ID CVE-2018-10882 Type cve Reporter cve@mitre.org Modified 2019-10-09T23:33:00
Description
A flaw was found in the Linux kernel's ext4 filesystem. A local user can cause an out-of-bound write in in fs/jbd2/transaction.c code, a denial of service, and a system crash by unmounting a crafted ext4 filesystem image.
{"oraclelinux": [{"lastseen": "2019-05-29T18:35:40", "bulletinFamily": "unix", "cvelist": ["CVE-2018-10882", "CVE-2018-10877"], "description": "[2.6.39-400.308.1]\n- x86/fpu: Fix 32-bit signal frame handling (Dave Hansen) [Orabug: 28874707] \n- x86/fpu: Factor out memset(xstate, 0) in fpu_finit() paths (Oleg Nesterov) [Orabug: 28874707] \n- x86/fpu: Always allow FPU in interrupt if use_eager_fpu() (Oleg Nesterov) [Orabug: 28874707] \n- x86/fpu: Don't do __thread_fpu_end() if use_eager_fpu() (Oleg Nesterov) [Orabug: 28874707] \n- x86/fpu: Don't reset thread.fpu_counter (Oleg Nesterov) [Orabug: 28874707] \n- x86, fpu: Fix math_state_restore() race with kernel_fpu_begin() (Oleg Nesterov) [Orabug: 28874707] \n- x86, fpu: Don't abuse has_fpu in __kernel_fpu_begin/end() (Oleg Nesterov) [Orabug: 28874707] \n- x86, fpu: Introduce per-cpu in_kernel_fpu state (Oleg Nesterov) [Orabug: 28874707] \n- x86, fpu: Check tsk_used_math() in kernel_fpu_end() for eager FPU (Suresh Siddha) [Orabug: 28874707] \n- x86: Allow FPU to be used at interrupt time even with eagerfpu (Pekka Riikonen) [Orabug: 28874707] \n- ext4: verify the depth of extent tree in ext4_find_extent() (Theodore Ts'o) [Orabug: 29396714] {CVE-2018-10877} {CVE-2018-10877}\n- ext4: add more inode number paranoia checks (Theodore Ts'o) [Orabug: 29545568] {CVE-2018-10882} {CVE-2018-10882}", "edition": 3, "modified": "2019-04-09T00:00:00", "published": "2019-04-09T00:00:00", "id": "ELSA-2019-4601", "href": "http://linux.oracle.com/errata/ELSA-2019-4601.html", "title": "Unbreakable Enterprise kernel security update", "type": "oraclelinux", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-05-29T18:34:18", "bulletinFamily": "unix", "cvelist": ["CVE-2018-10882", "CVE-2018-1066", "CVE-2018-10881", "CVE-2019-3701"], "description": "[4.1.12-124.26.7]\n- ib_core: initialize shpd field when allocating 'struct ib_pd' (Mukesh Kacker) [Orabug: 29384815] \n- Revert 'x86/apic: Make arch_setup_hwirq NUMA node aware' (Brian Maly) [Orabug: 29542185] \n- qlcnic: fix Tx descriptor corruption on 82xx devices (Shahed Shaikh) [Orabug: 27708787] \n- block: Fix a race between blk_cleanup_queue() and timeout handling (Bart Van Assche) [Orabug: 29158186] \n- can: gw: ensure DLC boundaries after CAN frame modification (Oliver Hartkopp) [Orabug: 29215299] {CVE-2019-3701} {CVE-2019-3701}\n- CIFS: Enable encryption during session setup phase (Pavel Shilovsky) [Orabug: 29338239] {CVE-2018-1066}\n- ext4: clear i_data in ext4_inode_info when removing inline data (Theodore Ts'o) [Orabug: 29540709] {CVE-2018-10881} {CVE-2018-10881}\n- ext4: add more inode number paranoia checks (Theodore Ts'o) [Orabug: 29545566] {CVE-2018-10882} {CVE-2018-10882}\n- Revert 'KVM: nVMX: Eliminate vmcs02 pool' (Boris Ostrovsky) [Orabug: 29542029] \n- Revert 'KVM: VMX: introduce alloc_loaded_vmcs' (Boris Ostrovsky) [Orabug: 29542029] \n- Revert 'KVM: VMX: make MSR bitmaps per-VCPU' (Boris Ostrovsky) [Orabug: 29542029] \n- Revert 'KVM: x86: pass host_initiated to functions that read MSRs' (Boris Ostrovsky) [Orabug: 29542029] \n- Revert 'KVM/x86: Add IBPB support' (Boris Ostrovsky) [Orabug: 29542029] \n- Revert 'KVM/VMX: Allow direct access to MSR_IA32_SPEC_CTRL - reloaded' (Boris Ostrovsky) [Orabug: 29542029] \n- Revert 'KVM/SVM: Allow direct access to MSR_IA32_SPEC_CTRL' (Boris Ostrovsky) [Orabug: 29542029] \n- Revert 'KVM: SVM: Add MSR-based feature support for serializing LFENCE' (Boris Ostrovsky) [Orabug: 29542029] \n- Revert 'x86/cpufeatures: rename X86_FEATURE_AMD_SSBD to X86_FEATURE_LS_CFG_SSBD' (Boris Ostrovsky) [Orabug: 29542029] \n- Revert 'x86/bugs: Add AMD's SPEC_CTRL MSR usage' (Boris Ostrovsky) [Orabug: 29542029] \n- Revert 'x86/bugs: Fix the AMD SSBD usage of the SPEC_CTRL MSR' (Boris Ostrovsky) [Orabug: 29542029] \n- arch: x86: remove unsued SET_IBPB from spec_ctrl.h (Mihai Carabas) [Orabug: 29336760] \n- x86: cpu: microcode: fix late loading SpectreV2 bugs eval (Mihai Carabas) [Orabug: 29336760] \n- x86: cpu: microcode: fix late loading SSBD and L1TF bugs eval (Mihai Carabas) [Orabug: 29336760] \n- x86: cpu: microcode: Re-evaluate bugs in a CPU after microcode loading (Mihai Carabas) [Orabug: 29336760] \n- x86: cpu: microcode: update flags for all cpus (Mihai Carabas) [Orabug: 29336760]\n[4.1.12-124.26.6]\n- x86/apic: Make arch_setup_hwirq NUMA node aware (Henry Willard) [Orabug: 29292411]", "edition": 2, "modified": "2019-03-31T00:00:00", "published": "2019-03-31T00:00:00", "id": "ELSA-2019-4596", "href": "http://linux.oracle.com/errata/ELSA-2019-4596.html", "title": "Unbreakable Enterprise kernel security update", "type": "oraclelinux", "cvss": {"score": 7.1, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2019-05-29T18:38:23", "bulletinFamily": "unix", "cvelist": ["CVE-2018-10882", "CVE-2018-10877", "CVE-2018-10881", "CVE-2019-3701", "CVE-2018-10879"], "description": "kernel-uek\n[3.8.13-118.32.1]\n- x86/fpu: Factor out memset(xstate, 0) in fpu_finit() paths (Oleg Nesterov) [Orabug: 29012034] \n- x86/fpu: Always allow FPU in interrupt if use_eager_fpu() (Oleg Nesterov) [Orabug: 29012034] \n- x86/fpu: Fix 32-bit signal frame handling (Dave Hansen) [Orabug: 29012034] \n- x86/fpu: Don't do __thread_fpu_end() if use_eager_fpu() (Oleg Nesterov) [Orabug: 29012034] \n- x86/fpu: Don't reset fpu_counter (Oleg Nesterov) [Orabug: 29012034] \n- x86, fpu: Fix math_state_restore() race with kernel_fpu_begin() (Oleg Nesterov) [Orabug: 29012034] \n- x86, fpu: Introduce per-cpu in_kernel_fpu state (Oleg Nesterov) [Orabug: 29012034] \n- x86, fpu: Don't abuse has_fpu in __kernel_fpu_begin/end() (Oleg Nesterov) [Orabug: 29012034] \n- x86: Allow FPU to be used at interrupt time even with eagerfpu (Pekka Riikonen) [Orabug: 29012034] \n- can: gw: ensure DLC boundaries after CAN frame modification (Oliver Hartkopp) [Orabug: 29215300] {CVE-2019-3701} {CVE-2019-3701}\n- ext4: verify the depth of extent tree in ext4_find_extent() (Theodore Ts'o) [Orabug: 29396713] {CVE-2018-10877} {CVE-2018-10877}\n- ext4: always verify the magic number in xattr blocks (Theodore Ts'o) [Orabug: 29437128] {CVE-2018-10879} {CVE-2018-10879}\n- ext4: add corruption check in ext4_xattr_set_entry() (Theodore Ts'o) [Orabug: 29437128] {CVE-2018-10879} {CVE-2018-10879}\n- ext4: clear i_data in ext4_inode_info when removing inline data (Theodore Ts'o) [Orabug: 29540710] {CVE-2018-10881} {CVE-2018-10881}\n- ext4: add more inode number paranoia checks (Theodore Ts'o) [Orabug: 29545567] {CVE-2018-10882} {CVE-2018-10882}", "edition": 3, "modified": "2019-04-08T00:00:00", "published": "2019-04-08T00:00:00", "id": "ELSA-2019-4600", "href": "http://linux.oracle.com/errata/ELSA-2019-4600.html", "title": "Unbreakable Enterprise kernel security update", "type": "oraclelinux", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}], "nessus": [{"lastseen": "2021-03-01T05:13:26", "description": "Description of changes:\n\n[2.6.39-400.308.1.el6uek]\n- x86/fpu: Fix 32-bit signal frame handling (Dave Hansen) [Orabug: 28874707]\n- x86/fpu: Factor out memset(xstate, 0) in fpu_finit() paths (Oleg \nNesterov) [Orabug: 28874707]\n- x86/fpu: Always allow FPU in interrupt if use_eager_fpu() (Oleg \nNesterov) [Orabug: 28874707]\n- x86/fpu: Don't do __thread_fpu_end() if use_eager_fpu() (Oleg \nNesterov) [Orabug: 28874707]\n- x86/fpu: Don't reset thread.fpu_counter (Oleg Nesterov) [Orabug: 28874707]\n- x86, fpu: Fix math_state_restore() race with kernel_fpu_begin() (Oleg \nNesterov) [Orabug: 28874707]\n- x86, fpu: Don't abuse has_fpu in __kernel_fpu_begin/end() (Oleg \nNesterov) [Orabug: 28874707]\n- x86, fpu: Introduce per-cpu in_kernel_fpu state (Oleg Nesterov) \n[Orabug: 28874707]\n- x86, fpu: Check tsk_used_math() in kernel_fpu_end() for eager FPU \n(Suresh Siddha) [Orabug: 28874707]\n- x86: Allow FPU to be used at interrupt time even with eagerfpu (Pekka \nRiikonen) [Orabug: 28874707]\n- ext4: verify the depth of extent tree in ext4_find_extent() (Theodore \nTs'o) [Orabug: 29396714] {CVE-2018-10877} {CVE-2018-10877}\n- ext4: add more inode number paranoia checks (Theodore Ts'o) [Orabug: \n29545568] {CVE-2018-10882} {CVE-2018-10882}", "edition": 20, "cvss3": {"score": 6.5, "vector": "AV:L/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H"}, "published": "2019-04-10T00:00:00", "title": "Oracle Linux 6 : Unbreakable Enterprise kernel (ELSA-2019-4601)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2018-10882", "CVE-2018-10877"], "modified": "2021-03-02T00:00:00", "cpe": ["cpe:/o:oracle:linux:6", "p-cpe:/a:oracle:linux:kernel-uek-firmware", "p-cpe:/a:oracle:linux:kernel-uek-doc", "p-cpe:/a:oracle:linux:kernel-uek", "p-cpe:/a:oracle:linux:kernel-uek-debug-devel", "p-cpe:/a:oracle:linux:kernel-uek-devel", "p-cpe:/a:oracle:linux:kernel-uek-debug"], "id": "ORACLELINUX_ELSA-2019-4601.NASL", "href": "https://www.tenable.com/plugins/nessus/123962", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Oracle Linux Security Advisory ELSA-2019-4601.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(123962);\n script_version(\"1.4\");\n script_cvs_date(\"Date: 2020/01/23\");\n\n script_cve_id(\"CVE-2018-10877\", \"CVE-2018-10882\");\n\n script_name(english:\"Oracle Linux 6 : Unbreakable Enterprise kernel (ELSA-2019-4601)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Oracle Linux host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Description of changes:\n\n[2.6.39-400.308.1.el6uek]\n- x86/fpu: Fix 32-bit signal frame handling (Dave Hansen) [Orabug: 28874707]\n- x86/fpu: Factor out memset(xstate, 0) in fpu_finit() paths (Oleg \nNesterov) [Orabug: 28874707]\n- x86/fpu: Always allow FPU in interrupt if use_eager_fpu() (Oleg \nNesterov) [Orabug: 28874707]\n- x86/fpu: Don't do __thread_fpu_end() if use_eager_fpu() (Oleg \nNesterov) [Orabug: 28874707]\n- x86/fpu: Don't reset thread.fpu_counter (Oleg Nesterov) [Orabug: 28874707]\n- x86, fpu: Fix math_state_restore() race with kernel_fpu_begin() (Oleg \nNesterov) [Orabug: 28874707]\n- x86, fpu: Don't abuse has_fpu in __kernel_fpu_begin/end() (Oleg \nNesterov) [Orabug: 28874707]\n- x86, fpu: Introduce per-cpu in_kernel_fpu state (Oleg Nesterov) \n[Orabug: 28874707]\n- x86, fpu: Check tsk_used_math() in kernel_fpu_end() for eager FPU \n(Suresh Siddha) [Orabug: 28874707]\n- x86: Allow FPU to be used at interrupt time even with eagerfpu (Pekka \nRiikonen) [Orabug: 28874707]\n- ext4: verify the depth of extent tree in ext4_find_extent() (Theodore \nTs'o) [Orabug: 29396714] {CVE-2018-10877} {CVE-2018-10877}\n- ext4: add more inode number paranoia checks (Theodore Ts'o) [Orabug: \n29545568] {CVE-2018-10882} {CVE-2018-10882}\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://oss.oracle.com/pipermail/el-errata/2019-April/008628.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected unbreakable enterprise kernel packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek-debug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek-debug-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek-firmware\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:6\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2018/07/18\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/04/09\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/04/10\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Oracle Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"linux_alt_patch_detect.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/OracleLinux\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\ninclude(\"ksplice.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/OracleLinux\")) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || !pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux)\", string:release)) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nos_ver = pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Oracle Linux\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^6([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Oracle Linux 6\", \"Oracle Linux \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Oracle Linux\", cpu);\n\nif (get_one_kb_item(\"Host/ksplice/kernel-cves\"))\n{\n rm_kb_item(name:\"Host/uptrack-uname-r\");\n cve_list = make_list(\"CVE-2018-10877\", \"CVE-2018-10882\"); \n if (ksplice_cves_check(cve_list))\n {\n audit(AUDIT_PATCH_INSTALLED, \"KSplice hotfix for ELSA-2019-4601\");\n }\n else\n {\n __rpm_report = ksplice_reporting_text();\n }\n}\n\nkernel_major_minor = get_kb_item(\"Host/uname/major_minor\");\nif (empty_or_null(kernel_major_minor)) exit(1, \"Unable to determine kernel major-minor level.\");\nexpected_kernel_major_minor = \"2.6\";\nif (kernel_major_minor != expected_kernel_major_minor)\n audit(AUDIT_OS_NOT, \"running kernel level \" + expected_kernel_major_minor + \", it is running kernel level \" + kernel_major_minor);\n\nflag = 0;\nif (rpm_exists(release:\"EL6\", rpm:\"kernel-uek-2.6.39\") && rpm_check(release:\"EL6\", reference:\"kernel-uek-2.6.39-400.308.1.el6uek\")) flag++;\nif (rpm_exists(release:\"EL6\", rpm:\"kernel-uek-debug-2.6.39\") && rpm_check(release:\"EL6\", reference:\"kernel-uek-debug-2.6.39-400.308.1.el6uek\")) flag++;\nif (rpm_exists(release:\"EL6\", rpm:\"kernel-uek-debug-devel-2.6.39\") && rpm_check(release:\"EL6\", reference:\"kernel-uek-debug-devel-2.6.39-400.308.1.el6uek\")) flag++;\nif (rpm_exists(release:\"EL6\", rpm:\"kernel-uek-devel-2.6.39\") && rpm_check(release:\"EL6\", reference:\"kernel-uek-devel-2.6.39-400.308.1.el6uek\")) flag++;\nif (rpm_exists(release:\"EL6\", rpm:\"kernel-uek-doc-2.6.39\") && rpm_check(release:\"EL6\", reference:\"kernel-uek-doc-2.6.39-400.308.1.el6uek\")) flag++;\nif (rpm_exists(release:\"EL6\", rpm:\"kernel-uek-firmware-2.6.39\") && rpm_check(release:\"EL6\", reference:\"kernel-uek-firmware-2.6.39-400.308.1.el6uek\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"affected kernel\");\n}\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-03-01T05:13:25", "description": "Description of changes:\n\n[4.1.12-124.26.7.el7uek]\n- ib_core: initialize shpd field when allocating 'struct ib_pd' (Mukesh \nKacker) [Orabug: 29384815] - Revert 'x86/apic: Make arch_setup_hwirq \nNUMA node aware' (Brian Maly) [Orabug: 29542185] - qlcnic: fix Tx \ndescriptor corruption on 82xx devices (Shahed Shaikh) [Orabug: 27708787] \n- block: Fix a race between blk_cleanup_queue() and timeout handling \n(Bart Van Assche) [Orabug: 29158186] - can: gw: ensure DLC boundaries \nafter CAN frame modification (Oliver Hartkopp) [Orabug: 29215299] \n{CVE-2019-3701} {CVE-2019-3701}\n- CIFS: Enable encryption during session setup phase (Pavel Shilovsky) \n[Orabug: 29338239] {CVE-2018-1066}\n- ext4: clear i_data in ext4_inode_info when removing inline data \n(Theodore Ts'o) [Orabug: 29540709] {CVE-2018-10881} {CVE-2018-10881}\n- ext4: add more inode number paranoia checks (Theodore Ts'o) [Orabug: \n29545566] {CVE-2018-10882} {CVE-2018-10882}\n- Revert 'KVM: nVMX: Eliminate vmcs02 pool' (Boris Ostrovsky) [Orabug: \n29542029] - Revert 'KVM: VMX: introduce alloc_loaded_vmcs' (Boris \nOstrovsky) [Orabug: 29542029] - Revert 'KVM: VMX: make MSR bitmaps \nper-VCPU' (Boris Ostrovsky) [Orabug: 29542029] - Revert 'KVM: x86: pass \nhost_initiated to functions that read MSRs' (Boris Ostrovsky) [Orabug: \n29542029] - Revert 'KVM/x86: Add IBPB support' (Boris Ostrovsky) \n[Orabug: 29542029] - Revert 'KVM/VMX: Allow direct access to \nMSR_IA32_SPEC_CTRL - reloaded' (Boris Ostrovsky) [Orabug: 29542029] - \nRevert 'KVM/SVM: Allow direct access to MSR_IA32_SPEC_CTRL' (Boris \nOstrovsky) [Orabug: 29542029] - Revert 'KVM: SVM: Add MSR-based feature \nsupport for serializing LFENCE' (Boris Ostrovsky) [Orabug: 29542029] - \nRevert 'x86/cpufeatures: rename X86_FEATURE_AMD_SSBD to \nX86_FEATURE_LS_CFG_SSBD' (Boris Ostrovsky) [Orabug: 29542029] - Revert \n'x86/bugs: Add AMD's SPEC_CTRL MSR usage' (Boris Ostrovsky) [Orabug: \n29542029] - Revert 'x86/bugs: Fix the AMD SSBD usage of the SPEC_CTRL \nMSR' (Boris Ostrovsky) [Orabug: 29542029] - arch: x86: remove unsued \nSET_IBPB from spec_ctrl.h (Mihai Carabas) [Orabug: 29336760] - x86: cpu: \nmicrocode: fix late loading SpectreV2 bugs eval (Mihai Carabas) [Orabug: \n29336760] - x86: cpu: microcode: fix late loading SSBD and L1TF bugs \neval (Mihai Carabas) [Orabug: 29336760] - x86: cpu: microcode: \nRe-evaluate bugs in a CPU after microcode loading (Mihai Carabas) \n[Orabug: 29336760] - x86: cpu: microcode: update flags for all cpus \n(Mihai Carabas) [Orabug: 29336760]\n\n[4.1.12-124.26.6.el7uek]\n- x86/apic: Make arch_setup_hwirq NUMA node aware (Henry Willard) \n[Orabug: 29292411]", "edition": 20, "cvss3": {"score": 6.5, "vector": "AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"}, "published": "2019-04-02T00:00:00", "title": "Oracle Linux 6 / 7 : Unbreakable Enterprise kernel (ELSA-2019-4596)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2018-10882", "CVE-2018-1066", "CVE-2018-10881", "CVE-2019-3701"], "modified": "2021-03-02T00:00:00", "cpe": ["cpe:/o:oracle:linux:6", "p-cpe:/a:oracle:linux:kernel-uek-firmware", "p-cpe:/a:oracle:linux:kernel-uek-doc", "p-cpe:/a:oracle:linux:kernel-uek", "p-cpe:/a:oracle:linux:kernel-uek-debug-devel", "p-cpe:/a:oracle:linux:kernel-uek-devel", "cpe:/o:oracle:linux:7", "p-cpe:/a:oracle:linux:kernel-uek-debug"], "id": "ORACLELINUX_ELSA-2019-4596.NASL", "href": "https://www.tenable.com/plugins/nessus/123631", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Oracle Linux Security Advisory ELSA-2019-4596.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(123631);\n script_version(\"1.4\");\n script_cvs_date(\"Date: 2020/01/27\");\n\n script_cve_id(\"CVE-2018-1066\", \"CVE-2018-10881\", \"CVE-2018-10882\", \"CVE-2019-3701\");\n\n script_name(english:\"Oracle Linux 6 / 7 : Unbreakable Enterprise kernel (ELSA-2019-4596)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Oracle Linux host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Description of changes:\n\n[4.1.12-124.26.7.el7uek]\n- ib_core: initialize shpd field when allocating 'struct ib_pd' (Mukesh \nKacker) [Orabug: 29384815] - Revert 'x86/apic: Make arch_setup_hwirq \nNUMA node aware' (Brian Maly) [Orabug: 29542185] - qlcnic: fix Tx \ndescriptor corruption on 82xx devices (Shahed Shaikh) [Orabug: 27708787] \n- block: Fix a race between blk_cleanup_queue() and timeout handling \n(Bart Van Assche) [Orabug: 29158186] - can: gw: ensure DLC boundaries \nafter CAN frame modification (Oliver Hartkopp) [Orabug: 29215299] \n{CVE-2019-3701} {CVE-2019-3701}\n- CIFS: Enable encryption during session setup phase (Pavel Shilovsky) \n[Orabug: 29338239] {CVE-2018-1066}\n- ext4: clear i_data in ext4_inode_info when removing inline data \n(Theodore Ts'o) [Orabug: 29540709] {CVE-2018-10881} {CVE-2018-10881}\n- ext4: add more inode number paranoia checks (Theodore Ts'o) [Orabug: \n29545566] {CVE-2018-10882} {CVE-2018-10882}\n- Revert 'KVM: nVMX: Eliminate vmcs02 pool' (Boris Ostrovsky) [Orabug: \n29542029] - Revert 'KVM: VMX: introduce alloc_loaded_vmcs' (Boris \nOstrovsky) [Orabug: 29542029] - Revert 'KVM: VMX: make MSR bitmaps \nper-VCPU' (Boris Ostrovsky) [Orabug: 29542029] - Revert 'KVM: x86: pass \nhost_initiated to functions that read MSRs' (Boris Ostrovsky) [Orabug: \n29542029] - Revert 'KVM/x86: Add IBPB support' (Boris Ostrovsky) \n[Orabug: 29542029] - Revert 'KVM/VMX: Allow direct access to \nMSR_IA32_SPEC_CTRL - reloaded' (Boris Ostrovsky) [Orabug: 29542029] - \nRevert 'KVM/SVM: Allow direct access to MSR_IA32_SPEC_CTRL' (Boris \nOstrovsky) [Orabug: 29542029] - Revert 'KVM: SVM: Add MSR-based feature \nsupport for serializing LFENCE' (Boris Ostrovsky) [Orabug: 29542029] - \nRevert 'x86/cpufeatures: rename X86_FEATURE_AMD_SSBD to \nX86_FEATURE_LS_CFG_SSBD' (Boris Ostrovsky) [Orabug: 29542029] - Revert \n'x86/bugs: Add AMD's SPEC_CTRL MSR usage' (Boris Ostrovsky) [Orabug: \n29542029] - Revert 'x86/bugs: Fix the AMD SSBD usage of the SPEC_CTRL \nMSR' (Boris Ostrovsky) [Orabug: 29542029] - arch: x86: remove unsued \nSET_IBPB from spec_ctrl.h (Mihai Carabas) [Orabug: 29336760] - x86: cpu: \nmicrocode: fix late loading SpectreV2 bugs eval (Mihai Carabas) [Orabug: \n29336760] - x86: cpu: microcode: fix late loading SSBD and L1TF bugs \neval (Mihai Carabas) [Orabug: 29336760] - x86: cpu: microcode: \nRe-evaluate bugs in a CPU after microcode loading (Mihai Carabas) \n[Orabug: 29336760] - x86: cpu: microcode: update flags for all cpus \n(Mihai Carabas) [Orabug: 29336760]\n\n[4.1.12-124.26.6.el7uek]\n- x86/apic: Make arch_setup_hwirq NUMA node aware (Henry Willard) \n[Orabug: 29292411]\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://oss.oracle.com/pipermail/el-errata/2019-April/008616.