkgver:\"4.4.0-24.43\")) flag++;\nif (ubuntu_check(osver:\"16.04\", pkgname:\"linux-image-4.4.0-24-generic-lpae\", pkgver:\"4.4.0-24.43\")) flag++;\nif (ubuntu_check(osver:\"16.04\", pkgname:\"linux-image-4.4.0-24-lowlatency\", pkgver:\"4.4.0-24.43\")) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : ubuntu_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = ubuntu_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"linux-image-4.4-generic / linux-image-4.4-generic-lpae / etc\");\n}\n", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-01-01T06:43:44", "description": "Justin Yackoski discovered that the Atheros L2 Ethernet Driver in the\nLinux kernel incorrectly enables scatter/gather I/O. A remote attacker\ncould use this to obtain potentially sensitive information from kernel\nmemory. (CVE-2016-2117)\n\nJann Horn discovered that eCryptfs improperly attempted to use the\nmmap() handler of a lower filesystem that did not implement one,\ncausing a recursive page fault to occur. A local unprivileged attacker\ncould use to cause a denial of service (system crash) or possibly\nexecute arbitrary code with administrative privileges. (CVE-2016-1583)\n\nJason A. Donenfeld discovered multiple out-of-bounds reads in the OZMO\nUSB over wifi device drivers in the Linux kernel. A remote attacker\ncould use this to cause a denial of service (system crash) or obtain\npotentially sensitive information from kernel memory. (CVE-2015-4004)\n\nAndy Lutomirski discovered a race condition in the Linux kernel's\ntranslation lookaside buffer (TLB) handling of flush events. A local\nattacker could use this to cause a denial of service or possibly leak\nsensitive information. (CVE-2016-2069)\n\nRalf Spenneberg discovered that the Linux kernel's GTCO digitizer USB\ndevice driver did not properly validate endpoint descriptors. An\nattacker with physical access could use this to cause a denial of\nservice (system crash). (CVE-2016-2187)\n\nHector Marco and Ismael Ripoll discovered that the Linux kernel would\nimproperly disable Address Space Layout Randomization (ASLR) for x86\nprocesses running in 32 bit mode if stack-consumption resource limits\nwere disabled. A local attacker could use this to make it easier to\nexploit an existing vulnerability in a setuid/setgid program.\n(CVE-2016-3672)\n\nAndrey Konovalov discovered that the CDC Network Control Model USB\ndriver in the Linux kernel did not cancel work events queued if a\nlater error occurred, resulting in a use-after-free. An attacker with\nphysical access could use this to cause a denial of service (system\ncrash). (CVE-2016-3951)\n\nIt was discovered that an out-of-bounds write could occur when\nhandling incoming packets in the USB/IP implementation in the Linux\nkernel. A remote attacker could use this to cause a denial of service\n(system crash) or possibly execute arbitrary code. (CVE-2016-3955)\n\nKangjie Lu discovered an information leak in the ANSI/IEEE 802.2 LLC\ntype 2 Support implementations in the Linux kernel. A local attacker\ncould use this to obtain potentially sensitive information from kernel\nmemory. (CVE-2016-4485)\n\nKangjie Lu discovered an information leak in the routing netlink\nsocket interface (rtnetlink) implementation in the Linux kernel. A\nlocal attacker could use this to obtain potentially sensitive\ninformation from kernel memory. (CVE-2016-4486)\n\nIt was discovered that in some situations the Linux kernel did not\nhandle propagated mounts correctly. A local unprivileged attacker\ncould use this to cause a denial of service (system crash).\n(CVE-2016-4581).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "edition": 28, "cvss3": {"score": 9.8, "vector": "AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2016-06-10T00:00:00", "title": "Ubuntu 12.04 LTS : linux-lts-trusty vulnerabilities (USN-2998-1)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2016-2069", "CVE-2016-4581", "CVE-2016-4486", "CVE-2015-4004", "CVE-2016-2187", "CVE-2016-1583", "CVE-2016-3951", "CVE-2016-3955", "CVE-2016-4485", "CVE-2016-2117", "CVE-2016-3672"], "modified": "2021-01-02T00:00:00", "cpe": ["p-cpe:/a:canonical:ubuntu_linux:linux-image-3.13-generic", "p-cpe:/a:canonical:ubuntu_linux:linux-image-3.13-generic-lpae", "cpe:/o:canonical:ubuntu_linux:12.04:-:lts"], "id": "UBUNTU_USN-2998-1.NASL", "href": "https://www.tenable.com/plugins/nessus/91560", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-2998-1. The text \n# itself is copyright (C) Canonical, Inc. See \n# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered \n# trademark of Canonical, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(91560);\n script_version(\"2.11\");\n script_cvs_date(\"Date: 2019/09/18 12:31:45\");\n\n script_cve_id(\"CVE-2015-4004\", \"CVE-2016-1583\", \"CVE-2016-2069\", \"CVE-2016-2117\", \"CVE-2016-2187\", \"CVE-2016-3672\", \"CVE-2016-3951\", \"CVE-2016-3955\", \"CVE-2016-4485\", \"CVE-2016-4486\", \"CVE-2016-4581\");\n script_xref(name:\"USN\", value:\"2998-1\");\n\n script_name(english:\"Ubuntu 12.04 LTS : linux-lts-trusty vulnerabilities (USN-2998-1)\");\n script_summary(english:\"Checks dpkg output for updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Ubuntu host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Justin Yackoski discovered that the Atheros L2 Ethernet Driver in the\nLinux kernel incorrectly enables scatter/gather I/O. A remote attacker\ncould use this to obtain potentially sensitive information from kernel\nmemory. (CVE-2016-2117)\n\nJann Horn discovered that eCryptfs improperly attempted to use the\nmmap() handler of a lower filesystem that did not implement one,\ncausing a recursive page fault to occur. A local unprivileged attacker\ncould use to cause a denial of service (system crash) or possibly\nexecute arbitrary code with administrative privileges. (CVE-2016-1583)\n\nJason A. Donenfeld discovered multiple out-of-bounds reads in the OZMO\nUSB over wifi device drivers in the Linux kernel. A remote attacker\ncould use this to cause a denial of service (system crash) or obtain\npotentially sensitive information from kernel memory. (CVE-2015-4004)\n\nAndy Lutomirski discovered a race condition in the Linux kernel's\ntranslation lookaside buffer (TLB) handling of flush events. A local\nattacker could use this to cause a denial of service or possibly leak\nsensitive information. (CVE-2016-2069)\n\nRalf Spenneberg discovered that the Linux kernel's GTCO digitizer USB\ndevice driver did not properly validate endpoint descriptors. An\nattacker with physical access could use this to cause a denial of\nservice (system crash). (CVE-2016-2187)\n\nHector Marco and Ismael Ripoll discovered that the Linux kernel would\nimproperly disable Address Space Layout Randomization (ASLR) for x86\nprocesses running in 32 bit mode if stack-consumption resource limits\nwere disabled. A local attacker could use this to make it easier to\nexploit an existing vulnerability in a setuid/setgid program.\n(CVE-2016-3672)\n\nAndrey Konovalov discovered that the CDC Network Control Model USB\ndriver in the Linux kernel did not cancel work events queued if a\nlater error occurred, resulting in a use-after-free. An attacker with\nphysical access could use this to cause a denial of service (system\ncrash). (CVE-2016-3951)\n\nIt was discovered that an out-of-bounds write could occur when\nhandling incoming packets in the USB/IP implementation in the Linux\nkernel. A remote attacker could use this to cause a denial of service\n(system crash) or possibly execute arbitrary code. (CVE-2016-3955)\n\nKangjie Lu discovered an information leak in the ANSI/IEEE 802.2 LLC\ntype 2 Support implementations in the Linux kernel. A local attacker\ncould use this to obtain potentially sensitive information from kernel\nmemory. (CVE-2016-4485)\n\nKangjie Lu discovered an information leak in the routing netlink\nsocket interface (rtnetlink) implementation in the Linux kernel. A\nlocal attacker could use this to obtain potentially sensitive\ninformation from kernel memory. (CVE-2016-4486)\n\nIt was discovered that in some situations the Linux kernel did not\nhandle propagated mounts correctly. A local unprivileged attacker\ncould use this to cause a denial of service (system crash).\n(CVE-2016-4581).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://usn.ubuntu.com/2998-1/\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"Update the affected linux-image-3.13-generic and / or\nlinux-image-3.13-generic-lpae packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-3.13-generic\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-3.13-generic-lpae\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:12.04:-:lts\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2015/06/07\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/06/10\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/06/10\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"Ubuntu Security Notice (C) 2016-2019 Canonical, Inc. / NASL script (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"linux_alt_patch_detect.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"ubuntu.inc\");\ninclude(\"ksplice.inc\");\n\nif ( ! get_kb_item(\"Host/local_checks_enabled\") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/Ubuntu/release\");\nif ( isnull(release) ) audit(AUDIT_OS_NOT, \"Ubuntu\");\nrelease = chomp(release);\nif (! preg(pattern:\"^(12\\.04)$\", string:release)) audit(AUDIT_OS_NOT, \"Ubuntu 12.04\", \"Ubuntu \" + release);\nif ( ! get_kb_item(\"Host/Debian/dpkg-l\") ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Ubuntu\", cpu);\n\nif (get_one_kb_item(\"Host/ksplice/kernel-cves\"))\n{\n rm_kb_item(name:\"Host/uptrack-uname-r\");\n cve_list = make_list(\"CVE-2015-4004\", \"CVE-2016-1583\", \"CVE-2016-2069\", \"CVE-2016-2117\", \"CVE-2016-2187\", \"CVE-2016-3672\", \"CVE-2016-3951\", \"CVE-2016-3955\", \"CVE-2016-4485\", \"CVE-2016-4486\", \"CVE-2016-4581\");\n if (ksplice_cves_check(cve_list))\n {\n audit(AUDIT_PATCH_INSTALLED, \"KSplice hotfix for USN-2998-1\");\n }\n else\n {\n _ubuntu_report = ksplice_reporting_text();\n }\n}\n\nflag = 0;\n\nif (ubuntu_check(osver:\"12.04\", pkgname:\"linux-image-3.13.0-88-generic\", pkgver:\"3.13.0-88.135~precise1\")) flag++;\nif (ubuntu_check(osver:\"12.04\", pkgname:\"linux-image-3.13.0-88-generic-lpae\", pkgver:\"3.13.0-88.135~precise1\")) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : ubuntu_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = ubuntu_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"linux-image-3.13-generic / linux-image-3.13-generic-lpae\");\n}\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-01-01T06:43:46", "description": "Justin Yackoski discovered that the Atheros L2 Ethernet Driver in the\nLinux kernel incorrectly enables scatter/gather I/O. A remote attacker\ncould use this to obtain potentially sensitive information from kernel\nmemory. (CVE-2016-2117)\n\nJann Horn discovered that eCryptfs improperly attempted to use the\nmmap() handler of a lower filesystem that did not implement one,\ncausing a recursive page fault to occur. A local unprivileged attacker\ncould use to cause a denial of service (system crash) or possibly\nexecute arbitrary code with administrative privileges. (CVE-2016-1583)\n\nJason A. Donenfeld discovered multiple out-of-bounds reads in the OZMO\nUSB over wifi device drivers in the Linux kernel. A remote attacker\ncould use this to cause a denial of service (system crash) or obtain\npotentially sensitive information from kernel memory. (CVE-2015-4004)\n\nRalf Spenneberg discovered that the Linux kernel's GTCO digitizer USB\ndevice driver did not properly validate endpoint descriptors. An\nattacker with physical access could use this to cause a denial of\nservice (system crash). (CVE-2016-2187)\n\nHector Marco and Ismael Ripoll discovered that the Linux kernel would\nimproperly disable Address Space Layout Randomization (ASLR) for x86\nprocesses running in 32 bit mode if stack-consumption resource limits\nwere disabled. A local attacker could use this to make it easier to\nexploit an existing vulnerability in a setuid/setgid program.\n(CVE-2016-3672)\n\nAndrey Konovalov discovered that the CDC Network Control Model USB\ndriver in the Linux kernel did not cancel work events queued if a\nlater error occurred, resulting in a use-after-free. An attacker with\nphysical access could use this to cause a denial of service (system\ncrash). (CVE-2016-3951)\n\nIt was discovered that an out-of-bounds write could occur when\nhandling incoming packets in the USB/IP implementation in the Linux\nkernel. A remote attacker could use this to cause a denial of service\n(system crash) or possibly execute arbitrary code. (CVE-2016-3955)\n\nVitaly Kuznetsov discovered that the Linux kernel did not properly\nsuppress hugetlbfs support in X86 paravirtualized guests. An attacker\nin the guest OS could cause a denial of service (guest system crash).\n(CVE-2016-3961)\n\nKangjie Lu discovered an information leak in the ANSI/IEEE 802.2 LLC\ntype 2 Support implementations in the Linux kernel. A local attacker\ncould use this to obtain potentially sensitive information from kernel\nmemory. (CVE-2016-4485)\n\nKangjie Lu discovered an information leak in the routing netlink\nsocket interface (rtnetlink) implementation in the Linux kernel. A\nlocal attacker could use this to obtain potentially sensitive\ninformation from kernel memory. (CVE-2016-4486)\n\nJann Horn discovered that the InfiniBand interfaces within the Linux\nkernel could be coerced into overwriting kernel memory. A local\nunprivileged attacker could use this to possibly gain administrative\nprivileges on systems where InifiniBand related kernel modules are\nloaded. (CVE-2016-4565)\n\nIt was discovered that in some situations the Linux kernel did not\nhandle propagated mounts correctly. A local unprivileged attacker\ncould use this to cause a denial of service (system crash).\n(CVE-2016-4581).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "edition": 28, "cvss3": {"score": 9.8, "vector": "AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2016-06-10T00:00:00", "title": "Ubuntu 15.10 : linux vulnerabilities (USN-3003-1)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2016-3961", "CVE-2016-4581", "CVE-2016-4486", "CVE-2015-4004", "CVE-2016-2187", "CVE-2016-1583", "CVE-2016-3951", "CVE-2016-3955", "CVE-2016-4485", "CVE-2016-2117", "CVE-2016-4565", "CVE-2016-3672"], "modified": "2021-01-02T00:00:00", "cpe": ["p-cpe:/a:canonical:ubuntu_linux:linux-image-4.2-generic-lpae", "p-cpe:/a:canonical:ubuntu_linux:linux-image-4.2-generic", "cpe:/o:canonical:ubuntu_linux:15.10", "p-cpe:/a:canonical:ubuntu_linux:linux-image-4.2-lowlatency"], "id": "UBUNTU_USN-3003-1.NASL", "href": "https://www.tenable.com/plugins/nessus/91565", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-3003-1. The text \n# itself is copyright (C) Canonical, Inc. See \n# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered \n# trademark of Canonical, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(91565);\n script_version(\"2.11\");\n script_cvs_date(\"Date: 2019/09/18 12:31:45\");\n\n script_cve_id(\"CVE-2015-4004\", \"CVE-2016-1583\", \"CVE-2016-2117\", \"CVE-2016-2187\", \"CVE-2016-3672\", \"CVE-2016-3951\", \"CVE-2016-3955\", \"CVE-2016-3961\", \"CVE-2016-4485\", \"CVE-2016-4486\", \"CVE-2016-4565\", \"CVE-2016-4581\");\n script_xref(name:\"USN\", value:\"3003-1\");\n\n script_name(english:\"Ubuntu 15.10 : linux vulnerabilities (USN-3003-1)\");\n script_summary(english:\"Checks dpkg output for updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Ubuntu host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Justin Yackoski discovered that the Atheros L2 Ethernet Driver in the\nLinux kernel incorrectly enables scatter/gather I/O. A remote attacker\ncould use this to obtain potentially sensitive information from kernel\nmemory. (CVE-2016-2117)\n\nJann Horn discovered that eCryptfs improperly attempted to use the\nmmap() handler of a lower filesystem that did not implement one,\ncausing a recursive page fault to occur. A local unprivileged attacker\ncould use to cause a denial of service (system crash) or possibly\nexecute arbitrary code with administrative privileges. (CVE-2016-1583)\n\nJason A. Donenfeld discovered multiple out-of-bounds reads in the OZMO\nUSB over wifi device drivers in the Linux kernel. A remote attacker\ncould use this to cause a denial of service (system crash) or obtain\npotentially sensitive information from kernel memory. (CVE-2015-4004)\n\nRalf Spenneberg discovered that the Linux kernel's GTCO digitizer USB\ndevice driver did not properly validate endpoint descriptors. An\nattacker with physical access could use this to cause a denial of\nservice (system crash). (CVE-2016-2187)\n\nHector Marco and Ismael Ripoll discovered that the Linux kernel would\nimproperly disable Address Space Layout Randomization (ASLR) for x86\nprocesses running in 32 bit mode if stack-consumption resource limits\nwere disabled. A local attacker could use this to make it easier to\nexploit an existing vulnerability in a setuid/setgid program.\n(CVE-2016-3672)\n\nAndrey Konovalov discovered that the CDC Network Control Model USB\ndriver in the Linux kernel did not cancel work events queued if a\nlater error occurred, resulting in a use-after-free. An attacker with\nphysical access could use this to cause a denial of service (system\ncrash). (CVE-2016-3951)\n\nIt was discovered that an out-of-bounds write could occur when\nhandling incoming packets in the USB/IP implementation in the Linux\nkernel. A remote attacker could use this to cause a denial of service\n(system crash) or possibly execute arbitrary code. (CVE-2016-3955)\n\nVitaly Kuznetsov discovered that the Linux kernel did not properly\nsuppress hugetlbfs support in X86 paravirtualized guests. An attacker\nin the guest OS could cause a denial of service (guest system crash).\n(CVE-2016-3961)\n\nKangjie Lu discovered an information leak in the ANSI/IEEE 802.2 LLC\ntype 2 Support implementations in the Linux kernel. A local attacker\ncould use this to obtain potentially sensitive information from kernel\nmemory. (CVE-2016-4485)\n\nKangjie Lu discovered an information leak in the routing netlink\nsocket interface (rtnetlink) implementation in the Linux kernel. A\nlocal attacker could use this to obtain potentially sensitive\ninformation from kernel memory. (CVE-2016-4486)\n\nJann Horn discovered that the InfiniBand interfaces within the Linux\nkernel could be coerced into overwriting kernel memory. A local\nunprivileged attacker could use this to possibly gain administrative\nprivileges on systems where InifiniBand related kernel modules are\nloaded. (CVE-2016-4565)\n\nIt was discovered that in some situations the Linux kernel did not\nhandle propagated mounts correctly. A local unprivileged attacker\ncould use this to cause a denial of service (system crash).\n(CVE-2016-4581).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://usn.ubuntu.com/3003-1/\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"Update the affected linux-image-4.2-generic,\nlinux-image-4.2-generic-lpae and / or linux-image-4.2-lowlatency\npackages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-4.2-generic\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-4.2-generic-lpae\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-4.2-lowlatency\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:15.10\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2015/06/07\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/06/10\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/06/10\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"Ubuntu Security Notice (C) 2016-2019 Canonical, Inc. / NASL script (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"linux_alt_patch_detect.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"ubuntu.inc\");\ninclude(\"ksplice.inc\");\n\nif ( ! get_kb_item(\"Host/local_checks_enabled\") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/Ubuntu/release\");\nif ( isnull(release) ) audit(AUDIT_OS_NOT, \"Ubuntu\");\nrelease = chomp(release);\nif (! preg(pattern:\"^(15\\.10)$\", string:release)) audit(AUDIT_OS_NOT, \"Ubuntu 15.10\", \"Ubuntu \" + release);\nif ( ! get_kb_item(\"Host/Debian/dpkg-l\") ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Ubuntu\", cpu);\n\nif (get_one_kb_item(\"Host/ksplice/kernel-cves\"))\n{\n rm_kb_item(name:\"Host/uptrack-uname-r\");\n cve_list = make_list(\"CVE-2015-4004\", \"CVE-2016-1583\", \"CVE-2016-2117\", \"CVE-2016-2187\", \"CVE-2016-3672\", \"CVE-2016-3951\", \"CVE-2016-3955\", \"CVE-2016-3961\", \"CVE-2016-4485\", \"CVE-2016-4486\", \"CVE-2016-4565\", \"CVE-2016-4581\");\n if (ksplice_cves_check(cve_list))\n {\n audit(AUDIT_PATCH_INSTALLED, \"KSplice hotfix for USN-3003-1\");\n }\n else\n {\n _ubuntu_report = ksplice_reporting_text();\n }\n}\n\nflag = 0;\n\nif (ubuntu_check(osver:\"15.10\", pkgname:\"linux-image-4.2.0-38-generic\", pkgver:\"4.2.0-38.45\")) flag++;\nif (ubuntu_check(osver:\"15.10\", pkgname:\"linux-image-4.2.0-38-generic-lpae\", pkgver:\"4.2.0-38.45\")) flag++;\nif (ubuntu_check(osver:\"15.10\", pkgname:\"linux-image-4.2.0-38-lowlatency\", pkgver:\"4.2.0-38.45\")) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : ubuntu_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = ubuntu_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"linux-image-4.2-generic / linux-image-4.2-generic-lpae / etc\");\n}\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}], "amazon": [{"lastseen": "2020-11-10T12:36:01", "bulletinFamily": "unix", "cvelist": ["CVE-2016-3961", "CVE-2016-4581", "CVE-2016-4557", "CVE-2015-8839", "CVE-2016-4486", "CVE-2016-0758", "CVE-2016-4558", "CVE-2016-4485", "CVE-2016-4565"], "description": "**Issue Overview:**\n\nThe Linux kernel did not properly suppress hugetlbfs support in x86 PV guests, which could allow local PV guest users to cause a denial of service (guest OS crash) by attempting to access a hugetlbfs mapped area. ([CVE-2016-3961 __](<https://access.redhat.com/security/cve/CVE-2016-3961>) / XSA-174)\n\nA flaw was found in the way the Linux kernel&#x27;s ASN.1 DER decoder processed certain certificate files with tags of indefinite length. A local, unprivileged user could use a specially crafted X.509 certificate DER file to crash the system or, potentially, escalate their privileges on the system. ([CVE-2016-0758 __](<https://access.redhat.com/security/cve/CVE-2016-0758>))\n\nMultiple race conditions in the ext4 filesystem implementation in the Linux kernel before 4.5 allow local users to cause a denial of service (disk corruption) by writing to a page that is associated with a different user&#x27;s file after unsynchronized hole punching and page-fault handling. ([CVE-2015-8839 __](<https://access.redhat.com/security/cve/CVE-2015-8839>))\n\nThe following flaws were also fixed in this version:\n\n[CVE-2016-4557 __](<https://access.redhat.com/security/cve/CVE-2016-4557>): Use after free vulnerability via double fdput \n[CVE-2016-4581 __](<https://access.redhat.com/security/cve/CVE-2016-4581>): Slave being first propagated copy causes oops in propagate_mnt \n[CVE-2016-4486 __](<https://access.redhat.com/security/cve/CVE-2016-4486>): Information leak in rtnetlink \n[CVE-2016-4485 __](<https://access.redhat.com/security/cve/CVE-2016-4485>): Information leak in llc module \n[CVE-2016-4558 __](<https://access.redhat.com/security/cve/CVE-2016-4558>): bpf: refcnt overflow \n[CVE-2016-4565 __](<https://access.redhat.com/security/cve/CVE-2016-4565>): infiniband: Unprivileged process can overwrite kernel memory using rdma_ucm.ko \n[CVE-2016-0758 __](<https://access.redhat.com/security/cve/CVE-2016-0758>): tags with indefinite length can corrupt pointers in asn1_find_indefinite_length() \n[CVE-2015-8839 __](<https://access.redhat.com/security/cve/CVE-2015-8839>): ext4 filesystem page fault race condition with fallocate call. \n\n\n \n**Affected Packages:** \n\n\nkernel\n\n \n**Issue Correction:** \nRun _yum update kernel_ to update your system. \n\n\n \n\n\n**New Packages:**\n \n \n i686: \n perf-debuginfo-4.4.10-22.54.amzn1.i686 \n kernel-headers-4.4.10-22.54.amzn1.i686 \n kernel-tools-debuginfo-4.4.10-22.54.amzn1.i686 \n perf-4.4.10-22.54.amzn1.i686 \n kernel-4.4.10-22.54.amzn1.i686 \n kernel-debuginfo-common-i686-4.4.10-22.54.amzn1.i686 \n kernel-devel-4.4.10-22.54.amzn1.i686 \n kernel-tools-4.4.10-22.54.amzn1.i686 \n kernel-tools-devel-4.4.10-22.54.amzn1.i686 \n kernel-debuginfo-4.4.10-22.54.amzn1.i686 \n \n noarch: \n kernel-doc-4.4.10-22.54.amzn1.noarch \n \n src: \n kernel-4.4.10-22.54.amzn1.src \n \n x86_64: \n kernel-tools-4.4.10-22.54.amzn1.x86_64 \n perf-4.4.10-22.54.amzn1.x86_64 \n kernel-tools-debuginfo-4.4.10-22.54.amzn1.x86_64 \n perf-debuginfo-4.4.10-22.54.amzn1.x86_64 \n kernel-devel-4.4.10-22.54.amzn1.x86_64 \n kernel-4.4.10-22.54.amzn1.x86_64 \n kernel-headers-4.4.10-22.54.amzn1.x86_64 \n kernel-debuginfo-common-x86_64-4.4.10-22.54.amzn1.x86_64 \n kernel-debuginfo-4.4.10-22.54.amzn1.x86_64 \n kernel-tools-devel-4.4.10-22.54.amzn1.x86_64 \n \n \n", "edition": 4, "modified": "2016-05-18T14:00:00", "published": "2016-05-18T14:00:00", "id": "ALAS-2016-703", "href": "https://alas.aws.amazon.com/ALAS-2016-703.html", "title": "Medium: kernel", "type": "amazon", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}], "ubuntu": [{"lastseen": "2020-07-02T11:40:23", "bulletinFamily": "unix", "cvelist": ["CVE-2016-3961", "CVE-2016-4581", "CVE-2015-8839", "CVE-2016-4486", "CVE-2016-2187", "CVE-2016-1583", "CVE-2016-4558", "CVE-2016-4485", "CVE-2016-2117", "CVE-2016-4565"], "description": "Justin Yackoski discovered that the Atheros L2 Ethernet Driver in the Linux \nkernel incorrectly enables scatter/gather I/O. A remote attacker could use \nthis to obtain potentially sensitive information from kernel memory. \n(CVE-2016-2117)\n\nJann Horn discovered that eCryptfs improperly attempted to use the mmap() \nhandler of a lower filesystem that did not implement one, causing a \nrecursive page fault to occur. A local unprivileged attacker could use to \ncause a denial of service (system crash) or possibly execute arbitrary code \nwith administrative privileges. (CVE-2016-1583)\n\nMultiple race conditions where discovered in the Linux kernel's ext4 file \nsystem. A local user could exploit this flaw to cause a denial of service \n(disk corruption) by writing to a page that is associated with a different \nusers file after unsynchronized hole punching and page-fault handling. \n(CVE-2015-8839)\n\nRalf Spenneberg discovered that the Linux kernel's GTCO digitizer USB \ndevice driver did not properly validate endpoint descriptors. An attacker \nwith physical access could use this to cause a denial of service (system \ncrash). (CVE-2016-2187)\n\nVitaly Kuznetsov discovered that the Linux kernel did not properly suppress \nhugetlbfs support in X86 paravirtualized guests. An attacker in the guest \nOS could cause a denial of service (guest system crash). (CVE-2016-3961)\n\nKangjie Lu discovered an information leak in the ANSI/IEEE 802.2 LLC type 2 \nSupport implementations in the Linux kernel. A local attacker could use \nthis to obtain potentially sensitive information from kernel memory. \n(CVE-2016-4485)\n\nKangjie Lu discovered an information leak in the routing netlink socket \ninterface (rtnetlink) implementation in the Linux kernel. A local attacker \ncould use this to obtain potentially sensitive information from kernel \nmemory. (CVE-2016-4486)\n\nJann Horn discovered that the extended Berkeley Packet Filter (eBPF) \nimplementation in the Linux kernel could overflow reference counters on \nsystems with more than 32GB of physical ram and with RLIMIT_MEMLOCK set to \ninfinite. A local unprivileged attacker could use to create a use-after- \nfree situation, causing a denial of service (system crash) or possibly gain \nadministrative privileges. (CVE-2016-4558)\n\nJann Horn discovered that the InfiniBand interfaces within the Linux kernel \ncould be coerced into overwriting kernel memory. A local unprivileged \nattacker could use this to possibly gain administrative privileges on \nsystems where InifiniBand related kernel modules are loaded. \n(CVE-2016-4565)\n\nIt was discovered that in some situations the Linux kernel did not handle \npropagated mounts correctly. A local unprivileged attacker could use this \nto cause a denial of service (system crash). (CVE-2016-4581)", "edition": 5, "modified": "2016-06-10T00:00:00", "published": "2016-06-10T00:00:00", "id": "USN-3006-1", "href": "https://ubuntu.com/security/notices/USN-3006-1", "title": "Linux kernel vulnerabilities", "type": "ubuntu", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-07-02T11:42:24", "bulletinFamily": "unix", "cvelist": ["CVE-2016-3961", "CVE-2016-4581", "CVE-2015-8839", "CVE-2016-4486", "CVE-2016-2187", "CVE-2016-1583", "CVE-2016-4558", "CVE-2016-4485", "CVE-2016-2117", "CVE-2016-4565"], "description": "Justin Yackoski discovered that the Atheros L2 Ethernet Driver in the Linux \nkernel incorrectly enables scatter/gather I/O. A remote attacker could use \nthis to obtain potentially sensitive information from kernel memory. \n(CVE-2016-2117)\n\nJann Horn discovered that eCryptfs improperly attempted to use the mmap() \nhandler of a lower filesystem that did not implement one, causing a \nrecursive page fault to occur. A local unprivileged attacker could use to \ncause a denial of service (system crash) or possibly execute arbitrary code \nwith administrative privileges. (CVE-2016-1583)\n\nMultiple race conditions where discovered in the Linux kernel's ext4 file \nsystem. A local user could exploit this flaw to cause a denial of service \n(disk corruption) by writing to a page that is associated with a different \nusers file after unsynchronized hole punching and page-fault handling. \n(CVE-2015-8839)\n\nRalf Spenneberg discovered that the Linux kernel's GTCO digitizer USB \ndevice driver did not properly validate endpoint descriptors. An attacker \nwith physical access could use this to cause a denial of service (system \ncrash). (CVE-2016-2187)\n\nVitaly Kuznetsov discovered that the Linux kernel did not properly suppress \nhugetlbfs support in X86 paravirtualized guests. An attacker in the guest \nOS could cause a denial of service (guest system crash). (CVE-2016-3961)\n\nKangjie Lu discovered an information leak in the ANSI/IEEE 802.2 LLC type 2 \nSupport implementations in the Linux kernel. A local attacker could use \nthis to obtain potentially sensitive information from kernel memory. \n(CVE-2016-4485)\n\nKangjie Lu discovered an information leak in the routing netlink socket \ninterface (rtnetlink) implementation in the Linux kernel. A local attacker \ncould use this to obtain potentially sensitive information from kernel \nmemory. (CVE-2016-4486)\n\nJann Horn discovered that the extended Berkeley Packet Filter (eBPF) \nimplementation in the Linux kernel could overflow reference counters on \nsystems with more than 32GB of physical ram and with RLIMIT_MEMLOCK set to \ninfinite. A local unprivileged attacker could use to create a use-after- \nfree situation, causing a denial of service (system crash) or possibly gain \nadministrative privileges. (CVE-2016-4558)\n\nJann Horn discovered that the InfiniBand interfaces within the Linux kernel \ncould be coerced into overwriting kernel memory. A local unprivileged \nattacker could use this to possibly gain administrative privileges on \nsystems where InifiniBand related kernel modules are loaded. \n(CVE-2016-4565)\n\nIt was discovered that in some situations the Linux kernel did not handle \npropagated mounts correctly. A local unprivileged attacker could use this \nto cause a denial of service (system crash). (CVE-2016-4581)", "edition": 5, "modified": "2016-06-10T00:00:00", "published": "2016-06-10T00:00:00", "id": "USN-3005-1", "href": "https://ubuntu.com/security/notices/USN-3005-1", "title": "Linux kernel (Xenial HWE) vulnerabilities", "type": "ubuntu", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-07-02T11:44:16", "bulletinFamily": "unix", "cvelist": ["CVE-2016-3961", "CVE-2016-4581", "CVE-2015-8839", "CVE-2016-4486", "CVE-2016-2187", "CVE-2016-1583", "CVE-2016-4558", "CVE-2016-4485", "CVE-2016-2117", "CVE-2016-4565"], "description": "Justin Yackoski discovered that the Atheros L2 Ethernet Driver in the Linux \nkernel incorrectly enables scatter/gather I/O. A remote attacker could use \nthis to obtain potentially sensitive information from kernel memory. \n(CVE-2016-2117)\n\nJann Horn discovered that eCryptfs improperly attempted to use the mmap() \nhandler of a lower filesystem that did not implement one, causing a \nrecursive page fault to occur. A local unprivileged attacker could use to \ncause a denial of service (system crash) or possibly execute arbitrary code \nwith administrative privileges. (CVE-2016-1583)\n\nMultiple race conditions where discovered in the Linux kernel's ext4 file \nsystem. A local user could exploit this flaw to cause a denial of service \n(disk corruption) by writing to a page that is associated with a different \nusers file after unsynchronized hole punching and page-fault handling. \n(CVE-2015-8839)\n\nRalf Spenneberg discovered that the Linux kernel's GTCO digitizer USB \ndevice driver did not properly validate endpoint descriptors. An attacker \nwith physical access could use this to cause a denial of service (system \ncrash). (CVE-2016-2187)\n\nVitaly Kuznetsov discovered that the Linux kernel did not properly suppress \nhugetlbfs support in X86 paravirtualized guests. An attacker in the guest \nOS could cause a denial of service (guest system crash). (CVE-2016-3961)\n\nKangjie Lu discovered an information leak in the ANSI/IEEE 802.2 LLC type 2 \nSupport implementations in the Linux kernel. A local attacker could use \nthis to obtain potentially sensitive information from kernel memory. \n(CVE-2016-4485)\n\nKangjie Lu discovered an information leak in the routing netlink socket \ninterface (rtnetlink) implementation in the Linux kernel. A local attacker \ncould use this to obtain potentially sensitive information from kernel \nmemory. (CVE-2016-4486)\n\nJann Horn discovered that the extended Berkeley Packet Filter (eBPF) \nimplementation in the Linux kernel could overflow reference counters on \nsystems with more than 32GB of physical ram and with RLIMIT_MEMLOCK set to \ninfinite. A local unprivileged attacker could use to create a use-after- \nfree situation, causing a denial of service (system crash) or possibly gain \nadministrative privileges. (CVE-2016-4558)\n\nJann Horn discovered that the InfiniBand interfaces within the Linux kernel \ncould be coerced into overwriting kernel memory. A local unprivileged \nattacker could use this to possibly gain administrative privileges on \nsystems where InifiniBand related kernel modules are loaded. \n(CVE-2016-4565)\n\nIt was discovered that in some situations the Linux kernel did not handle \npropagated mounts correctly. A local unprivileged attacker could use this \nto cause a denial of service (system crash). (CVE-2016-4581)", "edition": 5, "modified": "2016-06-10T00:00:00", "published": "2016-06-10T00:00:00", "id": "USN-3007-1", "href": "https://ubuntu.com/security/notices/USN-3007-1", "title": "Linux kernel (Raspberry Pi 2) vulnerabilities", "type": "ubuntu", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-07-02T11:37:47", "bulletinFamily": "unix", "cvelist": ["CVE-2016-2069", "CVE-2016-4581", "CVE-2016-4486", "CVE-2015-4004", "CVE-2016-2187", "CVE-2016-3951", "CVE-2016-3955", "CVE-2016-4485", "CVE-2016-2117", "CVE-2016-3672"], "description": "Justin Yackoski discovered that the Atheros L2 Ethernet Driver in the Linux \nkernel incorrectly enables scatter/gather I/O. A remote attacker could use \nthis to obtain potentially sensitive information from kernel memory. \n(CVE-2016-2117)\n\nJason A. Donenfeld discovered multiple out-of-bounds reads in the OZMO USB \nover wifi device drivers in the Linux kernel. A remote attacker could use \nthis to cause a denial of service (system crash) or obtain potentially \nsensitive information from kernel memory. (CVE-2015-4004)\n\nAndy Lutomirski discovered a race condition in the Linux kernel's \ntranslation lookaside buffer (TLB) handling of flush events. A local \nattacker could use this to cause a denial of service or possibly leak \nsensitive information. (CVE-2016-2069)\n\nRalf Spenneberg discovered that the Linux kernel's GTCO digitizer USB \ndevice driver did not properly validate endpoint descriptors. An attacker \nwith physical access could use this to cause a denial of service (system \ncrash). (CVE-2016-2187)\n\nHector Marco and Ismael Ripoll discovered that the Linux kernel would \nimproperly disable Address Space Layout Randomization (ASLR) for x86 \nprocesses running in 32 bit mode if stack-consumption resource limits were \ndisabled. A local attacker could use this to make it easier to exploit an \nexisting vulnerability in a setuid/setgid program. (CVE-2016-3672)\n\nAndrey Konovalov discovered that the CDC Network Control Model USB driver \nin the Linux kernel did not cancel work events queued if a later error \noccurred, resulting in a use-after-free. An attacker with physical access \ncould use this to cause a denial of service (system crash). (CVE-2016-3951)\n\nIt was discovered that an out-of-bounds write could occur when handling \nincoming packets in the USB/IP implementation in the Linux kernel. A remote \nattacker could use this to cause a denial of service (system crash) or \npossibly execute arbitrary code. (CVE-2016-3955)\n\nKangjie Lu discovered an information leak in the ANSI/IEEE 802.2 LLC type 2 \nSupport implementations in the Linux kernel. A local attacker could use \nthis to obtain potentially sensitive information from kernel memory. \n(CVE-2016-4485)\n\nKangjie Lu discovered an information leak in the routing netlink socket \ninterface (rtnetlink) implementation in the Linux kernel. A local attacker \ncould use this to obtain potentially sensitive information from kernel \nmemory. (CVE-2016-4486)\n\nIt was discovered that in some situations the Linux kernel did not handle \npropagated mounts correctly. A local unprivileged attacker could use this \nto cause a denial of service (system crash). (CVE-2016-4581)", "edition": 5, "modified": "2016-06-01T00:00:00", "published": "2016-06-01T00:00:00", "id": "USN-2989-1", "href": "https://ubuntu.com/security/notices/USN-2989-1", "title": "Linux kernel vulnerabilities", "type": "ubuntu", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-07-02T11:38:01", "bulletinFamily": "unix", "cvelist": ["CVE-2016-2069", "CVE-2016-4581", "CVE-2016-4486", "CVE-2015-4004", "CVE-2016-2187", "CVE-2016-1583", "CVE-2016-3951", "CVE-2016-3955", "CVE-2016-4485", "CVE-2016-2117", "CVE-2016-3672"], "description": "Justin Yackoski discovered that the Atheros L2 Ethernet Driver in the Linux \nkernel incorrectly enables scatter/gather I/O. A remote attacker could use \nthis to obtain potentially sensitive information from kernel memory. \n(CVE-2016-2117)\n\nJann Horn discovered that eCryptfs improperly attempted to use the mmap() \nhandler of a lower filesystem that did not implement one, causing a \nrecursive page fault to occur. A local unprivileged attacker could use to \ncause a denial of service (system crash) or possibly execute arbitrary code \nwith administrative privileges. (CVE-2016-1583)\n\nJason A. Donenfeld discovered multiple out-of-bounds reads in the OZMO USB \nover wifi device drivers in the Linux kernel. A remote attacker could use \nthis to cause a denial of service (system crash) or obtain potentially \nsensitive information from kernel memory. (CVE-2015-4004)\n\nAndy Lutomirski discovered a race condition in the Linux kernel's \ntranslation lookaside buffer (TLB) handling of flush events. A local \nattacker could use this to cause a denial of service or possibly leak \nsensitive information. (CVE-2016-2069)\n\nRalf Spenneberg discovered that the Linux kernel's GTCO digitizer USB \ndevice driver did not properly validate endpoint descriptors. An attacker \nwith physical access could use this to cause a denial of service (system \ncrash). (CVE-2016-2187)\n\nHector Marco and Ismael Ripoll discovered that the Linux kernel would \nimproperly disable Address Space Layout Randomization (ASLR) for x86 \nprocesses running in 32 bit mode if stack-consumption resource limits were \ndisabled. A local attacker could use this to make it easier to exploit an \nexisting vulnerability in a setuid/setgid program. (CVE-2016-3672)\n\nAndrey Konovalov discovered that the CDC Network Control Model USB driver \nin the Linux kernel did not cancel work events queued if a later error \noccurred, resulting in a use-after-free. An attacker with physical access \ncould use this to cause a denial of service (system crash). (CVE-2016-3951)\n\nIt was discovered that an out-of-bounds write could occur when handling \nincoming packets in the USB/IP implementation in the Linux kernel. A remote \nattacker could use this to cause a denial of service (system crash) or \npossibly execute arbitrary code. (CVE-2016-3955)\n\nKangjie Lu discovered an information leak in the ANSI/IEEE 802.2 LLC type 2 \nSupport implementations in the Linux kernel. A local attacker could use \nthis to obtain potentially sensitive information from kernel memory. \n(CVE-2016-4485)\n\nKangjie Lu discovered an information leak in the routing netlink socket \ninterface (rtnetlink) implementation in the Linux kernel. A local attacker \ncould use this to obtain potentially sensitive information from kernel \nmemory. (CVE-2016-4486)\n\nIt was discovered that in some situations the Linux kernel did not handle \npropagated mounts correctly. A local unprivileged attacker could use this \nto cause a denial of service (system crash). (CVE-2016-4581)", "edition": 5, "modified": "2016-06-10T00:00:00", "published": "2016-06-10T00:00:00", "id": "USN-2998-1", "href": "https://ubuntu.com/security/notices/USN-2998-1", "title": "Linux kernel (Trusty HWE) vulnerabilities", "type": "ubuntu", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-07-09T00:27:28", "bulletinFamily": "unix", "cvelist": ["CVE-2016-3961", "CVE-2016-4581", "CVE-2016-4486", "CVE-2015-4004", "CVE-2016-2187", "CVE-2016-1583", "CVE-2016-3951", "CVE-2016-3955", "CVE-2016-4485", "CVE-2016-2117", "CVE-2016-4565", "CVE-2016-3672"], "description": "Justin Yackoski discovered that the Atheros L2 Ethernet Driver in the Linux \nkernel incorrectly enables scatter/gather I/O. A remote attacker could use \nthis to obtain potentially sensitive information from kernel memory. \n(CVE-2016-2117)\n\nJann Horn discovered that eCryptfs improperly attempted to use the mmap() \nhandler of a lower filesystem that did not implement one, causing a \nrecursive page fault to occur. A local unprivileged attacker could use to \ncause a denial of service (system crash) or possibly execute arbitrary code \nwith administrative privileges. (CVE-2016-1583)\n\nJason A. Donenfeld discovered multiple out-of-bounds reads in the OZMO USB \nover wifi device drivers in the Linux kernel. A remote attacker could use \nthis to cause a denial of service (system crash) or obtain potentially \nsensitive information from kernel memory. (CVE-2015-4004)\n\nRalf Spenneberg discovered that the Linux kernel's GTCO digitizer USB \ndevice driver did not properly validate endpoint descriptors. An attacker \nwith physical access could use this to cause a denial of service (system \ncrash). (CVE-2016-2187)\n\nHector Marco and Ismael Ripoll discovered that the Linux kernel would \nimproperly disable Address Space Layout Randomization (ASLR) for x86 \nprocesses running in 32 bit mode if stack-consumption resource limits were \ndisabled. A local attacker could use this to make it easier to exploit an \nexisting vulnerability in a setuid/setgid program. (CVE-2016-3672)\n\nAndrey Konovalov discovered that the CDC Network Control Model USB driver \nin the Linux kernel did not cancel work events queued if a later error \noccurred, resulting in a use-after-free. An attacker with physical access \ncould use this to cause a denial of service (system crash). (CVE-2016-3951)\n\nIt was discovered that an out-of-bounds write could occur when handling \nincoming packets in the USB/IP implementation in the Linux kernel. A remote \nattacker could use this to cause a denial of service (system crash) or \npossibly execute arbitrary code. (CVE-2016-3955)\n\nVitaly Kuznetsov discovered that the Linux kernel did not properly suppress \nhugetlbfs support in X86 paravirtualized guests. An attacker in the guest \nOS could cause a denial of service (guest system crash). (CVE-2016-3961)\n\nKangjie Lu discovered an information leak in the ANSI/IEEE 802.2 LLC type 2 \nSupport implementations in the Linux kernel. A local attacker could use \nthis to obtain potentially sensitive information from kernel memory. \n(CVE-2016-4485)\n\nKangjie Lu discovered an information leak in the routing netlink socket \ninterface (rtnetlink) implementation in the Linux kernel. A local attacker \ncould use this to obtain potentially sensitive information from kernel \nmemory. (CVE-2016-4486)\n\nJann Horn discovered that the InfiniBand interfaces within the Linux kernel \ncould be coerced into overwriting kernel memory. A local unprivileged \nattacker could use this to possibly gain administrative privileges on \nsystems where InifiniBand related kernel modules are loaded. \n(CVE-2016-4565)\n\nIt was discovered that in some situations the Linux kernel did not handle \npropagated mounts correctly. A local unprivileged attacker could use this \nto cause a denial of service (system crash). (CVE-2016-4581)", "edition": 5, "modified": "2016-06-10T00:00:00", "published": "2016-06-10T00:00:00", "id": "USN-3003-1", "href": "https://ubuntu.com/security/notices/USN-3003-1", "title": "Linux kernel vulnerabilities", "type": "ubuntu", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-07-09T00:24:47", "bulletinFamily": "unix", "cvelist": ["CVE-2016-3961", "CVE-2016-4581", "CVE-2016-4486", "CVE-2015-4004", "CVE-2016-2187", "CVE-2016-1583", "CVE-2016-3951", "CVE-2016-3955", "CVE-2016-4485", "CVE-2016-2117", "CVE-2016-4565", "CVE-2016-3672"], "description": "Justin Yackoski discovered that the Atheros L2 Ethernet Driver in the Linux \nkernel incorrectly enables scatter/gather I/O. A remote attacker could use \nthis to obtain potentially sensitive information from kernel memory. \n(CVE-2016-2117)\n\nJann Horn discovered that eCryptfs improperly attempted to use the mmap() \nhandler of a lower filesystem that did not implement one, causing a \nrecursive page fault to occur. A local unprivileged attacker could use to \ncause a denial of service (system crash) or possibly execute arbitrary code \nwith administrative privileges. (CVE-2016-1583)\n\nJason A. Donenfeld discovered multiple out-of-bounds reads in the OZMO USB \nover wifi device drivers in the Linux kernel. A remote attacker could use \nthis to cause a denial of service (system crash) or obtain potentially \nsensitive information from kernel memory. (CVE-2015-4004)\n\nRalf Spenneberg discovered that the Linux kernel's GTCO digitizer USB \ndevice driver did not properly validate endpoint descriptors. An attacker \nwith physical access could use this to cause a denial of service (system \ncrash). (CVE-2016-2187)\n\nHector Marco and Ismael Ripoll discovered that the Linux kernel would \nimproperly disable Address Space Layout Randomization (ASLR) for x86 \nprocesses running in 32 bit mode if stack-consumption resource limits were \ndisabled. A local attacker could use this to make it easier to exploit an \nexisting vulnerability in a setuid/setgid program. (CVE-2016-3672)\n\nAndrey Konovalov discovered that the CDC Network Control Model USB driver \nin the Linux kernel did not cancel work events queued if a later error \noccurred, resulting in a use-after-free. An attacker with physical access \ncould use this to cause a denial of service (system crash). (CVE-2016-3951)\n\nIt was discovered that an out-of-bounds write could occur when handling \nincoming packets in the USB/IP implementation in the Linux kernel. A remote \nattacker could use this to cause a denial of service (system crash) or \npossibly execute arbitrary code. (CVE-2016-3955)\n\nVitaly Kuznetsov discovered that the Linux kernel did not properly