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://oss.oracle.com/pipermail/el-errata/2019-April/008617.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected unbreakable enterprise kernel packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:N/I:N/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek-debug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek-debug-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek-firmware\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:6\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:7\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2018/03/02\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/04/01\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/04/02\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Oracle Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"linux_alt_patch_detect.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/OracleLinux\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\ninclude(\"ksplice.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/OracleLinux\")) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || !pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux)\", string:release)) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nos_ver = pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Oracle Linux\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(6|7)([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Oracle Linux 6 / 7\", \"Oracle Linux \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Oracle Linux\", cpu);\nif (\"x86_64\" >!< cpu) audit(AUDIT_ARCH_NOT, \"x86_64\", cpu);\n\nif (get_one_kb_item(\"Host/ksplice/kernel-cves\"))\n{\n rm_kb_item(name:\"Host/uptrack-uname-r\");\n cve_list = make_list(\"CVE-2018-1066\", \"CVE-2018-10881\", \"CVE-2018-10882\", \"CVE-2019-3701\"); \n if (ksplice_cves_check(cve_list))\n {\n audit(AUDIT_PATCH_INSTALLED, \"KSplice hotfix for ELSA-2019-4596\");\n }\n else\n {\n __rpm_report = ksplice_reporting_text();\n }\n}\n\nkernel_major_minor = get_kb_item(\"Host/uname/major_minor\");\nif (empty_or_null(kernel_major_minor)) exit(1, \"Unable to determine kernel major-minor level.\");\nexpected_kernel_major_minor = \"4.1\";\nif (kernel_major_minor != expected_kernel_major_minor)\n audit(AUDIT_OS_NOT, \"running kernel level \" + expected_kernel_major_minor + \", it is running kernel level \" + kernel_major_minor);\n\nflag = 0;\nif (rpm_exists(release:\"EL6\", rpm:\"kernel-uek-4.1.12\") && rpm_check(release:\"EL6\", cpu:\"x86_64\", reference:\"kernel-uek-4.1.12-124.26.7.el6uek\")) flag++;\nif (rpm_exists(release:\"EL6\", rpm:\"kernel-uek-debug-4.1.12\") && rpm_check(release:\"EL6\", cpu:\"x86_64\", reference:\"kernel-uek-debug-4.1.12-124.26.7.el6uek\")) flag++;\nif (rpm_exists(release:\"EL6\", rpm:\"kernel-uek-debug-devel-4.1.12\") && rpm_check(release:\"EL6\", cpu:\"x86_64\", reference:\"kernel-uek-debug-devel-4.1.12-124.26.7.el6uek\")) flag++;\nif (rpm_exists(release:\"EL6\", rpm:\"kernel-uek-devel-4.1.12\") && rpm_check(release:\"EL6\", cpu:\"x86_64\", reference:\"kernel-uek-devel-4.1.12-124.26.7.el6uek\")) flag++;\nif (rpm_exists(release:\"EL6\", rpm:\"kernel-uek-doc-4.1.12\") && rpm_check(release:\"EL6\", cpu:\"x86_64\", reference:\"kernel-uek-doc-4.1.12-124.26.7.el6uek\")) flag++;\nif (rpm_exists(release:\"EL6\", rpm:\"kernel-uek-firmware-4.1.12\") && rpm_check(release:\"EL6\", cpu:\"x86_64\", reference:\"kernel-uek-firmware-4.1.12-124.26.7.el6uek\")) flag++;\n\nif (rpm_exists(release:\"EL7\", rpm:\"kernel-uek-4.1.12\") && rpm_check(release:\"EL7\", cpu:\"x86_64\", reference:\"kernel-uek-4.1.12-124.26.7.el7uek\")) flag++;\nif (rpm_exists(release:\"EL7\", rpm:\"kernel-uek-debug-4.1.12\") && rpm_check(release:\"EL7\", cpu:\"x86_64\", reference:\"kernel-uek-debug-4.1.12-124.26.7.el7uek\")) flag++;\nif (rpm_exists(release:\"EL7\", rpm:\"kernel-uek-debug-devel-4.1.12\") && rpm_check(release:\"EL7\", cpu:\"x86_64\", reference:\"kernel-uek-debug-devel-4.1.12-124.26.7.el7uek\")) flag++;\nif (rpm_exists(release:\"EL7\", rpm:\"kernel-uek-devel-4.1.12\") && rpm_check(release:\"EL7\", cpu:\"x86_64\", reference:\"kernel-uek-devel-4.1.12-124.26.7.el7uek\")) flag++;\nif (rpm_exists(release:\"EL7\", rpm:\"kernel-uek-doc-4.1.12\") && rpm_check(release:\"EL7\", cpu:\"x86_64\", reference:\"kernel-uek-doc-4.1.12-124.26.7.el7uek\")) flag++;\nif (rpm_exists(release:\"EL7\", rpm:\"kernel-uek-firmware-4.1.12\") && rpm_check(release:\"EL7\", cpu:\"x86_64\", reference:\"kernel-uek-firmware-4.1.12-124.26.7.el7uek\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"affected kernel\");\n}\n", "cvss": {"score": 7.1, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2021-03-01T05:20:21", "description": "The remote OracleVM system is missing necessary patches to address\ncritical security updates :\n\n - ib_core: initialize shpd field when allocating 'struct\n ib_pd' (Mukesh Kacker) [Orabug: 29384815]\n\n - Revert 'x86/apic: Make arch_setup_hwirq NUMA node aware'\n (Brian Maly) [Orabug: 29542185]\n\n - qlcnic: fix Tx descriptor corruption on 82xx devices\n (Shahed Shaikh) [Orabug: 27708787]\n\n - block: Fix a race between blk_cleanup_queue and timeout\n handling (Bart Van Assche) [Orabug: 29158186]\n\n - can: gw: ensure DLC boundaries after CAN frame\n modification (Oliver Hartkopp) [Orabug: 29215299]\n (CVE-2019-3701) (CVE-2019-3701)\n\n - CIFS: Enable encryption during session setup phase\n (Pavel Shilovsky) [Orabug: 29338239] (CVE-2018-1066)\n\n - ext4: clear i_data in ext4_inode_info when removing\n inline data (Theodore Ts'o) [Orabug: 29540709]\n (CVE-2018-10881) (CVE-2018-10881)\n\n - ext4: add more inode number paranoia checks (Theodore\n Ts'o) [Orabug: 29545566] (CVE-2018-10882)\n (CVE-2018-10882)\n\n - Revert 'KVM: nVMX: Eliminate vmcs02 pool' (Boris\n Ostrovsky) [Orabug: 29542029]\n\n - Revert 'KVM: VMX: introduce alloc_loaded_vmcs' (Boris\n Ostrovsky) [Orabug: 29542029]\n\n - Revert 'KVM: VMX: make MSR bitmaps per-VCPU' (Boris\n Ostrovsky) [Orabug: 29542029]\n\n - Revert 'KVM: x86: pass host_initiated to functions that\n read MSRs' (Boris Ostrovsky) [Orabug: 29542029]\n\n - Revert 'KVM/x86: Add IBPB support' (Boris Ostrovsky)\n [Orabug: 29542029]\n\n - Revert 'KVM/VMX: Allow direct access to\n MSR_IA32_SPEC_CTRL - reloaded' (Boris Ostrovsky)\n [Orabug: 29542029]\n\n - Revert 'KVM/SVM: Allow direct access to\n MSR_IA32_SPEC_CTRL' (Boris Ostrovsky) [Orabug: 29542029]\n\n - Revert 'KVM: SVM: Add MSR-based feature support for\n serializing LFENCE' (Boris Ostrovsky) [Orabug: 29542029]\n\n - Revert 'x86/cpufeatures: rename X86_FEATURE_AMD_SSBD to\n X86_FEATURE_LS_CFG_SSBD' (Boris Ostrovsky) [Orabug:\n 29542029]\n\n - Revert 'x86/bugs: Add AMD's SPEC_CTRL MSR usage' (Boris\n Ostrovsky) [Orabug: 29542029]\n\n - Revert 'x86/bugs: Fix the AMD SSBD usage of the\n SPEC_CTRL MSR' (Boris Ostrovsky) [Orabug: 29542029]\n\n - arch: x86: remove unsued SET_IBPB from spec_ctrl.h\n (Mihai Carabas) [Orabug: 29336760]\n\n - x86: cpu: microcode: fix late loading SpectreV2 bugs\n eval (Mihai Carabas) [Orabug: 29336760]\n\n - x86: cpu: microcode: fix late loading SSBD and L1TF bugs\n eval (Mihai Carabas) [Orabug: 29336760]\n\n - x86: cpu: microcode: Re-evaluate bugs in a CPU after\n microcode loading (Mihai Carabas) [Orabug: 29336760]\n\n - x86: cpu: microcode: update flags for all cpus (Mihai\n Carabas) [Orabug: 29336760]\n\n - x86/apic: Make arch_setup_hwirq NUMA node aware (Henry\n Willard) [Orabug: 29292411]", "edition": 20, "cvss3": {"score": 6.5, "vector": "AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"}, "published": "2019-05-06T00:00:00", "title": "OracleVM 3.4 : Unbreakable / etc (OVMSA-2019-0014)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2018-10882", "CVE-2018-1066", "CVE-2018-10881", "CVE-2019-3701"], "modified": "2021-03-02T00:00:00", "cpe": ["cpe:/o:oracle:vm_server:3.4", "p-cpe:/a:oracle:vm:kernel-uek", "p-cpe:/a:oracle:vm:kernel-uek-firmware"], "id": "ORACLEVM_OVMSA-2019-0014.NASL", "href": "https://www.tenable.com/plugins/nessus/124637", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The package checks in this plugin were extracted from OracleVM\n# Security Advisory OVMSA-2019-0014.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(124637);\n script_version(\"1.3\");\n script_cvs_date(\"Date: 2020/01/21\");\n\n script_cve_id(\"CVE-2018-1066\", \"CVE-2018-10881\", \"CVE-2018-10882\", \"CVE-2019-3701\");\n\n script_name(english:\"OracleVM 3.4 : Unbreakable / etc (OVMSA-2019-0014)\");\n script_summary(english:\"Checks the RPM output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote OracleVM host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The remote OracleVM system is missing necessary patches to address\ncritical security updates :\n\n - ib_core: initialize shpd field when allocating 'struct\n ib_pd' (Mukesh Kacker) [Orabug: 29384815]\n\n - Revert 'x86/apic: Make arch_setup_hwirq NUMA node aware'\n (Brian Maly) [Orabug: 29542185]\n\n - qlcnic: fix Tx descriptor corruption on 82xx devices\n (Shahed Shaikh) [Orabug: 27708787]\n\n - block: Fix a race between blk_cleanup_queue and timeout\n handling (Bart Van Assche) [Orabug: 29158186]\n\n - can: gw: ensure DLC boundaries after CAN frame\n modification (Oliver Hartkopp) [Orabug: 29215299]\n (CVE-2019-3701) (CVE-2019-3701)\n\n - CIFS: Enable encryption during session setup phase\n (Pavel Shilovsky) [Orabug: 29338239] (CVE-2018-1066)\n\n - ext4: clear i_data in ext4_inode_info when removing\n inline data (Theodore Ts'o) [Orabug: 29540709]\n (CVE-2018-10881) (CVE-2018-10881)\n\n - ext4: add more inode number paranoia checks (Theodore\n Ts'o) [Orabug: 29545566] (CVE-2018-10882)\n (CVE-2018-10882)\n\n - Revert 'KVM: nVMX: Eliminate vmcs02 pool' (Boris\n Ostrovsky) [Orabug: 29542029]\n\n - Revert 'KVM: VMX: introduce alloc_loaded_vmcs' (Boris\n Ostrovsky) [Orabug: 29542029]\n\n - Revert 'KVM: VMX: make MSR bitmaps per-VCPU' (Boris\n Ostrovsky) [Orabug: 29542029]\n\n - Revert 'KVM: x86: pass host_initiated to functions that\n read MSRs' (Boris Ostrovsky) [Orabug: 29542029]\n\n - Revert 'KVM/x86: Add IBPB support' (Boris Ostrovsky)\n [Orabug: 29542029]\n\n - Revert 'KVM/VMX: Allow direct access to\n MSR_IA32_SPEC_CTRL - reloaded' (Boris Ostrovsky)\n [Orabug: 29542029]\n\n - Revert 'KVM/SVM: Allow direct access to\n MSR_IA32_SPEC_CTRL' (Boris Ostrovsky) [Orabug: 29542029]\n\n - Revert 'KVM: SVM: Add MSR-based feature support for\n serializing LFENCE' (Boris Ostrovsky) [Orabug: 29542029]\n\n - Revert 'x86/cpufeatures: rename X86_FEATURE_AMD_SSBD to\n X86_FEATURE_LS_CFG_SSBD' (Boris Ostrovsky) [Orabug:\n 29542029]\n\n - Revert 'x86/bugs: Add AMD's SPEC_CTRL MSR usage' (Boris\n Ostrovsky) [Orabug: 29542029]\n\n - Revert 'x86/bugs: Fix the AMD SSBD usage of the\n SPEC_CTRL MSR' (Boris Ostrovsky) [Orabug: 29542029]\n\n - arch: x86: remove unsued SET_IBPB from spec_ctrl.h\n (Mihai Carabas) [Orabug: 29336760]\n\n - x86: cpu: microcode: fix late loading SpectreV2 bugs\n eval (Mihai Carabas) [Orabug: 29336760]\n\n - x86: cpu: microcode: fix late loading SSBD and L1TF bugs\n eval (Mihai Carabas) [Orabug: 29336760]\n\n - x86: cpu: microcode: Re-evaluate bugs in a CPU after\n microcode loading (Mihai Carabas) [Orabug: 29336760]\n\n - x86: cpu: microcode: update flags for all cpus (Mihai\n Carabas) [Orabug: 29336760]\n\n - x86/apic: Make arch_setup_hwirq NUMA node aware (Henry\n Willard) [Orabug: 29292411]\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://oss.oracle.com/pipermail/oraclevm-errata/2019-May/000936.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected kernel-uek / kernel-uek-firmware packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:N/I:N/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:vm:kernel-uek\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:vm:kernel-uek-firmware\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:vm_server:3.4\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2018/03/02\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/05/03\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/05/06\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"OracleVM Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/OracleVM/release\", \"Host/OracleVM/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/OracleVM/release\");\nif (isnull(release) || \"OVS\" >!< release) audit(AUDIT_OS_NOT, \"OracleVM\");\nif (! preg(pattern:\"^OVS\" + \"3\\.4\" + \"(\\.[0-9]|$)\", string:release)) audit(AUDIT_OS_NOT, \"OracleVM 3.4\", \"OracleVM \" + release);\nif (!get_kb_item(\"Host/OracleVM/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"OracleVM\", cpu);\nif (\"x86_64\" >!< cpu) audit(AUDIT_ARCH_NOT, \"x86_64\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"OVS3.4\", reference:\"kernel-uek-4.1.12-124.26.7.el6uek\")) flag++;\nif (rpm_check(release:\"OVS3.4\", reference:\"kernel-uek-firmware-4.1.12-124.26.7.el6uek\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"kernel-uek / kernel-uek-firmware\");\n}\n", "cvss": {"score": 7.1, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2021-03-01T05:13:25", "description": "Description of changes:\n\nkernel-uek\n[3.8.13-118.32.1.el7uek]\n- x86/fpu: Factor out memset(xstate, 0) in fpu_finit() paths (Oleg \nNesterov) [Orabug: 29012034]\n- x86/fpu: Always allow FPU in interrupt if use_eager_fpu() (Oleg \nNesterov) [Orabug: 29012034]\n- x86/fpu: Fix 32-bit signal frame handling (Dave Hansen) [Orabug: 29012034]\n- x86/fpu: Don't do __thread_fpu_end() if use_eager_fpu() (Oleg \nNesterov) [Orabug: 29012034]\n- x86/fpu: Don't reset fpu_counter (Oleg Nesterov) [Orabug: 29012034]\n- x86, fpu: Fix math_state_restore() race with kernel_fpu_begin() (Oleg \nNesterov) [Orabug: 29012034]\n- x86, fpu: Introduce per-cpu in_kernel_fpu state (Oleg Nesterov) \n[Orabug: 29012034]\n- x86, fpu: Don't abuse has_fpu in __kernel_fpu_begin/end() (Oleg \nNesterov) [Orabug: 29012034]\n- x86: Allow FPU to be used at interrupt time even with eagerfpu (Pekka \nRiikonen) [Orabug: 29012034]\n- can: gw: ensure DLC boundaries after CAN frame modification (Oliver \nHartkopp) [Orabug: 29215300] {CVE-2019-3701} {CVE-2019-3701}\n- ext4: verify the depth of extent tree in ext4_find_extent() (Theodore \nTs'o) [Orabug: 29396713] {CVE-2018-10877} {CVE-2018-10877}\n- ext4: always verify the magic number in xattr blocks (Theodore Ts'o) \n[Orabug: 29437128] {CVE-2018-10879} {CVE-2018-10879}\n- ext4: add corruption check in ext4_xattr_set_entry() (Theodore Ts'o) \n[Orabug: 29437128] {CVE-2018-10879} {CVE-2018-10879}\n- ext4: clear i_data in ext4_inode_info when removing inline data \n(Theodore Ts'o) [Orabug: 29540710] {CVE-2018-10881} {CVE-2018-10881}\n- ext4: add more inode number paranoia checks (Theodore Ts'o) [Orabug: \n29545567] {CVE-2018-10882} {CVE-2018-10882}", "edition": 20, "cvss3": {"score": 6.5, "vector": "AV:L/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H"}, "published": "2019-04-10T00:00:00", "title": "Oracle Linux 6 / 7 : Unbreakable Enterprise kernel (ELSA-2019-4600)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2018-10882", "CVE-2018-10877", "CVE-2018-10881", "CVE-2019-3701", "CVE-2018-10879"], "modified": "2021-03-02T00:00:00", "cpe": ["cpe:/o:oracle:linux:6", "p-cpe:/a:oracle:linux:kernel-uek-firmware", "p-cpe:/a:oracle:linux:kernel-uek-doc", "p-cpe:/a:oracle:linux:kernel-uek", "p-cpe:/a:oracle:linux:kernel-uek-debug-devel", "p-cpe:/a:oracle:linux:dtrace-modules-3.8.13-118.32.1.el6uek", "p-cpe:/a:oracle:linux:kernel-uek-devel", "p-cpe:/a:oracle:linux:dtrace-modules-3.8.13-118.32.1.el7uek", "cpe:/o:oracle:linux:7", "p-cpe:/a:oracle:linux:kernel-uek-debug"], "id": "ORACLELINUX_ELSA-2019-4600.NASL", "href": "https://www.tenable.com/plugins/nessus/123961", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Oracle Linux Security Advisory ELSA-2019-4600.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(123961);\n script_version(\"1.5\");\n script_cvs_date(\"Date: 2020/01/23\");\n\n script_cve_id(\"CVE-2018-10877\", \"CVE-2018-10879\", \"CVE-2018-10881\", \"CVE-2018-10882\", \"CVE-2019-3701\");\n\n script_name(english:\"Oracle Linux 6 / 7 : Unbreakable Enterprise kernel (ELSA-2019-4600)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Oracle Linux host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Description of changes:\n\nkernel-uek\n[3.8.13-118.32.1.el7uek]\n- x86/fpu: Factor out memset(xstate, 0) in fpu_finit() paths (Oleg \nNesterov) [Orabug: 29012034]\n- x86/fpu: Always allow FPU in interrupt if use_eager_fpu() (Oleg \nNesterov) [Orabug: 29012034]\n- x86/fpu: Fix 32-bit signal frame handling (Dave Hansen) [Orabug: 29012034]\n- x86/fpu: Don't do __thread_fpu_end() if use_eager_fpu() (Oleg \nNesterov) [Orabug: 29012034]\n- x86/fpu: Don't reset fpu_counter (Oleg Nesterov) [Orabug: 29012034]\n- x86, fpu: Fix math_state_restore() race with kernel_fpu_begin() (Oleg \nNesterov) [Orabug: 29012034]\n- x86, fpu: Introduce per-cpu in_kernel_fpu state (Oleg Nesterov) \n[Orabug: 29012034]\n- x86, fpu: Don't abuse has_fpu in __kernel_fpu_begin/end() (Oleg \nNesterov) [Orabug: 29012034]\n- x86: Allow FPU to be used at interrupt time even with eagerfpu (Pekka \nRiikonen) [Orabug: 29012034]\n- can: gw: ensure DLC boundaries after CAN frame modification (Oliver \nHartkopp) [Orabug: 29215300] {CVE-2019-3701} {CVE-2019-3701}\n- ext4: verify the depth of extent tree in ext4_find_extent() (Theodore \nTs'o) [Orabug: 29396713] {CVE-2018-10877} {CVE-2018-10877}\n- ext4: always verify the magic number in xattr blocks (Theodore Ts'o) \n[Orabug: 29437128] {CVE-2018-10879} {CVE-2018-10879}\n- ext4: add corruption check in ext4_xattr_set_entry() (Theodore Ts'o) \n[Orabug: 29437128] {CVE-2018-10879} {CVE-2018-10879}\n- ext4: clear i_data in ext4_inode_info when removing inline data \n(Theodore Ts'o) [Orabug: 29540710] {CVE-2018-10881} {CVE-2018-10881}\n- ext4: add more inode number paranoia checks (Theodore Ts'o) [Orabug: \n29545567] {CVE-2018-10882} {CVE-2018-10882}\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://oss.oracle.com/pipermail/el-errata/2019-April/008626.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://oss.oracle.com/pipermail/el-errata/2019-April/008627.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected unbreakable enterprise kernel packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2018-10877\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:dtrace-modules-3.8.13-118.32.1.el6uek\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:dtrace-modules-3.8.13-118.32.1.el7uek\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek-debug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek-debug-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek-firmware\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:6\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:7\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2018/07/18\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/04/09\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/04/10\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Oracle Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"linux_alt_patch_detect.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/OracleLinux\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\ninclude(\"ksplice.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/OracleLinux\")) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || !pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux)\", string:release)) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nos_ver = pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Oracle Linux\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(6|7)([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Oracle Linux 6 / 7\", \"Oracle Linux \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Oracle Linux\", cpu);\nif (\"x86_64\" >!