suppress \nhugetlbfs support in X86 paravirtualized guests. An attacker in the guest \nOS could cause a denial of service (guest system crash). (CVE-2016-3961)\n\nKangjie Lu discovered an information leak in the ANSI/IEEE 802.2 LLC type 2 \nSupport implementations in the Linux kernel. A local attacker could use \nthis to obtain potentially sensitive information from kernel memory. \n(CVE-2016-4485)\n\nKangjie Lu discovered an information leak in the routing netlink socket \ninterface (rtnetlink) implementation in the Linux kernel. A local attacker \ncould use this to obtain potentially sensitive information from kernel \nmemory. (CVE-2016-4486)\n\nJann Horn discovered that the InfiniBand interfaces within the Linux kernel \ncould be coerced into overwriting kernel memory. A local unprivileged \nattacker could use this to possibly gain administrative privileges on \nsystems where InifiniBand related kernel modules are loaded. \n(CVE-2016-4565)\n\nIt was discovered that in some situations the Linux kernel did not handle \npropagated mounts correctly. A local unprivileged attacker could use this \nto cause a denial of service (system crash). (CVE-2016-4581)", "edition": 5, "modified": "2016-06-10T00:00:00", "published": "2016-06-10T00:00:00", "id": "USN-3004-1", "href": "https://ubuntu.com/security/notices/USN-3004-1", "title": "Linux kernel (Raspberry Pi 2) vulnerabilities", "type": "ubuntu", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-07-02T11:41:59", "bulletinFamily": "unix", "cvelist": ["CVE-2016-3961", "CVE-2016-4581", "CVE-2016-4486", "CVE-2015-4004", "CVE-2016-2187", "CVE-2016-1583", "CVE-2016-3951", "CVE-2016-3955", "CVE-2016-4485", "CVE-2016-2117", "CVE-2016-4565", "CVE-2016-3672"], "description": "Justin Yackoski discovered that the Atheros L2 Ethernet Driver in the Linux \nkernel incorrectly enables scatter/gather I/O. A remote attacker could use \nthis to obtain potentially sensitive information from kernel memory. \n(CVE-2016-2117)\n\nJann Horn discovered that eCryptfs improperly attempted to use the mmap() \nhandler of a lower filesystem that did not implement one, causing a \nrecursive page fault to occur. A local unprivileged attacker could use to \ncause a denial of service (system crash) or possibly execute arbitrary code \nwith administrative privileges. (CVE-2016-1583)\n\nJason A. Donenfeld discovered multiple out-of-bounds reads in the OZMO USB \nover wifi device drivers in the Linux kernel. A remote attacker could use \nthis to cause a denial of service (system crash) or obtain potentially \nsensitive information from kernel memory. (CVE-2015-4004)\n\nRalf Spenneberg discovered that the Linux kernel's GTCO digitizer USB \ndevice driver did not properly validate endpoint descriptors. An attacker \nwith physical access could use this to cause a denial of service (system \ncrash). (CVE-2016-2187)\n\nHector Marco and Ismael Ripoll discovered that the Linux kernel would \nimproperly disable Address Space Layout Randomization (ASLR) for x86 \nprocesses running in 32 bit mode if stack-consumption resource limits were \ndisabled. A local attacker could use this to make it easier to exploit an \nexisting vulnerability in a setuid/setgid program. (CVE-2016-3672)\n\nAndrey Konovalov discovered that the CDC Network Control Model USB driver \nin the Linux kernel did not cancel work events queued if a later error \noccurred, resulting in a use-after-free. An attacker with physical access \ncould use this to cause a denial of service (system crash). (CVE-2016-3951)\n\nIt was discovered that an out-of-bounds write could occur when handling \nincoming packets in the USB/IP implementation in the Linux kernel. A remote \nattacker could use this to cause a denial of service (system crash) or \npossibly execute arbitrary code. (CVE-2016-3955)\n\nVitaly Kuznetsov discovered that the Linux kernel did not properly suppress \nhugetlbfs support in X86 paravirtualized guests. An attacker in the guest \nOS could cause a denial of service (guest system crash). (CVE-2016-3961)\n\nKangjie Lu discovered an information leak in the ANSI/IEEE 802.2 LLC type 2 \nSupport implementations in the Linux kernel. A local attacker could use \nthis to obtain potentially sensitive information from kernel memory. \n(CVE-2016-4485)\n\nKangjie Lu discovered an information leak in the routing netlink socket \ninterface (rtnetlink) implementation in the Linux kernel. A local attacker \ncould use this to obtain potentially sensitive information from kernel \nmemory. (CVE-2016-4486)\n\nJann Horn discovered that the InfiniBand interfaces within the Linux kernel \ncould be coerced into overwriting kernel memory. A local unprivileged \nattacker could use this to possibly gain administrative privileges on \nsystems where InifiniBand related kernel modules are loaded. \n(CVE-2016-4565)\n\nIt was discovered that in some situations the Linux kernel did not handle \npropagated mounts correctly. A local unprivileged attacker could use this \nto cause a denial of service (system crash). (CVE-2016-4581)", "edition": 5, "modified": "2016-06-10T00:00:00", "published": "2016-06-10T00:00:00", "id": "USN-3002-1", "href": "https://ubuntu.com/security/notices/USN-3002-1", "title": "Linux kernel (Wily HWE) vulnerabilities", "type": "ubuntu", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-07-02T11:43:30", "bulletinFamily": "unix", "cvelist": ["CVE-2016-3961", "CVE-2016-4581", "CVE-2016-4486", "CVE-2015-4004", "CVE-2016-2187", "CVE-2016-1583", "CVE-2016-3951", "CVE-2016-3955", "CVE-2016-4485", "CVE-2016-2117", "CVE-2016-4565", "CVE-2016-3672"], "description": "Justin Yackoski discovered that the Atheros L2 Ethernet Driver in the Linux \nkernel incorrectly enables scatter/gather I/O. A remote attacker could use \nthis to obtain potentially sensitive information from kernel memory. \n(CVE-2016-2117)\n\nJann Horn discovered that eCryptfs improperly attempted to use the mmap() \nhandler of a lower filesystem that did not implement one, causing a \nrecursive page fault to occur. A local unprivileged attacker could use to \ncause a denial of service (system crash) or possibly execute arbitrary code \nwith administrative privileges. (CVE-2016-1583)\n\nJason A. Donenfeld discovered multiple out-of-bounds reads in the OZMO USB \nover wifi device drivers in the Linux kernel. A remote attacker could use \nthis to cause a denial of service (system crash) or obtain potentially \nsensitive information from kernel memory. (CVE-2015-4004)\n\nRalf Spenneberg discovered that the Linux kernel's GTCO digitizer USB \ndevice driver did not properly validate endpoint descriptors. An attacker \nwith physical access could use this to cause a denial of service (system \ncrash). (CVE-2016-2187)\n\nHector Marco and Ismael Ripoll discovered that the Linux kernel would \nimproperly disable Address Space Layout Randomization (ASLR) for x86 \nprocesses running in 32 bit mode if stack-consumption resource limits were \ndisabled. A local attacker could use this to make it easier to exploit an \nexisting vulnerability in a setuid/setgid program. (CVE-2016-3672)\n\nAndrey Konovalov discovered that the CDC Network Control Model USB driver \nin the Linux kernel did not cancel work events queued if a later error \noccurred, resulting in a use-after-free. An attacker with physical access \ncould use this to cause a denial of service (system crash). (CVE-2016-3951)\n\nIt was discovered that an out-of-bounds write could occur when handling \nincoming packets in the USB/IP implementation in the Linux kernel. A remote \nattacker could use this to cause a denial of service (system crash) or \npossibly execute arbitrary code. (CVE-2016-3955)\n\nVitaly Kuznetsov discovered that the Linux kernel did not properly suppress \nhugetlbfs support in X86 paravirtualized guests. An attacker in the guest \nOS could cause a denial of service (guest system crash). (CVE-2016-3961)\n\nKangjie Lu discovered an information leak in the ANSI/IEEE 802.2 LLC type 2 \nSupport implementations in the Linux kernel. A local attacker could use \nthis to obtain potentially sensitive information from kernel memory. \n(CVE-2016-4485)\n\nKangjie Lu discovered an information leak in the routing netlink socket \ninterface (rtnetlink) implementation in the Linux kernel. A local attacker \ncould use this to obtain potentially sensitive information from kernel \nmemory. (CVE-2016-4486)\n\nJann Horn discovered that the InfiniBand interfaces within the Linux kernel \ncould be coerced into overwriting kernel memory. A local unprivileged \nattacker could use this to possibly gain administrative privileges on \nsystems where InifiniBand related kernel modules are loaded. \n(CVE-2016-4565)\n\nIt was discovered that in some situations the Linux kernel did not handle \npropagated mounts correctly. A local unprivileged attacker could use this \nto cause a denial of service (system crash). (CVE-2016-4581)", "edition": 5, "modified": "2016-06-10T00:00:00", "published": "2016-06-10T00:00:00", "id": "USN-3001-1", "href": "https://ubuntu.com/security/notices/USN-3001-1", "title": "Linux kernel (Vivid HWE) vulnerabilities", "type": "ubuntu", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-07-02T11:39:31", "bulletinFamily": "unix", "cvelist": ["CVE-2016-4581", "CVE-2016-3689", "CVE-2016-4486", "CVE-2015-4004", "CVE-2016-2187", "CVE-2016-1583", "CVE-2016-3951", "CVE-2016-3955", "CVE-2016-3137", "CVE-2016-4485", "CVE-2016-3136", "CVE-2016-3140", "CVE-2016-2117", "CVE-2016-3672"], "description": "Justin Yackoski discovered that the Atheros L2 Ethernet Driver in the Linux \nkernel incorrectly enables scatter/gather I/O. A remote attacker could use \nthis to obtain potentially sensitive information from kernel memory. \n(CVE-2016-2117)\n\nJann Horn discovered that eCryptfs improperly attempted to use the mmap() \nhandler of a lower filesystem that did not implement one, causing a \nrecursive page fault to occur. A local unprivileged attacker could use to \ncause a denial of service (system crash) or possibly execute arbitrary code \nwith administrative privileges. (CVE-2016-1583)\n\nJason A. Donenfeld discovered multiple out-of-bounds reads in the OZMO USB \nover wifi device drivers in the Linux kernel. A remote attacker could use \nthis to cause a denial of service (system crash) or obtain potentially \nsensitive information from kernel memory. (CVE-2015-4004)\n\nRalf Spenneberg discovered that the Linux kernel's GTCO digitizer USB \ndevice driver did not properly validate endpoint descriptors. An attacker \nwith physical access could use this to cause a denial of service (system \ncrash). (CVE-2016-2187)\n\nSergej Schumilo, Hendrik Schwartke, and Ralf Spenneberg discovered that the \nMCT USB RS232 Converter device driver in the Linux kernel did not properly \nvalidate USB device descriptors. An attacker with physical access could use \nthis to cause a denial of service (system crash). (CVE-2016-3136)\n\nSergej Schumilo, Hendrik Schwartke, and Ralf Spenneberg discovered that the \nCypress M8 USB device driver in the Linux kernel did not properly validate \nUSB device descriptors. An attacker with physical access could use this to \ncause a denial of service (system crash). (CVE-2016-3137)\n\nSergej Schumilo, Hendrik Schwartke, and Ralf Spenneberg discovered that the \nLinux kernel's USB driver for Digi AccelePort serial converters did not \nproperly validate USB device descriptors. An attacker with physical access \ncould use this to cause a denial of service (system crash). (CVE-2016-3140)\n\nHector Marco and Ismael Ripoll discovered that the Linux kernel would \nimproperly disable Address Space Layout Randomization (ASLR) for x86 \nprocesses running in 32 bit mode if stack-consumption resource limits were \ndisabled. A local attacker could use this to make it easier to exploit an \nexisting vulnerability in a setuid/setgid program. (CVE-2016-3672)\n\nIt was discovered that the Linux kernel's USB driver for IMS Passenger \nControl Unit devices did not properly validate the device's interfaces. An \nattacker with physical access could use this to cause a denial of service \n(system crash). (CVE-2016-3689)\n\nAndrey Konovalov discovered that the CDC Network Control Model USB driver \nin the Linux kernel did not cancel work events queued if a later error \noccurred, resulting in a use-after-free. An attacker with physical access \ncould use this to cause a denial of service (system crash). (CVE-2016-3951)\n\nIt was discovered that an out-of-bounds write could occur when handling \nincoming packets in the USB/IP implementation in the Linux kernel. A remote \nattacker could use this to cause a denial of service (system crash) or \npossibly execute arbitrary code. (CVE-2016-3955)\n\nKangjie Lu discovered an information leak in the ANSI/IEEE 802.2 LLC type 2 \nSupport implementations in the Linux kernel. A local attacker could use \nthis to obtain potentially sensitive information from kernel memory. \n(CVE-2016-4485)\n\nKangjie Lu discovered an information leak in the routing netlink socket \ninterface (rtnetlink) implementation in the Linux kernel. A local attacker \ncould use this to obtain potentially sensitive information from kernel \nmemory. (CVE-2016-4486)\n\nIt was discovered that in some situations the Linux kernel did not handle \npropagated mounts correctly. A local unprivileged attacker could use this \nto cause a denial of service (system crash). (CVE-2016-4581)", "edition": 5, "modified": "2016-06-10T00:00:00", "published": "2016-06-10T00:00:00", "id": "USN-3000-1", "href": "https://ubuntu.com/security/notices/USN-3000-1", "title": "Linux kernel (Utopic HWE) vulnerabilities", "type": "ubuntu", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}], "cloudfoundry": [{"lastseen": "2019-05-29T18:32:53", "bulletinFamily": "software", "cvelist": ["CVE-2016-3961", "CVE-2016-4581", "CVE-2016-4486", "CVE-2015-4004", "CVE-2016-2187", "CVE-2016-1583", "CVE-2016-3951", "CVE-2016-3955", "CVE-2016-4485", "CVE-2016-2117", "CVE-2016-4565", "CVE-2016-3672"], "description": "USN-3001-1 Linux kernel (Vivid HWE) vulnerabilities\n\n# \n\nHigh\n\n# Vendor\n\nCanonical Ubuntu\n\n# Versions Affected\n\n * Canonical Ubuntu 14.04 LTS \n\n# Description\n\nJustin Yackoski discovered that the Atheros L2 Ethernet Driver in the Linux kernel incorrectly enables scatter/gather I/O. A remote attacker could use this to obtain potentially sensitive information from kernel memory. ([CVE-2016-2117](<http://people.canonical.com/~ubuntu-security/cve/2016/CVE-2016-2117.html>))\n\nJann Horn discovered that eCryptfs improperly attempted to use the mmap() handler of a lower filesystem that did not implement one, causing a recursive page fault to occur. A local unprivileged attacker could use to cause a denial of service (system crash) or possibly execute arbitrary code with administrative privileges. ([CVE-2016-1583](<http://people.canonical.com/~ubuntu-security/cve/2016/CVE-2016-1583.html>))\n\nJason A. Donenfeld discovered multiple out-of-bounds reads in the OZMO USB over wifi device drivers in the Linux kernel. A remote attacker could use this to cause a denial of service (system crash) or obtain potentially sensitive information from kernel memory. ([CVE-2015-4004](<http://people.canonical.com/~ubuntu-security/cve/2015/CVE-2015-4004.html>))\n\nRalf Spenneberg discovered that the Linux kernel\u2019s GTCO digitizer USB device driver did not properly validate endpoint descriptors. An attacker with physical access could use this to cause a denial of service (system crash). ([CVE-2016-2187](<http://people.canonical.com/~ubuntu-security/cve/2016/CVE-2016-2187.html>))\n\nHector Marco and Ismael Ripoll discovered that the Linux kernel would improperly disable Address Space Layout Randomization (ASLR) for x86 processes running in 32 bit mode if stack-consumption resource limits were disabled. A local attacker could use this to make it easier to exploit an existing vulnerability in a setuid/setgid program. ([CVE-2016-3672](<http://people.canonical.com/~ubuntu-security/cve/2016/CVE-2016-3672.html>))\n\nAndrey Konovalov discovered that the CDC Network Control Model USB driver in the Linux kernel did not cancel work events queued if a later error occurred, resulting in a use-after-free. An attacker with physical access could use this to cause a denial of service (system crash). ([CVE-2016-3951](<http://people.canonical.com/~ubuntu-security/cve/2016/CVE-2016-3951.html>))\n\nIt was discovered that an out-of-bounds write could occur when handling incoming packets in the USB/IP implementation in the Linux kernel. A remote attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. ([CVE-2016-3955](<http://people.canonical.com/~ubuntu-security/cve/2016/CVE-2016-3955.html>))\n\nVitaly Kuznetsov discovered that the Linux kernel did not properly suppress hugetlbfs support in X86 paravirtualized guests. An attacker in the guest OS could cause a denial of service (guest system crash). ([CVE-2016-3961](<http://people.canonical.com/~ubuntu-security/cve/2016/CVE-2016-3961.html>))\n\nKangjie Lu discovered an information leak in the ANSI/IEEE 802.2 LLC type 2 Support implementations in the Linux kernel. A local attacker could use this to obtain potentially sensitive information from kernel memory. ([CVE-2016-4485](<http://people.canonical.com/~ubuntu-security/cve/2016/CVE-2016-4485.html>))\n\nKangjie Lu discovered an information leak in the routing netlink socket interface (rtnetlink) implementation in the Linux kernel. A local attacker could use this to obtain potentially sensitive information from kernel memory. ([CVE-2016-4486](<http://people.canonical.com/~ubuntu-security/cve/2016/CVE-2016-4486.html>))\n\nJann Horn discovered that the InfiniBand interfaces within the Linux kernel could be coerced into overwriting kernel memory. A local unprivileged attacker could use this to possibly gain administrative privileges on systems where InifiniBand related kernel modules are loaded. ([CVE-2016-4565](<http://people.canonical.com/~ubuntu-security/cve/2016/CVE-2016-4565.html>))\n\nIt was discovered that in some situations the Linux kernel did not handle propagated mounts correctly. A local unprivileged attacker could use this to cause a denial of service (system crash). ([CVE-2016-4581](<http://people.canonical.com/~ubuntu-security/cve/2016/CVE-2016-4581.html>))\n\n# Affected Products and Versions\n\n_Severity is high unless otherwise noted. \n_\n\n * Cloud Foundry BOSH stemcells 3146.1 versions prior to 3146.15 AND other versions prior to 3232.7 are vulnerable \n\n# Mitigation\n\nUsers of affected versions should apply the following mitigation:\n\n * The Cloud Foundry project recommends that Cloud Foundry upgrade BOSH stemcell 3146.x versions to 3146.16 OR other versions to 3232.8\n\n# Credit\n\nJustin Yackoski, Jann Horn, Jason A. Donenfeld, Ralf Spenneberg, Hector Marco and Ismael Ripoll, Andrey Konovalov, Vitaly Kuznetsov, Kangjie Lu\n\n# References\n\n * <http://www.ubuntu.com/usn/usn-3001-1/>\n", "edition": 5, "modified": "2016-06-15T00:00:00", "published": "2016-06-15T00:00:00", "id": "CFOUNDRY:6D0A7CF1EF35A1C96485B4FC10A51978", "href": "https://www.cloudfoundry.org/blog/usn-3001-1/", "title": "USN-3001-1 Linux kernel (Vivid HWE) vulnerabilities | Cloud Foundry", "type": "cloudfoundry", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}], "oraclelinux": [{"lastseen": "2019-05-29T18:39:08", "bulletinFamily": "unix", "cvelist": ["CVE-2015-8787", "CVE-2016-4913", "CVE-2016-2069", "CVE-2016-4581", "CVE-2016-4951", "CVE-2016-2847", "CVE-2016-0723", "CVE-2016-3156", "CVE-2016-6198", "CVE-2016-6197", "CVE-2015-8816", "CVE-2016-4805", "CVE-2016-4470", "CVE-2016-2117", "CVE-2015-8785"], "description": "kernel-uek\n[4.1.12-61.1.6]\n- blk-mq: avoid setting hctx->tags->cpumask before allocation (Akinobu Mita) [Orabug: 24464170]\n[4.1.12-61.1.3]\n- ocfs2: improve recovery performance (Junxiao Bi) [Orabug: 24395729] \n- qed: Utilize FW 8.10.3.0 (Yuval Mintz) [Orabug: 24442553] \n- blk-mq: mark request queue as mq asap (Ming Lei) [Orabug: 24318720] \n- lpfc: fix oops in lpfc_sli4_scmd_to_wqidx_distr() from lpfc_send_taskmgmt() (Mauricio Faria de Oliveira) [Orabug: 24312616]\n[4.1.12-61.1.2]\n- KEYS: potential uninitialized variable (Dan Carpenter) [Orabug: 24402831] {CVE-2016-4470}\n[4.1.12-61.1.1]\n- ol6-spec: update linux-firmware dependency to 20160616-44.git43e96a1e.0.10 (Chuck Anderson) [Orabug: 24311968] \n- ol7-spec: update dracut version dependency to 033-360.0.3 (Chuck Anderson) [Orabug: 24308248] \n- [2d8747c2] fixup! blk-mq: prevent double-unlock of mutex (Dan Duval) [Orabug: 24376521] \n- tcp: make challenge acks less predictable (Eric Dumazet) [Orabug: 24010102] \n- IBCM: dereference timewait_info only when needed (Santosh Shilimkar) [Orabug: 24326732] \n- ext4: update c/mtime on truncate up (Eryu Guan) [Orabug: 24325361] \n- vfs: add vfs_select_inode() helper (Miklos Szeredi) [Orabug: 24009788] {CVE-2016-6198} {CVE-2016-6197}\n- vfs: rename: check backing inode being equal (Miklos Szeredi) [Orabug: 24009788] {CVE-2016-6198} {CVE-2016-6197}\n- ovl: verify upper dentry before unlink and rename (Miklos Szeredi) [Orabug: 24009788] {CVE-2016-6198} {CVE-2016-6197}\n- xen-pciback: mark device to be hidden on AER error trigger (Elena Ufimtseva)\n[4.1.12-61]\n- block: Initialize max_dev_sectors to 0 (Keith Busch) [Orabug: 23615929] \n- sd: Fix rw_max for devices that report an optimal xfer size (Martin K. Petersen) [Orabug: 23615929] \n- sd: Fix excessive capacity printing on devices with blocks bigger than 512 bytes (Martin K. Petersen) [Orabug: 23615929] \n- sd: Optimal I/O size is in bytes, not sectors (Martin K. Petersen) [Orabug: 23615929] \n- sd: Reject optimal transfer length smaller than page size (Martin K. Petersen) [Orabug: 23615929] \n- block/sd: Fix device-imposed transfer length limits (Joe Jin) [Orabug: 23615929] \n- Fix kabi issue for upstream commit ca369d51 (Joe Jin) [Orabug: 23615929] \n- Revert 'ocfs2: bump up o2cb network protocol version' (Junxiao Bi) [Orabug: 24292852] \n- Btrfs: fix leaking of ordered extents after direct IO write error (Filipe Manana) [Orabug: 23717870] \n- Btrfs: fix error path when failing to submit bio for direct IO write (Filipe Manana) [Orabug: 23717870] \n- Btrfs: fix memory corruption on failure to submit bio for direct IO (Filipe Manana) [Orabug: 23717870] \n- Btrfs: fix extent accounting for partial direct IO writes (Filipe Manana) [Orabug: 23717870] \n- Btrfs: Direct I/O: Fix space accounting (chandan) [Orabug: 23717870] \n- Btrfs: fix warning of bytes_may_use (Liu Bo) [Orabug: 23717870] \n- xen: use same main loop for counting and remapping pages (Juergen Gross)\n[4.1.12-60]\n- xen-blkfront: dynamic configuration of per-vbd resources (Bob Liu) [Orabug: 23720696] \n- xen-blkfront: introduce blkif_set_queue_limits() (Bob Liu) [Orabug: 23720696] \n- xen-blkfront: fix places not updated after introducing 64KB page granularity (Bob Liu) [Orabug: 23720696] \n- IB: Add RNR timer workaround for PSIF (Santosh Shilimkar) [Orabug: 23633926] \n- IB/core: Add encode/decode FDR/EDR rates (Hans Westgaard Ry) [Orabug: 23084916] \n- bfa: Fix for crash when bfa_itnim is NULL (Sudarsana Reddy Kalluru) [Orabug: 23950878] \n- bfa:Update driver version to 3.2.25.0 (Anil Gurumurthy) [Orabug: 23950878] \n- bfa:File header and user visible string changes (Anil Gurumurthy) [Orabug: 23950878] \n- bfa:Updating copyright messages (Anil Gurumurthy) [Orabug: 23950878] \n- bfa: Fix incorrect de-reference of pointer (Anil Gurumurthy) [Orabug: 23950878] \n- bfa: Fix indentation (Anil Gurumurthy) [Orabug: 23950878] \n- lpfc updates to 11.1.0.4 for uek4-r2 (rkennedy) [Orabug: 23762058] \n- lpfc: Update modified file copyrights (James Smart) [Orabug: 23762058] \n- lpfc: Fix interaction between fdmi_on and enable_SmartSAN (James Smart) [Orabug: 23762058] \n- lpfc: Add support for SmartSAN 2.0 (James Smart) [Orabug: 23762058] \n- lpfc: Fix Device discovery failures during switch reboot test. (James Smart) [Orabug: 23762058] \n- lpfc: Utilize embedded CDB logic to minimize IO latency (James Smart) [Orabug: 23762058] \n- lpfc: Fix crash when unregistering default rpi. (James Smart) [Orabug: 23762058] \n- lpfc: Fix DMA faults observed upon plugging loopback connector (James Smart) [Orabug: 23762058] \n- lpfc: Correct LOGO handling during login (James Smart) [Orabug: 23762058] \n- lpfc: fix misleading indentation (Arnd Bergmann) [Orabug: 23762058] \n- lpfc: fix missing zero termination in debugfs (Alan) [Orabug: 23762058] \n- lpfc: Remove redundant code block in lpfc_scsi_cmd_iocb_cmpl (Johannes Thumshirn) [Orabug: 23762058] \n- qla2xxx: Update driver version to 8.07.00.38.40.0-k. (Sawan Chandak) [Orabug: 23755773] \n- qla2xxx: Fix BBCR offset (Sawan Chandak) [Orabug: 23755773] \n- qla2xxx: Disable the adapter and skip error recovery in case of register disconnect. (Sawan Chandak) [Orabug: 23755773] \n- qla2xxx: Separate ISP type bits out from device type. (Joe Carnuccio) [Orabug: 23755773] \n- qla2xxx: Correction to function qla26xx_dport_diagnostics(). (Joe Carnuccio) [Orabug: 23755773] \n- qla2xxx: Add support to handle Loop Init error Asynchronus event. (Joe Carnuccio) [Orabug: 23755773] \n- qla2xxx: Let DPORT be enabled purely by nvram. (Joe Carnuccio) [Orabug: 23755773] \n- qla2xxx: Add bsg interface to support statistics counter reset. (Sawan Chandak) [Orabug: 23755773] \n- qla2xxx: Add bsg interface to support D_Port Diagnostics. (Joe Carnuccio) [Orabug: 23755773] \n- qla2xxx: Check for device state before unloading the driver. (Sawan Chandak) [Orabug: 23755773] \n- qla2xxx: Properly reset firmware statistics. (Joe Carnuccio) [Orabug: 23755773] \n- qla2xxx: Properly initialize IO statistics. (Joe Carnuccio) [Orabug: 23755773] \n- qla2xxx: Make debug buffer log easier to view. (Joe Carnuccio) [Orabug: 23755773] \n- qla2xxx: Add module parameter alternate/short names. (Joe Carnuccio) [Orabug: 23755773] \n- qla2xxx: Set FLOGI retry in additional firmware options for P2P (N2N) mode. (Giridhar Malavali) [Orabug: 23755773] \n- qla2xxx: Shutdown board on thermal shutdown aen. (Joe Carnuccio) [Orabug: 23755773] \n- qla2xxx: Add ram area DDR for fwdump template entry T262. (Joe Carnuccio) [Orabug: 23755773] \n- qla2xxx: Remove sysfs node fw_dump_template. (Joe Carnuccio) [Orabug: 23755773] \n- mpt3sas: Used 'synchronize_irq()'API to synchronize timed-out IO & TMs (Chaitra P B) [Orabug: 22529571] \n- mpt3sas: Set maximum transfer length per IO to 4MB for VDs (Chaitra P B) [Orabug: 22529571] \n- mpt3sas: Updating mpt3sas driver version to 13.100.00.00 (Chaitra P B) [Orabug: 22529571] \n- mpt3sas: Fix initial Reference tag field for 4K PI drives. (Chaitra P B) [Orabug: 22529571] \n- mpt3sas: Handle active cable exception event (Chaitra P B) [Orabug: 22529571] \n- mpt3sas: Update MPI header to 2.00.42 (Chaitra P B) [Orabug: 22529571] \n- mpt3sas - remove unused fw_event_work elements (Joe Lawrence) [Orabug: 22529571] \n- mpt3sas: Remove usage of 'struct timeval' (Tina Ruchandani) [Orabug: 22529571] \n- mpt3sas: Dont overreach ioc->reply_post[] during initialization (Calvin Owens) [Orabug: 22529571] \n- mpt3sas: Remove unnecessary synchronize_irq() before free_irq() (Lars-Peter Clausen) [Orabug: 22529571] \n- mpt3sas: Free memory pools before retrying to allocate with different value. (Suganath prabu Subramani) [Orabug: 22529571] \n- mpt3sas: Remove cpumask_clear for zalloc_cpumask_var and dont free free_cpu_mask_var before reply_q (Suganath prabu Subramani) [Orabug: 22529571] \n- mpt3sas: Updating mpt3sas driver version to 12.100.00.00 (Suganath prabu Subramani) [Orabug: 22529571] \n- mpt3sas: Fix for Asynchronous completion of timedout IO and task abort of timedout IO. (Suganath prabu Subramani) [Orabug: 22529571] \n- mpt3sas: Updated MPI Header to 2.00.42 (Suganath prabu Subramani) [Orabug: 22529571] \n- mpt3sas: Add support for configurable Chain Frame Size (Suganath prabu Subramani) [Orabug: 22529571] \n- mpt3sas: Added smp_affinity_enable module parameter. (Suganath Prabu Subramani) [Orabug: 22529571] \n- mpt3sas: Make use of additional HighPriority credit message frames for sending SCSI IOs (Suganath prabu Subramani) [Orabug: 22529571] \n- mpt3sas: Never block the Enclosure device (Suganath prabu Subramani) [Orabug: 22529571] \n- mpt3sas: Fix static analyzer(coverity) tool identified defects (Suganath prabu Subramani) [Orabug: 22529571] \n- mpt3sas: Used IEEE SGL instead of MPI SGL while framing a SMP Passthrough request message. (Suganath prabu Subramani) [Orabug: 22529571] \n- mpt3sas: Added support for high port count HBA variants. (Suganath prabu Subramani) [Orabug: 22529571] \n- mpt3sas: A correction in unmap_resources (Tomas Henzl) [Orabug: 22529571] \n- mpt3sas: fix Kconfig dependency problem for mpt2sas back compatibility (James Bottomley) [Orabug: 22529571] \n- mpt3sas: Add dummy Kconfig option for backwards compatibility (Martin K. Petersen) [Orabug: 22529571] \n- mpt3sas: Fix use sas_is_tlr_enabled API before enabling MPI2_SCSIIO_CONTROL_TLR_ON flag (Sreekanth Reddy) [Orabug: 22529571] \n- mpt3sas: fix inline markers on non inline function declarations (Stephen Rothwell) [Orabug: 22529571] \n- mpt3sas: Bump mpt3sas driver version to 09.102.00.00 (Sreekanth Reddy) [Orabug: 22529571] \n- mpt3sas: Single driver module which supports both SAS 2.0 & SAS 3.0 HBAs (Sreekanth Reddy) [Orabug: 22529571] \n- mpt2sas, mpt3sas: Update the driver versions (Sreekanth Reddy) [Orabug: 22529571] \n- mpt3sas: setpci reset kernel oops fix (Sreekanth Reddy) [Orabug: 22529571] \n- mpt3sas: Added OEM Gen2 PnP ID branding names (Sreekanth Reddy) [Orabug: 22529571] \n- mpt3sas: Refcount fw_events and fix unsafe list usage (Sreekanth Reddy) [Orabug: 22529571] \n- mpt3sas: Refcount sas_device objects and fix unsafe list usage (Sreekanth Reddy) [Orabug: 22529571] \n- mpt3sas: sysfs attribute to report Backup Rail Monitor Status (Sreekanth Reddy) [Orabug: 22529571] \n- mpt3sas: Ported WarpDrive product SSS6200 support (Sreekanth Reddy) [Orabug: 22529571] \n- mpt3sas: fix for driver fails EEH, recovery from injected pci bus error (Sreekanth Reddy) [Orabug: 22529571] \n- mpt3sas: Manage MSI-X vectors according to HBA device type (Sreekanth Reddy) [Orabug: 22529571] \n- mpt3sas: Dont send PHYDISK_HIDDEN RAID action request on SAS2 HBAs (Sreekanth Reddy) [Orabug: 22529571] \n- mpt3sas: Build MPI SGL LIST on GEN2 HBAs and IEEE SGL LIST on GEN3 HBAs (Sreekanth Reddy) [Orabug: 22529571] \n- mpt2sas, mpt3sas: Remove SCSI_MPTXSAS_LOGGING entry from Kconfig (Sreekanth Reddy) [Orabug: 22529571] \n- mpt3sas: Define 'hba_mpi_version_belonged' IOC variable (Sreekanth Reddy) [Orabug: 22529571] \n- mpt2sas: Remove .c and .h files from mpt2sas driver (Sreekanth Reddy) [Orabug: 22529571] \n- mpt2sas: Move Gen2 HBAs device registration to a separate file (Sreekanth Reddy) [Orabug: 22529571] \n- mpt3sas: Move Gen3 HBAs device registration to a separate file (Sreekanth Reddy) [Orabug: 22529571] \n- mpt3sas: Added mpt2sas driver definitions (Sreekanth Reddy) [Orabug: 22529571] \n- mpt2sas: Use mpi headers from mpt3sas (Christoph Hellwig) [Orabug: 22529571] \n- ext4: only call ext4_truncate when size <= isize (Josef Bacik) [Orabug: 23598757] \n- fix kABI breakage from 'blk-mq: fix race between timeout and freeing request' (Dan Duval) [Orabug: 23521058] \n- blk-mq: fix race between timeout and freeing request (Ming Lei) [Orabug: 23521058] \n- fix kABI breakage from 'blk-mq: Shared tag enhancements' (Dan Duval) [Orabug: 23521058] \n- blk-mq: Shared tag enhancements (Keith Busch) [Orabug: 23521058] \n- propogate_mnt: Handle the first propogated copy being a slave (Eric W. Biederman) [Orabug: 23276659] {CVE-2016-4581}\n- fs/pnode.c: treat zero mnt_group_id-s as unequal (Maxim Patlasov) [Orabug: 23276659] {CVE-2016-4581}\n- xsigo: SKB Frag cleanup (Pradeep Gopanapalli) [Orabug: 23514725] \n- xsigo: Tx_tail goes outof bound (Pradeep Gopanapalli) [Orabug: 23514725] \n- xsigo: Fixed Path locking issues (Pradeep Gopanapalli) [Orabug: 23514725] \n- net/rds: Skip packet filtering if interface does not support ACL (Yuval Shaia) [Orabug: 23541567] \n- RDS: Fix the rds_conn_destroy panic due to pending messages (Bang Nguyen) [Orabug: 23222944] \n- RDS: add handshaking for ACL violation detection at passive (Ajaykumar Hotchandani) [Orabug: 23222944] \n- RDS: IB: enforce IP anti-spoofing based on ACLs (Santosh Shilimkar) [Orabug: 23222944] \n- RDS: Add acl fields to the rds_connection (Santosh Shilimkar) [Orabug: 23222944] \n- RDS: IB: invoke connection destruction in worker (Ajaykumar Hotchandani) [Orabug: 23222944] \n- RDS: Add reset all conns for a source address to CONN_RESET (Santosh Shilimkar) [Orabug: 23222944] \n- IB/mlx4: Generate alias GUID for slaves (Yuval Shaia) [Orabug: 23222944] \n- IB/ipoib: ioctl interface to manage ACL tables (Yuval Shaia) [Orabug: 23222944] \n- IB/ipoib: sysfs interface to manage ACL tables (Yuval Shaia) [Orabug: 23222944] \n- IB/{cm,ipoib}: Filter traffic using ACL (Yuval Shaia) [Orabug: 23222944] \n- IB/{cm,ipoib}: Manage ACL tables (Yuval Shaia) [Orabug: 23222944]\n[4.1.12-59]\n- Enable CONFIG_CONNTRACK_ZONES for Ol6 (Manjunath Govindashetty) [Orabug: 23755115] \n- perf tools: add --sym-lookup arg to enable symbol lookup in hugepage shm segment (ashok.vairavan) [Orabug: 23278057] \n- offload ib subnet manager port and node get info query handling. (Rama Nichanamatlu) [Orabug: 23750258] \n- IB/ipoib: Adjust queue sizes (Ajaykumar Hotchandani) [Orabug: 23302017] \n- IB/ipoib: Change send workqueue size for CM mode (Ajaykumar Hotchandani) [Orabug: 23254764] \n- qed: Add support for qed and qede drivers from Qlogic in UEK4 (Manjunath Govindashetty) [Orabug: 23732603] \n- qed: Protect the doorbell BAR with the write barriers. (Sudarsana Reddy Kalluru) [Orabug: 23732603] \n- qed: Add missing port-mode (Yuval Mintz) [Orabug: 23732603] \n- qed: Fix returning unlimited SPQ entries (Yuval Mintz) [Orabug: 23732603] \n- qed*: Dont reset statistics on inner reload (Yuval Mintz) [Orabug: 23732603] \n- qed: Prevent VF from Tx-switching 'promisc' (Yuval Mintz) [Orabug: 23732603] \n- qed: Correct default vlan behavior (Yuval Mintz) [Orabug: 23732603] \n- qed: fix qed_fill_link() error handling (Arnd Bergmann) [Orabug: 23732603] \n- qed: Dont config min BW on 100g on link flap (Yuval Mintz) [Orabug: 23732603] \n- qed: Prevent 100g from working in MSI (Sudarsana Reddy Kalluru) [Orabug: 23732603] \n- qed: Add missing 100g init mode (Yuval Mintz) [Orabug: 23732603] \n- qed: Save min/max accross dcbx-change (Yuval Mintz) [Orabug: 23732603] \n- qed: Fix allocation in interrupt context (Sudarsana Reddy Kalluru) [Orabug: 23732603] \n- qede: Dont expose self-test for VFs (Yuval Mintz) [Orabug: 23732603] \n- qede: Reload on GRO changes (Yuval Mintz) [Orabug: 23732603] \n- qede: Fix VF minimum BW setting (Yuval Mintz) [Orabug: 23732603] \n- qed: Reset the enable flag for eth protocol. (Sudarsana Reddy Kalluru) [Orabug: 23732603] \n- qed: signedness bug in qed_dcbx_process_tlv() (Dan Carpenter) [Orabug: 23732603] \n- qede: Fix DMA address APIs usage (Manish Chopra) [Orabug: 23732603] \n- qed: add support for dcbx. (Sudarsana Reddy Kalluru) [Orabug: 23732603] \n- qed: Remove a stray tab (Dan Carpenter) [Orabug: 23732603] \n- qed: VFs gracefully accept lack of PM (Yuval Mintz) [Orabug: 23732603] \n- qed: Allow more than 16 VFs (Yuval Mintz) [Orabug: 23732603] \n- qed: Reset link on IOV disable (Manish Chopra) [Orabug: 23732603] \n- qed: Improve VF interrupt reset (Yuval Mintz) [Orabug: 23732603] \n- qed: Correct PF-sanity check (Yuval Mintz) [Orabug: 23732603] \n- qed*: Tx-switching configuration (Yuval Mintz) [Orabug: 23732603] \n- qed*: support ndo_get_vf_config (Yuval Mintz) [Orabug: 23732603] \n- qed*: IOV support spoof-checking (Yuval Mintz) [Orabug: 23732603] \n- qed*: IOV link control (Yuval Mintz) [Orabug: 23732603] \n- qed*: Support forced MAC (Yuval Mintz) [Orabug: 23732603] \n- qed*: Support PVID configuration (Yuval Mintz) [Orabug: 23732603] \n- qede: Add VF support (Yuval Mintz) [Orabug: 23732603] \n- qed: Align TLVs (Yuval Mintz) [Orabug: 23732603] \n- qed: Bulletin and Link (Yuval Mintz) [Orabug: 23732603] \n- qed: IOV l2 functionality (Yuval Mintz) [Orabug: 23732603] \n- qed: IOV configure and FLR (Yuval Mintz) [Orabug: 23732603] \n- qed: Introduce VFs (Yuval Mintz) [Orabug: 23732603] \n- qed: Add VF->PF channel infrastructure (Yuval Mintz) [Orabug: 23732603] \n- qed: Add CONFIG_QED_SRIOV (Yuval Mintz) [Orabug: 23732603] \n- qede: uninitialized variable in qede_start_xmit() (Dan Carpenter) [Orabug: 23732603] \n- qede: prevent chip hang when increasing channels (Sudarsana Reddy Kalluru) [Orabug: 23732603] \n- qed: Apply tunnel configurations after PF start (Manish Chopra) [Orabug: 23732603] \n- qede: add implementation for internal loopback test. (Sudarsana Reddy Kalluru) [Orabug: 23732603] \n- qede: add support for selftests. (Sudarsana Reddy Kalluru) [Orabug: 23732603] \n- qed: add infrastructure for device self tests. (Sudarsana Reddy Kalluru) [Orabug: 23732603] \n- qed: Add PF min bandwidth configuration support (Manish Chopra) [Orabug: 23732603] \n- qed: Add PF max bandwidth configuration support (Manish Chopra) [Orabug: 23732603] \n- qed: Add vport WFQ configuration APIs (Manish Chopra) [Orabug: 23732603] \n- qed: add support for link pause configuration. (Sudarsana Reddy Kalluru) [Orabug: 23732603] \n- qed*: Conditions for changing link (Yuval Mintz) [Orabug: 23732603] \n- qede: Add support for ethtool private flags (Yuval Mintz) [Orabug: 23732603] \n- qed*: Align statistics names (Yuval Mintz) [Orabug: 23732603] \n- qede: Fix single MTU sized packet from firmware GRO flow (Manish Chopra) [Orabug: 23732603] \n- qede: Fix setting Skb network header (Manish Chopra) [Orabug: 23732603] \n- qede: Fix various memory allocation error flows for fastpath (Manish Chopra) [Orabug: 23732603] \n- qede: Add fastpath support for tunneling (Manish Chopra) [Orabug: 23732603] \n- qed: Enable GRE tunnel slowpath configuration (Manish Chopra) [Orabug: 23732603] \n- qed/qede: Add VXLAN tunnel slowpath configuration support (Manish Chopra) [Orabug: 23732603] \n- qed: Add infrastructure support for tunneling (Manish Chopra) [Orabug: 23732603] \n- qed* - bump driver versions to 8.7.1.20 (Yuval Mintz) [Orabug: 23732603] \n- qede: add Rx flow hash/indirection support. (Sudarsana Reddy Kalluru) [Orabug: 23732603] \n- qed: add Rx flow hash/indirection support. (Sudarsana Reddy Kalluru) [Orabug: 23732603] \n- qed*: remove version dependency (Rahul Verma) [Orabug: 23732603] \n- qed: initialize return rc to avoid returning garbage (Colin Ian King) [Orabug: 23732603] \n- qed: Enlrage the drain timeout (Yuval Mintz) [Orabug: 23732603] \n- qed: Notify of transciever changes (Zvi Nachmani) [Orabug: 23732603] \n- qed: Major changes to MB locking (Tomer Tayar) [Orabug: 23732603] \n- qed: Prevent MF link notifications (Sudarsana Reddy Kalluru) [Orabug: 23732603] \n- qede: Fix net-next 'make ARCH=x86_64' (Manish Chopra) [Orabug: 23732603] \n- qede: Add slowpath/fastpath support and enable hardware GRO (Manish Chopra) [Orabug: 23732603] \n- qed/qede: Add infrastructure support for hardware GRO (Manish Chopra) [Orabug: 23732603] \n- qed: Remove unused NVM vendor ID (Yuval Mintz) [Orabug: 23732603] \n- qed: Fix error flow on slowpath start (Yuval Mintz) [Orabug: 23732603] \n- qed: Move statistics to L2 code (Yuval Mintz) [Orabug: 23732603] \n- qed: Support B0 instead of A0 (Yuval Mintz) [Orabug: 23732603] \n- qed: Correct BAR sizes for older MFW (Ram Amrani) [Orabug: 23732603] \n- qed: Print additional HW attention info (Yuval Mintz) [Orabug: 23732603] \n- qed: Print HW attention reasons (Yuval Mintz) [Orabug: 23732603] \n- qed: Add support for HW attentions (Yuval Mintz) [Orabug: 23732603] \n- qed: Semantic refactoring of interrupt code (Yuval Mintz) [Orabug: 23732603] \n- qed, qede: rebrand module description (Yuval Mintz) [Orabug: 23732603] \n- qed: Prevent probe on previous error (Yuval Mintz) [Orabug: 23732603] \n- qed: add MODULE_FIRMWARE() (Yuval Mintz) [Orabug: 23732603] \n- qede: Dont report link change needlessly (Yuval Mintz) [Orabug: 23732603] \n- qede: Linearize SKBs when needed (Yuval Mintz) [Orabug: 23732603] \n- qede: Change pci DID for 10g device (Yuval Mintz) [Orabug: 23732603] \n- qed,qede: Bump driver versions to 8.7.0.0 (Yuval Mintz) [Orabug: 23732603] \n- qed: Introduce DMA_REGPAIR_LE (Yuval Mintz) [Orabug: 23732603] \n- qed: Change metadata needed for SPQ entries (Yuval Mintz) [Orabug: 23732603] \n- qed: Handle possible race in SB config (Yuval Mintz) [Orabug: 23732603] \n- qed: Turn most GFP_ATOMIC into GFP_KERNEL (Yuval Mintz) [Orabug: 23732603] \n- qede: Add vlan filtering offload support (Sudarsana Reddy Kalluru) [Orabug: 23732603] \n- qed: Lay infrastructure for vlan filtering offload (Yuval Mintz) [Orabug: 23732603] \n- qed/qede: use 8.7.3.0 FW. (Yuval Mintz) [Orabug: 23732603] \n- qed: Correct slowpath interrupt scheme (Sudarsana Kalluru) [Orabug: 23732603] \n- qed: Fix BAR size split for some servers (Ariel Elior) [Orabug: 23732603] \n- qed: fix handling of concurrent ramrods. (Tomer Tayar) [Orabug: 23732603] \n- qed: Fix corner case for chain in-between pages (Tomer Tayar) [Orabug: 23732603] \n- qede: Add support for {get, set}_pauseparam (Sudarsana Kalluru) [Orabug: 23732603] \n- qede: Add support for nway_reset (Sudarsana Kalluru) [Orabug: 23732603] \n- qede: Add support for set_phys_id (Sudarsana Kalluru) [Orabug: 23732603] \n- qed: Add support for changing LED state (Sudarsana Kalluru) [Orabug: 23732603] \n- qede: Add support for {get, set}_ringparam (Sudarsana Kalluru) [Orabug: 23732603] \n- qede: Add support for {get, set}_channels (Sudarsana Kalluru) [Orabug: 23732603] \n- qed: select ZLIB_INFLATE (Arnd Bergmann) [Orabug: 23732603] \n- qlogic: qed: fix error codes in qed_resc_alloc() (Dan Carpenter) [Orabug: 23732603] \n- qlogic: qed: fix a test for MODE_MF_SI (Dan Carpenter) [Orabug: 23732603] \n- qlogic/qed: remove bogus NULL check (Dan Carpenter) [Orabug: 23732603] \n- qede: Add basic ethtool support (Sudarsana Kalluru) [Orabug: 23732603] \n- qed: Add statistics support (Manish Chopra) [Orabug: 23732603] \n- qede: Add support for link (Sudarsana Kalluru) \n- qed: Add link support (Yuval Mintz) [Orabug: 23732603] \n- qede: classification configuration (Sudarsana Kalluru) [Orabug: 23732603] \n- qede: Add basic network device support (Yuval Mintz) [Orabug: 23732603] \n- qed: Add slowpath L2 support (Manish Chopra) [Orabug: 23732603] \n- qede: Add basic Network driver (Yuval Mintz) [Orabug: 23732603] \n- qed: Add basic L2 interface (Yuval Mintz) [Orabug: 23732603] \n- qed: Add module with basic common support (Yuval Mintz) [Orabug: 23732603] \n- qlcnic: potential NULL dereference in qlcnic_83xx_get_minidump_template() (Dan Carpenter) [Orabug: 23711389] \n- qlcnic: protect qlicnic_attach_func with rtnl_lock (Hannes Frederic Sowa) [Orabug: 23711389] \n- qlcnic: Update version to 5.3.64 (Manish Chopra) [Orabug: 23711389] \n- qlcnic: Fix mailbox completion handling during spurious interrupt (Rajesh Borundia) [Orabug: 23711389] \n- qlcnic: Remove unnecessary usage of atomic_t (Rajesh Borundia) [Orabug: 23711389] \n- qlcnic: correctly handle qlcnic_alloc_mbx_args (Insu Yun) [Orabug: 23711389] \n- qlcnic: constify qlcnic_dcb_ops structures (Julia Lawall) [Orabug: 23711389] \n- qlcnic: fix a loop exit condition better (Dan Carpenter) [Orabug: 23711389] \n- qlcnic: fix a timeout loop (Dan Carpenter) [Orabug: 23711389] \n- net/qlcnic: fix mac address restore in bond mode 5/6 (Jarod Wilson) [Orabug: 23711389] \n- qlcnic: constify qlcnic_mbx_ops structure (Julia Lawall) [Orabug: 23711389] \n- qlcnic: track vxlan port count (Jiri Benc) [Orabug: 23711389] \n- net: qlcnic: delete redundant memsets (Rasmus Villemoes) [Orabug: 23711389]\n[4.1.12-58]\n- ol6-spec: remove require for ql23xx-firmware-3.03.27 (Ethan Zhao) [Orabug: 23724175] \n- ol7-spec: update version dependency for linux-firmware package (Ethan Zhao) [Orabug: 23701430] \n- ol6-spec: update version dependency for linux-firmware package (Ethan Zhao) [Orabug: 23701352] \n- xen/acpi: Disable ACPI memory hotplug when running under Xen. (Konrad Rzeszutek Wilk) \n- mlx4_core: use higher log_rdmarc_per_qp when scale_profile is set (Mukesh Kacker) [Orabug: 23725942] \n- RDS: IB: change rds_ib_active_bonding_excl_ips to only RFC3927 space (Todd Vierling) \n- RDS: avoid large pages for sg allocation for TCP transport (Santosh Shilimkar) [Orabug: 23635336] \n- bnx2x: Update driver version to 1.713.10 (Rajesh Borundia) [Orabug: 23718192] \n- bnx2x: allow adding VLANs while interface is down (Michal Schmidt) [Orabug: 23718192] \n- bnx2x: avoid leaking memory on bnx2x_init_one() failures (Vitaly Kuznetsov) [Orabug: 23718192] \n- bnx2x: Prevent false warning for lack of FC NPIV (Yuval Mintz) [Orabug: 23718192] \n- bnx2x: dont wait for Tx completion on recovery (Yuval Mintz) [Orabug: 23718192] \n- bnx2x: fix indentation in bnx2x_sp_task() (Michal Schmidt) [Orabug: 23718192] \n- bnx2x: define event data reserved fields as little-endian (Michal Schmidt) [Orabug: 23718192] \n- bnx2x: define fields of struct cfc_del_event_data as little-endian (Michal Schmidt) [Orabug: 23718192] \n- bnx2x: access cfc_del_event only if the opcode is CFC_DEL (Michal Schmidt) [Orabug: 23718192] \n- bnx2x: fix receive of VF->PF mailbox messages by the PF on big-endian (Michal Schmidt) [Orabug: 23718192] \n- bnx2x: fix sending VF->PF messages on big-endian (Michal Schmidt) [Orabug: 23718192] \n- bnx2x: fix crash on big-endian when adding VLAN (Michal Schmidt) [Orabug: 23718192] \n- bnx2x: Fix 84833 phy command handler (Yuval Mintz) \n- bnx2x: Fix led setting for 84858 phy. (Yuval Mintz) [Orabug: 23718192] \n- bnx2x: Correct 84858 PHY fw version (Yuval Mintz) [Orabug: 23718192] \n- bnx2x: Fix 84833 RX CRC (Yuval Mintz) \n- bnx2x: Fix link-forcing for KR2 (Yuval Mintz) [Orabug: 23718192] \n- bnx2x: Add missing HSI for big-endian machines (Yuval Mintz) [Orabug: 23718192] \n- bnx2x: Warn about grc timeouts in register dump (Yuval Mintz) [Orabug: 23718192] \n- bnx2x: extend DCBx support (Yuval Mintz) [Orabug: 23718192] \n- bnx2x: Add support for single-port DCBx (Yuval Mintz) [Orabug: 23718192] \n- bnx2x: Remove unneccessary EXPORT_SYMBOL (Yuval Mintz) [Orabug: 23718192] \n- bnx2x: Prevent FW assertion when using Vxlan (Yuval Mintz) [Orabug: 23718192] \n- bnx2x: remove rx_pkt/rx_calls (Eric Dumazet) [Orabug: 23718192] \n- bnx2x: avoid soft lockup in bnx2x_poll() (Eric Dumazet) [Orabug: 23718192] \n- bnx2x: simplify distinction between port and func stats (Michal Schmidt) [Orabug: 23718192] \n- bnx2x: change FW GRO error message to WARN_ONCE (Michal Schmidt) [Orabug: 23718192] \n- bnx2x: drop redundant error message about allocation failure (Michal Schmidt) [Orabug: 23718192] \n- bnx2x: Utilize FW 7.13.1.0. (Yuval Mintz) [Orabug: 23718192] \n- bnx2x: Show port statistics in Multi-function (Yuval Mintz) [Orabug: 23718192] \n- bnx2x: Add new SW stat 'tx_exhaustion_events' (Yuval Mintz) [Orabug: 23718192] \n- bnx2x: Fix vxlan removal (Yuval Mintz) [Orabug: 23718192] \n- net: move skb_mark_napi_id() into core networking stack (Eric Dumazet) [Orabug: 23718192] \n- bnx2x: remove bnx2x_low_latency_recv() support (Eric Dumazet) [Orabug: 23718192] \n- bnx2x: Add FW 7.13.1.0. (Yuval Mintz) [Orabug: 23718192] \n- be2iscsi: Update the driver version (Jitendra Bhivare) [Orabug: 23712824] \n- be2iscsi: Replace _bh with _irqsave/irqrestore (Jitendra Bhivare) [Orabug: 23712824] \n- be2iscsi: Remove unnecessary synchronize_irq() before free_irq() (Lars-Peter Clausen) [Orabug: 23712824] \n- be2iscsi:Add missing error check in beiscsi_eeh_resume (Nicholas Krause) [Orabug: 23712824] \n- atl2: Disable unimplemented scatter/gather feature (Ben Hutchings) [Orabug: 23703754] {CVE-2016-2117}\n- be2net: Fix provisioning of RSS for VFs in multi-partition configurations (Somnath Kotur) [Orabug: 23641442] \n- be2net: Enable Wake-On-LAN from shutdown for Skyhawk (Sriharsha Basavapatna) [Orabug: 23641442] \n- be2net: use max-TXQs limit too while provisioning VF queue pairs (Suresh Reddy) [Orabug: 23641442] \n- benet: be_resume needs to protect be_open with rtnl_lock (Hannes Frederic Sowa) [Orabug: 23641442] \n- be2net: Dont leak iomapped memory on removal. (Douglas Miller) [Orabug: 23641442] \n- be2net: dont enable multicast flag in be_enable_if_filters() routine (Venkat Duvvuru) [Orabug: 23641442] \n- be2net: Fix a UE caused by passing large frames to the ASIC (ajit.khaparde@broadcom.com) [Orabug: 