< cpu) audit(AUDIT_ARCH_NOT, \"x86_64\", cpu);\n\nif (get_one_kb_item(\"Host/ksplice/kernel-cves\"))\n{\n rm_kb_item(name:\"Host/uptrack-uname-r\");\n cve_list = make_list(\"CVE-2018-10877\", \"CVE-2018-10879\", \"CVE-2018-10881\", \"CVE-2018-10882\", \"CVE-2019-3701\"); \n if (ksplice_cves_check(cve_list))\n {\n audit(AUDIT_PATCH_INSTALLED, \"KSplice hotfix for ELSA-2019-4600\");\n }\n else\n {\n __rpm_report = ksplice_reporting_text();\n }\n}\n\nkernel_major_minor = get_kb_item(\"Host/uname/major_minor\");\nif (empty_or_null(kernel_major_minor)) exit(1, \"Unable to determine kernel major-minor level.\");\nexpected_kernel_major_minor = \"3.8\";\nif (kernel_major_minor != expected_kernel_major_minor)\n audit(AUDIT_OS_NOT, \"running kernel level \" + expected_kernel_major_minor + \", it is running kernel level \" + kernel_major_minor);\n\nflag = 0;\nif (rpm_check(release:\"EL6\", cpu:\"x86_64\", reference:\"dtrace-modules-3.8.13-118.32.1.el6uek-0.4.5-3.el6\")) flag++;\nif (rpm_exists(release:\"EL6\", rpm:\"kernel-uek-3.8.13\") && rpm_check(release:\"EL6\", cpu:\"x86_64\", reference:\"kernel-uek-3.8.13-118.32.1.el6uek\")) flag++;\nif (rpm_exists(release:\"EL6\", rpm:\"kernel-uek-debug-3.8.13\") && rpm_check(release:\"EL6\", cpu:\"x86_64\", reference:\"kernel-uek-debug-3.8.13-118.32.1.el6uek\")) flag++;\nif (rpm_exists(release:\"EL6\", rpm:\"kernel-uek-debug-devel-3.8.13\") && rpm_check(release:\"EL6\", cpu:\"x86_64\", reference:\"kernel-uek-debug-devel-3.8.13-118.32.1.el6uek\")) flag++;\nif (rpm_exists(release:\"EL6\", rpm:\"kernel-uek-devel-3.8.13\") && rpm_check(release:\"EL6\", cpu:\"x86_64\", reference:\"kernel-uek-devel-3.8.13-118.32.1.el6uek\")) flag++;\nif (rpm_exists(release:\"EL6\", rpm:\"kernel-uek-doc-3.8.13\") && rpm_check(release:\"EL6\", cpu:\"x86_64\", reference:\"kernel-uek-doc-3.8.13-118.32.1.el6uek\")) flag++;\nif (rpm_exists(release:\"EL6\", rpm:\"kernel-uek-firmware-3.8.13\") && rpm_check(release:\"EL6\", cpu:\"x86_64\", reference:\"kernel-uek-firmware-3.8.13-118.32.1.el6uek\")) flag++;\n\nif (rpm_check(release:\"EL7\", cpu:\"x86_64\", reference:\"dtrace-modules-3.8.13-118.32.1.el7uek-0.4.5-3.el7\")) flag++;\nif (rpm_exists(release:\"EL7\", rpm:\"kernel-uek-3.8.13\") && rpm_check(release:\"EL7\", cpu:\"x86_64\", reference:\"kernel-uek-3.8.13-118.32.1.el7uek\")) flag++;\nif (rpm_exists(release:\"EL7\", rpm:\"kernel-uek-debug-3.8.13\") && rpm_check(release:\"EL7\", cpu:\"x86_64\", reference:\"kernel-uek-debug-3.8.13-118.32.1.el7uek\")) flag++;\nif (rpm_exists(release:\"EL7\", rpm:\"kernel-uek-debug-devel-3.8.13\") && rpm_check(release:\"EL7\", cpu:\"x86_64\", reference:\"kernel-uek-debug-devel-3.8.13-118.32.1.el7uek\")) flag++;\nif (rpm_exists(release:\"EL7\", rpm:\"kernel-uek-devel-3.8.13\") && rpm_check(release:\"EL7\", cpu:\"x86_64\", reference:\"kernel-uek-devel-3.8.13-118.32.1.el7uek\")) flag++;\nif (rpm_exists(release:\"EL7\", rpm:\"kernel-uek-doc-3.8.13\") && rpm_check(release:\"EL7\", cpu:\"x86_64\", reference:\"kernel-uek-doc-3.8.13-118.32.1.el7uek\")) flag++;\nif (rpm_exists(release:\"EL7\", rpm:\"kernel-uek-firmware-3.8.13\") && rpm_check(release:\"EL7\", cpu:\"x86_64\", reference:\"kernel-uek-firmware-3.8.13-118.32.1.el7uek\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"affected kernel\");\n}\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-01-07T08:56:57", "description": "According to the versions of the kernel packages installed, the\nEulerOS Virtualization installation on the remote host is affected by\nthe following vulnerabilities :\n\n - The function hso_get_config_data in\n drivers/net/usb/hso.c in the Linux kernel through\n 4.19.8 reads if_num from the USB device (as a u8) and\n uses it to index a small array, resulting in an object\n out-of-bounds (OOB) read that potentially allows\n arbitrary read in the kernel address\n space.(CVE-2018-19985)\n\n - An industry-wide issue was found in the way many modern\n microprocessor designs have implemented speculative\n execution of instructions (a commonly used performance\n optimization). There are three primary variants of the\n issue which differ in the way the speculative execution\n can be exploited. Variant CVE-2017-5754 relies on the\n fact that, on impacted microprocessors, during\n speculative execution of instruction permission faults,\n exception generation triggered by a faulting access is\n suppressed until the retirement of the whole\n instruction block. In a combination with the fact that\n memory accesses may populate the cache even when the\n block is being dropped and never committed (executed),\n an unprivileged local attacker could use this flaw to\n read privileged (kernel space) memory by conducting\n targeted cache side-channel attacks. Note:\n CVE-2017-5754 affects Intel x86-64 microprocessors. AMD\n x86-64 microprocessors are not affected by this\n issue.(CVE-2017-5754)\n\n - A non-privileged user is able to mount a fuse\n filesystem on RHEL 6 or 7 and crash a system if an\n application punches a hole in a file that does not end\n aligned to a page boundary.(CVE-2017-15121)\n\n - A flaw was found in the Linux kernel when attempting to\n 'punch a hole' in files existing on an ext4 filesystem.\n When punching holes into a file races with the page\n fault of the same area, it is possible that freed\n blocks remain referenced from page cache pages mapped\n to process' address space.(CVE-2015-8839)\n\n - An industry-wide issue was found in the way many modern\n microprocessor designs have implemented speculative\n execution of instructions past bounds check. The flaw\n relies on the presence of a precisely-defined\n instruction sequence in the privileged code and the\n fact that memory writes occur to an address which\n depends on the untrusted value. Such writes cause an\n update into the microprocessor's data cache even for\n speculatively executed instructions that never actually\n commit (retire). As a result, an unprivileged attacker\n could use this flaw to influence speculative execution\n and/or read privileged memory by conducting targeted\n cache side-channel attacks.(CVE-2018-3693)\n\n - A Floating Point Unit (FPU) state information leakage\n flaw was found in the way the Linux kernel saved and\n restored the FPU state during task switch. Linux\n kernels that follow the 'Lazy FPU Restore' scheme are\n vulnerable to the FPU state information leakage issue.\n An unprivileged local attacker could use this flaw to\n read FPU state bits by conducting targeted cache\n side-channel attacks, similar to the Meltdown\n vulnerability disclosed earlier this\n year.(CVE-2018-3665)\n\n - A bug in the 32-bit compatibility layer of the ioctl\n handling code of the v4l2 video driver in the Linux\n kernel has been found. A memory protection mechanism\n ensuring that user-provided buffers always point to a\n userspace memory were disabled, allowing destination\n address to be in a kernel space. This flaw could be\n exploited by an attacker to overwrite a kernel memory\n from an unprivileged userspace process, leading to\n privilege escalation.(CVE-2017-13166)\n\n - It was found that the raw midi kernel driver does not\n protect against concurrent access which leads to a\n double realloc (double free) in\n snd_rawmidi_input_params() and\n snd_rawmidi_output_status() which are part of\n snd_rawmidi_ioctl() handler in rawmidi.c file. A\n malicious local attacker could possibly use this for\n privilege escalation.(CVE-2018-10902)\n\n - A flaw was found in the Linux kernel's implementation\n of valid_master_desc() in which a memory buffer would\n be compared to a userspace value with an incorrect size\n of comparison. By bruteforcing the comparison, an\n attacker could determine what was in memory after the\n description and possibly obtain sensitive information\n from kernel memory.(CVE-2017-13305)\n\n - A flaw was found in the Linux kernel's ext4 filesystem.\n A local user can cause an out-of-bound write in in\n fs/jbd2/transaction.c code, a denial of service, and a\n system crash by unmounting a crafted ext4 filesystem\n image.(CVE-2018-10882)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the EulerOS security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "edition": 18, "cvss3": {"score": 5.6, "vector": "AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N"}, "published": "2019-05-13T00:00:00", "title": "EulerOS Virtualization 3.0.1.0 : kernel (EulerOS-SA-2019-1514)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2018-10882", "CVE-2018-3693", "CVE-2017-5754", "CVE-2015-8839", "CVE-2017-13166", "CVE-2017-13305", "CVE-2018-3665", "CVE-2017-15121", "CVE-2018-10902", "CVE-2018-19985"], "modified": "2019-05-13T00:00:00", "cpe": ["p-cpe:/a:huawei:euleros:kernel-tools", "p-cpe:/a:huawei:euleros:kernel", "p-cpe:/a:huawei:euleros:kernel-tools-libs-devel", "p-cpe:/a:huawei:euleros:perf", "p-cpe:/a:huawei:euleros:kernel-headers", "p-cpe:/a:huawei:euleros:kernel-devel", "cpe:/o:huawei:euleros:uvp:3.0.1.0", "p-cpe:/a:huawei:euleros:python-perf", "p-cpe:/a:huawei:euleros:kernel-tools-libs"], "id": "EULEROS_SA-2019-1514.NASL", "href": "https://www.tenable.com/plugins/nessus/124835", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(124835);\n script_version(\"1.7\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\n \"CVE-2015-8839\",\n \"CVE-2017-13166\",\n \"CVE-2017-13305\",\n \"CVE-2017-15121\",\n \"CVE-2017-5754\",\n \"CVE-2018-10882\",\n \"CVE-2018-10902\",\n \"CVE-2018-19985\",\n \"CVE-2018-3665\",\n \"CVE-2018-3693\"\n );\n\n script_name(english:\"EulerOS Virtualization 3.0.1.0 : kernel (EulerOS-SA-2019-1514)\");\n script_summary(english:\"Checks the rpm output for the updated packages.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote EulerOS Virtualization host is missing multiple security\nupdates.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to the versions of the kernel packages installed, the\nEulerOS Virtualization installation on the remote host is affected by\nthe following vulnerabilities :\n\n - The function hso_get_config_data in\n drivers/net/usb/hso.c in the Linux kernel through\n 4.19.8 reads if_num from the USB device (as a u8) and\n uses it to index a small array, resulting in an object\n out-of-bounds (OOB) read that potentially allows\n arbitrary read in the kernel address\n space.(CVE-2018-19985)\n\n - An industry-wide issue was found in the way many modern\n microprocessor designs have implemented speculative\n execution of instructions (a commonly used performance\n optimization). There are three primary variants of the\n issue which differ in the way the speculative execution\n can be exploited. Variant CVE-2017-5754 relies on the\n fact that, on impacted microprocessors, during\n speculative execution of instruction permission faults,\n exception generation triggered by a faulting access is\n suppressed until the retirement of the whole\n instruction block. In a combination with the fact that\n memory accesses may populate the cache even when the\n block is being dropped and never committed (executed),\n an unprivileged local attacker could use this flaw to\n read privileged (kernel space) memory by conducting\n targeted cache side-channel attacks. Note:\n CVE-2017-5754 affects Intel x86-64 microprocessors. AMD\n x86-64 microprocessors are not affected by this\n issue.(CVE-2017-5754)\n\n - A non-privileged user is able to mount a fuse\n filesystem on RHEL 6 or 7 and crash a system if an\n application punches a hole in a file that does not end\n aligned to a page boundary.(CVE-2017-15121)\n\n - A flaw was found in the Linux kernel when attempting to\n 'punch a hole' in files existing on an ext4 filesystem.\n When punching holes into a file races with the page\n fault of the same area, it is possible that freed\n blocks remain referenced from page cache pages mapped\n to process' address space.(CVE-2015-8839)\n\n - An industry-wide issue was found in the way many modern\n microprocessor designs have implemented speculative\n execution of instructions past bounds check. The flaw\n relies on the presence of a precisely-defined\n instruction sequence in the privileged code and the\n fact that memory writes occur to an address which\n depends on the untrusted value. Such writes cause an\n update into the microprocessor's data cache even for\n speculatively executed instructions that never actually\n commit (retire). As a result, an unprivileged attacker\n could use this flaw to influence speculative execution\n and/or read privileged memory by conducting targeted\n cache side-channel attacks.(CVE-2018-3693)\n\n - A Floating Point Unit (FPU) state information leakage\n flaw was found in the way the Linux kernel saved and\n restored the FPU state during task switch. Linux\n kernels that follow the 'Lazy FPU Restore' scheme are\n vulnerable to the FPU state information leakage issue.\n An unprivileged local attacker could use this flaw to\n read FPU state bits by conducting targeted cache\n side-channel attacks, similar to the Meltdown\n vulnerability disclosed earlier this\n year.(CVE-2018-3665)\n\n - A bug in the 32-bit compatibility layer of the ioctl\n handling code of the v4l2 video driver in the Linux\n kernel has been found. A memory protection mechanism\n ensuring that user-provided buffers always point to a\n userspace memory were disabled, allowing destination\n address to be in a kernel space. This flaw could be\n exploited by an attacker to overwrite a kernel memory\n from an unprivileged userspace process, leading to\n privilege escalation.(CVE-2017-13166)\n\n - It was found that the raw midi kernel driver does not\n protect against concurrent access which leads to a\n double realloc (double free) in\n snd_rawmidi_input_params() and\n snd_rawmidi_output_status() which are part of\n snd_rawmidi_ioctl() handler in rawmidi.c file. A\n malicious local attacker could possibly use this for\n privilege escalation.(CVE-2018-10902)\n\n - A flaw was found in the Linux kernel's implementation\n of valid_master_desc() in which a memory buffer would\n be compared to a userspace value with an incorrect size\n of comparison. By bruteforcing the comparison, an\n attacker could determine what was in memory after the\n description and possibly obtain sensitive information\n from kernel memory.(CVE-2017-13305)\n\n - A flaw was found in the Linux kernel's ext4 filesystem.\n A local user can cause an out-of-bound write in in\n fs/jbd2/transaction.c code, a denial of service, and a\n system crash by unmounting a crafted ext4 filesystem\n image.(CVE-2018-10882)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the EulerOS security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\");\n # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2019-1514\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?7cc9be55\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected kernel packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:M/Au:N/C:C/I:N/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2018-3693\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/05/08\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/05/13\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:kernel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:kernel-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:kernel-headers\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:kernel-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:kernel-tools-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:kernel-tools-libs-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:perf\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:python-perf\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:huawei:euleros:uvp:3.0.1.0\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Huawei Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2019-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/EulerOS/release\", \"Host/EulerOS/rpm-list\", \"Host/EulerOS/uvp_version\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/EulerOS/release\");\nif (isnull(release) || release !~ \"^EulerOS\") audit(AUDIT_OS_NOT, \"EulerOS\");\nuvp = get_kb_item(\"Host/EulerOS/uvp_version\");\nif (uvp != \"3.0.1.0\") audit(AUDIT_OS_NOT, \"EulerOS Virtualization 3.0.1.0\");\nif (!get_kb_item(\"Host/EulerOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"aarch64\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"EulerOS\", cpu);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_ARCH_NOT, \"i686 / x86_64\", cpu);\n\nflag = 0;\n\npkgs = [\"kernel-3.10.0-862.14.1.6_42\",\n \"kernel-devel-3.10.0-862.14.1.6_42\",\n \"kernel-headers-3.10.0-862.14.1.6_42\",\n \"kernel-tools-3.10.0-862.14.1.6_42\",\n \"kernel-tools-libs-3.10.0-862.14.1.6_42\",\n \"kernel-tools-libs-devel-3.10.0-862.14.1.6_42\",\n \"perf-3.10.0-862.14.1.6_42\",\n \"python-perf-3.10.0-862.14.1.6_42\"];\n\nforeach (pkg in pkgs)\n if (rpm_check(release:\"EulerOS-2.0\", reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"kernel\");\n}\n", "cvss": {"score": 4.7, "vector": "AV:L/AC:M/Au:N/C:C/I:N/A:N"}}, {"lastseen": "2021-01-07T08:55:26", "description": "According to the versions of the kernel packages installed, the\nEulerOS installation on the remote host is affected by the following\nvulnerabilities :\n\n - A flaw was found in the Linux kernel's ext4 filesystem\n code. A use-after-free is possible in\n ext4_ext_remove_space() function when mounting and\n operating a crafted ext4 image.(CVE-2018-10876)\n\n - A flaw was found in the Linux kernel's ext4 filesystem.\n A local user can cause an out-of-bound write in the\n fs/jbd2/transaction.c code, a denial of service, and a\n system crash by unmounting a crafted ext4 filesystem\n image.(CVE-2018-10882)\n\n - A use-after-free vulnerability was found in the way the\n Linux kernel's KVM hypervisor emulates a preemption\n timer for L2 guests when nested (=1) virtualization is\n enabled. This high resolution timer(hrtimer) runs when\n a L2 guest is active. After VM exit, the sync_vmcs12()\n timer object is stopped. The use-after-free occurs if\n the timer object is freed before calling sync_vmcs12()\n routine. A guest user/process could use this flaw to\n crash the host kernel resulting in a denial of service\n or, potentially, gain privileged access to a\n system.(CVE-2019-7221)\n\n - A flaw was found in the Linux kernel in the function\n hso_probe() which reads if_num value from the USB\n device (as an u8) and uses it without a length check to\n index an array, resulting in an OOB memory read in\n hso_probe() or hso_get_config_data(). An attacker with\n a forged USB device and physical access to a system\n (needed to connect such a device) can cause a system\n crash and a denial of service.(CVE-2018-19985)\n\n - A possible memory corruption due to a type confusion\n was found in the Linux kernel in the sk_clone_lock()\n function in the net/core/sock.c. The possibility of\n local escalation of privileges cannot be fully ruled\n out for a local unprivileged attacker.(CVE-2018-9568)\n\n - A flaw was found in the Linux kernels implementation of\n Logical link control and adaptation protocol (L2CAP),\n part of the Bluetooth stack. An attacker with physical\n access within the range of standard Bluetooth\n transmission can create a specially crafted packet. The\n response to this specially crafted packet can contain\n part of the kernel stack which can be used in a further\n attack.(CVE-2019-3459)\n\n - A flaw was found in the Linux kernel's implementation\n of logical link control and adaptation protocol\n (L2CAP), part of the Bluetooth stack in the\n l2cap_parse_conf_rsp and l2cap_parse_conf_req\n functions. An attacker with physical access within the\n range of standard Bluetooth transmission can create a\n specially crafted packet. The response to this\n specially crafted packet can contain part of the kernel\n stack which can be used in a further\n attack.(CVE-2019-3460)\n\n - A flaw was found in mmap in the Linux kernel allowing\n the process to map a null page. This allows attackers\n to abuse this mechanism to turn null pointer\n dereferences into workable exploits(CVE-2019-9213)\n\n - A new software page cache side channel attack scenario\n was discovered in operating systems that implement the\n very common 'page cache' caching mechanism. A malicious\n user/process could use 'in memory' page-cache knowledge\n to infer access timings to shared memory and gain\n knowledge which can be used to reduce effectiveness of\n cryptographic strength by monitoring algorithmic\n behavior, infer access patterns of memory to determine\n code paths taken, and exfiltrate data to a blinded\n attacker through page-granularity access times as a\n side-channel.