23641442] \n- be2net: Declare some u16 fields as u32 to improve performance (ajit.khaparde@broadcom.com) [Orabug: 23641442] \n- be2net: Fix pcie error recovery in case of NIC+RoCE adapters (Padmanabh Ratnakar) [Orabug: 23641442] \n- VSOCK: Only check error on skb_recv_datagram when skb is NULL (Jorgen Hansen) [Orabug: 23718522] \n- VSOCK: Detach QP check should filter out non matching QPs. (Jorgen Hansen) [Orabug: 23718522] \n- x86/mce: Ensure offline CPUs dont participate in rendezvous process (Ashok Raj) [Orabug: 23520972]\n[4.1.12-57]\n- PCI: Mark Intel i40e NIC INTx masking as broken (Alex Williamson) [Orabug: 23176970] \n- i40e: fix an uninitialized variable bug (Dan Carpenter) [Orabug: 23176970] \n- i40e: Bump version from 1.5.10 to 1.5.16 (Bimmy Pujari) [Orabug: 23176970] \n- i40e: dont add broadcast filter for VFs (Mitch Williams) [Orabug: 23176970] \n- i40e/i40evf: properly report Rx packet hash (Mitch Williams) [Orabug: 23176970] \n- i40e: set context to use VSI RSS LUT for SR-IOV (Ashish Shah) [Orabug: 23176970] \n- i40e: Correct UDP packet header for non_tunnel-ipv6 (Akeem G Abodunrin) [Orabug: 23176970] \n- i40e: change Rx hang message into a WARN_ONCE (Jacob Keller) [Orabug: 23176970] \n- i40e: Refactor ethtool get_settings (Catherine Sullivan) [Orabug: 23176970] \n- i40e: lie to the VF (Mitch Williams) [Orabug: 23176970] \n- i40e: Add vf-true-promisc-support priv flag (Anjali Singhai Jain) [Orabug: 23176970] \n- i40e: Implement the API function for aq_set_switch_config (Shannon Nelson) [Orabug: 23176970] \n- i40e: Add allmulti support for the VF (Anjali Singhai Jain) [Orabug: 23176970] \n- i40e: Add support for disabling all link and change bits needed for PHY interactions (Kevin Scott) [Orabug: 23176970] \n- i40e: constify i40e_client_ops structure (Julia Lawall) [Orabug: 23176970] \n- i40e: fix misleading indentation (Arnd Bergmann) [Orabug: 23176970] \n- i40e: Test memory before ethtool alloc succeeds (Jesse Brandeburg) [Orabug: 23176970] \n- i40evf: Allocate Rx buffers properly (Mitch Williams) [Orabug: 23176970] \n- i40e/i40evf: Remove unused hardware receive descriptor code (Jesse Brandeburg) [Orabug: 23176970] \n- i40evf: refactor receive routine (Jesse Brandeburg) [Orabug: 23176970] \n- i40evf: Drop packet split receive routine (Jesse Brandeburg) [Orabug: 23176970] \n- i40e: Refactor receive routine (Jesse Brandeburg) [Orabug: 23176970] \n- i40e/i40evf: Remove reference to ring->dtype (Jesse Brandeburg) [Orabug: 23176970] \n- i40e: Drop packet split receive routine (Jesse Brandeburg) [Orabug: 23176970] \n- i40e/i40evf: Refactor tunnel interpretation (Jesse Brandeburg) [Orabug: 23176970] \n- i40evf: make use of BIT() macro to avoid signed left shift (Jacob Keller) [Orabug: 23176970] \n- i40e: make use of BIT() macro to prevent left shift of signed values (Jacob Keller) [Orabug: 23176970] \n- i40e/i40evf: fix I40E_MASK signed shift overflow warnings (Jacob Keller) [Orabug: 23176970] \n- i40e/i40evf : Bump driver version from 1.5.5 to 1.5.10 (Harshitha Ramamurthy) [Orabug: 23176970] \n- i40e: Update device ids for X722 (Catherine Sullivan) [Orabug: 23176970] \n- i40e: Drop extra copy of function (Jesse Brandeburg) [Orabug: 23176970] \n- i40e: Use consistent type for vf_id (Jesse Brandeburg) [Orabug: 23176970] \n- i40e: PTP - avoid aggregate return warnings (Jesse Brandeburg) [Orabug: 23176970] \n- i40e: Fix uninitialized variable (Catherine Sullivan) [Orabug: 23176970] \n- i40evf: RSS Hash Option parameters (Carolyn Wyborny) [Orabug: 23176970] \n- i40e: Remove HMC AQ API implementation (Neerav Parikh) [Orabug: 23176970] \n- i40e: Limit the number of MAC and VLAN addresses that can be added for VFs (Anjali Singhai Jain) [Orabug: 23176970] \n- i40e: Change the default for VFs to be not privileged (Anjali Singhai Jain) [Orabug: 23176970] \n- i40evf: Add driver support for promiscuous mode (Anjali Singhai Jain) [Orabug: 23176970] \n- i40e: Add VF promiscuous mode driver support (Anjali Singhai Jain) [Orabug: 23176970] \n- i40e: Add promiscuous on VLAN support (Greg Rose) [Orabug: 23176970] \n- i40e/i40evf: Only offload VLAN tag if enabled (Jesse Brandeburg) [Orabug: 23176970] \n- i40e: Remove zero check (Greg Rose) [Orabug: 23176970] \n- i40e: Add DeviceID for X722 QSFP+ (Kamil Krawczyk) [Orabug: 23176970] \n- i40e: Add device capability which defines if update is available (Michal Kosiarz) [Orabug: 23176970] \n- i40evf: Allow PF driver to configure RSS (Mitch Williams) [Orabug: 23176970] \n- i40e: Specify AQ event opcode to wait for (Shannon Nelson) [Orabug: 23176970] \n- i40e: Code cleanup in i40e_add_fdir_ethtool (Shannon Nelson) [Orabug: 23176970] \n- i40evf: Dont Panic (Mitch Williams) [Orabug: 23176970] \n- i40e: Add support for configuring VF RSS (Mitch Williams) [Orabug: 23176970] \n- i40e/i40evf: Add support for IPIP and SIT offloads (Alexander Duyck) [Orabug: 23176970] \n- i40e/i40evf: Clean up feature flags (Alexander Duyck) [Orabug: 23176970] \n- i40evf: properly handle VLAN features (Mitch Williams) [Orabug: 23176970] \n- i40e/i40evf: Bump patch from 1.5.2 to 1.5.5 (Harshitha Ramamurthy) [Orabug: 23176970] \n- i40e: Input set mask constants for RSS, flow director, and flex bytes (Kiran Patil) [Orabug: 23176970] \n- i40e: Move NVM event wait check to NVM code (Shannon Nelson) [Orabug: 23176970] \n- i40e: Add RSS configuration to virtual channel (Mitch Williams) [Orabug: 23176970] \n- i40e: Move NVM variable out of AQ struct (Shannon Nelson) [Orabug: 23176970] \n- i40e: Restrict VF poll mode to only single function mode devices (Shannon Nelson) [Orabug: 23176970] \n- i40e/i40evf: Faster RX via avoiding FCoE (Jesse Brandeburg) [Orabug: 23176970] \n- i40e/i40evf: Drop unused tx_ring argument (Jesse Brandeburg) [Orabug: 23176970] \n- i40e/i40evf: Move stack var deeper (Jesse Brandeburg) [Orabug: 23176970] \n- i40e: Move HW flush (Akeem G Abodunrin) [Orabug: 23176970] \n- i40e: Leave debug_mask cleared at init (Shannon Nelson) [Orabug: 23176970] \n- i40e: Inserting a HW capability display info (Deepthi Kavalur) [Orabug: 23176970] \n- i40e/i40evf: Fix TSO checksum pseudo-header adjustment (Alexander Duyck) [Orabug: 23176970] \n- i40e/i40evf: Bump patch from 1.5.1 to 1.5.2 (Avinash Dayanand) [Orabug: 23176970] \n- i40e: Request PHY media event at reset time (Shannon Nelson) [Orabug: 23176970] \n- i40e: Lower some message levels (Mitch Williams) [Orabug: 23176970] \n- i40e: Fix for supported link modes in 10GBaseT PHYs (Avinash Dayanand) [Orabug: 23176970] \n- i40evf: Fix get_rss_aq (Catherine Sullivan) [Orabug: 23176970] \n- i40e: Disable link polling (Shannon Nelson) [Orabug: 23176970] \n- i40evf: Add longer wait after remove module (Mitch Williams) [Orabug: 23176970] \n- i40e: Make VF resets more reliable (Mitch Williams) [Orabug: 23176970] \n- i40e: Add new device ID for X722 (Catherine Sullivan) [Orabug: 23176970] \n- i40evf: Fix VLAN features (Mitch Williams) [Orabug: 23176970] \n- i40e: Remove unused variable (Mitch Williams) [Orabug: 23176970] \n- i40e: Enable Geneve offload for FW API ver > 1.4 for XL710/X710 devices (Anjali Singhai Jain) [Orabug: 23176970] \n- i40e: remove redundant check on vsi->active_vlans (Colin King) [Orabug: 23176970] \n- i40e/i40evf: Bump patch from 1.4.25 to 1.5.1 (Catherine Sullivan) [Orabug: 23176970] \n- i40e: Change comment to reflect correct function name (Mitch Williams) [Orabug: 23176970] \n- i40evf: Add additional check for reset (Mitch Williams) [Orabug: 23176970] \n- i40e: Change unknown event error msg to ignore message (Shannon Nelson) [Orabug: 23176970] \n- i40e: Added code to prevent double resets (Mitch Williams) [Orabug: 23176970] \n- i40e: Notify VFs of all resets (Mitch Williams) [Orabug: 23176970] \n- i40e: Remove timer and task only if created (Shannon Nelson) [Orabug: 23176970] \n- i40e: Assure that adminq is alive in debug mode (Shannon Nelson) [Orabug: 23176970] \n- i40e: Remove MSIx only if created (Shannon Nelson) [Orabug: 23176970] \n- i40e: Fix up return code (Jesse Brandeburg) [Orabug: 23176970] \n- i40e: Save off VSI resource count when updating VSI (Kevin Scott) [Orabug: 23176970] \n- i40e/i40evf: Remove I40E_MAX_USER_PRIORITY define (Catherine Sullivan) [Orabug: 23176970] \n- i40e/i40evf: Fix casting in transmit code (Jesse Brandeburg) [Orabug: 23176970] \n- i40e/i40evf: Fix handling of boolean logic in polling routines (Alexander Duyck) [Orabug: 23176970] \n- i40evf: remove dead code (Alan Cox) [Orabug: 23176970] \n- i40e/i40evf: Allow up to 12K bytes of data per Tx descriptor instead of 8K (Alexander Duyck) [Orabug: 23176970] \n- i40e: call ndo_stop() instead of dev_close() when running offline selftest (Stefan Assmann) [Orabug: 23176970] \n- i40e/i40evf: Limit TSO to 7 descriptors for payload instead of 8 per packet (Alexander Duyck) [Orabug: 23176970] \n- i40e: fix errant PCIe bandwidth message (Jesse Brandeburg) [Orabug: 23176970] \n- i40e: Add support for client interface for IWARP driver (Anjali Singhai Jain) [Orabug: 23176970]", "edition": 72, "modified": "2016-08-26T00:00:00", "published": "2016-08-26T00:00:00", "id": "ELSA-2016-3596", "href": "http://linux.oracle.com/errata/ELSA-2016-3596.html", "title": "Unbreakable Enterprise kernel security update", "type": "oraclelinux", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-05-29T18:39:39", "bulletinFamily": "unix", "cvelist": ["CVE-2016-2384", "CVE-2016-4794", "CVE-2016-6480", "CVE-2016-3070", "CVE-2016-2069", "CVE-2016-4581", "CVE-2016-2053", "CVE-2016-5828", "CVE-2016-2847", "CVE-2016-3156", "CVE-2015-8746", "CVE-2016-6136", "CVE-2015-8812", "CVE-2016-4569", "CVE-2015-8543", "CVE-2015-8374", "CVE-2016-3699", "CVE-2016-5829", "CVE-2016-6198", "CVE-2015-8956", "CVE-2013-4312", "CVE-2016-7039", "CVE-2016-5195", "CVE-2016-4578", "CVE-2016-5412", "CVE-2016-6327", "CVE-2016-3841", "CVE-2015-8844", "CVE-2016-2117", "CVE-2015-8845"], "description": "- [3.10.0-514.OL7]\n- Oracle Linux certificates (Alexey Petrenko)\n- Oracle Linux RHCK Module Signing Key was compiled into kernel (olkmod_signing_key.x509)(alexey.petrenko@oracle.com)\n- Update x509.genkey [bug 24817676]\n[3.10.0-514]\n- [mm] remove gup_flags FOLL_WRITE games from __get_user_pages() (Larry Woodman) [1385124] {CVE-2016-5195}\n[3.10.0-513]\n- [md] dm raid: fix compat_features validation (Mike Snitzer) [1383726]\n[3.10.0-512]\n- [fs] revert 'ext4: pre-zero allocated blocks for DAX IO' (Eric Sandeen) [1380571]\n- [fs] nfsd: fix corruption in notifier registration ('J. Bruce Fields') [1378363]\n- [fs] xfs: log recovery tracepoints to track current lsn and buffer submission (Brian Foster) [1362730]\n- [fs] xfs: update metadata LSN in buffers during log recovery (Brian Foster) [1362730]\n- [fs] xfs: dont warn on buffers not being recovered due to LSN (Brian Foster) [1362730]\n- [fs] xfs: pass current lsn to log recovery buffer validation (Brian Foster) [1362730]\n- [fs] xfs: rework log recovery to submit buffers on LSN boundaries (Brian Foster) [1362730]\n- [x86] perf/uncore: Disable uncore on kdump kernel (Jiri Olsa) [1379569]\n- [netdrv] mlx4_core: Fix to clean devlink resources (Kamal Heib) [1379504]\n[3.10.0-511]\n- [net] add recursion limit to GRO (Sabrina Dubroca) [1374191] {CVE-2016-7039}\n- [mm] cgroup: fix hugetlb_cgroup_read() (Jerome Marchand) [1378236]\n- [fs] nfs: change invalidatepage prototype to accept length (Benjamin Coddington) [1366131]\n- [fs] xfs: quiesce the filesystem after recovery on readonly mount (Eric Sandeen) [1375457]\n- [fs] xfs: rework buffer dispose list tracking (Brian Foster) [1349175]\n- [fs] ext4: pre-zero allocated blocks for DAX IO (Eric Sandeen) [1367989]\n- [fs] gfs2: Initialize atime of I_NEW inodes (Andreas Grunbacher) [1379447]\n- [fs] gfs2: Update file times after grabbing glock (Andreas Grunbacher) [1379447]\n- [x86] topology: Handle CPUID bogosity gracefully (Vitaly Kuznetsov) [1377988]\n- [netdrv] sfc: check async completer is !NULL before calling (Jarod Wilson) [1368201]\n- [infiniband] ib/mlx5: Fix iteration overrun in GSI qps (Don Dutile) [1376941]\n[3.10.0-510]\n- [kernel] audit: fix exe_file access in audit_exe_compare (Richard Guy Briggs) [1374478]\n- [kernel] mm: introduce get_task_exe_file (Richard Guy Briggs) [1374478]\n- [kernel] prctl: avoid using mmap_sem for exe_file serialization (Richard Guy Briggs) [1374478]\n- [kernel] mm: rcu-protected get_mm_exe_file() (Richard Guy Briggs) [1374478]\n- [dm] dm-raid: reverse validation of nosync+rebuild flags (Heinz Mauelshagen) [1371717]\n- [x86] kvm: correctly reset dest_map->vector when restoring LAPIC state (Paolo Bonzini) [1367716]\n- [s390] dasd: fix hanging device after clear subchannel (Gustavo Duarte) [1368068]\n- [netdrv] bna: fix crash in bnad_get_strings() (Ivan Vecera) [1376508]\n- [netdrv] bna: add missing per queue ethtool stat (Ivan Vecera) [1376508]\n- [powerpc] kvm: Implement kvm_arch_intc_initialized() for PPC (David Gibson) [1375778]\n- [powerpc] kvm: book3s: Dont crash if irqfd used with no in-kernel XICS emulation (David Gibson) [1375778]\n[3.10.0-509]\n- [mm] sparse: use memblock apis for early memory allocations (Koki Sanagi) [1375453]\n- [mm] memblock: add memblock memory allocation apis (Koki Sanagi) [1375453]\n- [mm] thp: harden the debug kernel with a strict check for thp_mmu_gather (Andrea Arcangeli) [1369365]\n- [mm] thp: initialize thp_mmu_gather for newly allocated migrated pages (Andrea Arcangeli) [1369365]\n- [mm] thp: put_huge_zero_page() with MMU gather #2 (Andrea Arcangeli) [1369365]\n- [fs] nfs: fix BUG() crash in notify_change() with patch to chown_common() ('J. Bruce Fields') [1342695]\n- [net] ipv6: gro: fix forwarding of tunneled packets (Jiri Benc) [1375438]\n- [net] sctp: hold the transport before using it in sctp_hash_cmp (Xin Long) [1368884]\n- [net] sctp: identify chunks that need to be fragmented at IP level (Xin Long) [1371377]\n- [scsi] be2iscsi: revert: _bh for io_sgl_lock and mgmt_sgl_lock (Maurizio Lombardi) [1374223]\n- [block] blk-mq: Allow timeouts to run while queue is freezing (Gustavo Duarte) [1372483]\n- [block] defer timeouts to a workqueue (Gustavo Duarte) [1372483]\n- [netdrv] tg3: Fix for disallow tx coalescing time to be 0 (Ivan Vecera) [1368885]\n- [netdrv] tg3: Fix for diasllow rx coalescing time to be 0 (Ivan Vecera) [1368885]\n- [infiniband] rdma/ocrdma: Support user AH creation for RoCE-v2 (Don Dutile) [1376120]\n- [infiniband] rdma/ocrdma: Support RoCE-v2 in the RC path (Don Dutile) [1376120]\n- [infiniband] rdma/ocrdma: Support RoCE-v2 in the UD path (Don Dutile) [1376120]\n- [infiniband] rdma/ocrdma: Export udp encapsulation capability (Don Dutile) [1376120]\n- [infiniband] ib/mlx5: Fix wrong naming of port_rcv_data counter (Don Dutile) [1374862]\n[3.10.0-508]\n- [drm] i915: Add GEN7_PCODE_MIN_FREQ_TABLE_GT_RATIO_OUT_OF_RANGE to SNB (Lyude Paul) [1341633 1355776]\n- [drm] i915/gen9: implement missing case for SKL watermarks calculation (Lyude Paul) [1341633 1355776]\n- [drm] i915/gen9: fix the watermark res_blocks value (Lyude Paul) [1341633 1355776]\n- [drm] i915/gen9: fix plane_blocks_per_line on watermarks calculations (Lyude Paul) [1341633 1355776]\n- [drm] i915/gen9: minimum scanlines for Y tile is not always 4 (Lyude Paul) [1341633 1355776]\n- [drm] i915/gen9: fix the WaWmMemoryReadLatency implementation (Lyude Paul) [1341633 1355776]\n- [drm] i915/skl: Dont try to update plane watermarks if they havent changed (Lyude Paul) [1341633 1355776]\n- [drm] i915/skl: Update DDB values atomically with wms/plane attrs (Lyude Paul) [1341633 1355776]\n- [drm] i915: Move CRTC updating in atomic_commit into its own hook (Lyude Paul) [1341633 1355776]\n- [drm] i915/skl: Ensure pipes with changed wms get added to the state (Lyude Paul) [1341633 1355776]\n- [drm] i915/skl: Update plane watermarks atomically during plane updates (Lyude Paul) [1341633 1355776]\n- [drm] i915/gen9: Only copy WM results for changed pipes to skl_hw (Lyude Paul) [1341633 1355776]\n- [drm] i915/skl: Add support for the SAGV, fix underrun hangs (Lyude Paul) [1341633 1355776]\n- [drm] i915/gen6+: Interpret mailbox error flags (Lyude Paul) [1341633 1355776]\n- [drm] i915/gen9: Only copy WM results for changed pipes to skl_hw (Lyude Paul) [1341633 1355776]\n[3.10.0-507]\n- [netdrv] ixgbe: fix spoofed packets with macvlans (Ken Cox) [1324631]\n- [tools] perf mem: Fix -t store option for record command (Jiri Olsa) [1357531 1357543]\n- [x86] clock: Fix kvm guest tsc initialization (Prarit Bhargava) [1372759]\n- [x86] tsc: Enumerate BXT tsc_khz via CPUID (Prarit Bhargava) [1372759]\n- [drm] i915: Enable polling when we dont have hpd (Lyude Paul) [1277863]\n- [drm] i915/vlv: Disable HPD in valleyview_crt_detect_hotplug() (Lyude Paul) [1277863]\n- [drm] i915/vlv: Reset the ADPA in vlv_display_power_well_init() (Lyude Paul) [1277863]\n- [drm] i915/vlv: Make intel_crt_reset() per-encoder (Lyude Paul) [1277863]\n- [fs] Fix NULL pointer dereference in bl_free_device() (Benjamin Coddington) [1356796]\n- [fs] nfs/blocklayout: support RH/Fedora dm-mpath device nodes (Benjamin Coddington) [1356796]\n- [fs] nfs/blocklayout: refactor open-by-wwn (Benjamin Coddington) [1356796]\n- [fs] nfs/blocklayout: use proper fmode for opening block devices (Benjamin Coddington) [1356796]\n- [fs] sunrpc: fix UDP memory accounting (Paolo Abeni) [1298899]\n[3.10.0-506]\n- [kernel] timekeeping: Cap adjustments so they dont exceed the maxadj value (Marcelo Tosatti) [1246218]\n- [kernel] fork: allocate idle task for a CPU always on its local node (Oleg Nesterov) [1339635]\n- [kernel] sys: do_sysinfo() use get_monotonic_boottime() (Milos Vyletel) [1373224]\n- [fs] proc/uptime: uptime_proc_show() use get_monotonic_boottime() (Milos Vyletel) [1373224]\n- [fs] exec: de_thread: mt-exec should update ->real_start_time (Milos Vyletel) [1373224]\n- [fs] ovl: clear nlink on rmdir (Miklos Szeredi) [1373787]\n- [fs] ovl: share inode for hard link (Miklos Szeredi) [1373787]\n- [fs] ovl: use generic_delete_inode (Miklos Szeredi) [1373787]\n- [fs] ovl: handle umask and posix_acl_default correctly on creation (Miklos Szeredi) [1351863]\n- [fs] ovl: fix sgid on directory (Miklos Szeredi) [1351863]\n- [fs] ovl: copyattr after setting POSIX ACL (Miklos Szeredi) [1371638]\n- [fs] ovl: Switch to generic_removexattr (Miklos Szeredi) [1371651]\n- [fs] ovl: Get rid of ovl_xattr_noacl_handlers array (Miklos Szeredi) [1371651]\n- [fs] ext4: print ext4 mount option data_err=abort correctly (Lukas Czerner) [1342403]\n- [fs] nfs4: Avoid migration loops (Benjamin Coddington) [1355977]\n- [fs] nfs: dont create zero-length requests (Benjamin Coddington) [1324635]\n- [fs] xfs: dont assert fail on non-async buffers on ioacct decrement (Brian Foster) [1363822]\n- [fs] btrfs: set S_IOPS_WRAPPER consistently (Eric Sandeen) [1182456]\n- [fs] xfs: prevent dropping ioend completions during buftarg wait (Brian Foster) [1370177]\n- [fs] gfs2: Fix extended attribute readahead optimization (Robert S Peterson) [1256539]\n- [mm] page_alloc: dont re-init pageset in zone_pcp_update() (Yasuaki Ishimatsu) [1374114]\n- [mm] readahead: Move readahead limit outside of readahead, and advisory syscalls (Kyle Walker) [1351353]\n- [net] veth: sctp: add NETIF_F_SCTP_CRC to device features (Xin Long) [1367105]\n- [net] veth: Update features to include all tunnel GSO types (Xin Long) [1367105]\n- [tty] serial: 8250_dw: add ability to handle the peripheral clock (Prarit Bhargava) [1367476]\n- [x86] mm: Fix regression panic at boot time seen on some NUMA systems (Larry Woodman) [1372047]\n- [x86] mm: non-linear virtual memory fix for KNL4 erratum (Larry Woodman) [1372047]\n- [x86] tsc: Add rdtscll() merge helper (Mitsuhiro Tanino) [1372398]\n- [x86] kvm: Expose more Intel AVX512 feature to guest (Paolo Bonzini) [1369038]\n- [s390] pci: remove iomap sanity checks (Jason Wang) [1373503]\n- [nvme] Add device IDs with stripe quirk (David Milburn) [1371642]\n- [scsi] mpt3sas: Fix panic when aer correct error occurred (Frank Ramsay) [1374745]\n- [iommu] vt-d: Disable passthrough mode on Kexec kernel (Myron Stowe) [1367621]\n- [netdrv] ixgbe: Eliminate useless message and improve logic (Ken Cox) [1369519]\n- [netdrv] sfc: check MTU against minimum threshold (Jarod Wilson) [1363683]\n[3.10.0-505]\n- [hv] balloon: replace ha_region_mutex with spinlock (Vitaly Kuznetsov) [1361245]\n- [hv] balloon: dont wait for ol_waitevent when memhp_auto_online is enabled (Vitaly Kuznetsov) [1361245]\n- [hv] balloon: account for gaps in hot add regions (Vitaly Kuznetsov) [1361245]\n- [hv] balloon: keep track of where ha_region starts (Vitaly Kuznetsov) [1361245]\n- [mm] memory-hotplug: add hot-added memory ranges to memblock before allocate node_data for a node (Yasuaki Ishimatsu) [1365766]\n- [mm] memory-hotplug: fix wrong edge when hot add a new node (Yasuaki Ishimatsu) [1365766]\n- [rtc] rtc-rx8581: Mark tech preview (Prarit Bhargava) [1362164]\n- [rtc] rtc-rx8581.c: add SMBus-only adapters support (Prarit Bhargava) [1362164]\n- [rtc] rtc-rx8581.c: remove empty function (Prarit Bhargava) [1362164]\n- [pci] Restore original checksums of pci symbols (Stanislav Kozina) [1370477]\n- [net] reserve kABI fields in struct packet_type (Jiri Benc) [1358738]\n- [net] openvswitch: Ignore negative headroom value (Jakub Sitnicki) [1369642]\n- [scsi] qla2xxx: Update the driver version to 8.07.00.33.07.3-k1 (Chad Dupuis) [1367530]\n- [scsi] qla2xxx: Set FLOGI retry in additional firmware options for P2P (N2N) mode (Chad Dupuis) [1361279]\n- [scsi] qla2xxx: prevent board_disable from running during EEH (Chad Dupuis) [1367530]\n- [kernel] sched/fair: Fix typo in sync_throttle() (Xunlei Pang) [1341003]\n- [kernel] sched/fair: Rework throttle_count sync (Xunlei Pang) [1341003]\n- [kernel] sched/fair: Do not announce throttled next buddy in dequeue_task_fair() (Xunlei Pang) [1341003]\n- [kernel] sched/fair: Initialize throttle_count for new task-groups lazily (Xunlei Pang) [1341003]\n- [kernel] audit: fix a double fetch in audit_log_single_execve_arg() (Paul Moore) [1359306] {CVE-2016-6136}\n- [powerpc] revert 'pci: Assign fixed PHB number based on device-tree properties' (Gustavo Duarte) [1360353 1373109]\n- [powerpc] revert 'pci: Fix endian bug in fixed PHB numbering' (Gustavo Duarte) [1360353 1373109]\n- [infiniband] rdma/ocrdma: Fix the max_sge reported from FW (Honggang Li) [1369540]\n[3.10.0-504]\n- [fs] dax: disable dax on ext2 and ext3 (Jeff Moyer) [1369900]\n- [fs] dax: mark tech preview (Jeff Moyer) [1369825]\n- [fs] pmem: disable dax mounting in the prsence of media errors (Jeff Moyer) [1367132]\n- [fs] xfs: Add alignment check for DAX mount (Jeff Moyer) [1367132]\n- [fs] ext4: Add alignment check for DAX mount (Jeff Moyer) [1367132]\n- [fs] block: Add bdev_dax_supported() for dax mount checks (Jeff Moyer) [1367132]\n- [fs] block: Add vfs_msg() interface (Jeff Moyer) [1367132]\n- [tools] x86/insn: remove pcommit (Jeff Moyer) [1350153]\n- [x86] revert 'kvm: x86: add pcommit support' (Jeff Moyer) [1350153]\n- [tools] pmem: kill __pmem address space (Jeff Moyer) [1350153]\n- [kernel] pmem: kill wmb_pmem() (Jeff Moyer) [1350153]\n- [nvdimm] libnvdimm, pmem: use nvdimm_flush() for namespace I/O writes (Jeff Moyer) [1350153]\n- [fs] dax: remove wmb_pmem() (Jeff Moyer) [1350153]\n- [kernel] libnvdimm, pmem: flush posted-write queues on shutdown (Jeff Moyer) [1350153]\n- [nvdimm] libnvdimm, pmem: use REQ_FUA, REQ_FLUSH for nvdimm_flush() (Jeff Moyer) [1350153]\n- [nvdimm] libnvdimm: cycle flush hints (Jeff Moyer) [1350153]\n- [kernel] libnvdimm: introduce nvdimm_flush() and nvdimm_has_flush() (Jeff Moyer) [1350153]\n- [nvdimm] libnvdimm: keep region data alive over namespace removal (Jeff Moyer) [1350153]\n- [tools] testing/nvdimm: simulate multiple flush hints per-dimm (Jeff Moyer) [1350153]\n- [kernel] libnvdimm, nfit: move flush hint mapping to region-device driver-data (Jeff Moyer) [1350153]\n- [kernel] libnvdimm, nfit: remove nfit_spa_map() infrastructure (Jeff Moyer) [1350153]\n- [kernel] libnvdimm: introduce devm_nvdimm_memremap(), convert nfit_spa_map() users (Jeff Moyer) [1350153]\n- [acpi] nfit: dont override return value of nfit_mem_init (Jeff Moyer) [1350153]\n- [acpi] nfit: always associate flush hints (Jeff Moyer) [1350153]\n- [tools] testing/nvdimm: remove __wrap_devm_memremap_pages placeholder (Jeff Moyer) [1350153]\n- [kernel] devm: add helper