(CVE-2019-5489)\n\n - A security flaw was found in the Linux kernel in a way\n that the cleancache subsystem clears an inode after the\n final file truncation (removal). The new file created\n with the same inode may contain leftover pages from\n cleancache and the old file data instead of the new\n one.(CVE-2018-16862)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the EulerOS security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "edition": 14, "cvss3": {"score": 7.8, "vector": "AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"}, "published": "2019-04-30T00:00:00", "title": "EulerOS 2.0 SP2 : kernel (EulerOS-SA-2019-1302)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2018-10882", "CVE-2019-3460", "CVE-2018-9568", "CVE-2018-16862", "CVE-2019-7221", "CVE-2019-3459", "CVE-2019-9213", "CVE-2019-5489", "CVE-2018-10876", "CVE-2018-19985"], "modified": "2019-04-30T00:00:00", "cpe": ["p-cpe:/a:huawei:euleros:kernel-tools", "p-cpe:/a:huawei:euleros:kernel", "p-cpe:/a:huawei:euleros:kernel-debug-devel", "p-cpe:/a:huawei:euleros:perf", "p-cpe:/a:huawei:euleros:kernel-headers", "p-cpe:/a:huawei:euleros:kernel-debuginfo-common-x86_64", "p-cpe:/a:huawei:euleros:kernel-devel", "p-cpe:/a:huawei:euleros:kernel-debug", "p-cpe:/a:huawei:euleros:python-perf", "p-cpe:/a:huawei:euleros:kernel-tools-libs", "p-cpe:/a:huawei:euleros:kernel-debuginfo", "cpe:/o:huawei:euleros:2.0"], "id": "EULEROS_SA-2019-1302.NASL", "href": "https://www.tenable.com/plugins/nessus/124398", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(124398);\n script_version(\"1.8\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\n \"CVE-2018-10876\",\n \"CVE-2018-10882\",\n \"CVE-2018-16862\",\n \"CVE-2018-19985\",\n \"CVE-2018-9568\",\n \"CVE-2019-3459\",\n \"CVE-2019-3460\",\n \"CVE-2019-5489\",\n \"CVE-2019-7221\",\n \"CVE-2019-9213\"\n );\n\n script_name(english:\"EulerOS 2.0 SP2 : kernel (EulerOS-SA-2019-1302)\");\n script_summary(english:\"Checks the rpm output for the updated packages.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote EulerOS host is missing multiple security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to the versions of the kernel packages installed, the\nEulerOS installation on the remote host is affected by the following\nvulnerabilities :\n\n - A flaw was found in the Linux kernel's ext4 filesystem\n code. A use-after-free is possible in\n ext4_ext_remove_space() function when mounting and\n operating a crafted ext4 image.(CVE-2018-10876)\n\n - A flaw was found in the Linux kernel's ext4 filesystem.\n A local user can cause an out-of-bound write in the\n fs/jbd2/transaction.c code, a denial of service, and a\n system crash by unmounting a crafted ext4 filesystem\n image.(CVE-2018-10882)\n\n - A use-after-free vulnerability was found in the way the\n Linux kernel's KVM hypervisor emulates a preemption\n timer for L2 guests when nested (=1) virtualization is\n enabled. This high resolution timer(hrtimer) runs when\n a L2 guest is active. After VM exit, the sync_vmcs12()\n timer object is stopped. The use-after-free occurs if\n the timer object is freed before calling sync_vmcs12()\n routine. A guest user/process could use this flaw to\n crash the host kernel resulting in a denial of service\n or, potentially, gain privileged access to a\n system.(CVE-2019-7221)\n\n - A flaw was found in the Linux kernel in the function\n hso_probe() which reads if_num value from the USB\n device (as an u8) and uses it without a length check to\n index an array, resulting in an OOB memory read in\n hso_probe() or hso_get_config_data(). An attacker with\n a forged USB device and physical access to a system\n (needed to connect such a device) can cause a system\n crash and a denial of service.(CVE-2018-19985)\n\n - A possible memory corruption due to a type confusion\n was found in the Linux kernel in the sk_clone_lock()\n function in the net/core/sock.c. The possibility of\n local escalation of privileges cannot be fully ruled\n out for a local unprivileged attacker.(CVE-2018-9568)\n\n - A flaw was found in the Linux kernels implementation of\n Logical link control and adaptation protocol (L2CAP),\n part of the Bluetooth stack. An attacker with physical\n access within the range of standard Bluetooth\n transmission can create a specially crafted packet. The\n response to this specially crafted packet can contain\n part of the kernel stack which can be used in a further\n attack.(CVE-2019-3459)\n\n - A flaw was found in the Linux kernel's implementation\n of logical link control and adaptation protocol\n (L2CAP), part of the Bluetooth stack in the\n l2cap_parse_conf_rsp and l2cap_parse_conf_req\n functions. An attacker with physical access within the\n range of standard Bluetooth transmission can create a\n specially crafted packet. The response to this\n specially crafted packet can contain part of the kernel\n stack which can be used in a further\n attack.(CVE-2019-3460)\n\n - A flaw was found in mmap in the Linux kernel allowing\n the process to map a null page. This allows attackers\n to abuse this mechanism to turn null pointer\n dereferences into workable exploits(CVE-2019-9213)\n\n - A new software page cache side channel attack scenario\n was discovered in operating systems that implement the\n very common 'page cache' caching mechanism. A malicious\n user/process could use 'in memory' page-cache knowledge\n to infer access timings to shared memory and gain\n knowledge which can be used to reduce effectiveness of\n cryptographic strength by monitoring algorithmic\n behavior, infer access patterns of memory to determine\n code paths taken, and exfiltrate data to a blinded\n attacker through page-granularity access times as a\n side-channel.(CVE-2019-5489)\n\n - A security flaw was found in the Linux kernel in a way\n that the cleancache subsystem clears an inode after the\n final file truncation (removal). The new file created\n with the same inode may contain leftover pages from\n cleancache and the old file data instead of the new\n one.(CVE-2018-16862)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the EulerOS security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\");\n # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2019-1302\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?68f79f6c\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected kernel packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:F/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:F/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'Reliable Datagram Sockets (RDS) rds_atomic_free_op NULL pointer dereference Privilege Escalation');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/04/13\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/04/30\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:kernel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:kernel-debug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:kernel-debug-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:kernel-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:kernel-debuginfo-common-x86_64\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:kernel-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:kernel-headers\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:kernel-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:kernel-tools-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:perf\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:python-perf\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:huawei:euleros:2.0\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Huawei Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2019-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/EulerOS/release\", \"Host/EulerOS/rpm-list\", \"Host/EulerOS/sp\");\n script_exclude_keys(\"Host/EulerOS/uvp_version\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/EulerOS/release\");\nif (isnull(release) || release !~ \"^EulerOS\") audit(AUDIT_OS_NOT, \"EulerOS\");\nif (release !~ \"^EulerOS release 2\\.0(\\D|$)\") audit(AUDIT_OS_NOT, \"EulerOS 2.0\");\n\nsp = get_kb_item(\"Host/EulerOS/sp\");\nif (isnull(sp) || sp !~ \"^(2)$\") audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP2\");\n\nuvp = get_kb_item(\"Host/EulerOS/uvp_version\");\nif (!empty_or_null(uvp)) audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP2\", \"EulerOS UVP \" + uvp);\n\nif (!get_kb_item(\"Host/EulerOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"aarch64\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"EulerOS\", cpu);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_ARCH_NOT, \"i686 / x86_64\", cpu);\n\nflag = 0;\n\npkgs = [\"kernel-3.10.0-327.62.59.83.h149\",\n \"kernel-debug-3.10.0-327.62.59.83.h149\",\n \"kernel-debug-devel-3.10.0-327.62.59.83.h149\",\n \"kernel-debuginfo-3.10.0-327.62.59.83.h149\",\n \"kernel-debuginfo-common-x86_64-3.10.0-327.62.59.83.h149\",\n \"kernel-devel-3.10.0-327.62.59.83.h149\",\n \"kernel-headers-3.10.0-327.62.59.83.h149\",\n \"kernel-tools-3.10.0-327.62.59.83.h149\",\n \"kernel-tools-libs-3.10.0-327.62.59.83.h149\",\n \"perf-3.10.0-327.62.59.83.h149\",\n \"python-perf-3.10.0-327.62.59.83.h149\"];\n\nforeach (pkg in pkgs)\n if (rpm_check(release:\"EulerOS-2.0\", sp:\"2\", reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"kernel\");\n}\n", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-01-14T06:14:39", "description": "The SUSE Linux Enterprise 15 kernel was updated to receive various\nsecurity and bugfixes. The following security bugs were fixed :\n\n - CVE-2018-3620: Local attackers on baremetal systems\n could use speculative code patterns on hyperthreaded\n processors to read data present in the L1 Datacache used\n by other hyperthreads on the same CPU core, potentially\n leaking sensitive data. (bnc#1087081).\n\n - CVE-2018-3646: Local attackers in virtualized guest\n systems could use speculative code patterns on\n hyperthreaded processors to read data present in the L1\n Datacache used by other hyperthreads on the same CPU\n core, potentially leaking sensitive data, even from\n other virtual machines or the host system.\n (bnc#1089343).\n\n - CVE-2018-5391 aka 'FragmentSmack': A flaw in the IP\n packet reassembly could be used by remote attackers to\n consume lots of CPU time (bnc#1103097).\n\n - CVE-2018-10876: A flaw was found in the ext4 filesystem\n code. A use-after-free is possible in\n ext4_ext_remove_space() function when mounting and\n operating a crafted ext4 image. (bnc#1099811)\n\n - CVE-2018-10877: The ext4 filesystem is vulnerable to an\n out-of-bound access in the ext4_ext_drop_refs() function\n when operating on a crafted ext4 filesystem image.\n (bnc#1099846)\n\n - CVE-2018-10878: A flaw was found in the ext4 filesystem.\n A local user can cause an out-of-bounds write and a\n denial of service or unspecified other impact is\n possible by mounting and operating a crafted ext4\n filesystem image. (bnc#1099813)\n\n - CVE-2018-10879: A flaw was found in the ext4 filesystem.\n A local user can cause a use-after-free in\n ext4_xattr_set_entry function and a denial of service or\n unspecified other impact may occur by renaming a file in\n a crafted ext4 filesystem image. (bnc#1099844)\n\n - CVE-2018-10880: Linux kernel is vulnerable to a\n stack-out-of-bounds write in the ext4 filesystem code\n when mounting and writing to a crafted ext4 image in\n ext4_update_inline_data(). An attacker could use this to\n cause a system crash and a denial of service.\n (bnc#1099845)\n\n - CVE-2018-10881: A flaw was found in the ext4 filesystem.\n A local user can cause an out-of-bound access in\n ext4_get_group_info function, a denial of service, and a\n system crash by mounting and operating on a crafted ext4\n filesystem image. (bnc#1099864)\n\n - CVE-2018-10882: A flaw was found in the ext4 filesystem.\n A local user can cause an out-of-bound write in in\n fs/jbd2/transaction.c code, a denial of service, and a\n system crash by unmounting a crafted ext4 filesystem\n image. (bnc#1099849)\n\n - CVE-2018-10883: A flaw was found in the ext4 filesystem.\n A local user can cause an out-of-bounds write in\n jbd2_journal_dirty_metadata(), a denial of service, and\n a system crash by mounting and operating on a crafted\n ext4 filesystem image. (bnc#1099863)\n\nThe update package also includes non-security fixes. See advisory for\ndetails.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "edition": 12, "cvss3": {"score": 6.5, "vector": "AV:L/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H"}, "published": "2019-01-02T00:00:00", "title": "SUSE SLED15 / SLES15 Security Update : kernel (SUSE-SU-2018:2380-1) (Foreshadow)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2018-10882", "CVE-2018-10877", "CVE-2018-10880", "CVE-2018-10878", "CVE-2018-10881", "CVE-2018-3646", "CVE-2018-5391", "CVE-2018-3620", "CVE-2018-10883", "CVE-2018-10876", "CVE-2018-10879"], "modified": "2019-01-02T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:lttng-modules-kmp-default", "p-cpe:/a:novell:suse_linux:kernel-default-debugsource", "p-cpe:/a:novell:suse_linux:kernel-vanilla-debugsource", "p-cpe:/a:novell:suse_linux:lttng-modules-debugsource", "p-cpe:/a:novell:suse_linux:kernel-syms", "p-cpe:/a:novell:suse_linux:kernel-default-devel-debuginfo", "p-cpe:/a:novell:suse_linux:kernel-vanilla-debuginfo", "p-cpe:/a:novell:suse_linux:kernel-vanilla-base", "p-cpe:/a:novell:suse_linux:lttng-modules-kmp-default-debuginfo", "cpe:/o:novell:suse_linux:15", "p-cpe:/a:novell:suse_linux:kernel-obs-build-debugsource", "p-cpe:/a:novell:suse_linux:reiserfs-kmp-default", "p-cpe:/a:novell:suse_linux:kernel-default-debuginfo", "p-cpe:/a:novell:suse_linux:kernel-zfcpdump-debugsource", "p-cpe:/a:novell:suse_linux:kernel-vanilla-base-debuginfo", "p-cpe:/a:novell:suse_linux:kernel-default-devel", "p-cpe:/a:novell:suse_linux:reiserfs-kmp-default-debuginfo", "p-cpe:/a:novell:suse_linux:lttng-modules", "p-cpe:/a:novell:suse_linux:kernel-zfcpdump", "p-cpe:/a:novell:suse_linux:kernel-default-man", "p-cpe:/a:novell:suse_linux:kernel-default", "p-cpe:/a:novell:suse_linux:kernel-zfcpdump-debuginfo", "p-cpe:/a:novell:suse_linux:kernel-obs-build"], "id": "SUSE_SU-2018-2380-1.NASL", "href": "https://www.tenable.com/plugins/nessus/120082", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from SUSE update advisory SUSE-SU-2018:2380-1.\n# The text itself is copyright (C) SUSE.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(120082);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/13\");\n\n script_cve_id(\"CVE-2018-10876\", \"CVE-2018-10877\", \"CVE-2018-10878\", \"CVE-2018-10879\", \"CVE-2018-10880\", \"CVE-2018-10881\", \"CVE-2018-10882\", \"CVE-2018-10883\", \"CVE-2018-3620\", \"CVE-2018-3646\", \"CVE-2018-5391\");\n\n script_name(english:\"SUSE SLED15 / SLES15 Security Update : kernel (SUSE-SU-2018:2380-1) (Foreshadow)\");\n script_summary(english:\"Checks rpm output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\"The remote SUSE host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"The SUSE Linux Enterprise 15 kernel was updated to receive various\nsecurity and bugfixes. The following security bugs were fixed :\n\n - CVE-2018-3620: Local attackers on baremetal systems\n could use speculative code patterns on hyperthreaded\n processors to read data present in the L1 Datacache used\n by other hyperthreads on the same CPU core, potentially\n leaking sensitive data. (bnc#1087081).\n\n - CVE-2018-3646: Local attackers in virtualized guest\n systems could use speculative code patterns on\n hyperthreaded processors to read data present in the L1\n Datacache used by other hyperthreads on the same CPU\n core, potentially leaking sensitive data, even from\n other virtual machines or the host system.\n (bnc#1089343).\n\n - CVE-2018-5391 aka 'FragmentSmack': A flaw in the IP\n packet reassembly could be used by remote attackers to\n consume lots of CPU time (bnc#1103097).\n\n - CVE-2018-10876: A flaw was found in the ext4 filesystem\n code. A use-after-free is possible in\n ext4_ext_remove_space() function when mounting and\n operating a crafted ext4 image. (bnc#1099811)\n\n - CVE-2018-10877: The ext4 filesystem is vulnerable to an\n out-of-bound access in the ext4_ext_drop_refs() function\n when operating on a crafted ext4 filesystem image.\n (bnc#1099846)\n\n - CVE-2018-10878: A flaw was found in the ext4 filesystem.\n A local user can cause an out-of-bounds write and a\n denial of service or unspecified other impact is\n possible by mounting and operating a crafted ext4\n filesystem image. (bnc#1099813)\n\n - CVE-2018-10879: A flaw was found in the ext4 filesystem.\n A local user can cause a use-after-free in\n ext4_xattr_set_entry function and a denial of service or\n unspecified other impact may occur by renaming a file in\n a crafted ext4 filesystem image. (bnc#1099844)\n\n - CVE-2018-10880: Linux kernel is vulnerable to a\n stack-out-of-bounds write in the ext4 filesystem code\n when mounting and writing to a crafted ext4 image in\n ext4_update_inline_data(). An attacker could use this to\n cause a system crash and a denial of service.\n (bnc#1099845)\n\n - CVE-2018-10881: A flaw was found in the ext4 filesystem.\n A local user can cause an out-of-bound access in\n ext4_get_group_info function, a denial of service, and a\n system crash by mounting and operating on a crafted ext4\n filesystem image. (bnc#1099864)\n\n - CVE-2018-10882: A flaw was found in the ext4 filesystem.\n A local user can cause an out-of-bound write in in\n fs/jbd2/transaction.c code, a denial of service, and a\n system crash by unmounting a crafted ext4 filesystem\n image. (bnc#1099849)\n\n - CVE-2018-10883: A flaw was found in the ext4 filesystem.\n A local user can cause an out-of-bounds write in\n jbd2_journal_dirty_metadata(), a denial of service, and\n a system crash by mounting and operating on a crafted\n ext4 filesystem image. (bnc#1099863)\n\nThe update package also includes non-security fixes. See advisory for\ndetails.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1051510\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1051979\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1066110\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1077761\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1086274\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1086314\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1087081\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1089343\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1099811\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1099813\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1099844\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1099845\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1099846\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1099849\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1099858\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1099863\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1099864\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1100132\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1101116\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1101331\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1101669\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1101828\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1101832\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1101833\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1101837\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1101839\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1101841\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1101843\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1101844\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1101845\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1101847\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1101852\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1101853\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1101867\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1101872\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1101874\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1101875\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1101882\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1101883\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1101885\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1101887\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1101890\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1101891\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1101893\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1101895\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1101896\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1101900\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1101902\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1101903\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1102633\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1102658\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1103097\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1103356\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1103421\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1103517\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1103723\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1103724\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1103725\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1103726\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1103727\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1103728\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1103729\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1103730\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1103917\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1103920\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1103948\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1103949\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1104066\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1104111\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1104174\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1104211\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1104319\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-10876/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-10877/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-10878/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-10879/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-10880/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-10881/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-10882/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-10883/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-3620/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-3646/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-5391/\"\n );\n # https://www.suse.com/support/update/announcement/2018/suse-su-20182380-1/\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?5ba076f2\"\n );\n script_set_attribute(\n attribute:\"solution\",\n value:\n\"To install this SUSE Security Update use the SUSE recommended\ninstallation methods like YaST online_update or 'zypper patch'.\n\nAlternatively you can run the command listed for your product :\n\nSUSE Linux Enterprise Workstation Extension 15:zypper in -t patch\nSUSE-SLE-Product-WE-15-2018-1614=1\n\nSUSE Linux Enterprise Module for Legacy Software 15:zypper in -t patch\nSUSE-SLE-Module-Legacy-15-2018-1614=1\n\nSUSE Linux Enterprise Module for Development Tools 15:zypper in -t\npatch SUSE-SLE-Module-Development-Tools-15-2018-1614=1\n\nSUSE Linux Enterprise Module for Basesystem 15:zypper in -t patch\nSUSE-SLE-Module-Basesystem-15-2018-1614=1\n\nSUSE Linux Enterprise High Availability 15:zypper in -t patch\nSUSE-SLE-Product-HA-15-2018-1614=1\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2018-10877\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-devel-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-man\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-obs-build\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-obs-build-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-syms\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-vanilla-base\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-vanilla-base-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-vanilla-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-vanilla-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-zfcpdump\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-zfcpdump-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-zfcpdump-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:lttng-modules\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:lttng-modules-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:lttng-modules-kmp-default\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:lttng-modules-kmp-default-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:reiserfs-kmp-default\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:reiserfs-kmp-default-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:15\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2018/07/18\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/08/16\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/01/02\");\n script_set_attribute(attribute:\"in_the_news\", value:\"true\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2019-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nos_ver = pregmatch(pattern: \"^(SLE(S|D)\\d+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"SUSE\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLED15|SLES15)$\", string:os_ver)) audit(AUDIT_OS_NOT, \"SUSE SLED15 / SLES15\", \"SUSE \" + os_ver);\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SUSE \" + os_ver, cpu);\n\nsp = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(sp)) sp = \"0\";\nif (os_ver == \"SLES15\" && (! preg(pattern:\"^(0)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLES15 SP0\", os_ver + \" SP\" + sp);\nif (os_ver == \"SLED15\" && (! preg(pattern:\"^(0)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLED15 SP0\", os_ver + \" SP\" + sp);\n\n\nflag = 0;\nif (rpm_check(release:\"SLES15\", sp:\"0\", cpu:\"x86_64\", reference:\"lttng-modules-2.10.0-5.4.2\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", cpu:\"x86_64\", reference:\"lttng-modules-debugsource-2.10.0-5.4.2\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", cpu:\"x86_64\", reference:\"lttng-modules-kmp-default-2.10.0_k4.12.14_25.13-5.4.2\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", cpu:\"x86_64\", reference:\"lttng-modules-kmp-default-debuginfo-2.10.0_k4.12.14_25.13-5.4.2\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", cpu:\"s390x\", reference:\"kernel-default-man-4.12.14-25.13.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", cpu:\"s390x\", reference:\"kernel-zfcpdump-4.12.14-25.13.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", cpu:\"s390x\", reference:\"kernel-zfcpdump-debuginfo-4.12.14-25.13.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", cpu:\"s390x\", reference:\"kernel-zfcpdump-debugsource-4.12.14-25.13.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", reference:\"kernel-default-4.12.14-25.13.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", reference:\"kernel-default-debuginfo-4.12.14-25.13.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", reference:\"kernel-default-debugsource-4.12.14-25.13.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", reference:\"kernel-default-devel-4.12.14-25.13.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", reference:\"kernel-default-devel-debuginfo-4.12.14-25.13.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", reference:\"kernel-obs-build-4.12.14-25.13.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", reference:\"kernel-obs-build-debugsource-4.12.14-25.13.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", reference:\"kernel-syms-4.12.14-25.13.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", reference:\"kernel-vanilla-base-4.12.14-25.13.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", reference:\"kernel-vanilla-base-debuginfo-4.12.14-25.13.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", reference:\"kernel-vanilla-debuginfo-4.12.14-25.13.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", reference:\"kernel-vanilla-debugsource-4.12.14-25.13.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", reference:\"reiserfs-kmp-default-4.12.14-25.13.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", reference:\"reiserfs-kmp-default-debuginfo-4.12.14-25.13.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"0\", cpu:\"x86_64\", reference:\"lttng-modules-2.10.0-5.4.2\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"0\", cpu:\"x86_64\", reference:\"lttng-modules-debugsource-2.10.0-5.4.2\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"0\", cpu:\"x86_64\", reference:\"lttng-modules-kmp-default-2.10.0_k4.12.14_25.13-5.4.2\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"0\", cpu:\"x86_64\", reference:\"lttng-modules-kmp-default-debuginfo-2.10.0_k4.12.14_25.13-5.4.2\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"0\", cpu:\"s390x\", reference:\"kernel-default-man-4.12.14-25.13.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"0\", cpu:\"s390x\", reference:\"kernel-zfcpdump-4.12.14-25.13.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"0\", cpu:\"s390x\", reference:\"kernel-zfcpdump-debuginfo-4.12.14-25.13.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"0\", cpu:\"s390x\", reference:\"kernel-zfcpdump-debugsource-4.12.14-25.13.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"0\", reference:\"kernel-default-4.12.14-25.13.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"0\", reference:\"kernel-default-debuginfo-4.12.14-25.13.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"0\", reference:\"kernel-default-debugsource-4.12.14-25.13.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"0\", reference:\"kernel-default-devel-4.12.14-25.13.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"0\", reference:\"kernel-default-devel-debuginfo-4.12.14-25.13.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"0\", reference:\"kernel-obs-build-4.12.14-25.13.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"0\", reference:\"kernel-obs-build-debugsource-4.12.14-25.13.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"0\", reference:\"kernel-syms-4.12.14-25.13.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"0\", reference:\"kernel-vanilla-base-4.12.14-25.13.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"0\", reference:\"kernel-vanilla-base-debuginfo-4.12.14-25.13.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"0\", reference:\"kernel-vanilla-debuginfo-4.12.14-25.13.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"0\", reference:\"kernel-vanilla-debugsource-4.12.14-25.13.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"kernel\");\n}\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-09-18T10:56:28", "description": "USN-3753-1 fixed vulnerabilities in the Linux kernel for Ubuntu 16.04\nLTS. This update provides the corresponding updates for the Linux\nHardware Enablement (HWE) kernel from Ubuntu 16.04 LTS for Ubuntu\n14.04 LTS.\n\nIt was discovered that the generic SCSI driver in the Linux kernel did\nnot properly enforce permissions on kernel memory access. A local\nattacker could use this to expose sensitive information or possibly\nelevate privileges. (CVE-2017-13168)\n\nWen Xu discovered that a use-after-free vulnerability existed in the\next4 filesystem implementation in the Linux kernel. An attacker could\nuse this to construct a malicious ext4 image that, when mounted, could\ncause a denial of service (system crash) or possibly execute arbitrary\ncode. (CVE-2018-10876, CVE-2018-10879)\n\nWen Xu discovered that a buffer overflow existed in the ext4\nfilesystem implementation in the Linux kernel. An attacker could use\nthis to construct a malicious ext4 image that, when mounted, could\ncause a denial of service (system crash) or possibly execute arbitrary\ncode. (CVE-2018-10877)\n\nWen Xu discovered that an out-of-bounds write vulnerability existed in\nthe ext4 filesystem implementation in the Linux kernel. An attacker\ncould use this to construct a malicious ext4 image that, when mounted,\ncould cause a denial of service (system crash) or possibly execute\narbitrary code. (CVE-2018-10878, CVE-2018-10882)\n\nWen Xu discovered that the ext4 filesystem implementation in the Linux\nkernel did not properly keep meta-data information consistent in some\nsituations. An attacker could use this to construct a malicious ext4\nimage that, when mounted, could cause a denial of service (system\ncrash). (CVE-2018-10881)\n\nShankara Pailoor discovered that the JFS filesystem implementation in\nthe Linux kernel contained a buffer overflow when handling extended\nattributes. A local attacker could use this to cause a denial of\nservice (system crash) or possibly execute arbitrary code.\n(CVE-2018-12233)\n\nWen Xu discovered that the XFS filesystem implementation in the Linux\nkernel did not properly handle an error condition with a corrupted xfs\nimage. An attacker could use this to construct a malicious xfs image\nthat, when mounted, could cause a denial of service (system crash).\n(CVE-2018-13094)\n\nIt was discovered that the Linux kernel did not properly handle setgid\nfile creation when performed by a non-member of the group. A local\nattacker could use this to gain elevated privileges. (CVE-2018-13405)\n\nSilvio Cesare discovered that the generic VESA frame buffer driver in\nthe Linux kernel contained an integer overflow. A local attacker could\nuse this to cause a denial of service (system crash) or possibly\nexecute arbitrary code. (CVE-2018-13406).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "edition": 20, "cvss3": {"score": 7.8, "vector": "AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"}, "published": "2018-08-24T00:00:00", "title": "Ubuntu 14.04 LTS : Linux kernel (Xenial HWE) vulnerabilities (USN-3753-2)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2018-10882", "CVE-2018-10877", "CVE-2018-10878", "CVE-2018-13405", "CVE-2018-13406", "CVE-2018-10881", "CVE-2018-12233", "CVE-2017-13168", "CVE-2018-10876", "CVE-2018-10879", "CVE-2018-13094"], "modified": "2018-08-24T00:00:00", "cpe": ["p-cpe:/a:canonical:ubuntu_linux:linux-image-4.4-aws", "p-cpe:/a:canonical:ubuntu_linux:linux-image-4.4-lowlatency", "p-cpe:/a:canonical:ubuntu_linux:linux-image-generic-lpae-lts-xenial", "p-cpe:/a:canonical:ubuntu_linux:linux-image-lowlatency-lts-xenial", "p-cpe:/a:canonical:ubuntu_linux:linux-image-4.4-generic-lpae", "p-cpe:/a:canonical:ubuntu_linux:linux-image-generic-lts-xenial", "p-cpe:/a:canonical:ubuntu_linux:linux-image-4.4-generic", "p-cpe:/a:canonical:ubuntu_linux:linux-image-aws", "cpe:/o:canonical:ubuntu_linux:14.04"], "id": "UBUNTU_USN-3753-2.NASL", "href": "https://www.tenable.com/plugins/nessus/112112", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-3753-2. The text \n# itself is copyright (C) Canonical, Inc. See \n# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered \n# trademark of Canonical, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(112112);\n script_version(\"1.8\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2020/09/17\");\n\n script_cve_id(\"CVE-2017-13168\", \"CVE-2018-10876\", \"CVE-2018-10877\", \"CVE-2018-10878\", \"CVE-2018-10879\", \"CVE-2018-10881\", \"CVE-2018-10882\", \"CVE-2018-12233\", \"CVE-2018-13094\", \"CVE-2018-13405\", \"CVE-2018-13406\");\n script_xref(name:\"USN\", value:\"3753-2\");\n\n script_name(english:\"Ubuntu 14.04 LTS : Linux kernel (Xenial HWE) vulnerabilities (USN-3753-2)\");\n script_summary(english:\"Checks dpkg output for updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\n\"The remote Ubuntu host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"USN-3753-1 fixed vulnerabilities in the Linux kernel for Ubuntu 16.04\nLTS. This update provides the corresponding updates for the Linux\nHardware Enablement (HWE) kernel from Ubuntu 16.04 LTS for Ubuntu\n14.04 LTS.\n\nIt was discovered that the generic SCSI driver in the Linux kernel did\nnot properly enforce permissions on kernel memory access. A local\nattacker could use this to expose sensitive information or possibly\nelevate privileges. (CVE-2017-13168)\n\nWen Xu discovered that a use-after-free vulnerability existed in the\next4 filesystem implementation in the Linux kernel. An attacker could\nuse this to construct a malicious ext4 image that, when mounted, could\ncause a denial of service (system crash) or possibly execute arbitrary\ncode. (CVE-2018-10876, CVE-2018-10879)\n\nWen Xu discovered that a buffer overflow existed in the ext4\nfilesystem implementation in the Linux kernel. An attacker could use\nthis to construct a malicious ext4 image that, when mounted, could\ncause a denial of service (system crash) or possibly execute arbitrary\ncode. (CVE-2018-10877)\n\nWen Xu discovered that an out-of-bounds write vulnerability existed in\nthe ext4 filesystem implementation in the Linux kernel. An attacker\ncould use this to construct a malicious ext4 image that, when mounted,\ncould cause a denial of service (system crash) or possibly execute\narbitrary code. (CVE-2018-10878, CVE-2018-10882)\n\nWen Xu discovered that the ext4 filesystem implementation in the Linux\nkernel did not properly keep meta-data information consistent in some\nsituations. An attacker could use this to construct a malicious ext4\nimage that, when mounted, could cause a denial of service (system\ncrash). (CVE-2018-10881)\n\nShankara Pailoor discovered that the JFS filesystem implementation in\nthe Linux kernel contained a buffer overflow when handling extended\nattributes. A local attacker could use this to cause a denial of\nservice (system crash) or possibly execute arbitrary code.\n(CVE-2018-12233)\n\nWen Xu discovered that the XFS filesystem implementation in the Linux\nkernel did not properly handle an error condition with a corrupted xfs\nimage. An attacker could use this to construct a malicious xfs image\nthat, when mounted, could cause a denial of service (system crash).\n(CVE-2018-13094)\n\nIt was discovered that the Linux kernel did not properly handle setgid\nfile creation when performed by a non-member of the group. A local\nattacker could use this to gain elevated privileges. (CVE-2018-13405)\n\nSilvio Cesare discovered that the generic VESA frame buffer driver in\nthe Linux kernel contained an integer overflow. A local attacker could\nuse this to cause a denial of service (system crash) or possibly\nexecute arbitrary code. (CVE-2018-13406).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://usn.ubuntu.com/3753-2/\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-4.4-aws\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-4.4-generic\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-4.4-generic-lpae\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-4.4-lowlatency\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-aws\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-generic-lpae-lts-xenial\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-generic-lts-xenial\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-lowlatency-lts-xenial\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:14.04\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2017/12/06\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/08/24\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/08/24\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"Ubuntu Security Notice (C) 2018-2020 Canonical, Inc. / NASL script (C) 2018-2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"linux_alt_patch_detect.