devm_add_action_or_reset() (Jeff Moyer) [1350153]\n[3.10.0-503]\n- [scsi] sas: remove is_sas_attached() (Ewan Milne) [1370231]\n- [scsi] ses: use scsi_is_sas_rphy instead of is_sas_attached (Ewan Milne) [1370231]\n- [scsi] sas: provide stub implementation for scsi_is_sas_rphy (Ewan Milne) [1370231]\n- [target] lio: assume a maximum of 1024 iovecs (Andy Grover) [1367597]\n- [scsi] smartpqi: bump driver version (Scott Benesh) [1370631]\n- [scsi] smartpqi: add smartpqi.txt (Scott Benesh) [1370631]\n- [scsi] smartpqi: update maintainers (Scott Benesh) [1370631]\n- [scsi] smartpqi: update Kconfig (Scott Benesh) [1370631]\n- [scsi] smartpqi: remove timeout for cache flush operations (Scott Benesh) [1370631]\n- [scsi] smartpqi: scsi queuecommand cleanup (Scott Benesh) [1370631]\n- [scsi] smartpqi: minor tweaks to update time support (Scott Benesh) [1370631]\n- [scsi] smartpqi: minor function reformating (Scott Benesh) [1370631]\n- [scsi] smartpqi: correct event acknowledgement timeout issue (Scott Benesh) [1370631]\n- [scsi] smartpqi: correct controller offline issue (Scott Benesh) [1370631]\n- [scsi] smartpqi: add kdump support (Scott Benesh) [1370631]\n- [scsi] smartpqi: enhance reset logic (Scott Benesh) [1370631]\n- [scsi] smartpqi: enhance drive offline informational message (Scott Benesh) [1370631]\n- [scsi] smartpqi: simplify spanning (Scott Benesh) [1370631]\n- [scsi] smartpqi: change tmf macro names (Scott Benesh) [1370631]\n- [scsi] smartpqi: change aio sg processing (Scott Benesh) [1370631]\n[3.10.0-502]\n- [fs] rbd: add force close option (Ilya Dryomov) [1196119]\n- [fs] rbd: add 'config_info' sysfs rbd device attribute (Ilya Dryomov) [1196119]\n- [fs] rbd: add 'snap_id' sysfs rbd device attribute (Ilya Dryomov) [1196119]\n- [fs] rbd: add 'cluster_fsid' sysfs rbd device attribute (Ilya Dryomov) [1196119]\n- [fs] rbd: add 'client_addr' sysfs rbd device attribute (Ilya Dryomov) [1196119]\n- [fs] rbd: print capacity in decimal and features in hex (Ilya Dryomov) [1196119]\n- [fs] rbd: support for exclusive-lock feature (Ilya Dryomov) [1196119]\n- [fs] rbd: retry watch re-registration periodically (Ilya Dryomov) [1196119]\n- [fs] rbd: introduce a per-device ordered workqueue (Ilya Dryomov) [1196119]\n- [fs] libceph: rename ceph_client_id() -> ceph_client_gid() (Ilya Dryomov) [1196119]\n- [fs] libceph: support for blacklisting clients (Ilya Dryomov) [1196119]\n- [fs] libceph: support for lock.lock_info (Ilya Dryomov) [1196119]\n- [fs] libceph: support for advisory locking on RADOS objects (Ilya Dryomov) [1196119]\n- [fs] libceph: add ceph_osdc_call() single-page helper (Ilya Dryomov) [1196119]\n- [fs] libceph: support for CEPH_OSD_OP_LIST_WATCHERS (Ilya Dryomov) [1196119]\n- [fs] libceph: rename ceph_entity_name_encode() -> ceph_auth_entity_name_encode() (Ilya Dryomov) [1196119]\n- [fs] libceph: make cancel_generic_request() static (Ilya Dryomov) [1196119]\n- [fs] libceph: fix return value check in alloc_msg_with_page_vector() (Ilya Dryomov) [1196119]\n- [fs] ceph: fix symbol versioning for ceph_monc_do_statfs (Ilya Dryomov) [1196119]\n- [fs] libceph: add start en/decoding block helpers (Ilya Dryomov) [1196119]\n- [fs] libceph: add an ONSTACK initializer for oids (Ilya Dryomov) [1196119]\n- [fs] libceph: fix some missing includes (Ilya Dryomov) [1196119]\n- [mm] swap: flush lru pvecs on compound page arrival (Jerome Marchand) [1341766 1343920]\n- [md] raid1/raid10: slow down resync if there is non-resync activity pending (Jes Sorensen) [1371545]\n- [x86] hibernate: Use hlt_play_dead() when resuming from hibernation (Lenny Szubowicz) [1229590]\n- [x86] Mark Intel Purley 2 socket processor as supported (Steve Best) [1362645]\n- [i2c] i801: Add support for Kaby Lake PCH-H (David Arcari) [1310953]\n- [mfd] lpss: Add Intel Kaby Lake PCH-H PCI IDs (David Arcari) [1310953]\n- [usb] dwc3: pci: add Intel Kabylake PCI ID (David Arcari) [1310953]\n- [edac] sb_edac: Fix channel reporting on Knights Landing (Aristeu Rozanski) [1367330]\n- [include] bluetooth: Fix kabi breakage in struct hci_core (Don Zickus) [1370583]\n- [powerpc] pci: Fix endian bug in fixed PHB numbering (Gustavo Duarte) [1360353]\n- [powerpc] pci: Assign fixed PHB number based on device-tree properties (Gustavo Duarte) [1360353]\n[3.10.0-501]\n- [netdrv] sfc: work around TRIGGER_INTERRUPT command not working on SFC9140 (Jarod Wilson) [1368201]\n- [netdrv] sfc: remove duplicate assignment (Jarod Wilson) [1368201]\n- [netdrv] sfc: include size-binned TX stats on sfn8542q (Jarod Wilson) [1368201]\n- [netdrv] sfc: fix potential stack corruption from running past stat bitmask (Jarod Wilson) [1368201]\n- [netdrv] sfc: avoid division by zero (Jarod Wilson) [1368201]\n- [netdrv] sfc: get timer configuration from adapter (Jarod Wilson) [1368201]\n- [netdrv] sfc: set interrupt moderation via MCDI (Jarod Wilson) [1368201]\n- [netdrv] sfc: use new performance based event queue init (Jarod Wilson) [1368201]\n- [netdrv] sfc: retrieve second word of datapath capabilities (Jarod Wilson) [1368201]\n- [netdrv] sfc: allow asynchronous MCDI without completion function (Jarod Wilson) [1368201]\n- [netdrv] sfc: update MCDI protocol headers (Jarod Wilson) [1368201]\n- [netdrv] sfc: avoid -Wtype-limits warning (Jarod Wilson) [1368201]\n- [netdrv] sfc: Fix VLAN filtering feature if vPort has VLAN_RESTRICT flag (Jarod Wilson) [1368201]\n- [netdrv] sfc: Update MCDI protocol definitions (Jarod Wilson) [1368201]\n- [netdrv] sfc: Disable VLAN filtering by default if not strictly required (Jarod Wilson) [1368201]\n- [netdrv] sfc: VLAN filters must only be created if the firmware supports this (Jarod Wilson) [1368201]\n- [netdrv] sfc: Fix dup unknown multicast/unicast filters after datapath reset (Jarod Wilson) [1368201]\n- [netdrv] sfc: Refactor checks for invalid filter ID (Jarod Wilson) [1368201]\n- [netdrv] sfc: Take mac_lock before calling efx_ef10_filter_table_probe (Jarod Wilson) [1368201]\n- [netdrv] sfc: Implement ndo_vlan_rx_{add, kill}_vid() callbacks (Jarod Wilson) [1368201]\n- [netdrv] sfc: Implement list of VLANs added over interface (Jarod Wilson) [1368201]\n- [netdrv] sfc: Make EF10 filter management helper functions VLAN-aware (Jarod Wilson) [1368201]\n- [netdrv] sfc: Store unicast and multicast promisc flag with address cache (Jarod Wilson) [1368201]\n- [netdrv] sfc: Move filter IDs to per-VLAN data structure (Jarod Wilson) [1368201]\n- [netdrv] sfc: Forget filter ID when the filter is marked old (Jarod Wilson) [1368201]\n- [netdrv] sfc: Assert filter_sem write locked when required (Jarod Wilson) [1368201]\n- [netdrv] sfc: Add efx_nic member with fixed netdev features (Jarod Wilson) [1368201]\n- [netdrv] sfc: Move last mc_promisc flag to EF10 filter table state (Jarod Wilson) [1368201]\n- [netdrv] sfc: Define macro with EF10 offload feature (Jarod Wilson) [1368201]\n- [netdrv] sfc: on MC reset, clear PIO buffer linkage in TXQs (Jarod Wilson) [1368201]\n- [netdrv] sfc: disable RSS when unsupported (Jarod Wilson) [1368201]\n- [netdrv] sfc: implement IPv6 NFC (and IPV4_USER_FLOW) (Jarod Wilson) [1368201]\n- [netdrv] i40iw: Receive notification events correctly (Stefan Assmann) [1371734]\n- [netdrv] i40iw: Update hw_iwarp_state (Stefan Assmann) [1371734]\n- [netdrv] i40iw: Send last streaming mode message for loopback connections (Stefan Assmann) [1371734]\n- [netdrv] i40iw: Avoid writing to freed memory (Stefan Assmann) [1371734]\n- [netdrv] i40iw: Fix double free of allocated_buffer (Stefan Assmann) [1371734]\n- [netdrv] i40iw: Add missing NULL check for MPA private data (Stefan Assmann) [1371734]\n- [netdrv] i40iw: Add missing check for interface already open (Stefan Assmann) [1371734]\n- [netdrv] i40iw: Protect req_resource_num update (Stefan Assmann) [1371734]\n- [netdrv] i40iw: Change mem_resources pointer to a u8 (Stefan Assmann) [1371734]\n- [netdrv] hv_netvsc: fix bonding devices check in netvsc_netdev_event() (Vitaly Kuznetsov) [1364333]\n- [netdrv] hv_netvsc: protect module refcount by checking net_device_ctx->vf_netdev (Vitaly Kuznetsov) [1364333]\n- [netdrv] hv_netvsc: reset vf_inject on VF removal (Vitaly Kuznetsov) [1364333]\n- [netdrv] hv_netvsc: avoid deadlocks between rtnl lock and vf_use_cnt wait (Vitaly Kuznetsov) [1364333]\n- [netdrv] hv_netvsc: dont lose VF information (Vitaly Kuznetsov) [1364333]\n- [netdrv] mlx4_en: Add resilience in low memory systems (kamal heib) [1367818]\n- [netdrv] net/mlx4_en: Move filters cleanup to a proper location (kamal heib) [1367818]\n[3.10.0-500]\n- [drm] amdgpu: Disable RPM helpers while reprobing connectors on resume (Rob Clark) [1348329 1349064]\n- [drm] i915/kbl: Kabylake uses the same GMS values as Skylake (Rob Clark) [1348329 1349064]\n- [drm] i915/bxt: Broxton uses the same GMS values as Skylake (Rob Clark) [1348329 1349064]\n- [drm] i915/skl: Add the additional graphics stolen sizes (Rob Clark) [1348329 1349064]\n- [drm] x86/gpu: Sprinkle const, __init and __initconst to stolen memory quirks (Rob Clark) [1348329 1349064]\n- [drm] x86/gpu: Implement stolen memory size early quirk for CHV (Rob Clark) [1348329 1349064]\n- [drm] x86/gpu: Fix sign extension issue in Intel graphics stolen memory quirks (Rob Clark) [1348329 1349064]\n- [drm] makefile: update DRM version (Rob Clark) [1348329 1349064]\n- [drm] i915: Revert DisplayPort fast link training feature (Rob Clark) [1348329 1349064]\n- [drm] vmwgfx: Fix error paths when mapping framebuffer (Rob Clark) [1348329 1349064]\n- [drm] vmwgfx: Fix corner case screen target management (Rob Clark) [1348329 1349064]\n- [drm] vmwgfx: Delay pinning fbdev framebuffer until after mode set (Rob Clark) [1348329 1349064]\n- [drm] vmwgfx: Check pin count before attempting to move a buffer (Rob Clark) [1348329 1349064]\n- [drm] vmwgfx: Work around mode set failure in 2D VMs (Rob Clark) [1348329 1349064]\n- [drm] vmwgfx: Add an option to change assumed FB bpp (Rob Clark) [1348329 1349064]\n- [drm] ttm: Make ttm_bo_mem_compat available (Rob Clark) [1348329 1349064]\n- [drm] atomic: Make drm_atomic_legacy_backoff reset crtc->acquire_ctx (Rob Clark) [1348329 1349064]\n- [drm] amd/powerplay: fix incorrect voltage table value for tonga (Rob Clark) [1348329 1349064]\n- [drm] amd/powerplay: incorrectly use of the function return value (Rob Clark) [1348329 1349064]\n- [drm] amd/powerplay: fix logic error (Rob Clark) [1348329 1349064]\n- [drm] amd/powerplay: need to notify system bios pcie device ready (Rob Clark) [1348329 1349064]\n- [drm] amd/powerplay: fix bug that function parameter was incorect (Rob Clark) [1348329 1349064]\n- [drm] make drm_atomic_set_mode_prop_for_crtc() more reliable (Rob Clark) [1348329 1349064]\n- [drm] add missing drm_mode_set_crtcinfo call (Rob Clark) [1348329 1349064]\n- [drm] i915: Refresh cached DP port register value on resume (Rob Clark) [1348329 1349064]\n- [drm] i915/ilk: Dont disable SSC source if its in use (Rob Clark) [1348329 1349064]\n- [drm] nouveau/disp/sor/gf119: select correct sor when poking training pattern (Rob Clark) [1348329 1349064]\n- [drm] nouveau: fix for disabled fbdev emulation (Rob Clark) [1348329 1349064]\n- [drm] nouveau/ltc/gm107-: fix typo in the address of NV_PLTCG_LTC0_LTS0_INTR (Rob Clark) [1348329 1349064]\n- [drm] nouveau/gr/gf100-: update sm error decoding from gk20a nvgpu headers (Rob Clark) [1348329 1349064]\n- [drm] nouveau/bios/disp: fix handling of 'match any protocol' entries (Rob Clark) [1348329 1349064]\n- [drm] dp/mst: Always clear proposed vcpi table for port (Rob Clark) [1348329 1349064]\n- [drm] amdgpu: initialize amdgpu_cgs_acpi_eval_object result value (Rob Clark) [1348329 1349064]\n- [drm] amdgpu: fix num_rbs exposed to userspace (v2) (Rob Clark) [1348329 1349064]\n- [drm] amdgpu/gfx7: fix broken condition check (Rob Clark) [1348329 1349064]\n- [drm] radeon: fix asic initialization for virtualized environments (Rob Clark) [1348329 1349064]\n- [drm] i915: Removing PCI IDs that are no longer listed as Kabylake (Rob Clark) [1348329 1349064]\n- [drm] i915: Add more Kabylake PCI IDs (Rob Clark) [1348329 1349064]\n- [drm] i915/kbl: Introduce the first official DMC for Kabylake (Rob Clark) [1348329 1349064]\n- [drm] i915/bxt: Reject DMC firmware versions with known bugs (Rob Clark) [1348329 1349064]\n- [drm] i915/gen9: implement WaConextSwitchWithConcurrentTLBInvalidate (Rob Clark) [1348329 1349064]\n- [drm] i915: implement WaClearTdlStateAckDirtyBits (Rob Clark) [1348329 1349064]\n- [drm] i915/kbl: Add WaClearSlmSpaceAtContextSwitch (Rob Clark) [1348329 1349064]\n- [drm] i915/kbl: Add WaDisableSbeCacheDispatchPortSharing (Rob Clark) [1348329 1349064]\n- [drm] i915/kbl: Add WaDisableGafsUnitClkGating (Rob Clark) [1348329 1349064]\n- [drm] i915/kbl: Add WaForGAMHang (Rob Clark) [1348329 1349064]\n- [drm] i915: Add WaInsertDummyPushConstP for bxt and kbl (Rob Clark) [1348329 1349064]\n- [drm] i915/kbl: Add WaDisableDynamicCreditSharing (Rob Clark) [1348329 1349064]\n- [drm] i915/kbl: Add WaDisableLSQCROPERFforOCL (Rob Clark) [1348329 1349064]\n- [drm] i915/kbl: Add WaDisableFenceDestinationToSLM for A0 (Rob Clark) [1348329 1349064]\n- [drm] i915/kbl: Add WaEnableGapsTsvCreditFix (Rob Clark) [1348329 1349064]\n- [drm] i915: Mimic skl with WaForceEnableNonCoherent (Rob Clark) [1348329 1349064]\n- [drm] i915/gen9: Always apply WaForceContextSaveRestoreNonCoherent (Rob Clark) [1348329 1349064]\n- [drm] i915/kbl: Add WaSkipStolenMemoryFirstPage for A0 (Rob Clark) [1348329 1349064]\n- [drm] i915/kbl: Add REVID macro (Rob Clark) [1348329 1349064]\n- [drm] i915/kbl: Init gen9 workarounds (Rob Clark) [1348329 1349064]\n- [drm] i915/gen9: implement WaEnableSamplerGPGPUPreemptionSupport (Rob Clark) [1348329 1349064]\n- [drm] i915/gen9: add WaClearFlowControlGpgpuContextSave (Rob Clark) [1348329 1349064]\n- [drm] i915/skl: Add WaDisableGafsUnitClkGating (Rob Clark) [1348329 1349064]\n- [drm] i915/gen9: Add WaVFEStateAfterPipeControlwithMediaStateClear (Rob Clark) [1348329 1349064]\n- [drm] i915: Introduce Kabypoint PCH for Kabylake H/DT (Rob Clark) [1348329 1349064]\n- [drm] revert 'drm/i915: Exit cherryview_irq_handler() after one pass' (Rob Clark) [1348329 1349064]\n- [drm] core: Do not preserve framebuffer on rmfb, v4 (Rob Clark) [1348329 1349064]\n- [drm] i915: Pass the correct crtc state to .update_plane() (Rob Clark) [1348329 1349064]\n- [drm] Add helper for DP++ adaptors (Rob Clark) [1348329 1349064]\n- [drm] i915: Fix watermarks for VLV/CHV (Rob Clark) [1348329 1349064]\n- [drm] i915: Dont leave old junk in ilk active watermarks on readout (Rob Clark) [1348329 1349064]\n- [drm] i915: Enable/disable TMDS output buffers in DP++ adaptor as needed (Rob Clark) [1348329 1349064]\n- [drm] i915: Respect DP++ adaptor TMDS clock limit (Rob Clark) [1348329 1349064]\n- [drm] i915/psr: Try to program link training times correctly (Rob Clark) [1348329 1349064]\n- [drm] amdgpu: Fix hdmi deep color support (Rob Clark) [1348329 1349064]\n- [drm] amdgpu: use drm_mode_vrefresh() rather than mode->vrefresh (Rob Clark) [1348329 1349064]\n- [drm] vmwgfx: Kill some lockdep warnings (Rob Clark) [1348329 1349064]\n- [drm] gma500: Fix possible out of bounds read (Rob Clark) [1348329 1349064]\n[3.10.0-499]\n- [drm] i915/hsw: Disable PSR by default (Lyude Paul) [1367930]\n- [x86] nmi: Enable nested do_nmi() handling for 64-bit kernels (Jiri Olsa) [1365704]\n- [net] ipv4: igmp: Allow removing groups from a removed interface (Jiri Benc) [1369427]\n- [net] netfilter: ebtables: put module reference when an incorrect extension is found (Sabrina Dubroca) [1369325]\n- [net] sctp: linearize early if its not GSO (Marcelo Leitner) [1058148]\n- [net] sctp_diag: Respect ss adding TCPF_CLOSE to idiag_states (Phil Sutter) [1361728]\n- [net] sctp_diag: Fix T3_rtx timer export (Phil Sutter) [1361728]\n- [net] sctp: Export struct sctp_info to userspace (Phil Sutter) [1361728]\n- [net] macsec: ensure rx_sa is set when validation is disabled (Sabrina Dubroca) [1368429]\n- [net] macsec: use after free when deleting the underlying device (Sabrina Dubroca) [1368429]\n- [target] target/user: Fix failure to unlock a spinlock upon function return (Andy Grover) [1367873]\n- [target] target/user: Fix comments to not refer to data ring (Andy Grover) [1367873]\n- [target] target/user: Return an error if cmd data size is too large (Andy Grover) [1367873]\n- [target] target/user: Use sense_reason_t in tcmu_queue_cmd_ring (Andy Grover) [1367873]\n- [target] Backport tcm-user from 4.6 (Andy Grover) [1367873]\n- [uio] Export definition of struct uio_device (Andy Grover) [1367873]\n- [netdrv] i40iw: Add NULL check for puda buffer (Stefan Assmann) [1367425]\n- [netdrv] i40iw: Change dup_ack_thresh to u8 (Stefan Assmann) [1367425]\n- [netdrv] i40iw: Remove unnecessary check for moving CQ head (Stefan Assmann) [1367425]\n- [netdrv] i40iw: Simplify code to set fragments in SQ WQE (Stefan Assmann) [1367425]\n- [netdrv] i40iw: Remove unnecessary parameter to i40iw_cq_poll_completion (Stefan Assmann) [1367425]\n- [netdrv] i40iw: Do not access pointer after free (Stefan Assmann) [1367425]\n- [netdrv] i40iw: Correct and use size parameter to i40iw_reg_phys_mr (Stefan Assmann) [1367425]\n- [netdrv] i40iw: Fix return codes (Stefan Assmann) [1367425]\n- [netdrv] i40e: Correcting mutex usage in client code (Stefan Assmann) [1367425]\n- [netdrv] i40e: Initialize pointer in client_release function (Stefan Assmann) [1367425]\n- [netdrv] i40e: Check client is open before calling client ops (Stefan Assmann) [1367425]\n- [netdrv] i40e: Force register writes to mitigate sync issues with iwarp VF driver (Stefan Assmann) [1367425]\n- [netdrv] i40e: Move the mutex lock in i40e_client_unregister (Stefan Assmann) [1367425]\n- [infiniband] ib/uverbs: Initialize ib_qp_init_attr with zeros (Honggang Li) [1365720]\n[3.10.0-498]\n- [scsi] aacraid: Check size values after double-fetch from user (Maurizio Lombardi) [1369771] {CVE-2016-6480}\n- [fs] block_dev.c: Remove WARN_ON() when inode writeback fails (Eric Sandeen) [1229014]\n- [fs] ext4: call sync_blockdev() before invalidate_bdev() in put_super() (Eric Sandeen) [1229014]\n- [mm] page_alloc: rename setup_pagelist_highmark() to match naming of pageset_set_batch() (Pankaj Gupta) [1320834]\n- [mm] page_alloc: in zone_pcp_update(), uze zone_pageset_init() (Pankaj Gupta) [1320834]\n- [mm] page_alloc: factor zone_pageset_init() out of setup_zone_pageset() (Pankaj Gupta) [1320834]\n- [mm] page_alloc: relocate comment to be directly above code it refers to (Pankaj Gupta) [1320834]\n- [mm] page_alloc: factor setup_pageset() into pageset_init() and pageset_set_batch() (Pankaj Gupta) [1320834]\n- [mm] page_alloc: when handling percpu_pagelist_fraction, dont unneedly recalulate high (Pankaj Gupta) [1320834]\n- [mm] page_alloc: convert zone_pcp_update() to rely on memory barriers instead of stop_machine() (Pankaj Gupta) [1320834]\n- [mm] page_alloc: protect pcp->batch accesses with ACCESS_ONCE (Pankaj Gupta) [1320834]\n- [mm] page_alloc: insert memory barriers to allow async update of pcp batch and high (Pankaj Gupta) [1320834]\n- [mm] page_alloc: prevent concurrent updaters of pcp ->batch and ->high (Pankaj Gupta) [1320834]\n- [mm] page_alloc: factor out setting of pcp->high and pcp->batch (Pankaj Gupta) [1320834]\n- [hid] i2c-hid: Fix suspend/resume when already runtime suspended (David Arcari) [1361625]\n- [hid] i2c-hid: Only disable irq wake if it was successfully enabled during suspend (David Arcari) [1361625]\n- [hid] i2c-hid: Call device suspend callback before disabling irq (David Arcari) [1361625]\n- [hid] i2c-hid: call the hid drivers suspend and resume callbacks (David Arcari) [1361625]\n- [hid] i2c-hid: add runtime PM support (David Arcari) [1361625]\n- [hid] i2c-hid: disable interrupt on suspend (David Arcari) [1361625]\n- [lib] rhashtable-test: calculate max_entries value by default (Phil Sutter) [1238749]\n- [x86] tsc: Enumerate SKL cpu_khz and tsc_khz via CPUID (Prarit Bhargava) [1366396]\n- [x86] Block HPET on Purley 4S (Prarit Bhargava) [1365997]\n- [base] regmap: Skip read-only registers in regcache_sync() (Jaroslav Kysela) [1365905 1367789]\n- [tools] perf: Add sample_reg_mask to include all perf_regs (Steve Best) [1368934]\n- [netdrv] i40e: Change some init flow for the client (Stefan Assmann) [1369275]\n- [netdrv] mlx5e: Log link state changes (kamal heib) [1367822]\n[3.10.0-497]\n- [kernel] ftrace: fix traceoff_on_warning handling on boot command line ('Luis Claudio R. Goncalves') [1367650]\n- [netdrv] ixgbe: fix setup_fc for x550em (Ken Cox) [1364896]\n- [netdrv] cxgb4/cxgb4vf: Fixes regression in perf when tx vlan offload is disabled (Sai Vemuri) [1319437]\n- [netdrv] cxgb4/cxgb4vf: Add link mode mask API to cxgb4 and cxgb4vf (Sai Vemuri) [1365689]\n- [netdrv] cxgb4: Dont assume FW_PORT_CMD reply is always port info msg (Sai Vemuri) [1365689]\n- [netdrv] ethtool: add support for 25G/50G/100G speed modes (Sai Vemuri) [1365689]\n- [netdrv] i40e: use configured RSS key and lookup table in i40e_vsi_config_rss (Stefan Assmann) [1359439]\n- [netdrv] i40e: fix broken i40e_config_rss_aq function (Stefan Assmann) [1359439]\n- [netdrv] i40e: move i40e_vsi_config_rss below i40e_get_rss_aq (Stefan Assmann) [1359439]\n- [netdrv] i40e: Remove redundant memset (Stefan Assmann) [1359439]\n- [netdrv] brcmfmac: restore stopping netdev queue when bus clogs up (Stanislaw Gruszka) [1365575]\n- [netdrv] iwlwifi: add new 8265 (Stanislaw Gruszka) [1365575]\n- [netdrv] iwlwifi: add new 8260 PCI IDs (Stanislaw Gruszka) [1365575]\n- [netdrv] iwlwifi: pcie: fix a race in firmware loading flow (Stanislaw Gruszka) [1365575]\n- [netdrv] iwlwifi: pcie: enable interrupts before releasing the NICs CPU (Stanislaw Gruszka) [1365575]\n- [net] mac80211: fix purging multicast PS buffer queue (Stanislaw Gruszka) [1365575]\n- [net] cfg80211: handle failed skb allocation (Stanislaw Gruszka) [1365575]\n- [net] nl80211: Move ACL parsing later to avoid a possible memory leak (Stanislaw Gruszka) [1365575]\n- [net] cfg80211: fix proto in ieee80211_data_to_8023 for frames without LLC header (Stanislaw Gruszka) [1365575]\n- [net] mac80211: Fix mesh estab_plinks counting in STA removal case (Stanislaw Gruszka) [1365575]\n- [netdrv] ath9k: fix GPIO mask for AR9462 and AR9565 (Stanislaw Gruszka) [1365575]\n- [netdrv] ath10k: fix deadlock while processing rx_in_ord_ind (Stanislaw Gruszka) [1365575]\n- [netdrv] iwlwifi: mvm: fix a few firmware capability checks (Stanislaw Gruszka) [1365575]\n- [netdrv] iwlwifi: mvm: set the encryption type of an IGTK key (Stanislaw Gruszka) [1365575]\n- [netdrv] iwlwifi: mvm: fix potential NULL-dereference in iwl_mvm_reorder() (Stanislaw Gruszka) [1365575]\n- [netdrv] iwlwifi: mvm: fix RCU splat in TKIPs update_key (Stanislaw Gruszka) [1365575]\n- [netdrv] iwlwifi: mvm: increase scan timeout to 20 seconds (Stanislaw Gruszka) [1365575]\n- [net] cfg80211: remove get/set antenna and tx power warnings (Stanislaw Gruszka) [1365575]\n- [netdrv] ath10k: fix crash related to printing features (Stanislaw Gruszka) [1365575]\n- [netdrv] ath10k: fix deadlock when peer cannot be created (Stanislaw Gruszka) [1365575]\n- [net] mac80211: fix fast_tx header alignment (Stanislaw Gruszka) [1365575]\n- [net] mac80211: mesh: flush mesh paths unconditionally (Stanislaw Gruszka) [1365575]\n- [netdrv] rtlwifi: Fix scheduling while atomic error from commit 49f86ec21c01 (Stanislaw Gruszka) [1365575]\n- [netdrv] brcmfmac: add fallback for devices that do not report per-chain values (Stanislaw Gruszka) [1365575]\n[3.10.0-496]\n- [infiniband] rdma/ocrdma: display ocrdma tech preview status (Honggang Li) [1334675]\n- [infiniband] ib/rdma_cm: fix panic when trying access default_roce_mode configfs (kamal heib) [1360276]\n- [infiniband] ib/hfi1: Fix mm_struct use after free (Alex Estrin) [1360929]\n- [infiniband] ib/hfi1: Add cache evict LRU list (Alex Estrin) [1360929]\n- [infiniband] ib/hfi1: Fix memory leak during unexpected shutdown (Alex Estrin) [1360929]\n- [infiniband] ib/hfi1: Remove unneeded mm argument in remove function (Alex Estrin) [1360929]\n- [infiniband] ib/hfi1: Consistently call ops->remove outside spinlock (Alex Estrin) [1360929]\n- [infiniband] ib/hfi1: Use evict mmu rb operation (Alex Estrin) [1360929]\n- [infiniband] ib/hfi1: Add evict operation to the mmu rb handler (Alex Estrin) [1360929]\n- [infiniband] ib/hfi1: Fix TID caching actions (Alex Estrin) [1360929]\n- [infiniband] ib/hfi1: Make the cache handler own its rb tree root (Alex Estrin) [1360929]\n- [infiniband] ib/hfi1: Make use of mm consistent (Alex Estrin) [1360929]\n- [infiniband] ib/hfi1: Fix user SDMA racy user request claim (Alex Estrin) [1360929]\n- [infiniband] ib/hfi1: Fix error condition that needs to clean up (Alex Estrin) [1360929]\n- [infiniband] ib/hfi1: Release node on insert failure (Alex Estrin) [1360929]\n- [infiniband] ib/hfi1: Validate SDMA user iovector count (Alex Estrin) [1360929]\n- [infiniband] ib/hfi1: Validate SDMA user request index (Alex Estrin) [1360929]\n- [infiniband] ib/hfi1: Use the same capability state for all shared contexts (Alex Estrin) [1360929]\n- [infiniband] ib/hfi1: Prevent null pointer dereference (Alex Estrin) [1360929]\n- [infiniband] ib/hfi1: Rename TID mmu_rb_* functions (Alex Estrin) [1360929]\n- [infiniband] ib/hfi1: Remove unneeded empty check in hfi1_mmu_rb_unregister() (Alex Estrin) [1360929]\n- [infiniband] ib/hfi1: Restructure hfi1_file_open (Alex Estrin) [1360929]\n- [infiniband] ib/hfi1: Make iovec loop index easy to understand (Alex Estrin) [1360929]\n- [infiniband] ib/hfi1: Use 'false' not 0 (Alex Estrin) [1360929]\n- [infiniband] ib/hfi1: Remove unused sub-context parameter (Alex Estrin) [1360929]\n- [infiniband] ib/hfi1: Consolidate __mmu_rb_remove and hfi1_mmu_rb_remove (Alex Estrin) [1360929]\n- [infiniband] ib/hfi1: Always expect ops functions (Alex Estrin) [1360929]\n- [infiniband] ib/hfi1: Add parameter names to callback declarations (Alex Estrin) [1360929]\n- [infiniband] ib/hfi1: Add parameter names to function declarations (Alex Estrin) [1360929]\n- [infiniband] ib/hfi1: Remove unused function hfi1_mmu_rb_search (Alex Estrin) [1360929]\n- [infiniband] ib/hfi1: Remove unused uctxt->subpid and uctxt->pid (Alex Estrin) [1360929]\n- [infiniband] ib/hfi1: Fix minor format error (Alex Estrin) [1360929]\n- [infiniband] ib/hfi1: Remove TWSI references (Alex Estrin) [1360929]\n- [infiniband] ib/hfi1: Use built-in i2c bit-shift bus adapter (Alex Estrin) [1360929]", "edition": 72, "modified": "2016-11-09T00:00:00", "published": "2016-11-09T00:00:00", "id": "ELSA-2016-2574", "href": "http://linux.oracle.com/errata/ELSA-2016-2574.html", "title": "kernel security, bug fix, and enhancement update", "type": "oraclelinux", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}], "suse": [{"lastseen": "2016-09-04T11:50:51", "bulletinFamily": "unix", "cvelist": ["CVE-2016-5244", "CVE-2016-4581", "CVE-2016-2053", "CVE-2016-4557", "CVE-2016-4951", "CVE-2016-4486", "CVE-2016-1583", "CVE-2016-0758", "CVE-2016-4569", "CVE-2016-3955", "CVE-2016-4485", "CVE-2016-4482", "CVE-2016-4578", "CVE-2016-4805", "CVE-2013-7446", "CVE-2016-4565", "CVE-2016-4580", "CVE-2016-3672", "CVE-2016-3134"], "edition": 1, "description": "The openSUSE Leap 42.1 kernel was updated to 4.1.26 to receive various\n security and bugfixes.