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"ubuntu.inc\");\ninclude(\"ksplice.inc\");\n\nif ( ! get_kb_item(\"Host/local_checks_enabled\") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/Ubuntu/release\");\nif ( isnull(release) ) audit(AUDIT_OS_NOT, \"Ubuntu\");\nrelease = chomp(release);\nif (! preg(pattern:\"^(14\\.04)$\", string:release)) audit(AUDIT_OS_NOT, \"Ubuntu 14.04\", \"Ubuntu \" + release);\nif ( ! get_kb_item(\"Host/Debian/dpkg-l\") ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Ubuntu\", cpu);\n\nif (get_one_kb_item(\"Host/ksplice/kernel-cves\"))\n{\n rm_kb_item(name:\"Host/uptrack-uname-r\");\n cve_list = make_list(\"CVE-2017-13168\", \"CVE-2018-10876\", \"CVE-2018-10877\", \"CVE-2018-10878\", \"CVE-2018-10879\", \"CVE-2018-10881\", \"CVE-2018-10882\", \"CVE-2018-12233\", \"CVE-2018-13094\", \"CVE-2018-13405\", \"CVE-2018-13406\");\n if (ksplice_cves_check(cve_list))\n {\n audit(AUDIT_PATCH_INSTALLED, \"KSplice hotfix for USN-3753-2\");\n }\n else\n {\n _ubuntu_report = ksplice_reporting_text();\n }\n}\n\nflag = 0;\n\nif (ubuntu_check(osver:\"14.04\", pkgname:\"linux-image-4.4.0-1028-aws\", pkgver:\"4.4.0-1028.31\")) flag++;\nif (ubuntu_check(osver:\"14.04\", pkgname:\"linux-image-4.4.0-134-generic\", pkgver:\"4.4.0-134.160~14.04.1\")) flag++;\nif (ubuntu_check(osver:\"14.04\", pkgname:\"linux-image-4.4.0-134-generic-lpae\", pkgver:\"4.4.0-134.160~14.04.1\")) flag++;\nif (ubuntu_check(osver:\"14.04\", pkgname:\"linux-image-4.4.0-134-lowlatency\", pkgver:\"4.4.0-134.160~14.04.1\")) flag++;\nif (ubuntu_check(osver:\"14.04\", pkgname:\"linux-image-aws\", pkgver:\"4.4.0.1028.28\")) flag++;\nif (ubuntu_check(osver:\"14.04\", pkgname:\"linux-image-generic-lpae-lts-xenial\", pkgver:\"4.4.0.134.114\")) flag++;\nif (ubuntu_check(osver:\"14.04\", pkgname:\"linux-image-generic-lts-xenial\", pkgver:\"4.4.0.134.114\")) flag++;\nif (ubuntu_check(osver:\"14.04\", pkgname:\"linux-image-lowlatency-lts-xenial\", pkgver:\"4.4.0.134.114\")) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : ubuntu_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = ubuntu_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"linux-image-4.4-aws / linux-image-4.4-generic / etc\");\n}\n", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-09-18T10:56:24", "description": "It was discovered that the generic SCSI driver in the Linux kernel did\nnot properly enforce permissions on kernel memory access. A local\nattacker could use this to expose sensitive information or possibly\nelevate privileges. (CVE-2017-13168)\n\nWen Xu discovered that a use-after-free vulnerability existed in the\next4 filesystem implementation in the Linux kernel. An attacker could\nuse this to construct a malicious ext4 image that, when mounted, could\ncause a denial of service (system crash) or possibly execute arbitrary\ncode. (CVE-2018-10876, CVE-2018-10879)\n\nWen Xu discovered that a buffer overflow existed in the ext4\nfilesystem implementation in the Linux kernel. An attacker could use\nthis to construct a malicious ext4 image that, when mounted, could\ncause a denial of service (system crash) or possibly execute arbitrary\ncode. (CVE-2018-10877)\n\nWen Xu discovered that an out-of-bounds write vulnerability existed in\nthe ext4 filesystem implementation in the Linux kernel. An attacker\ncould use this to construct a malicious ext4 image that, when mounted,\ncould cause a denial of service (system crash) or possibly execute\narbitrary code. (CVE-2018-10878, CVE-2018-10882)\n\nWen Xu discovered that the ext4 filesystem implementation in the Linux\nkernel did not properly keep meta-data information consistent in some\nsituations. An attacker could use this to construct a malicious ext4\nimage that, when mounted, could cause a denial of service (system\ncrash). (CVE-2018-10881)\n\nShankara Pailoor discovered that the JFS filesystem implementation in\nthe Linux kernel contained a buffer overflow when handling extended\nattributes. A local attacker could use this to cause a denial of\nservice (system crash) or possibly execute arbitrary code.\n(CVE-2018-12233)\n\nWen Xu discovered that the XFS filesystem implementation in the Linux\nkernel did not properly handle an error condition with a corrupted xfs\nimage. An attacker could use this to construct a malicious xfs image\nthat, when mounted, could cause a denial of service (system crash).\n(CVE-2018-13094)\n\nIt was discovered that the Linux kernel did not properly handle setgid\nfile creation when performed by a non-member of the group. A local\nattacker could use this to gain elevated privileges. (CVE-2018-13405)\n\nSilvio Cesare discovered that the generic VESA frame buffer driver in\nthe Linux kernel contained an integer overflow. A local attacker could\nuse this to cause a denial of service (system crash) or possibly\nexecute arbitrary code. (CVE-2018-13406).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "edition": 20, "cvss3": {"score": 7.8, "vector": "AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"}, "published": "2018-08-24T00:00:00", "title": "Ubuntu 16.04 LTS : Linux kernel vulnerabilities (USN-3753-1)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2018-10882", "CVE-2018-10877", "CVE-2018-10878", "CVE-2018-13405", "CVE-2018-13406", "CVE-2018-10881", "CVE-2018-12233", "CVE-2017-13168", "CVE-2018-10876", "CVE-2018-10879", "CVE-2018-13094"], "modified": "2018-08-24T00:00:00", "cpe": ["p-cpe:/a:canonical:ubuntu_linux:linux-image-4.4-kvm", "p-cpe:/a:canonical:ubuntu_linux:linux-image-4.4-aws", "p-cpe:/a:canonical:ubuntu_linux:linux-image-kvm", "p-cpe:/a:canonical:ubuntu_linux:linux-image-4.4-lowlatency", "p-cpe:/a:canonical:ubuntu_linux:linux-image-generic-lpae", "p-cpe:/a:canonical:ubuntu_linux:linux-image-raspi2", "cpe:/o:canonical:ubuntu_linux:16.04", "p-cpe:/a:canonical:ubuntu_linux:linux-image-4.4-generic-lpae", "p-cpe:/a:canonical:ubuntu_linux:linux-image-snapdragon", "p-cpe:/a:canonical:ubuntu_linux:linux-image-4.4-raspi2", "p-cpe:/a:canonical:ubuntu_linux:linux-image-4.4-snapdragon", "p-cpe:/a:canonical:ubuntu_linux:linux-image-lowlatency", "p-cpe:/a:canonical:ubuntu_linux:linux-image-4.4-generic", "p-cpe:/a:canonical:ubuntu_linux:linux-image-aws", "p-cpe:/a:canonical:ubuntu_linux:linux-image-generic"], "id": "UBUNTU_USN-3753-1.NASL", "href": "https://www.tenable.com/plugins/nessus/112111", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-3753-1. The text \n# itself is copyright (C) Canonical, Inc. See \n# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered \n# trademark of Canonical, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(112111);\n script_version(\"1.8\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2020/09/17\");\n\n script_cve_id(\"CVE-2017-13168\", \"CVE-2018-10876\", \"CVE-2018-10877\", \"CVE-2018-10878\", \"CVE-2018-10879\", \"CVE-2018-10881\", \"CVE-2018-10882\", \"CVE-2018-12233\", \"CVE-2018-13094\", \"CVE-2018-13405\", \"CVE-2018-13406\");\n script_xref(name:\"USN\", value:\"3753-1\");\n\n script_name(english:\"Ubuntu 16.04 LTS : Linux kernel vulnerabilities (USN-3753-1)\");\n script_summary(english:\"Checks dpkg output for updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\n\"The remote Ubuntu host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"It was discovered that the generic SCSI driver in the Linux kernel did\nnot properly enforce permissions on kernel memory access. A local\nattacker could use this to expose sensitive information or possibly\nelevate privileges. (CVE-2017-13168)\n\nWen Xu discovered that a use-after-free vulnerability existed in the\next4 filesystem implementation in the Linux kernel. An attacker could\nuse this to construct a malicious ext4 image that, when mounted, could\ncause a denial of service (system crash) or possibly execute arbitrary\ncode. (CVE-2018-10876, CVE-2018-10879)\n\nWen Xu discovered that a buffer overflow existed in the ext4\nfilesystem implementation in the Linux kernel. An attacker could use\nthis to construct a malicious ext4 image that, when mounted, could\ncause a denial of service (system crash) or possibly execute arbitrary\ncode. (CVE-2018-10877)\n\nWen Xu discovered that an out-of-bounds write vulnerability existed in\nthe ext4 filesystem implementation in the Linux kernel. An attacker\ncould use this to construct a malicious ext4 image that, when mounted,\ncould cause a denial of service (system crash) or possibly execute\narbitrary code. (CVE-2018-10878, CVE-2018-10882)\n\nWen Xu discovered that the ext4 filesystem implementation in the Linux\nkernel did not properly keep meta-data information consistent in some\nsituations. An attacker could use this to construct a malicious ext4\nimage that, when mounted, could cause a denial of service (system\ncrash). (CVE-2018-10881)\n\nShankara Pailoor discovered that the JFS filesystem implementation in\nthe Linux kernel contained a buffer overflow when handling extended\nattributes. A local attacker could use this to cause a denial of\nservice (system crash) or possibly execute arbitrary code.\n(CVE-2018-12233)\n\nWen Xu discovered that the XFS filesystem implementation in the Linux\nkernel did not properly handle an error condition with a corrupted xfs\nimage. An attacker could use this to construct a malicious xfs image\nthat, when mounted, could cause a denial of service (system crash).\n(CVE-2018-13094)\n\nIt was discovered that the Linux kernel did not properly handle setgid\nfile creation when performed by a non-member of the group. A local\nattacker could use this to gain elevated privileges. (CVE-2018-13405)\n\nSilvio Cesare discovered that the generic VESA frame buffer driver in\nthe Linux kernel contained an integer overflow. A local attacker could\nuse this to cause a denial of service (system crash) or possibly\nexecute arbitrary code. (CVE-2018-13406).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://usn.ubuntu.com/3753-1/\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-4.4-aws\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-4.4-generic\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-4.4-generic-lpae\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-4.4-kvm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-4.4-lowlatency\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-4.4-raspi2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-4.4-snapdragon\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-aws\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-generic\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-generic-lpae\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-kvm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-lowlatency\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-raspi2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-snapdragon\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:16.04\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2017/12/06\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/08/24\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/08/24\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"Ubuntu Security Notice (C) 2018-2020 Canonical, Inc. / NASL script (C) 2018-2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"linux_alt_patch_detect.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"ubuntu.inc\");\ninclude(\"ksplice.inc\");\n\nif ( ! get_kb_item(\"Host/local_checks_enabled\") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/Ubuntu/release\");\nif ( isnull(release) ) audit(AUDIT_OS_NOT, \"Ubuntu\");\nrelease = chomp(release);\nif (! preg(pattern:\"^(16\\.04)$\", string:release)) audit(AUDIT_OS_NOT, \"Ubuntu 16.04\", \"Ubuntu \" + release);\nif ( ! get_kb_item(\"Host/Debian/dpkg-l\") ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Ubuntu\", cpu);\n\nif (get_one_kb_item(\"Host/ksplice/kernel-cves\"))\n{\n rm_kb_item(name:\"Host/uptrack-uname-r\");\n cve_list = make_list(\"CVE-2017-13168\", \"CVE-2018-10876\", \"CVE-2018-10877\", \"CVE-2018-10878\", \"CVE-2018-10879\", \"CVE-2018-10881\", \"CVE-2018-10882\", \"CVE-2018-12233\", \"CVE-2018-13094\", \"CVE-2018-13405\", \"CVE-2018-13406\");\n if (ksplice_cves_check(cve_list))\n {\n audit(AUDIT_PATCH_INSTALLED, \"KSplice hotfix for USN-3753-1\");\n }\n else\n {\n _ubuntu_report = ksplice_reporting_text();\n }\n}\n\nflag = 0;\n\nif (ubuntu_check(osver:\"16.04\", pkgname:\"linux-image-4.4.0-1032-kvm\", pkgver:\"4.4.0-1032.38\")) flag++;\nif (ubuntu_check(osver:\"16.04\", pkgname:\"linux-image-4.4.0-1066-aws\", pkgver:\"4.4.0-1066.76\")) flag++;\nif (ubuntu_check(osver:\"16.04\", pkgname:\"linux-image-4.4.0-1095-raspi2\", pkgver:\"4.4.0-1095.103\")) flag++;\nif (ubuntu_check(osver:\"16.04\", pkgname:\"linux-image-4.4.0-1099-snapdragon\", pkgver:\"4.4.0-1099.104\")) flag++;\nif (ubuntu_check(osver:\"16.04\", pkgname:\"linux-image-4.4.0-134-generic\", pkgver:\"4.4.0-134.160\")) flag++;\nif (ubuntu_check(osver:\"16.04\", pkgname:\"linux-image-4.4.0-134-generic-lpae\", pkgver:\"4.4.0-134.160\")) flag++;\nif (ubuntu_check(osver:\"16.04\", pkgname:\"linux-image-4.4.0-134-lowlatency\", pkgver:\"4.4.0-134.160\")) flag++;\nif (ubuntu_check(osver:\"16.04\", pkgname:\"linux-image-aws\", pkgver:\"4.4.0.1066.68\")) flag++;\nif (ubuntu_check(osver:\"16.04\", pkgname:\"linux-image-generic\", pkgver:\"4.4.0.134.140\")) flag++;\nif (ubuntu_check(osver:\"16.04\", pkgname:\"linux-image-generic-lpae\", pkgver:\"4.4.0.134.140\")) flag++;\nif (ubuntu_check(osver:\"16.04\", pkgname:\"linux-image-kvm\", pkgver:\"4.4.0.1032.31\")) flag++;\nif (ubuntu_check(osver:\"16.04\", pkgname:\"linux-image-lowlatency\", pkgver:\"4.4.0.134.140\")) flag++;\nif (ubuntu_check(osver:\"16.04\", pkgname:\"linux-image-raspi2\", pkgver:\"4.4.0.1095.95\")) flag++;\nif (ubuntu_check(osver:\"16.04\", pkgname:\"linux-image-snapdragon\", pkgver:\"4.4.0.1099.91\")) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : ubuntu_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = ubuntu_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"linux-image-4.4-aws / linux-image-4.4-generic / etc\");\n}\n", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-01-20T12:52:37", "description": "The openSUSE Leap 15.0 kernel was updated to receive various security\nand bugfixes.\n\nThe following security bugs were fixed :\n\n - CVE-2018-10853: A flaw was found in KVM in which certain\n instructions such as sgdt/sidt call segmented_write_std\n doesn't propagate access correctly. As such, during\n userspace induced exception, the guest can incorrectly\n assume that the exception happened in the kernel and\n panic (bnc#1097104).\n\n - CVE-2018-10876: A flaw was found in the ext4 filesystem\n code. A use-after-free is possible in\n ext4_ext_remove_space() function when mounting and\n operating a crafted ext4 image. (bnc#1099811)\n\n - CVE-2018-10877: Linux kernel ext4 filesystem is\n vulnerable to an out-of-bound access in the\n ext4_ext_drop_refs() function when operating on a\n crafted ext4 filesystem image. (bnc#1099846)\n\n - CVE-2018-10878: A flaw was found in the ext4 filesystem.\n A local user can cause an out-of-bounds write and a\n denial of service or unspecified other impact is\n possible by mounting and operating a crafted ext4\n filesystem image. (bnc#1099813)\n\n - CVE-2018-10879: A flaw was found in the ext4 filesystem.\n A local user can cause a use-after-free in\n ext4_xattr_set_entry function and a denial of service or\n unspecified other impact may occur by renaming a file in\n a crafted ext4 filesystem image. (bnc#1099844)\n\n - CVE-2018-10880: Linux kernel is vulnerable to a\n stack-out-of-bounds write in the ext4 filesystem code\n when mounting and writing to a crafted ext4 image in\n ext4_update_inline_data(). An attacker could use this to\n cause a system crash and a denial of service.\n (bnc#1099845)\n\n - CVE-2018-10881: A flaw was found in the ext4 filesystem.\n A local user can cause an out-of-bound access in\n ext4_get_group_info function, a denial of service, and a\n system crash by mounting and operating on a crafted ext4\n filesystem image. (bnc#1099864)\n\n - CVE-2018-10882: A flaw was found in the ext4 filesystem.\n A local user can cause an out-of-bound write in in\n fs/jbd2/transaction.c code, a denial of service, and a\n system crash by unmounting a crafted ext4 filesystem\n image. (bnc#1099849)\n\n - CVE-2018-10883: A flaw was found in the ext4 filesystem.\n A local user can cause an out-of-bounds write in\n jbd2_journal_dirty_metadata(), a denial of service, and\n a system crash by mounting and operating on a crafted\n ext4 filesystem image. (bnc#1099863)\n\n - CVE-2018-3620: Systems with microprocessors utilizing\n speculative execution and address translations may allow\n unauthorized disclosure of information residing in the\n L1 data cache to an attacker with local user access via\n a terminal page fault and a side-channel analysis\n (bnc#1087081).\n\n - CVE-2018-3646: Systems with microprocessors utilizing\n speculative execution and address translations may allow\n unauthorized disclosure of information residing in the\n L1 data cache to an attacker with local user access with\n guest OS privilege via a terminal page fault and a\n side-channel analysis (bnc#1089343 bnc#1104365).\n\n - CVE-2018-5391 aka 'FragmentSmack': A flaw in the IP\n packet reassembly could be used by remote attackers to\n consume lots of CPU time (bnc#1103097).\n\nThe following non-security bugs were fixed :\n\n - afs: Fix directory permissions check (bsc#1101828).\n\n - bdi: Move cgroup bdi_writeback to a dedicated low\n concurrency workqueue (bsc#1101867).\n\n - be2net: gather debug info and reset adapter (only for\n Lancer) on a tx-timeout (bsc#1086288).\n\n - be2net: Update the driver version to 12.0.0.0\n (bsc#1086288 ).\n\n - befs_lookup(): use d_splice_alias() (bsc#1101844).\n\n - block: Fix transfer when chunk sectors exceeds max\n (bsc#1101874).\n\n - bpf, ppc64: fix unexpected r0=0 exit path inside\n bpf_xadd (bsc#1083647).\n\n - branch-check: fix long->int truncation when profiling\n branches (bsc#1101116,).\n\n - cdrom: do not call check_disk_change() inside\n cdrom_open() (bsc#1101872).\n\n - compiler.h: enable builtin overflow checkers and add\n fallback code (bsc#1101116,).\n\n - cpu/hotplug: Make bringup/teardown of smp threads\n symmetric (bsc#1089343).\n\n - cpu/hotplug: Provide knobs to control SMT (bsc#1089343).\n\n - cpu/hotplug: Split do_cpu_down() (bsc#1089343).\n\n - delayacct: fix crash in delayacct_blkio_end() after\n delayacct init failure (bsc#1104066).\n\n - dm: add writecache target (bsc#1101116,).\n\n - dm writecache: support optional offset for start of\n device (bsc#1101116,).\n\n - dm writecache: use 2-factor allocator arguments\n (bsc#1101116,).\n\n - EDAC: Add missing MEM_LRDDR4 entry in edac_mem_types[]\n (bsc#1103886).\n\n - EDAC: Drop duplicated array of strings for memory type\n names (bsc#1103886).\n\n - ext2: fix a block leak (bsc#1101875).\n\n - ext4: add more mount time checks of the superblock\n (bsc#1101900).\n\n - ext4: bubble errors from ext4_find_inline_data_nolock()\n up to ext4_iget() (bsc#1101896).\n\n - ext4: check for allocation block validity with block\n group locked (bsc#1104495).\n\n - ext4: check superblock mapped prior to committing\n (bsc#1101902).\n\n - ext4: do not update s_last_mounted of a frozen fs\n (bsc#1101841).\n\n - ext4: factor out helper ext4_sample_last_mounted()\n (bsc#1101841).\n\n - ext4: fix check to prevent initializing reserved inodes\n (bsc#1104319).\n\n - ext4: fix false negatives *and* false positives in\n ext4_check_descriptors() (bsc#1103445).\n\n - ext4: fix fencepost error in check for inode count\n overflow during resize (bsc#1101853).\n\n - ext4: fix inline data updates with checksums enabled\n (bsc#1104494).\n\n - ext4: include the illegal physical block in the bad map\n ext4_error msg (bsc#1101903).\n\n - ext4: report delalloc reserve as non-free in statfs for\n project quota (bsc#1101843).\n\n - ext4: update mtime in ext4_punch_hole even if no blocks\n are released (bsc#1101895).\n\n - f2fs: call unlock_new_inode() before d_instantiate()\n (bsc#1101837).\n\n - fix io_destroy()/aio_complete() race (bsc#1101852).\n\n - Force log to disk before reading the AGF during a fstrim\n (bsc#1101893).\n\n - fscache: Fix hanging wait on page discarded by writeback\n (bsc#1101885).\n\n - fs: clear writeback errors in inode_init_always\n (bsc#1101882).\n\n - fs: do not scan the inode cache before SB_BORN is set\n (bsc#1101883).\n\n - hns3: fix unused function warning (bsc#1104353).\n\n - hns3pf: do not check handle during mqprio offload\n (bsc#1104353 ).\n\n - hns3pf: fix hns3_del_tunnel_port() (bsc#1104353).\n\n - hns3pf: Fix some harmless copy and paste bugs\n (bsc#1104353 ).\n\n - hv_netvsc: Fix napi reschedule while receive completion\n is busy ().\n\n - hv/netvsc: Fix NULL dereference at single queue mode\n fallback (bsc#1104708).\n\n - hwmon: (asus_atk0110) Replace deprecated device register\n call (bsc#1103363).\n\n - IB/hns: Annotate iomem pointers correctly (bsc#1104427\n ).\n\n - IB/hns: Avoid compile test under non 64bit environments\n (bsc#1104427).\n\n - IB/hns: Declare local functions 'static' (bsc#1104427 ).\n\n - IB/hns: fix boolreturn.cocci warnings (bsc#1104427).\n\n - IB/hns: Fix for checkpatch.pl comment style warnings\n (bsc#1104427).\n\n - IB/hns: fix memory leak on ah on error return path\n (bsc#1104427 ).\n\n - IB/hns: fix returnvar.cocci warnings (bsc#1104427).\n\n - IB/hns: fix semicolon.cocci warnings (bsc#1104427).\n\n - IB/hns: Fix the bug of polling cq failed for loopback\n Qps (bsc#1104427). Refresh\n patches.suse/0001-IB-hns-checking-for-IS_ERR-instead-of-\n NULL.patch.\n\n - IB/hns: Fix the bug with modifying the MAC address\n without removing the driver (bsc#1104427).\n\n - IB/hns: Fix the bug with rdma operation (bsc#1104427 ).\n\n - IB/hns: Fix the bug with wild pointer when destroy rc qp\n (bsc#1104427).\n\n - IB/hns: include linux/interrupt.h (bsc#1104427).\n\n - IB/hns: Support compile test for hns RoCE driver\n (bsc#1104427 ).\n\n - IB/hns: Use zeroing memory allocator instead of\n allocator/memset (bsc#1104427).\n\n - isofs: fix potential memory leak in mount option parsing\n (bsc#1101887).\n\n - jump_label: Fix concurrent static_key_enable/disable()\n (bsc#1089343).\n\n - jump_label: Provide hotplug context variants\n (bsc#1089343).\n\n - jump_label: Reorder hotplug lock and jump_label_lock\n (bsc#1089343).\n\n - kabi/severities: Allow kABI changes for kvm/x86 (except\n for kvm_x86_ops)\n\n - kabi/severities: ignore qla2xxx as all symbols are\n internal\n\n - kabi/severities: ignore x86_kvm_ops; lttng-modules would\n have to be adjusted in case they depend on this\n particular change\n\n - kabi/severities: Relax kvm_vcpu_* kABI breakage\n\n - media: rc: oops in ir_timer_keyup after device unplug\n (bsc#1090888).\n\n - mm: fix __gup_device_huge vs unmap (bsc#1101839).\n\n - net: hns3: Add a check for client instance init state\n (bsc#1104353).\n\n - net: hns3: add a mask initialization for mac_vlan table\n (bsc#1104353).\n\n - net: hns3: Add *Asserting Reset* mailbox message &\n handling in VF (bsc#1104353).\n\n - net: hns3: add Asym Pause support to phy default\n features (bsc#1104353).\n\n - net: hns3: Add dcb netlink interface for the support of\n DCB feature (bsc#1104353).\n\n - net: hns3: Add DCB support when interacting with network\n stack (bsc#1104353).\n\n - net: hns3: Add ethtool interface for vlan filter\n (bsc#1104353 ).\n\n - net: hns3: add ethtool_ops.get_channels support for VF\n (bsc#1104353).\n\n - net: hns3: add ethtool_ops.get_coalesce support to PF\n (bsc#1104353).\n\n - net: hns3: add ethtool_ops.set_coalesce support to PF\n (bsc#1104353).\n\n - net: hns3: add ethtool -p support for fiber port\n (bsc#1104353 ).\n\n - net: hns3: add ethtool related offload command\n (bsc#1104353 ).\n\n - net: hns3: Add Ethtool support to HNS3 driver\n (bsc#1104353 ).\n\n - net: hns3: add existence checking before adding unicast\n mac address (bsc#1104353).\n\n - net: hns3: add existence check when remove old uc mac\n address (bsc#1104353).\n\n - net: hns3: add feature check when feature changed\n (bsc#1104353 ).\n\n - net: hns3: add get_link support to VF (bsc#1104353).\n\n - net: hns3: add get/set_coalesce support to VF\n (bsc#1104353 ).\n\n - net: hns3: add handling vlan tag offload in bd\n (bsc#1104353 ).\n\n - net: hns3: Add hclge_dcb module for the support of DCB\n feature (bsc#1104353).\n\n - net: hns3: Add HNS3 Acceleration Engine & Compatibility\n Layer Support (bsc#1104353).\n\n - net: hns3: Add HNS3 driver to kernel build framework &\n MAINTAINERS (bsc#1104353).\n\n - net: hns3: Add hns3_get_handle macro in hns3 driver\n (bsc#1104353 ).\n\n - net: hns3: Add HNS3 IMP(Integrated Mgmt Proc) Cmd\n Interface Support (bsc#1104353).\n\n - net: hns3: Add HNS3 VF driver to kernel build framework\n (bsc#1104353).\n\n - net: hns3: Add HNS3 VF HCL(Hardware Compatibility Layer)\n Support (bsc#1104353).\n\n - net: hns3: Add HNS3 VF IMP(Integrated Management Proc)\n cmd interface (bsc#1104353).\n\n - net: hns3: add int_gl_idx setup for TX and RX queues\n (bsc#1104353).\n\n - net: hns3: add int_gl_idx setup for VF (bsc#1104353 ).\n\n - net: hns3: Add mac loopback selftest support in hns3\n driver (bsc#1104353).\n\n - net: hns3: Add mailbox interrupt handling to PF driver\n (bsc#1104353).\n\n - net: hns3: Add mailbox support to PF driver (bsc#1104353\n ).\n\n - net: hns3: Add mailbox support to VF driver (bsc#1104353\n ).\n\n - net: hns3: add manager table initialization for hardware\n (bsc#1104353).\n\n - net: hns3: Add MDIO support to HNS3 Ethernet driver for\n hip08 SoC (bsc#1104353).\n\n - net: hns3: Add missing break in misc_irq_handle\n (bsc#1104353 ).\n\n - net: hns3: Add more packet size statisctics (bsc#1104353\n ).\n\n - net: hns3: add MTU initialization for hardware\n (bsc#1104353 ).\n\n - net: hns3: add net status led support for fiber port\n (bsc#1104353).\n\n - net: hns3: add nic_client check when initialize roce\n base information (bsc#1104353).\n\n - net: hns3: add querying speed and duplex support to VF\n (bsc#1104353).\n\n - net: hns3: Add repeat address checking for setting mac\n address (bsc#1104353).\n\n - net: hns3: Add reset interface implementation in client\n (bsc#1104353).\n\n - net: hns3: Add reset process in hclge_main (bsc#1104353\n ).\n\n - net: hns3: Add reset service task for handling reset\n requests (bsc#1104353).\n\n - net: hns3: add result checking for VF when modify\n unicast mac address (bsc#1104353).\n\n - net: hns3: Add some interface for the support of DCB\n feature (bsc#1104353).\n\n - net: hns3: Adds support for led locate command for\n copper port (bsc#1104353).\n\n - net: hns3: Add STRP_TAGP field support for hardware\n revision 0x21 (bsc#1104353).\n\n - net: hns3: Add support for dynamically buffer\n reallocation (bsc#1104353).\n\n - net: hns3: add support for ETHTOOL_GRXFH (bsc#1104353 ).\n\n - net: hns3: add support for get_regs (bsc#1104353).\n\n - net: hns3: Add support for IFF_ALLMULTI flag\n (bsc#1104353 ).\n\n - net: hns3: Add support for misc interrupt (bsc#1104353\n ).\n\n - net: hns3: add support for nway_reset (bsc#1104353).\n\n - net: hns3: Add support for PFC setting in TM module\n (bsc#1104353 ).\n\n - net: hns3: Add support for port shaper setting in TM\n module (bsc#1104353).\n\n - net: hns3: add support for querying advertised pause\n frame by ethtool ethx (bsc#1104353).\n\n - net: hns3: add support for querying pfc puase packets\n statistic (bsc#1104353).\n\n - net: hns3: add support for set_link_ksettings\n (bsc#1104353 ).\n\n - net: hns3: add support for set_pauseparam (bsc#1104353\n ).\n\n - net: hns3: add support for set_ringparam (bsc#1104353 ).\n\n - net: hns3: add support for set_rxnfc (bsc#1104353).\n\n - net: hns3: Add support for tx_accept_tag2 and\n tx_accept_untag2 config (bsc#1104353).\n\n - net: hns3: add support for VF driver inner interface\n hclgevf_ops.get_tqps_and_rss_info (bsc#1104353).\n\n - net: hns3: Add support of hardware rx-vlan-offload to\n HNS3 VF driver (bsc#1104353).\n\n - net: hns3: Add support of HNS3 Ethernet Driver for hip08\n SoC (bsc#1104353).\n\n - net: hns3: Add support of .sriov_configure in HNS3\n driver (bsc#1104353).\n\n - net: hns3: Add support of the HNAE3 framework\n (bsc#1104353 ).\n\n - net: hns3: Add support of TX Scheduler & Shaper to HNS3\n driver (bsc#1104353).\n\n - net: hns3: Add support to change MTU in HNS3 hardware\n (bsc#1104353).\n\n - net: hns3: Add support to enable TX/RX promisc mode for\n H/W rev(0x21) (bsc#1104353).\n\n - net: hns3: add support to modify tqps number\n (bsc#1104353 ).\n\n - net: hns3: add support to query tqps number (bsc#1104353\n ).\n\n - net: hns3: Add support to re-initialize the hclge device\n (bsc#1104353).\n\n - net: hns3: Add support to request VF Reset to PF\n (bsc#1104353 ).\n\n - net: hns3: Add support to reset the enet/ring mgmt layer\n (bsc#1104353).\n\n - net: hns3: add support to update flow control settings\n after autoneg (bsc#1104353).\n\n - net: hns3: Add tc-based TM support for sriov enabled\n port (bsc#1104353).\n\n - net: hns3: Add timeout process in hns3_enet (bsc#1104353\n ).\n\n - net: hns3: Add VF Reset device state and its handling\n (bsc#1104353).\n\n - net: hns3: Add VF Reset Service Task to support event\n handling (bsc#1104353).\n\n - net: hns3: add vlan offload config command (bsc#1104353\n ).\n\n - net: hns3: change GL update rate (bsc#1104353).\n\n - net: hns3: Change PF to add ring-vect binding & resetQ\n to mailbox (bsc#1104353).\n\n - net: hns3: Change return type of hnae3_register_ae_algo\n (bsc#1104353).\n\n - net: hns3: Change return type of hnae3_register_ae_dev\n (bsc#1104353).\n\n - net: hns3: Change return value in hnae3_register_client\n (bsc#1104353).\n\n - net: hns3: Changes required in PF mailbox to support VF\n reset (bsc#1104353).\n\n - net: hns3: Changes to make enet watchdog timeout func\n common for PF/VF (bsc#1104353).\n\n - net: hns3: Changes to support ARQ(Asynchronous Receive\n Queue) (bsc#1104353).\n\n - net: hns3: change the returned tqp number by ethtool -x\n (bsc#1104353).\n\n - net: hns3: change the time interval of int_gl\n calculating (bsc#1104353).\n\n - net: hns3: change the unit of GL value macro\n (bsc#1104353 ).\n\n - net: hns3: change TM sched mode to TC-based mode when\n SRIOV enabled (bsc#1104353).\n\n - net: hns3: check for NULL function pointer in\n hns3_nic_set_features (bsc#1104353).\n\n - net: hns3: Cleanup for endian issue in hns3 driver\n (bsc#1104353 ).\n\n - net: hns3: Cleanup for non-static function in hns3\n driver (bsc#1104353).\n\n - net: hns3: Cleanup for ROCE capability flag in ae_dev\n (bsc#1104353).\n\n - net: hns3: Cleanup for shifting true in hns3 driver\n (bsc#1104353 ).\n\n - net: hns3: Cleanup for struct that used to send cmd to\n firmware (bsc#1104353).\n\n - net: hns3: Cleanup indentation for Kconfig in the the\n hisilicon folder (bsc#1104353).\n\n - net: hns3: cleanup mac auto-negotiation state query\n (bsc#1104353 ).\n\n - net: hns3: cleanup mac auto-negotiation state query in\n hclge_update_speed_duplex (bsc#1104353).\n\n - net: hns3: cleanup of return values in\n hclge_init_client_instance() (bsc#1104353).\n\n - net: hns3: Clear TX/RX rings when stopping port &\n un-initializing client (bsc#1104353).\n\n - net: hns3: Consistently using GENMASK in hns3 driver\n (bsc#1104353).\n\n - net: hns3: converting spaces into tabs to avoid\n checkpatch.pl warning (bsc#1104353).\n\n - net: hns3: Disable VFs change rxvlan offload status\n (bsc#1104353 ).\n\n - net: hns3: Disable vf vlan filter when vf vlan table is\n full (bsc#1104353).\n\n - net: hns3: ensure media_type is uninitialized\n (bsc#1104353 ).\n\n - net: hns3: export pci table of hclge and hclgevf to\n userspace (bsc#1104353).\n\n - net: hns3: fix a bug about hns3_clean_tx_ring\n (bsc#1104353 ).\n\n - net: hns3: fix a bug for phy supported feature\n initialization (bsc#1104353).\n\n - net: hns3: fix a bug in hclge_uninit_client_instance\n (bsc#1104353).\n\n - net: hns3: fix a bug in hns3_driv_to_eth_caps\n (bsc#1104353 ).\n\n - net: hns3: fix a bug when alloc new buffer (bsc#1104353\n ).\n\n - net: hns3: fix a bug when getting phy address from\n NCL_config file (bsc#1104353).\n\n - net: hns3: fix a dead loop in hclge_cmd_csq_clean\n (bsc#1104353 ).\n\n - net: hns3: fix a handful of spelling mistakes\n (bsc#1104353 ).\n\n - net: hns3: Fix a loop index error of tqp statistics\n query (bsc#1104353).\n\n - net: hns3: Fix a misuse to devm_free_irq (bsc#1104353 ).\n\n - net: hns3: Fix an error handling path in\n 'hclge_rss_init_hw()' (bsc#1104353).\n\n - net: hns3: Fix an error macro definition of\n HNS3_TQP_STAT (bsc#1104353).\n\n - net: hns3: Fix an error of total drop packet statistics\n (bsc#1104353).\n\n - net: hns3: Fix a response data read error of tqp\n statistics query (bsc#1104353).\n\n - net: hns3: fix endian issue when PF get mbx message flag\n (bsc#1104353).\n\n - net: hns3: fix error type definition of return value\n (bsc#1104353).\n\n - net: hns3: Fixes API to fetch ethernet header length\n with kernel default (bsc#1104353).\n\n - net: hns3: Fixes error reported by Kbuild and internal\n review (bsc#1104353).\n\n - net: hns3: Fixes initalization of RoCE handle and makes\n it conditional (bsc#1104353).\n\n - net: hns3: Fixes initialization of phy address from\n firmware (bsc#1104353).\n\n - net: hns3: Fixes kernel panic issue during rmmod hns3\n driver (bsc#1104353).\n\n - net: hns3: Fixes ring-to-vector map-and-unmap command\n (bsc#1104353).\n\n - net: hns3: Fixes the back pressure setting when sriov is\n enabled (bsc#1104353).\n\n - net: hns3: Fixes the command used to unmap ring from\n vector (bsc#1104353).\n\n - net: hns3: Fixes the default VLAN-id of PF (bsc#1104353\n ).\n\n - net: hns3: Fixes the error legs in hclge_init_ae_dev\n function (bsc#1104353).\n\n - net: hns3: Fixes the ether address copy with appropriate\n API (bsc#1104353).\n\n - net: hns3: Fixes the initialization of MAC address in\n hardware (bsc#1104353).\n\n - net: hns3: Fixes the init of the VALID BD info in the\n descriptor (bsc#1104353).\n\n - net: hns3: Fixes the missing PCI iounmap for various\n legs (bsc#1104353).\n\n - net: hns3: Fixes the missing u64_stats_fetch_begin_irq\n in 64-bit stats fetch (bsc#1104353).\n\n - net: hns3: Fixes the out of bounds access in\n hclge_map_tqp (bsc#1104353).\n\n - net: hns3: Fixes the premature exit of loop when\n matching clients (bsc#1104353).\n\n - net: hns3: fixes the ring index in hns3_fini_ring\n (bsc#1104353 ).\n\n - net: hns3: Fixes the state to indicate client-type\n initialization (bsc#1104353).\n\n - net: hns3: Fixes the static checker error warning in\n hns3_get_link_ksettings() (bsc#1104353).\n\n - net: hns3: Fixes the static check warning due to missing\n unsupp L3 proto check (bsc#1104353).\n\n - net: hns3: Fixes the wrong IS_ERR check on the returned\n phydev value (bsc#1104353).\n\n - net: hns3: fix for buffer overflow smatch warning\n (bsc#1104353 ).\n\n - net: hns3: fix for changing MTU (bsc#1104353).\n\n - net: hns3: fix for cleaning ring problem (bsc#1104353 ).\n\n - net: hns3: Fix for CMDQ and Misc. interrupt init order\n problem (bsc#1104353).\n\n - net: hns3: fix for coal configuation lost when setting\n the channel (bsc#1104353).\n\n - net: hns3: fix for coalesce configuration lost during\n reset (bsc#1104353).\n\n - net: hns3: Fix for deadlock problem occurring when\n unregistering ae_algo (bsc#1104353).\n\n - net: hns3: Fix for DEFAULT_DV when dev does not support\n DCB (bsc#1104353).\n\n - net: hns3: Fix for fiber link up problem (bsc#1104353 ).\n\n - net: hns3: fix for getting advertised_caps in\n hns3_get_link_ksettings (bsc#1104353).\n\n - net: hns3: fix for getting autoneg in\n hns3_get_link_ksettings (bsc#1104353).\n\n - net: hns3: fix for getting auto-negotiation state in\n hclge_get_autoneg (bsc#1104353).\n\n - net: hns3: fix for getting wrong link mode problem\n (bsc#1104353 ).\n\n - net: hns3: Fix for hclge_reset running repeatly problem\n (bsc#1104353).\n\n - net: hns3: Fix for hns3 module is loaded multiple times\n problem (bsc#1104353).\n\n - net: hns3: fix for ipv6 address loss problem after\n setting channels (bsc#1104353).\n\n - net: hns3: fix for loopback failure when vlan filter is\n enable (bsc#1104353).\n\n - net: hns3: fix for netdev not running problem after\n calling net_stop and net_open (bsc#1104353).\n\n - net: hns3: Fix for netdev not running problem after\n calling net_stop and net_open (bsc#1104353).\n\n - net: hns3: fix for not initializing VF rss_hash_key\n problem (bsc#1104353).\n\n - net: hns3: fix for not returning problem in\n get_link_ksettings when phy exists (bsc#1104353).\n\n - net: hns3: fix for not setting pause parameters\n (bsc#1104353 ).\n\n - net: hns3: Fix for not setting rx private buffer size to\n zero (bsc#1104353).\n\n - net: hns3: Fix for packet loss due wrong filter config\n in VLAN tbls (bsc#1104353).\n\n - net: hns3: fix for pause configuration lost during reset\n (bsc#1104353).\n\n - net: hns3: Fix for PF mailbox receving unknown message\n (bsc#1104353).\n\n - net: hns3: fix for phy_addr error in\n hclge_mac_mdio_config (bsc#1104353).\n\n - net: hns3: Fix for phy not link up problem after\n resetting (bsc#1104353).\n\n - net: hns3: Fix for pri to tc mapping in TM (bsc#1104353\n ).\n\n - net: hns3: fix for returning wrong value problem in\n hns3_get_rss_indir_size (bsc#1104353).\n\n - net: hns3: fix for returning wrong value problem in\n hns3_get_rss_key_size (bsc#1104353).\n\n - net: hns3: fix for RSS configuration loss problem during\n reset (bsc#1104353).\n\n - net: hns3: Fix for rx priv buf allocation when DCB is\n not supported (bsc#1104353).\n\n - net: hns3: Fix for rx_priv_buf_alloc not setting rx\n shared buffer (bsc#1104353).\n\n - net: hns3: Fix for service_task not running problem\n after resetting (bsc#1104353).\n\n - net: hns3: Fix for setting mac address when resetting\n (bsc#1104353).\n\n - net: hns3: fix for setting MTU (bsc#1104353).\n\n - net: hns3: Fix for setting rss_size incorrectly\n (bsc#1104353 ).\n\n - net: hns3: Fix for the NULL pointer problem occurring\n when initializing ae_dev failed (bsc#1104353).\n\n - net: hns3: fix for the wrong shift problem in\n hns3_set_txbd_baseinfo (bsc#1104353).\n\n - net: hns3: fix for updating fc_mode_last_time\n (bsc#1104353 ).\n\n - net: hns3: fix for use-after-free when setting ring\n parameter (bsc#1104353).\n\n - net: hns3: Fix for VF mailbox cannot receiving PF\n response (bsc#1104353).\n\n - net: hns3: Fix for VF mailbox receiving unknown message\n (bsc#1104353).\n\n - net: hns3: fix for vlan table lost problem when\n resetting (bsc#1104353).\n\n - net: hns3: Fix for vxlan tx checksum bug (bsc#1104353 ).\n\n - net: hns3: Fix initialization when cmd is not supported\n (bsc#1104353).\n\n - net: hns3: fix length overflow when\n CONFIG_ARM64_64K_PAGES (bsc#1104353).\n\n - net: hns3: fix NULL pointer dereference before null\n check (bsc#1104353).\n\n - net: hns3: fix return value error of\n hclge_get_mac_vlan_cmd_status() (bsc#1104353).\n\n - net: hns3: fix rx path skb->truesize reporting bug\n (bsc#1104353 ).\n\n - net: hns3: Fix setting mac address error (bsc#1104353 ).\n\n - net: hns3: Fix spelling errors (bsc#1104353).\n\n - net: hns3: fix spelling mistake: 'capabilty' ->\n 'capability' (bsc#1104353).\n\n - net: hns3: fix the bug of hns3_set_txbd_baseinfo\n (bsc#1104353 ).\n\n - net: hns3: fix the bug when map buffer fail (bsc#1104353\n ).\n\n - net: hns3: fix the bug when reuse command description in\n hclge_add_mac_vlan_tbl (bsc#1104353).\n\n - net: hns3: Fix the missing client list node\n initialization (bsc#1104353).\n\n - net: hns3: fix the ops check in hns3_get_rxnfc\n (bsc#1104353 ).\n\n - net: hns3: fix the queue id for tqp enable&&reset\n (bsc#1104353 ).\n\n - net: hns3: fix the ring count for ETHTOOL_GRXRINGS\n (bsc#1104353 ).\n\n - net: hns3: fix the TX/RX ring.queue_index in\n hns3_ring_get_cfg (bsc#1104353).\n\n - net: hns3: fix the VF queue reset flow error\n (bsc#1104353 ).\n\n - net: hns3: fix to correctly fetch l4 protocol outer\n header (bsc#1104353).\n\n - net: hns3: Fix to support autoneg only for port attached\n with phy (bsc#1104353).\n\n - net: hns3: Fix typo error for feild in hclge_tm\n (bsc#1104353 ).\n\n - net: hns3: free the ring_data structrue when change tqps\n (bsc#1104353).\n\n - net: hns3: get rss_size_max from configuration but not\n hardcode (bsc#1104353).\n\n - net: hns3: get vf count by pci_sriov_get_totalvfs\n (bsc#1104353 ).\n\n - net: hns3: hclge_inform_reset_assert_to_vf() can be\n static (bsc#1104353).\n\n - net: hns3: hns3:fix a bug about statistic counter in\n reset process (bsc#1104353).\n\n - net: hns3: hns3_get_channels() can be static\n (bsc#1104353 ).\n\n - net: hns3: Increase the default depth of bucket for TM\n shaper (bsc#1104353).\n\n - net: hns3: increase the max time for IMP handle command\n (bsc#1104353).\n\n - net: hns3: make local functions static (bsc#1104353 ).\n\n - net: hns3: Mask the packet statistics query when NIC is\n down (bsc#1104353).\n\n - net: hns3: Modify the update period of packet statistics\n (bsc#1104353).\n\n - net: hns3: never send command queue message to IMP when\n reset (bsc#1104353).