\n\n The following security bugs were fixed:\n - CVE-2016-1583: Prevent the usage of mmap when the lower file system does\n not allow it. This could have lead to local privilege escalation when\n ecryptfs-utils was installed and /sbin/mount.ecryptfs_private was setuid\n (bsc#983143).\n - CVE-2016-4565: The InfiniBand (aka IB) stack in the Linux kernel\n incorrectly relies on the write system call, which allows local users to\n cause a denial of service (kernel memory write operation) or possibly\n have unspecified other impact via a uAPI interface. (bsc#979548)\n - CVE-2016-4805: Use-after-free vulnerability in\n drivers/net/ppp/ppp_generic.c in the Linux kernel allowed local users to\n cause a denial of service (memory corruption and system crash,\n or spinlock) or possibly have unspecified other impact by removing a\n network namespace, related to the ppp_register_net_channel and\n ppp_unregister_channel functions. (bsc#980371).\n - CVE-2016-4951: The tipc_nl_publ_dump function in net/tipc/socket.c in\n the Linux kernel did not verify socket existence, which allowed local\n users to cause a denial of service (NULL pointer dereference and system\n crash) or possibly have unspecified other impact via a dumpit\n operation. (bsc#981058).\n - CVE-2016-5244: An information leak vulnerability in function\n rds_inc_info_copy of file net/rds/recv.c was fixed that might have\n leaked kernel stack data. (bsc#983213).\n - CVE-2016-4580: The x25_negotiate_facilities function in\n net/x25/x25_facilities.c in the Linux kernel did not properly initialize\n a certain data structure, which allowed attackers to\n obtain sensitive information from kernel stack memory via an X.25 Call\n Request. (bsc#981267).\n - CVE-2016-0758: Tags with indefinite length could have corrupted pointers\n in asn1_find_indefinite_length (bsc#979867).\n - CVE-2016-2053: The asn1_ber_decoder function in lib/asn1_decoder.c in\n the Linux kernel allowed attackers to cause a denial of service (panic)\n via an ASN.1 BER file that lacks a public key, leading to mishandling by\n the public_key_verify_signature function in\n crypto/asymmetric_keys/public_key.c (bnc#963762).\n - CVE-2013-7446: Use-after-free vulnerability in net/unix/af_unix.c in the\n Linux kernel allowed local users to bypass intended AF_UNIX socket\n permissions or cause a denial of service (panic) via crafted epoll_ctl\n calls (bnc#955654).\n - CVE-2016-3134: The netfilter subsystem in the Linux kernel did not\n validate certain offset fields, which allowed local users to gain\n privileges or cause a denial of service (heap memory corruption) via an\n IPT_SO_SET_REPLACE setsockopt call (bnc#971126).\n - CVE-2016-3672: The arch_pick_mmap_layout function in arch/x86/mm/mmap.c\n in the Linux kernel did not properly randomize the legacy base address,\n which made it easier for local users to defeat the intended restrictions\n on the ADDR_NO_RANDOMIZE flag, and bypass the ASLR protection mechanism\n for a setuid or setgid program, by disabling stack-consumption resource\n limits (bnc#974308).\n - CVE-2016-4482: A kernel information leak in the usbfs devio connectinfo\n was fixed, which could expose kernel stack memory to userspace.\n (bnc#978401).\n - CVE-2016-4485: A kernel information leak in llc was fixed (bsc#978821).\n - CVE-2016-4486: A kernel information leak in rtnetlink was fixed, where 4\n uninitialized bytes could leak to userspace (bsc#978822).\n - CVE-2016-4557: A use-after-free via double-fdput in\n replace_map_fd_with_map_ptr() was fixed, which could allow privilege\n escalation (bsc#979018).\n - CVE-2016-4565: When the &quot;rdma_ucm&quot; infiniband module is loaded, local\n attackers could escalate their privileges (bsc#979548).\n - CVE-2016-4569: A kernel information leak in the ALSA timer via events\n via snd_timer_user_tinterrupt that could leak information to userspace\n was fixed (bsc#979213).\n - CVE-2016-4578: A kernel information leak in the ALSA timer via events\n that could leak information to userspace was fixed (bsc#979879).\n - CVE-2016-4581: If the first propogated mount copy was being a slave it\n could oops the kernel (bsc#979913)\n\n The following non-security bugs were fixed:\n - ALSA: hda - Add dock support for ThinkPad X260 (boo#979278).\n - ALSA: hda - Apply fix for white noise on Asus N550JV, too (boo#979278).\n - ALSA: hda - Asus N750JV external subwoofer fixup (boo#979278).\n - ALSA: hda - Fix broken reconfig (boo#979278).\n - ALSA: hda - Fix headphone mic input on a few Dell ALC293 machines\n (boo#979278).\n - ALSA: hda - Fix subwoofer pin on ASUS N751 and N551 (boo#979278).\n - ALSA: hda - Fix white noise on Asus N750JV headphone (boo#979278).\n - ALSA: hda - Fix white noise on Asus UX501VW headset (boo#979278).\n - ALSA: hda/realtek - Add ALC3234 headset mode for Optiplex 9020m\n (boo#979278).\n - ALSA: hda/realtek - New codecs support for ALC234/ALC274/ALC294\n (boo#979278).\n - ALSA: hda/realtek - New codec support of ALC225 (boo#979278).\n - ALSA: hda/realtek - Support headset mode for ALC225 (boo#979278).\n - ALSA: pcxhr: Fix missing mutex unlock (boo#979278).\n - ALSA: usb-audio: Quirk for yet another Phoenix Audio devices (v2)\n (boo#979278).\n - bluetooth: fix power_on vs close race (bsc#966849).\n - bluetooth: vhci: fix open_timeout vs. hdev race (bsc#971799,bsc#966849).\n - bluetooth: vhci: Fix race at creating hci device (bsc#971799,bsc#966849).\n - bluetooth: vhci: purge unhandled skbs (bsc#971799,bsc#966849).\n - btrfs: do not use src fd for printk (bsc#980348).\n - btrfs: fix crash/invalid memory access on fsync when using overlayfs\n (bsc#977198)\n - drm: qxl: Workaround for buggy user-space (bsc#981344).\n - enic: set netdev-&gt;vlan_features (bsc#966245).\n - fs: add file_dentry() (bsc#977198).\n - IB/IPoIB: Do not set skb truesize since using one linearskb (bsc#980657).\n - input: i8042 - lower log level for &quot;no controller&quot; message (bsc#945345).\n - kabi: Add kabi/severities entries to ignore sound/hda/*, x509_*,\n efivar_validate, file_open_root and dax_fault\n - kabi: Add some fixups (module, pci_dev, drm, fuse and thermal)\n - kabi: file_dentry changes (bsc#977198).\n - kABI fixes for 4.1.22\n - mm/page_alloc.c: calculate 'available' memory in a separate function\n (bsc#982239).\n - net: disable fragment reassembly if high_thresh is zero (bsc#970506).\n - of: iommu: Silence misleading warning.\n - pstore_register() error handling was wrong -- it tried to release lock\n before it's acquired, causing spinlock / preemption imbalance. - usb:\n quirk to stop runtime PM for Intel 7260 (bnc#984460).\n - Revert &quot;usb: hub: do not clear BOS field during reset device&quot;\n (boo#979728).\n - usb: core: hub: hub_port_init lock controller instead of bus\n (bnc#978073).\n - usb: preserve kABI in address0 locking (bnc#978073).\n - usb: usbip: fix potential out-of-bounds write (bnc#975945).\n - USB: xhci: Add broken streams quirk for Frescologic device id 1009\n (bnc#982712).\n - virtio_balloon: do not change memory amount visible via /proc/meminfo\n (bsc#982238).\n - virtio_balloon: export 'available' memory to balloon statistics\n (bsc#982239).\n\n", "modified": "2016-06-21T14:08:17", "published": "2016-06-21T14:08:17", "href": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00044.html", "id": "OPENSUSE-SU-2016:1641-1", "type": "suse", "title": "Security update for the Linux Kernel (important)", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2016-09-04T11:46:48", "bulletinFamily": "unix", "cvelist": ["CVE-2016-2384", "CVE-2016-2782", "CVE-2016-5244", "CVE-2016-2543", "CVE-2015-3288", "CVE-2016-4913", "CVE-2016-4581", "CVE-2016-2053", "CVE-2016-3689", "CVE-2016-2847", "CVE-2016-2548", "CVE-2016-3139", "CVE-2016-4486", "CVE-2016-2186", "CVE-2014-9904", "CVE-2016-2187", "CVE-2015-6526", "CVE-2016-2547", "CVE-2016-3156", "CVE-2016-1583", "CVE-2016-0758", "CVE-2015-8812", "CVE-2016-2544", "CVE-2016-4569", "CVE-2016-2184", "CVE-2015-8830", "CVE-2012-6701", "CVE-2016-3951", "CVE-2016-3137", "CVE-2016-5829", "CVE-2016-4485", "CVE-2016-4997", "CVE-2016-2545", "CVE-2016-4482", "CVE-2016-3136", "CVE-2016-3138", "CVE-2016-3140", "CVE-2016-2546", "CVE-2015-7566", "CVE-2016-2549", "CVE-2016-4578", "CVE-2015-8816", "CVE-2016-2185", "CVE-2016-4805", "CVE-2013-7446", "CVE-2016-4470", "CVE-2015-8709", "CVE-2016-4565", "CVE-2016-4580", "CVE-2016-3672", "CVE-2015-8785", "CVE-2016-3134", "CVE-2016-2188"], "description": "The openSUSE 13.2 kernel was updated to fix various bugs and security\n issues.\n\n The following security bugs were fixed:\n - CVE-2016-1583: Prevent the usage of mmap when the lower file system does\n not allow it. This could have lead to local privilege escalation when\n ecryptfs-utils was installed and /sbin/mount.ecryptfs_private was setuid\n (bsc#983143).\n - CVE-2016-4913: The get_rock_ridge_filename function in fs/isofs/rock.c\n in the Linux kernel mishandles NM (aka alternate name) entries\n containing \\0 characters, which allowed local users to obtain sensitive\n information from kernel memory or possibly have unspecified other impact\n via a crafted isofs filesystem (bnc#980725).\n - CVE-2016-4580: The x25_negotiate_facilities function in\n net/x25/x25_facilities.c in the Linux kernel did not properly initialize\n a certain data structure, which allowed attackers to obtain sensitive\n information from kernel stack memory via an X.25 Call Request\n (bnc#981267).\n - CVE-2016-0758: Tags with indefinite length could have corrupted pointers\n in asn1_find_indefinite_length (bsc#979867).\n - CVE-2016-2053: The asn1_ber_decoder function in lib/asn1_decoder.c in\n the Linux kernel allowed attackers to cause a denial of service (panic)\n via an ASN.1 BER file that lacks a public key, leading to mishandling by\n the public_key_verify_signature function in\n crypto/asymmetric_keys/public_key.c (bnc#963762).\n - CVE-2016-2187: The gtco_probe function in drivers/input/tablet/gtco.c in\n the Linux kernel allowed physically proximate attackers to cause a\n denial of service (NULL pointer dereference and system crash) via a\n crafted endpoints value in a USB device descriptor (bnc#971919 971944).\n - CVE-2016-4482: The proc_connectinfo function in drivers/usb/core/devio.c\n in the Linux kernel did not initialize a certain data structure, which\n allowed local users to obtain sensitive information from kernel stack\n memory via a crafted USBDEVFS_CONNECTINFO ioctl call (bnc#978401\n bsc#978445).\n - CVE-2016-4565: The InfiniBand (aka IB) stack in the Linux kernel\n incorrectly relies on the write system call, which allowed local users\n to cause a denial of service (kernel memory write operation) or possibly\n have unspecified other impact via a uAPI interface (bnc#979548\n bsc#980363).\n - CVE-2016-3672: The arch_pick_mmap_layout function in arch/x86/mm/mmap.c\n in the Linux kernel did not properly randomize the legacy base address,\n which made it easier for local users to defeat the intended restrictions\n on the ADDR_NO_RANDOMIZE flag, and bypass the ASLR protection mechanism\n for a setuid or setgid program, by disabling stack-consumption resource\n limits (bnc#974308).\n - CVE-2016-4581: fs/pnode.c in the Linux kernel did not properly traverse\n a mount propagation tree in a certain case involving a slave mount,\n which allowed local users to cause a denial of service (NULL pointer\n dereference and OOPS) via a crafted series of mount system calls\n (bnc#979913).\n - CVE-2016-4485: The llc_cmsg_rcv function in net/llc/af_llc.c in the\n Linux kernel did not initialize a certain data structure, which allowed\n attackers to obtain sensitive information from kernel stack memory by\n reading a message (bnc#978821).\n - CVE-2015-3288: A security flaw was found in the Linux kernel that there\n was a way to arbitrary change zero page memory. (bnc#979021).\n - CVE-2016-4578: sound/core/timer.c in the Linux kernel did not initialize\n certain r1 data structures, which allowed local users to obtain\n sensitive information from kernel stack memory via crafted use of the\n ALSA timer interface, related to the (1) snd_timer_user_ccallback and\n (2) snd_timer_user_tinterrupt functions (bnc#979879).\n - CVE-2016-3134: The netfilter subsystem in the Linux kernel did not\n validate certain offset fields, which allowed local users to gain\n privileges or cause a denial of service (heap memory corruption) via an\n IPT_SO_SET_REPLACE setsockopt call (bnc#971126).\n - CVE-2016-4486: The rtnl_fill_link_ifmap function in net/core/rtnetlink.c\n in the Linux kernel did not initialize a certain data structure, which\n allowed local users to obtain sensitive information from kernel stack\n memory by reading a Netlink message (bnc#978822).\n - CVE-2013-7446: Use-after-free vulnerability in net/unix/af_unix.c in the\n Linux kernel allowed local users to bypass intended AF_UNIX socket\n permissions or cause a denial of service (panic) via crafted epoll_ctl\n calls (bnc#955654).\n - CVE-2016-4569: The snd_timer_user_params function in sound/core/timer.c\n in the Linux kernel did not initialize a certain data structure, which\n allowed local users to obtain sensitive information from kernel stack\n memory via crafted use of the ALSA timer interface (bnc#979213).\n - CVE-2016-2847: fs/pipe.c in the Linux kernel did not limit the amount of\n unread data in pipes, which allowed local users to cause a denial of\n service (memory consumption) by creating many pipes with non-default\n sizes (bnc#970948 974646).\n - CVE-2016-3136: The mct_u232_msr_to_state function in\n drivers/usb/serial/mct_u232.c in the Linux kernel allowed physically\n proximate attackers to cause a denial of service (NULL pointer\n dereference and system crash) via a crafted USB device without two\n interrupt-in endpoint descriptors (bnc#970955).\n - CVE-2016-2188: The iowarrior_probe function in\n drivers/usb/misc/iowarrior.c in the Linux kernel allowed physically\n proximate attackers to cause a denial of service (NULL pointer\n dereference and system crash) via a crafted endpoints value in a USB\n device descriptor (bnc#970956).\n - CVE-2016-3138: The acm_probe function in drivers/usb/class/cdc-acm.c in\n the Linux kernel allowed physically proximate attackers to cause a\n denial of service (NULL pointer dereference and system crash) via a USB\n device without both a control and a data endpoint descriptor\n (bnc#970911).\n - CVE-2016-3137: drivers/usb/serial/cypress_m8.c in the Linux kernel\n allowed physically proximate attackers to cause a denial of service\n (NULL pointer dereference and system crash) via a USB device without\n both an interrupt-in and an interrupt-out endpoint descriptor, related\n to the cypress_generic_port_probe and cypress_open functions\n (bnc#970970).\n - CVE-2016-3951: Double free vulnerability in drivers/net/usb/cdc_ncm.c in\n the Linux kernel allowed physically proximate attackers to cause a\n denial of service (system crash) or possibly have unspecified other\n impact by inserting a USB device with an invalid USB descriptor\n (bnc#974418).\n - CVE-2016-3140: The digi_port_init function in\n drivers/usb/serial/digi_acceleport.c in the Linux kernel allowed\n physically proximate attackers to cause a denial of service (NULL\n pointer dereference and system crash) via a crafted endpoints value in a\n USB device descriptor (bnc#970892).\n - CVE-2016-2186: The powermate_probe function in\n drivers/input/misc/powermate.c in the Linux kernel allowed physically\n proximate attackers to cause a denial of service (NULL pointer\n dereference and system crash) via a crafted endpoints value in a USB\n device descriptor (bnc#970958).\n - CVE-2016-2185: The ati_remote2_probe function in\n drivers/input/misc/ati_remote2.c in the Linux kernel allowed physically\n proximate attackers to cause a denial of service (NULL pointer\n dereference and system crash) via a crafted endpoints value in a USB\n device descriptor (bnc#971124).\n - CVE-2016-3689: The ims_pcu_parse_cdc_data function in\n drivers/input/misc/ims-pcu.c in the Linux kernel allowed physically\n proximate attackers to cause a denial of service (system crash) via a\n USB device without both a master and a slave interface (bnc#971628).\n - CVE-2016-3156: The IPv4 implementation in the Linux kernel mishandles\n destruction of device objects, which allowed guest OS users to cause a\n denial of service (host OS networking outage) by arranging for a large\n number of IP addresses (bnc#971360).\n - CVE-2016-2184: The create_fixed_stream_quirk function in\n sound/usb/quirks.c in the snd-usb-audio driver in the Linux kernel\n allowed physically proximate attackers to cause a denial of service\n (NULL pointer dereference or double free, and system crash) via a\n crafted endpoints value in a USB device descriptor (bnc#971125).\n - CVE-2016-3139: The wacom_probe function in\n drivers/input/tablet/wacom_sys.c in the Linux kernel allowed physically\n proximate attackers to cause a denial of service (NULL pointer\n dereference and system crash) via a crafted endpoints value in a USB\n device descriptor (bnc#970909).\n - CVE-2015-8830: Integer overflow in the aio_setup_single_vector function\n in fs/aio.c in the Linux kernel 4.0 allowed local users to cause a\n denial of service or possibly have unspecified other impact via a large\n AIO iovec. NOTE: this vulnerability exists because of a CVE-2012-6701\n regression (bnc#969354 bsc#969355).\n - CVE-2016-2782: The treo_attach function in drivers/usb/serial/visor.c in\n the Linux kernel allowed physically proximate attackers to cause a\n denial of service (NULL pointer dereference and system crash) or\n possibly have unspecified other impact by inserting a USB device that\n lacks a (1) bulk-in or (2) interrupt-in endpoint (bnc#968670).\n - CVE-2015-8816: The hub_activate function in drivers/usb/core/hub.c in\n the Linux kernel did not properly maintain a hub-interface data\n structure, which allowed physically proximate attackers to cause a\n denial of service (invalid memory access and system crash) or possibly\n have unspecified other impact by unplugging a USB hub device\n (bnc#968010).\n - CVE-2015-7566: The clie_5_attach function in drivers/usb/serial/visor.c\n in the Linux kernel allowed physically proximate attackers to cause a\n denial of service (NULL pointer dereference and system crash) or\n possibly have unspecified other impact by inserting a USB device that\n lacks a bulk-out endpoint (bnc#961512).\n - CVE-2016-2549: sound/core/hrtimer.c in the Linux kernel did not prevent\n recursive callback access, which allowed local users to cause a denial\n of service (deadlock) via a crafted ioctl call (bnc#968013).\n - CVE-2016-2547: sound/core/timer.c in the Linux kernel employs a locking\n approach that did not consider slave timer instances, which allowed\n local users to cause a denial of service (race condition,\n use-after-free, and system crash) via a crafted ioctl call (bnc#968011).\n - CVE-2016-2548: sound/core/timer.c in the Linux kernel retains certain\n linked lists after a close or stop action, which allowed local users to\n cause a denial of service (system crash) via a crafted ioctl call,\n related to the (1) snd_timer_close and (2) _snd_timer_stop functions\n (bnc#968012).\n - CVE-2016-2546: sound/core/timer.c in the Linux kernel uses an incorrect\n type of mutex, which allowed local users to cause a denial of service\n (race condition, use-after-free, and system crash) via a crafted ioctl\n call (bnc#967975).\n - CVE-2016-2545: The snd_timer_interrupt function in sound/core/timer.c in\n the Linux kernel did not properly maintain a certain linked list, which\n allowed local users to cause a denial of service (race condition and\n system crash) via a crafted ioctl call (bnc#967974).\n - CVE-2016-2544: Race condition in the queue_delete function in\n sound/core/seq/seq_queue.c in the Linux kernel allowed local users to\n cause a denial of service (use-after-free and system crash) by making an\n ioctl call at a certain time (bnc#967973).\n - CVE-2016-2543: The snd_seq_ioctl_remove_events function in\n sound/core/seq/seq_clientmgr.c in the Linux kernel did not verify FIFO\n assignment before proceeding with FIFO clearing, which allowed local\n users to cause a denial of service (NULL pointer dereference and OOPS)\n via a crafted ioctl call (bnc#967972).\n - CVE-2015-8709: ** DISPUTED ** kernel/ptrace.c in the Linux kernel\n mishandles uid and gid mappings, which allowed local users to gain\n privileges by establishing a user namespace, waiting for a root process\n to enter that namespace with an unsafe uid or gid, and then using the\n ptrace system call. NOTE: the vendor states &quot;there is no kernel bug\n here (bnc#959709 960561 ).\n - CVE-2015-8812: drivers/infiniband/hw/cxgb3/iwch_cm.c in the Linux kernel\n did not properly identify error conditions, which allowed remote\n attackers to execute arbitrary code or cause a denial of service\n (use-after-free) via crafted packets (bnc#966437).\n - CVE-2016-2384: Double free vulnerability in the snd_usbmidi_create\n function in sound/usb/midi.c in the Linux kernel allowed physically\n proximate attackers to cause a denial of service (panic) or possibly\n have unspecified other impact via vectors involving an invalid USB\n descriptor (bnc#966693).\n - CVE-2015-8785: The fuse_fill_write_pages function in fs/fuse/file.c in\n the Linux kernel allowed local users to cause a denial of service\n (infinite loop) via a writev system call that triggers a zero length for\n the first segment of an iov (bnc#963765).\n - CVE-2014-9904: The snd_compress_check_input function in\n sound/core/compress_offload.c in the ALSA subsystem in the Linux kernel\n did not properly check for an integer overflow, which allowed local\n users to cause a denial of service (insufficient memory allocation) or\n possibly have unspecified other impact via a crafted\n SNDRV_COMPRESS_SET_PARAMS ioctl call (bnc#986811).\n - CVE-2016-5829: Multiple heap-based buffer overflows in the\n hiddev_ioctl_usage function in drivers/hid/usbhid/hiddev.c in the Linux\n kernel allow local users to cause a denial of service or possibly have\n unspecified other impact via a crafted (1) HIDIOCGUSAGES or (2)\n HIDIOCSUSAGES ioctl call (bnc#986572 986573).\n - CVE-2016-4997: The compat IPT_SO_SET_REPLACE setsockopt implementation\n in the netfilter subsystem in the Linux kernel allowed local users to\n gain privileges or cause a denial of service (memory corruption) by\n leveraging in-container root access to provide a crafted offset value\n that triggers an unintended decrement (bnc#986362 986365 986377).\n - CVE-2016-4805: Use-after-free vulnerability in\n drivers/net/ppp/ppp_generic.c in the Linux kernel allowed local users to\n cause a denial of service (memory corruption and system crash, or\n spinlock) or possibly have unspecified other impact by removing a\n network namespace, related to the ppp_register_net_channel and\n ppp_unregister_channel functions (bnc#980371).\n - CVE-2016-4470: The key_reject_and_link function in security/keys/key.c\n in the Linux kernel did not ensure that a certain data structure is\n initialized, which allowed local users to cause a denial of service\n (system crash) via vectors involving a crafted keyctl request2 command\n (bnc#984755 984764).\n - CVE-2015-6526: The perf_callchain_user_64 function in\n arch/powerpc/perf/callchain.c in the Linux kernel on ppc64 platforms\n allowed local users to cause a denial of service (infinite loop) via a\n deep 64-bit userspace backtrace (bnc#942702).\n - CVE-2016-5244: The rds_inc_info_copy function in net/rds/recv.c in the\n Linux kernel did not initialize a certain structure member, which\n allowed remote attackers to obtain sensitive information from kernel\n stack memory by reading an RDS message (bnc#983213).\n\n The following non-security bugs were fixed:\n - ALSA: hrtimer: Handle start/stop more properly (bsc#973378).\n - ALSA: pcm: Fix potential deadlock in OSS emulation (bsc#968018).\n - ALSA: rawmidi: Fix race at copying &amp; updating the position (bsc#968018).\n - ALSA: rawmidi: Make snd_rawmidi_transmit() race-free (bsc#968018).\n - ALSA: seq: Fix double port list deletion (bsc#968018).\n - ALSA: seq: Fix incorrect sanity check at snd_seq_oss_synth_cleanup()\n (bsc#968018).\n - ALSA: seq: Fix leak of pool buffer at concurrent writes (bsc#968018).\n - ALSA: seq: Fix lockdep warnings due to double mutex locks (bsc#968018).\n - ALSA: seq: Fix race at closing in virmidi driver (bsc#968018).\n - ALSA: seq: Fix yet another races among ALSA timer accesses (bsc#968018).\n - ALSA: timer: Call notifier in the same spinlock (bsc#973378).\n - ALSA: timer: Code cleanup (bsc#968018).\n - ALSA: timer: Fix leftover link at closing (bsc#968018).\n - ALSA: timer: Fix link corruption due to double start or stop\n (bsc#968018).\n - ALSA: timer: Fix race between stop and interrupt (bsc#968018).\n - ALSA: timer: Fix wrong instance passed to slave callbacks (bsc#968018).\n - ALSA: timer: Protect the whole snd_timer_close() with open race\n (bsc#973378).\n - ALSA: timer: Sync timer deletion at closing the system timer\n (bsc#973378).\n - ALSA: timer: Use mod_timer() for rearming the system timer (bsc#973378).\n - Bluetooth: vhci: Fix race at creating hci device (bsc#971799,bsc#966849).\n - Bluetooth: vhci: fix open_timeout vs. hdev race (bsc#971799,bsc#966849).\n - Bluetooth: vhci: purge unhandled skbs (bsc#971799,bsc#966849).\n - Btrfs: do not use src fd for printk (bsc#980348).\n - Refresh patches.drivers/ALSA-hrtimer-Handle-start-stop-more-properly.\n Fix the build error on 32bit architectures.\n - Refresh patches.xen/xen-netback-coalesce: Restore copying of SKBs with\n head exceeding page size (bsc#978469).\n - Refresh patches.xen/xen3-patch-3.14: Suppress atomic file position\n updates on /proc/xen/xenbus (bsc#970275).\n - Subject: [PATCH] USB: xhci: Add broken streams quirk for Frescologic\n device id 1009 (bnc#982706).\n - USB: usbip: fix potential out-of-bounds write (bnc#975945).\n - af_unix: Guard against other == sk in unix_dgram_sendmsg (bsc#973570).\n - backends: guarantee one time reads of shared ring contents (bsc#957988).\n - btrfs: do not go readonly on existing qgroup items (bsc#957052).\n - btrfs: remove error message from search ioctl for nonexistent tree.\n - drm/i915: Fix missing backlight update during panel disablement\n (bsc#941113 boo#901754).\n - enic: set netdev-&gt;vlan_features (bsc#966245).\n - ext4: fix races between buffered IO and collapse / insert range\n (bsc#972174).\n - ext4: fix races between page faults and hole punching (bsc#972174).\n - ext4: fix races of writeback with punch hole and zero range (bsc#972174).\n - ext4: move unlocked dio protection from ext4_alloc_file_blocks()\n (bsc#972174).\n - ipv4/fib: do not warn when primary address is missing if in_dev is dead\n (bsc#971360).\n - ipvs: count pre-established TCP states as active (bsc#970114).\n - net: core: Correct an over-stringent device loop detection (bsc#945219).\n - netback: do not use last request to determine minimum Tx credit\n (bsc#957988).\n - pciback: Check PF instead of VF for PCI_COMMAND_MEMORY.\n - pciback: Save the number of MSI-X entries to be copied later.\n - pciback: guarantee one time reads of shared ring contents (bsc#957988).\n - series.conf: move cxgb3 patch to network drivers section\n - usb: quirk to stop runtime PM for Intel 7260 (bnc#984464).\n - x86: standardize mmap_rnd() usage (bnc#974308).\n\n", "edition": 1, "modified": "2016-08-24T15:08:58", "published": "2016-08-24T15:08:58", "id": "OPENSUSE-SU-2016:2144-1", "href": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00046.html", "title": "Security update for the Linux Kernel (important)", "type": "suse", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "redhat": [{"lastseen": "2019-12-11T13:33:32", "bulletinFamily": "unix", "cvelist": ["CVE-2013-4312", "CVE-2015-8374", "CVE-2015-8543", "CVE-2015-8746", "CVE-2015-8812", "CVE-2015-8844", "CVE-2015-8845", "CVE-2015-8956", "CVE-2016-2053", "CVE-2016-2069", "CVE-2016-2117", "CVE-2016-2384", "CVE-2016-2847", "CVE-2016-3070", "CVE-2016-3156", "CVE-2016-3699", "CVE-2016-3841", "CVE-2016-4569", "CVE-2016-4578", "CVE-2016-4581", "CVE-2016-4794", "CVE-2016-5829", "CVE-2016-6136", "CVE-2016-6198", "CVE-2016-6327", "CVE-2016-6480", "CVE-2017-13167"], "description": "The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements.\n\nSecurity Fix(es):\n\n* It was found that the Linux kernel's IPv6 implementation mishandled socket options. A local attacker could abuse concurrent access to the socket options to escalate their privileges, or cause a denial of service (use-after-free and system crash) via a crafted sendmsg system call. (CVE-2016-3841, Important)\n\n* Several Moderate and Low impact security issues were found in the Linux kernel. Space precludes documenting each of these issues in this advisory. Refer to the CVE links in the References section for a description of each of these vulnerabilities. (CVE-2013-4312, CVE-2015-8374, CVE-2015-8543, CVE-2015-8812, CVE-2015-8844, CVE-2015-8845, CVE-2016-2053, CVE-2016-2069, CVE-2016-2847, CVE-2016-3156, CVE-2016-4581, CVE-2016-4794, CVE-2016-5829, CVE-2016-6136, CVE-2016-6198, CVE-2016-6327, CVE-2016-6480, CVE-2015-8746, CVE-2015-8956, CVE-2016-2117, CVE-2016-2384, CVE-2016-3070, CVE-2016-3699, CVE-2016-4569, CVE-2016-4578)\n\nRed Hat would like to thank Philip Pettersson (Samsung) for reporting CVE-2016-2053; Tetsuo Handa for reporting CVE-2016-2847; the Virtuozzo kernel team and Solar Designer (Openwall) for reporting CVE-2016-3156; Justin Yackoski (Cryptonite) for reporting CVE-2016-2117; and Linn Crosetto (HP) for reporting CVE-2016-3699. The CVE-2015-8812 issue was discovered by Venkatesh Pottem (Red Hat Engineering); the CVE-2015-8844 and CVE-2015-8845 issues were discovered by Miroslav Vadkerti (Red Hat Engineering); the CVE-2016-4581 issue was discovered by Eric W. Biederman (Red Hat); the CVE-2016-6198 issue was discovered by CAI Qian (Red Hat); and the CVE-2016-3070 issue was discovered by Jan Stancek (Red Hat).\n\nAdditional Changes:\n\nFor detailed information on changes in this release, see the Red Hat Enterprise Linux 7.3 Release Notes linked from the References section.", "modified": "2018-04-20T12:55:08", "published": "2016-11-03T10:07:15", "id": "RHSA-2016:2584", "href": "https://access.redhat.com/errata/RHSA-2016:2584", "type": "redhat", "title": "(RHSA-2016:2584) Important: kernel-rt security, bug fix, and enhancement update", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-12-11T13:31:04", "bulletinFamily": "unix", "cvelist": ["CVE-2013-4312", "CVE-2015-8374", "CVE-2015-8543", "CVE-2015-8746", "CVE-2015-8812", "CVE-2015-8844", "CVE-2015-8845", "CVE-2015-8956", "CVE-2016-2053", "CVE-2016-2069", "CVE-2016-2117", "CVE-2016-2384", "CVE-2016-2847", "CVE-2016-3044", "CVE-2016-3070", "CVE-2016-3156", "CVE-2016-3699", "CVE-2016-3841", "CVE-2016-4569", "CVE-2016-4578", "CVE-2016-4581", "CVE-2016-4794", "CVE-2016-5412", "CVE-2016-5828", "CVE-2016-5829", "CVE-2016-6136", "CVE-2016-6198", "CVE-2016-6327", "CVE-2016-6480", "CVE-2016-7914", "CVE-2016-7915", "CVE-2016-9794", "CVE-2017-13167", "CVE-2018-16597"], "description": "The kernel packages contain the Linux kernel, the core of any Linux operating system.\n\nSecurity Fix(es):\n\n* It was found that the Linux kernel's IPv6 implementation mishandled socket options. A local attacker could abuse concurrent access to the socket options to escalate their privileges, or cause a denial of service (use-after-free and system crash) via a crafted sendmsg system call. (CVE-2016-3841, Important)\n\n* Several Moderate and Low impact security issues were found in the Linux kernel. Space precludes documenting each of these issues in this advisory. Refer to the CVE links in the References section for a description of each of these vulnerabilities. (CVE-2013-4312, CVE-2015-8374, CVE-2015-8543, CVE-2015-8812, CVE-2015-8844, CVE-2015-8845, CVE-2016-2053, CVE-2016-2069, CVE-2016-2847, CVE-2016-3156, CVE-2016-4581, CVE-2016-4794, CVE-2016-5412, CVE-2016-5828, CVE-2016-5829, CVE-2016-6136, CVE-2016-6198, CVE-2016-6327, CVE-2016-6480, CVE-2015-8746, CVE-2015-8956, CVE-2016-2117, CVE-2016-2384, CVE-2016-3070, CVE-2016-3699, CVE-2016-4569, CVE-2016-4578)\n\nRed Hat would like to thank Philip Pettersson (Samsung) for reporting CVE-2016-2053; Tetsuo Handa for reporting CVE-2016-2847; the Virtuozzo kernel team and Solar Designer (Openwall) for reporting CVE-2016-3156; Justin Yackoski (Cryptonite) for reporting CVE-2016-2117; and Linn Crosetto (HP) for reporting CVE-2016-3699. The CVE-2015-8812 issue was discovered by Venkatesh Pottem (Red Hat Engineering); the CVE-2015-8844 and CVE-2015-8845 issues were discovered by Miroslav Vadkerti (Red Hat Engineering); the CVE-2016-4581 issue was discovered by Eric W. Biederman (Red Hat); the CVE-2016-6198 issue was discovered by CAI Qian (Red Hat); and the CVE-2016-3070 issue was discovered by Jan Stancek (Red Hat).\n\nAdditional Changes:\n\nFor detailed information on changes in this release, see the Red Hat Enterprise Linux 7.3 Release Notes linked from the References section.", "modified": "2018-10-22T19:17:57", "published": "2016-11-03T10:07:14", "id": "RHSA-2016:2574", "href": "https://access.redhat.com/errata/RHSA-2016:2574", "type": "redhat", "title": "(RHSA-2016:2574) Important: kernel security, bug fix, and enhancement update", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}], "centos": [{"lastseen": "2019-12-20T18:26:23", "bulletinFamily": "unix", "cvelist": ["CVE-2016-2384", "CVE-2016-9794", "CVE-2016-4794", "CVE-2016-6480", "CVE-2016-3070", "CVE-2016-2069", "CVE-2016-4581", "CVE-2016-2053", "CVE-2016-5828", "CVE-2016-2847", "CVE-2016-3156", "CVE-2018-16597", "CVE-2015-8746", "CVE-2016-6136", "CVE-2015-8812", "CVE-2016-7915", "CVE-2016-4569", "CVE-2015-8543", "CVE-2015-8374", "CVE-2016-3699", "CVE-2016-5829", "CVE-2016-6198", "CVE-2015-8956", "CVE-2013-4312", "CVE-2016-3044", "CVE-2016-4578", "CVE-2016-5412", "CVE-2016-6327", "CVE-2016-3841", "CVE-2015-8844", "CVE-2016-2117", "CVE-2015-8845", "CVE-2016-7914", "CVE-2017-13167"], "description": "**CentOS Errata and Security Advisory** CESA-2016:2574\n\n\nThe kernel packages contain the Linux kernel, the core of any Linux operating system.\n\nSecurity Fix(es):\n\n* It was found that the Linux kernel's IPv6 implementation mishandled socket options. A local attacker could abuse concurrent access to the socket options to escalate their privileges, or cause a denial of service (use-after-free and system crash) via a crafted sendmsg system call. (CVE-2016-3841, Important)\n\n* Several Moderate and Low impact security issues were found in the Linux kernel. Space precludes documenting each of these issues in this advisory. Refer to the CVE links in the References section for a description of each of these vulnerabilities. (CVE-2013-4312, CVE-2015-8374, CVE-2015-8543, CVE-2015-8812, CVE-2015-8844, CVE-2015-8845, CVE-2016-2053, CVE-2016-2069, CVE-2016-2847, CVE-2016-3156, CVE-2016-4581, CVE-2016-4794, CVE-2016-5412, CVE-2016-5828, CVE-2016-5829, CVE-2016-6136, CVE-2016-6198, CVE-2016-6327, CVE-2016-6480, CVE-2015-8746, CVE-2015-8956, CVE-2016-2117, CVE-2016-2384, CVE-2016-3070, CVE-2016-3699, CVE-2016-4569, CVE-2016-4578)\n\nRed Hat would like to thank Philip Pettersson (Samsung) for reporting CVE-2016-2053; Tetsuo Handa for reporting CVE-2016-2847; the Virtuozzo kernel team and Solar Designer (Openwall) for reporting CVE-2016-3156; Justin Yackoski (Cryptonite) for reporting CVE-2016-2117; and Linn Crosetto (HP) for reporting CVE-2016-3699. The CVE-2015-8812 issue was discovered by Venkatesh Pottem (Red Hat Engineering); the CVE-2015-8844 and CVE-2015-8845 issues were discovered by Miroslav Vadkerti (Red Hat Engineering); the CVE-2016-4581 issue was discovered by Eric W. Biederman (Red Hat); the CVE-2016-6198 issue was discovered by CAI Qian (Red Hat); and the CVE-2016-3070 issue was discovered by Jan Stancek (Red Hat).\n\nAdditional Changes:\n\nFor detailed information on changes in this release, see the Red Hat Enterprise Linux 7.3 Release Notes linked from the References section.\n\n**Merged security bulletin from advisories:**\nhttp://lists.centos.org/pipermail/centos-cr-announce/2016-November/003609.html\n\n**Affected packages:**\nkernel\nkernel-abi-whitelists\nkernel-debug\nkernel-debug-devel\nkernel-devel\nkernel-doc\nkernel-headers\nkernel-tools\nkernel-tools-libs\nkernel-tools-libs-devel\nperf\npython-perf\n\n**Upstream details at:**\nhttps://rhn.redhat.com/errata/RHSA-2016-2574.html", "edition": 5, "modified": "2016-11-25T15:59:02", "published": "2016-11-25T15:59:02", "href": "http://lists.centos.org/pipermail/centos-cr-announce/2016-November/003609.html", "id": "CESA-2016:2574", "title": "kernel, perf, python security update", "type": "centos", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}], "debian": [{"lastseen": "2020-08-12T00:51:40", "bulletinFamily": "unix", "cvelist": ["CVE-2016-5244", "CVE-2016-3070", "CVE-2016-4913", "CVE-2016-3961", "CVE-2016-4581", "CVE-2016-4486", "CVE-2016-2186", "CVE-2016-2187", "CVE-2016-3156", "CVE-2016-1583", "CVE-2016-4569", "CVE-2016-0821", "CVE-2016-2184", "CVE-2016-5243", "CVE-2016-3951", "CVE-2016-3955", "CVE-2015-7515", "CVE-2016-3137", "CVE-2016-4485", "CVE-2016-4997", "CVE-2016-4482", "CVE-2016-3136", "CVE-2016-1237", "CVE-2016-3138", "CVE-2016-3140", "CVE-2016-2143", "CVE-2016-4578", "CVE-2016-2185", "CVE-2016-4805", "CVE-2016-3157", "CVE-2016-4470", "CVE-2016-2117", "CVE-2016-4565", "CVE-2016-4580", "CVE-2016-3672", "CVE-2016-4998", "CVE-2016-3134"], "description": "- -------------------------------------------------------------------------\nDebian Security Advisory DSA-3607-1 security@debian.org\nhttps://www.debian.org/security/ Salvatore Bonaccorso\nJune 28, 2016 https://www.debian.org/security/faq\n- -------------------------------------------------------------------------\n\nPackage : linux\nCVE ID : CVE-2015-7515 CVE-2016-0821 CVE-2016-1237 CVE-2016-1583\n CVE-2016-2117 CVE-2016-2143 CVE-2016-2184 CVE-2016-2185\n CVE-2016-2186 CVE-2016-2187 CVE-2016-3070 CVE-2016-3134\n CVE-2016-3136 CVE-2016-3137 CVE-2016-3138 CVE-2016-3140\n CVE-2016-3156 CVE-2016-3157 CVE-2016-3672 CVE-2016-3951\n CVE-2016-3955 CVE-2016-3961 CVE-2016-4470 CVE-2016-4482\n CVE-2016-4485 CVE-2016-4486 CVE-2016-4565 CVE-2016-4569\n CVE-2016-4578 CVE-2016-4580 CVE-2016-4581 CVE-2016-4805\n CVE-2016-4913 CVE-2016-4997 CVE-2016-4998 CVE-2016-5243\n CVE-2016-5244\n\nSeveral vulnerabilities have been discovered in the Linux kernel that\nmay lead to a privilege escalation, denial of service or information\nleaks.\n\nCVE-2015-7515, CVE-2016-2184, CVE-2016-2185, CVE-2016-2186,\nCVE-2016-2187, CVE-2016-3136, CVE-2016-3137, CVE-2016-3138,\nCVE-2016-3140\n\n Ralf Spenneberg of OpenSource Security reported that various USB\n drivers do not sufficiently validate USB descriptors. This\n allowed a physically present user with a specially designed USB\n device to cause a denial of service (crash).\n\nCVE-2016-0821\n\n Solar Designer noted that the list &#x27;poisoning&#x27; feature, intended\n to mitigate the effects of bugs in list manipulation in the\n kernel, used poison values within the range of virtual addresses\n that can be allocated by user processes.\n\nCVE-2016-1237\n\n David Sinquin discovered that nfsd does not check permissions when\n setting ACLs, allowing users to grant themselves permissions to a\n file by setting the ACL.\n\nCVE-2016-1583\n\n Jann Horn of Google Project Zero reported that the eCryptfs\n filesystem could be used together with the proc filesystem to\n cause a kernel stack overflow. If the ecryptfs-utils package is\n installed, local users could exploit this, via the\n mount.ecryptfs_private program, for denial of service (crash) or\n possibly for privilege escalation.\n\nCVE-2016-2117\n\n Justin Yackoski of Cryptonite discovered that the Atheros L2\n ethernet driver incorrectly enables scatter/gather I/O. A remote\n attacker could take advantage of this flaw to obtain potentially\n sensitive information from kernel memory.\n\nCVE-2016-2143\n\n Marcin Koscielnicki discovered that the fork implementation in the\n Linux kernel on s390 platforms mishandles the case of four\n page-table levels, which allows local users to cause a denial of\n service (system crash).\n\nCVE-2016-3070\n\n Jan Stancek of Red Hat discovered a local denial of service\n vulnerability in AIO handling.\n\nCVE-2016-3134\n\n The Google Project Zero team found that the netfilter subsystem does\n not sufficiently validate filter table entries. A user with the\n CAP_NET_ADMIN capability could use this for denial of service\n (crash) or possibly for privilege escalation. Debian disables\n unprivileged user namespaces by default, if locally enabled with the\n kernel.unprivileged_userns_clone sysctl, this allows privilege\n escalation.\n\nCVE-2016-3156\n\n Solar Designer discovered that the IPv4 implementation in the Linux\n kernel did not perform the destruction of inet device objects\n properly. An attacker in a guest OS could use this to cause a denial\n of service (networking outage) in the host OS.\n\nCVE-2016-3157 / XSA-171\n\n Andy Lutomirski discovered that the x86_64 (amd64) task switching\n implementation did not correctly update the I/O permission level\n when running as a Xen paravirtual (PV) guest. In some\n configurations this would allow local users to cause a denial of\n service (crash) or to escalate their privileges within the guest.\n\nCVE-2016-3672\n\n Hector Marco and Ismael Ripoll noted that it was possible to disable\n Address Space Layout Randomisation (ASLR) for x86_32 (i386) programs\n by removing the stack resource limit. This made it easier for local\n users to exploit security flaws in programs that have the setuid or\n setgid flag set.\n\nCVE-2016-3951\n\n It was discovered that the cdc_ncm driver would free memory\n prematurely if certain errors occurred during its initialisation.\n This allowed a physically present user with a specially designed\n USB device to cause a denial of service (crash) or possibly to\n escalate their privileges.\n\nCVE-2016-3955\n\n Ignat Korchagin reported that the usbip subsystem did not check\n the length of data received for a USB buffer. This allowed denial\n of service (crash) or privilege escalation on a system configured\n as a usbip client, by the usbip server or by an attacker able to\n impersonate it over the network. A system configured as a usbip\n server might be similarly vulnerable to physically present users.\n\nCVE-2016-3961 / XSA-174\n\n Vitaly Kuznetsov of Red Hat discovered that Linux allowed the use of\n hugetlbfs on x86 (i386 and amd64) systems even when running as a Xen\n paravirtualised (PV) guest, although Xen does not support huge\n pages. This allowed users with access to /dev/hugepages to cause a\n denial of service (crash) in the guest.\n\nCVE-2016-4470\n\n David Howells of Red Hat discovered that a local user can trigger a\n flaw in the Linux kernel&#x27;s handling of key lookups in the keychain\n subsystem, leading to a denial of service (crash) or possibly to\n privilege escalation.\n\nCVE-2016-4482, CVE-2016-4485, CVE-2016-4486, CVE-2016-4569,\nCVE-2016-4578, CVE-2016-4580, CVE-2016-5243, CVE-2016-5244\n\n Kangjie Lu reported that the USB devio, llc, rtnetlink, ALSA\n timer, x25, tipc, and rds facilities leaked information from the\n kernel stack.\n\nCVE-2016-4565\n\n Jann Horn of Google Project Zero reported that various components\n in the InfiniBand stack implemented unusual semantics for the\n write() operation. On a system with InfiniBand drivers loaded,\n local users could use this for denial of service or privilege\n escalation.\n\nCVE-2016-4581\n\n Tycho Andersen discovered that in some situations the Linux kernel\n did not handle propagated mounts correctly. A local user can take\n advantage of this flaw to cause a denial of service (system crash).\n\nCVE-2016-4805\n\n Baozeng Ding discovered a use-after-free in the generic PPP layer in\n the Linux kernel. A local user can take advantage of this flaw to\n cause a denial of service (system crash), or potentially escalate\n their privileges.\n\nCVE-2016-4913\n\n Al Viro found that the ISO9660 filesystem implementation did not\n correctly count the length of certain invalid name entries.\n Reading a directory containing such name entries would leak\n information from kernel memory. Users permitted to mount disks or\n disk images could use this to obtain sensitive information.\n\nCVE-2016-4997 / CVE-2016-4998\n\n Jesse Hertz and Tim Newsham discovered that missing input sanitising\n in Netfilter socket handling may result in denial of service. Debian\n disables unprivileged user namespaces by default, if locally enabled\n with the kernel.unprivileged_userns_clone sysctl, this also allows\n privilege escalation.\n\nFor the stable distribution (jessie), these problems have been fixed in\nversion 3.16.7-ckt25-2+deb8u2.\n\nWe recommend that you upgrade your linux packages.\n\nFurther information about Debian Security Advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: https://www.debian.org/security/\n\nMailing list: debian-security-announce@lists.debian.org\n", "edition": 18, "modified": "2016-06-28T09:57:06", "published": "2016-06-28T09:57:06", "id": "DEBIAN:DSA-3607-1:0BD6E", "href": "https://lists.debian.org/debian-security-announce/debian-security-announce-2016/msg00185.html", "title": "[SECURITY] [DSA 3607-1] linux security update", "type": "debian", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}]}