\n\n - net: hns3: Optimize PF CMDQ interrupt switching process\n (bsc#1104353).\n\n - net: hns3: Optimize the PF's process of updating\n multicast MAC (bsc#1104353).\n\n - net: hns3: Optimize the VF's process of updating\n multicast MAC (bsc#1104353).\n\n - net: hns3: reallocate tx/rx buffer after changing mtu\n (bsc#1104353).\n\n - net: hns3: refactor GL update function (bsc#1104353 ).\n\n - net: hns3: refactor interrupt coalescing init function\n (bsc#1104353).\n\n - net: hns3: Refactor mac_init function (bsc#1104353).\n\n - net: hns3: Refactor of the reset interrupt handling\n logic (bsc#1104353).\n\n - net: hns3: Refactors the requested reset & pending reset\n handling code (bsc#1104353).\n\n - net: hns3: refactor the coalesce related struct\n (bsc#1104353 ).\n\n - net: hns3: refactor the get/put_vector function\n (bsc#1104353 ).\n\n - net: hns3: refactor the hclge_get/set_rss function\n (bsc#1104353 ).\n\n - net: hns3: refactor the hclge_get/set_rss_tuple function\n (bsc#1104353).\n\n - net: hns3: Refactor the initialization of command queue\n (bsc#1104353).\n\n - net: hns3: refactor the loopback related function\n (bsc#1104353 ).\n\n - net: hns3: Refactor the mapping of tqp to vport\n (bsc#1104353 ).\n\n - net: hns3: Refactor the skb receiving and transmitting\n function (bsc#1104353).\n\n - net: hns3: remove a couple of redundant assignments\n (bsc#1104353 ).\n\n - net: hns3: remove add/del_tunnel_udp in hns3_enet module\n (bsc#1104353).\n\n - net: hns3: Remove a useless member of struct hns3_stats\n (bsc#1104353).\n\n - net: hns3: Remove error log when getting pfc stats fails\n (bsc#1104353).\n\n - net: hns3: Remove packet statistics in the range of\n 8192~12287 (bsc#1104353).\n\n - net: hns3: remove redundant memset when alloc buffer\n (bsc#1104353).\n\n - net: hns3: remove redundant semicolon (bsc#1104353).\n\n - net: hns3: Remove repeat statistic of rx_errors\n (bsc#1104353 ).\n\n - net: hns3: Removes unnecessary check when clearing TX/RX\n rings (bsc#1104353).\n\n - net: hns3: remove TSO config command from VF driver\n (bsc#1104353 ).\n\n - net: hns3: remove unnecessary pci_set_drvdata() and\n devm_kfree() (bsc#1104353).\n\n - net: hns3: remove unused GL setup function (bsc#1104353\n ).\n\n - net: hns3: remove unused hclgevf_cfg_func_mta_filter\n (bsc#1104353).\n\n - net: hns3: Remove unused led control code (bsc#1104353\n ).\n\n - net: hns3: report the function type the same line with\n hns3_nic_get_stats64 (bsc#1104353).\n\n - net: hns3: set the cmdq out_vld bit to 0 after used\n (bsc#1104353 ).\n\n - net: hns3: set the max ring num when alloc netdev\n (bsc#1104353 ).\n\n - net: hns3: Setting for fc_mode and dcb enable flag in TM\n module (bsc#1104353).\n\n - net: hns3: Support for dynamically assigning tx buffer\n to TC (bsc#1104353).\n\n - net: hns3: Unified HNS3 (VF|PF) Ethernet Driver for\n hip08 SoC (bsc#1104353).\n\n - net: hns3: unify the pause params setup function\n (bsc#1104353 ).\n\n - net: hns3: Unify the strings display of packet\n statistics (bsc#1104353).\n\n - net: hns3: Updates MSI/MSI-X alloc/free APIs(depricated)\n to new APIs (bsc#1104353).\n\n - net: hns3: Updates RX packet info fetch in case of multi\n BD (bsc#1104353).\n\n - net: hns3: Use enums instead of magic number in\n hclge_is_special_opcode (bsc#1104353).\n\n - net: hns3: VF should get the real rss_size instead of\n rss_size_max (bsc#1104353).\n\n - net: lan78xx: Fix race in tx pending skb size\n calculation (bsc#1100132).\n\n - net: lan78xx: fix rx handling before first packet is\n send (bsc#1100132).\n\n - net: qmi_wwan: add BroadMobi BM806U 2020:2033\n (bsc#1087092).\n\n - net: qmi_wwan: Add Netgear Aircard 779S (bsc#1090888).\n\n - net-usb: add qmi_wwan if on lte modem wistron neweb\n d18q1 (bsc#1087092).\n\n - net: usb: asix: replace mii_nway_restart in resume path\n (bsc#1100132).\n\n - orangefs: report attributes_mask and attributes for\n statx (bsc#1101832).\n\n - orangefs: set i_size on new symlink (bsc#1101845).\n\n - overflow.h: Add allocation size calculation helpers\n (bsc#1101116,).\n\n - powerpc/64: Add GENERIC_CPU support for little endian\n ().\n\n - powerpc/fadump: handle crash memory ranges array index\n overflow (bsc#1103269).\n\n - powerpc/fadump: merge adjacent memory ranges to reduce\n PT_LOAD segements (bsc#1103269).\n\n - powerpc/pkeys: Deny read/write/execute by default\n (bsc#1097577).\n\n - powerpc/pkeys: Fix calculation of total pkeys\n (bsc#1097577).\n\n - powerpc/pkeys: Give all threads control of their key\n permissions (bsc#1097577).\n\n - powerpc/pkeys: key allocation/deallocation must not\n change pkey registers (bsc#1097577).\n\n - powerpc/pkeys: make protection key 0 less special\n (bsc#1097577).\n\n - powerpc/pkeys: Preallocate execute-only key\n (bsc#1097577).\n\n - powerpc/pkeys: Save the pkey registers before fork\n (bsc#1097577).\n\n - qed*: Add link change count value to ethtool statistics\n display (bsc#1086314).\n\n - qed: Add qed APIs for PHY module query (bsc#1086314 ).\n\n - qed: Add srq core support for RoCE and iWARP\n (bsc#1086314 ).\n\n - qede: Add driver callbacks for eeprom module query\n (bsc#1086314 ).\n\n - qedf: Add get_generic_tlv_data handler (bsc#1086317).\n\n - qedf: Add support for populating ethernet TLVs\n (bsc#1086317).\n\n - qed: fix spelling mistake 'successffuly' ->\n 'successfully' (bsc#1086314).\n\n - qedi: Add get_generic_tlv_data handler (bsc#1086315).\n\n - qedi: Add support for populating ethernet TLVs\n (bsc#1086315).\n\n - qed: Make some functions static (bsc#1086314).\n\n - qed: remove redundant functions qed_get_cm_pq_idx_rl\n (bsc#1086314).\n\n - qed: remove redundant functions\n qed_set_gft_event_id_cm_hdr (bsc#1086314).\n\n - qed: remove redundant pointer 'name' (bsc#1086314).\n\n - qed: use dma_zalloc_coherent instead of allocator/memset\n (bsc#1086314).\n\n - qed*: Utilize FW 8.37.2.0 (bsc#1086314).\n\n - rdma/hns: Add 64KB page size support for hip08\n (bsc#1104427 ).\n\n - rdma/hns: Add command queue support for hip08 RoCE\n driver (bsc#1104427).\n\n - rdma/hns: Add CQ operations support for hip08 RoCE\n driver (bsc#1104427).\n\n - rdma/hns: Add detailed comments for mb() call\n (bsc#1104427 ).\n\n - rdma/hns: Add eq support of hip08 (bsc#1104427).\n\n - rdma/hns: Add gsi qp support for modifying qp in hip08\n (bsc#1104427).\n\n - rdma/hns: Add mailbox's implementation for hip08 RoCE\n driver (bsc#1104427).\n\n - rdma/hns: Add modify CQ support for hip08 (bsc#1104427\n ).\n\n - rdma/hns: Add names to function arguments in function\n pointers (bsc#1104427).\n\n - rdma/hns: Add profile support for hip08 driver\n (bsc#1104427 ).\n\n - rdma/hns: Add QP operations support for hip08 SoC\n (bsc#1104427 ).\n\n - rdma/hns: Add releasing resource operation in error\n branch (bsc#1104427).\n\n - rdma/hns: Add rereg mr support for hip08 (bsc#1104427 ).\n\n - rdma/hns: Add reset process for RoCE in hip08\n (bsc#1104427 ).\n\n - rdma/hns: Add return operation when configured global\n param fail (bsc#1104427).\n\n - rdma/hns: Add rq inline data support for hip08 RoCE\n (bsc#1104427 ).\n\n - rdma/hns: Add rq inline flags judgement (bsc#1104427 ).\n\n - rdma/hns: Add sq_invld_flg field in QP context\n (bsc#1104427 ).\n\n - rdma/hns: Add support for processing send wr and receive\n wr (bsc#1104427).\n\n - rdma/hns: Add the interfaces to support multi hop\n addressing for the contexts in hip08 (bsc#1104427).\n\n - rdma/hns: Adjust the order of cleanup hem table\n (bsc#1104427 ).\n\n - rdma/hns: Assign dest_qp when deregistering mr\n (bsc#1104427 ).\n\n - rdma/hns: Assign the correct value for tx_cqn\n (bsc#1104427 ).\n\n - rdma/hns: Assign zero for pkey_index of wc in hip08\n (bsc#1104427 ).\n\n - rdma/hns: Avoid NULL pointer exception (bsc#1104427 ).\n\n - rdma/hns: Bugfix for cq record db for kernel\n (bsc#1104427 ).\n\n - rdma/hns: Bugfix for init hem table (bsc#1104427).\n\n - rdma/hns: Bugfix for rq record db for kernel\n (bsc#1104427 ).\n\n - rdma/hns: Check return value of kzalloc (bsc#1104427 ).\n\n - rdma/hns: Configure BT BA and BT attribute for the\n contexts in hip08 (bsc#1104427).\n\n - rdma/hns: Configure fence attribute in hip08 RoCE\n (bsc#1104427 ).\n\n - rdma/hns: Configure mac&gid and user access region for\n hip08 RoCE driver (bsc#1104427).\n\n - rdma/hns: Configure sgid type for hip08 RoCE\n (bsc#1104427 ).\n\n - rdma/hns: Configure the MTPT in hip08 (bsc#1104427).\n\n - rdma/hns: Configure TRRL field in hip08 RoCE device\n (bsc#1104427 ).\n\n - rdma/hns: Create gsi qp in hip08 (bsc#1104427).\n\n - rdma/hns: Delete the unnecessary initializing enum to\n zero (bsc#1104427).\n\n - rdma/hns: Do not unregister a callback we didn't\n register (bsc#1104427).\n\n - rdma/hns: Drop local zgid in favor of core defined\n variable (bsc#1104427).\n\n - rdma/hns: Enable inner_pa_vld filed of mpt (bsc#1104427\n ).\n\n - rdma/hns: Enable the cqe field of sqwqe of RC\n (bsc#1104427 ).\n\n - rdma/hns: ensure for-loop actually iterates and free's\n buffers (bsc#1104427).\n\n - rdma/hns: Fill sq wqe context of ud type in hip08\n (bsc#1104427 ).\n\n - rdma/hns: Filter for zero length of sge in hip08 kernel\n mode (bsc#1104427).\n\n - rdma/hns: Fix a bug with modifying mac address\n (bsc#1104427 ).\n\n - rdma/hns: Fix a couple misspellings (bsc#1104427).\n\n - rdma/hns: Fix calltrace for sleeping in atomic\n (bsc#1104427 ).\n\n - rdma/hns: Fix cqn type and init resp (bsc#1104427).\n\n - rdma/hns: Fix cq record doorbell enable in kernel\n (bsc#1104427 ).\n\n - rdma/hns: Fix endian problems around imm_data and rkey\n (bsc#1104427).\n\n - rdma/hns: Fix inconsistent warning (bsc#1104427).\n\n - rdma/hns: Fix init resp when alloc ucontext (bsc#1104427\n ).\n\n - rdma/hns: Fix misplaced call to\n hns_roce_cleanup_hem_table (bsc#1104427).\n\n - rdma/hns: Fix QP state judgement before receiving work\n requests (bsc#1104427).\n\n - rdma/hns: Fix QP state judgement before sending work\n requests (bsc#1104427).\n\n - rdma/hns: fix spelling mistake: 'Reseved' -> 'Reserved'\n (bsc#1104427).\n\n - rdma/hns: Fix the bug with NULL pointer (bsc#1104427 ).\n\n - rdma/hns: Fix the bug with rq sge (bsc#1104427).\n\n - rdma/hns: Fix the endian problem for hns (bsc#1104427 ).\n\n - rdma/hns: Fix the illegal memory operation when cross\n page (bsc#1104427).\n\n - rdma/hns: Fix the issue of IOVA not page continuous in\n hip08 (bsc#1104427).\n\n - rdma/hns: Fix the qp context state diagram (bsc#1104427\n ).\n\n - rdma/hns: Generate gid type of RoCEv2 (bsc#1104427).\n\n - rdma/hns: Get rid of page operation after\n dma_alloc_coherent (bsc#1104427).\n\n - rdma/hns: Get rid of virt_to_page and vmap calls after\n dma_alloc_coherent (bsc#1104427).\n\n - rdma/hns: Implement the disassociate_ucontext API\n (bsc#1104427 ).\n\n - rdma/hns: Increase checking CMQ status timeout value\n (bsc#1104427).\n\n - rdma/hns: Initialize the PCI device for hip08 RoCE\n (bsc#1104427 ).\n\n - rdma/hns: Intercept illegal RDMA operation when use\n inline data (bsc#1104427).\n\n - rdma/hns: Load the RoCE dirver automatically\n (bsc#1104427 ).\n\n - rdma/hns: make various function static, fixes warnings\n (bsc#1104427).\n\n - rdma/hns: Modify assignment device variable to support\n both PCI device and platform device (bsc#1104427).\n\n - rdma/hns: Modify the usage of cmd_sn in hip08\n (bsc#1104427 ).\n\n - rdma/hns: Modify the value with rd&dest_rd of qp_attr\n (bsc#1104427).\n\n - rdma/hns: Modify uar allocation algorithm to avoid\n bitmap exhaust (bsc#1104427).\n\n - rdma/hns: Move priv in order to add multiple hns_roce\n support (bsc#1104427).\n\n - rdma/hns: Move the location for initializing tmp_len\n (bsc#1104427).\n\n - rdma/hns: Not support qp transition from reset to reset\n for hip06 (bsc#1104427).\n\n - rdma/hns: Only assign dest_qp if IB_QP_DEST_QPN bit is\n set (bsc#1104427).\n\n - rdma/hns: Only assign dqpn if IB_QP_PATH_DEST_QPN bit is\n set (bsc#1104427).\n\n - rdma/hns: Only assign mtu if IB_QP_PATH_MTU bit is set\n (bsc#1104427).\n\n - rdma/hns: Refactor code for readability (bsc#1104427 ).\n\n - rdma/hns: Refactor eq code for hip06 (bsc#1104427).\n\n - rdma/hns: remove redundant assignment to variable j\n (bsc#1104427 ).\n\n - rdma/hns: Remove some unnecessary attr_mask judgement\n (bsc#1104427).\n\n - rdma/hns: Remove unnecessary operator (bsc#1104427).\n\n - rdma/hns: Remove unnecessary platform_get_resource()\n error check (bsc#1104427).\n\n - rdma/hns: Rename the idx field of db (bsc#1104427).\n\n - rdma/hns: Replace condition statement using hardware\n version information (bsc#1104427).\n\n - rdma/hns: Replace __raw_write*(cpu_to_le*()) with LE\n write*() (bsc#1104427).\n\n - rdma/hns: return 0 rather than return a garbage status\n value (bsc#1104427).\n\n - rdma/hns_roce: Do not check return value of\n zap_vma_ptes() (bsc#1104427).\n\n - rdma/hns: Set access flags of hip08 RoCE (bsc#1104427 ).\n\n - rdma/hns: Set desc_dma_addr for zero when free cmq desc\n (bsc#1104427).\n\n - rdma/hns: Set NULL for __internal_mr (bsc#1104427).\n\n - rdma/hns: Set rdma_ah_attr type for querying qp\n (bsc#1104427 ).\n\n - rdma/hns: Set se attribute of sqwqe in hip08\n (bsc#1104427 ).\n\n - rdma/hns: Set sq_cur_sge_blk_addr field in QPC in hip08\n (bsc#1104427).\n\n - rdma/hns: Set the guid for hip08 RoCE device\n (bsc#1104427 ).\n\n - rdma/hns: Set the owner field of SQWQE in hip08 RoCE\n (bsc#1104427).\n\n - rdma/hns: Split CQE from MTT in hip08 (bsc#1104427).\n\n - rdma/hns: Split hw v1 driver from hns roce driver\n (bsc#1104427 ).\n\n - rdma/hns: Submit bad wr (bsc#1104427).\n\n - rdma/hns: Support cq record doorbell for kernel space\n (bsc#1104427).\n\n - rdma/hns: Support cq record doorbell for the user space\n (bsc#1104427).\n\n - rdma/hns: Support multi hop addressing for PBL in hip08\n (bsc#1104427).\n\n - rdma/hns: Support rq record doorbell for kernel space\n (bsc#1104427).\n\n - rdma/hns: Support rq record doorbell for the user space\n (bsc#1104427).\n\n - rdma/hns: Support WQE/CQE/PBL page size configurable\n feature in hip08 (bsc#1104427).\n\n - rdma/hns: Unify the calculation for hem index in hip08\n (bsc#1104427).\n\n - rdma/hns: Update assignment method for owner field of\n send wqe (bsc#1104427).\n\n - rdma/hns: Update calculation of irrl_ba field for hip08\n (bsc#1104427).\n\n - rdma/hns: Update convert function of endian format\n (bsc#1104427 ).\n\n - rdma/hns: Update the interfaces for MTT/CQE multi hop\n addressing in hip08 (bsc#1104427).\n\n - rdma/hns: Update the IRRL table chunk size in hip08\n (bsc#1104427 ).\n\n - rdma/hns: Update the PD&CQE&MTT specification in hip08\n (bsc#1104427).\n\n - rdma/hns: Update the usage of ack timeout in hip08\n (bsc#1104427 ).\n\n - rdma/hns: Update the usage of sr_max and rr_max field\n (bsc#1104427).\n\n - rdma/hns: Update the verbs of polling for completion\n (bsc#1104427).\n\n - rdma/hns: Use free_pages function instead of free_page\n (bsc#1104427).\n\n - rdma/hns: Use structs to describe the uABI instead of\n opencoding (bsc#1104427).\n\n - rdma/qedr: Fix NULL pointer dereference when running\n over iWARP without RDMA-CM (bsc#1086314).\n\n - rdma/qedr: fix spelling mistake: 'adrresses' ->\n 'addresses' (bsc#1086314).\n\n - rdma/qedr: fix spelling mistake: 'failes' -> 'fails'\n (bsc#1086314).\n\n - reiserfs: fix buffer overflow with long warning messages\n (bsc#1101847).\n\n -\n reiserfs-fix-buffer-overflow-with-long-warning-messa.pat\n ch: Silence bogus compiler warning about unused result\n of strscpy().\n\n - s390/dasd: configurable IFCC handling (bsc#1097808).\n\n - sched/smt: Update sched_smt_present at runtime\n (bsc#1089343).\n\n - scsi: mpt3sas: Add an I/O barrier (bsc#1086906,).\n\n - scsi: mpt3sas: Added support for SAS Device Discovery\n Error Event (bsc#1086906,).\n\n - scsi: mpt3sas: Add PCI device ID for Andromeda\n (bsc#1086906,).\n\n - scsi: mpt3sas: Allow processing of events during driver\n unload (bsc#1086906,).\n\n - scsi: mpt3sas: As per MPI-spec, use combined reply queue\n for SAS3.5 controllers when HBA supports more than 16\n MSI-x vectors (bsc#1086906,).\n\n - scsi: mpt3sas: Bug fix for big endian systems\n (bsc#1086906,).\n\n - scsi: mpt3sas: Cache enclosure pages during enclosure\n add (bsc#1086906,).\n\n - scsi: mpt3sas: clarify mmio pointer types\n (bsc#1086906,).\n\n - scsi: mpt3sas: Configure reply post queue depth, DMA and\n sgl tablesize (bsc#1086906,).\n\n - scsi: mpt3sas: Do not abort I/Os issued to NVMe drives\n while processing Async Broadcast primitive event\n (bsc#1086906,).\n\n - scsi: mpt3sas: Do not access the structure after\n decrementing it's instance reference count\n (bsc#1086906,).\n\n - scsi: mpt3sas: Do not mark fw_event workqueue as\n WQ_MEM_RECLAIM (bsc#1086906,).\n\n - scsi: mpt3sas: Enhanced handling of Sense Buffer\n (bsc#1086906,).\n\n - scsi: mpt3sas: Fix, False timeout prints for ioctl and\n other internal commands during controller reset\n (bsc#1086906,).\n\n - scsi: mpt3sas: fix possible memory leak (bsc#1086906,).\n\n - scsi: mpt3sas: fix spelling mistake: 'disbale' ->\n 'disable' (bsc#1086906,).\n\n - scsi: mpt3sas: For NVME device, issue a protocol level\n reset (bsc#1086906,).\n\n - scsi: mpt3sas: Incorrect command status was set/marked\n as not used (bsc#1086906,).\n\n - scsi: mpt3sas: Increase event log buffer to support 24\n port HBA's (bsc#1086906,).\n\n - scsi: mpt3sas: Introduce API to get BAR0 mapped buffer\n address (bsc#1086906,).\n\n - scsi: mpt3sas: Introduce Base function for cloning\n (bsc#1086906,).\n\n - scsi: mpt3sas: Introduce function to clone mpi reply\n (bsc#1086906,).\n\n - scsi: mpt3sas: Introduce function to clone mpi request\n (bsc#1086906,).\n\n - scsi: mpt3sas: Lockless access for chain buffers\n (bsc#1086906,).\n\n - scsi: mpt3sas: Optimize I/O memory consumption in driver\n (bsc#1086906,).\n\n - scsi: mpt3sas: Pre-allocate RDPQ Array at driver boot\n time (bsc#1086906,).\n\n - scsi: mpt3sas: Replace PCI pool old API (bsc#1081917). -\n Refresh\n patches.drivers/scsi-mpt3sas-SGL-to-PRP-Translation-for-\n I-Os-to-NVMe.patch.\n\n - scsi: mpt3sas: Report Firmware Package Version from HBA\n Driver (bsc#1086906,).\n\n - scsi: mpt3sas: Update driver version '25.100.00.00'\n (bsc#1086906,).\n\n - scsi: mpt3sas: Update driver version '26.100.00.00'\n (bsc#1086906,).\n\n - scsi: mpt3sas: Update MPI Headers (bsc#1086906,).\n\n - scsi: qedf: Add additional checks when restarting an\n rport due to ABTS timeout (bsc#1086317).\n\n - scsi: qedf: Add check for offload before flushing I/Os\n for target (bsc#1086317).\n\n - scsi: qedf: Add dcbx_not_wait module parameter so we\n won't wait for DCBX convergence to start discovery\n (bsc#1086317).\n\n - scsi: qedf: Add missing skb frees in error path\n (bsc#1086317).\n\n - scsi: qedf: Add more defensive checks for concurrent\n error conditions (bsc#1086317).\n\n - scsi: qedf: Add task id to kref_get_unless_zero() debug\n messages when flushing requests (bsc#1086317).\n\n - scsi: qedf: Check if link is already up when receiving a\n link up event from qed (bsc#1086317).\n\n - scsi: qedf: fix LTO-enabled build (bsc#1086317).\n\n - scsi: qedf: Fix VLAN display when printing sent FIP\n frames (bsc#1086317).\n\n - scsi: qedf: Honor default_prio module parameter even if\n DCBX does not converge (bsc#1086317).\n\n - scsi: qedf: Honor priority from DCBX FCoE App tag\n (bsc#1086317).\n\n - scsi: qedf: If qed fails to enable MSI-X fail PCI probe\n (bsc#1086317).\n\n - scsi: qedf: Improve firmware debug dump handling\n (bsc#1086317).\n\n - scsi: qedf: Increase the number of default FIP VLAN\n request retries to 60 (bsc#1086317).\n\n - scsi: qedf: Release RRQ reference correctly when RRQ\n command times out (bsc#1086317).\n\n - scsi: qedf: remove redundant initialization of 'fcport'\n (bsc#1086317).\n\n - scsi: qedf: Remove setting DCBX pending during soft\n context reset (bsc#1086317).\n\n - scsi: qedf: Return request as DID_NO_CONNECT if MSI-X is\n not enabled (bsc#1086317).\n\n - scsi: qedf: Sanity check FCoE/FIP priority value to make\n sure it's between 0 and 7 (bsc#1086317).\n\n - scsi: qedf: Send the driver state to MFW (bsc#1086317).\n\n - scsi: qedf: Set the UNLOADING flag when removing a vport\n (bsc#1086317).\n\n - scsi: qedf: Synchronize rport restarts when multiple ELS\n commands time out (bsc#1086317).\n\n - scsi: qedf: Update copyright for 2018 (bsc#1086317).\n\n - scsi: qedf: Update version number to 8.33.16.20\n (bsc#1086317).\n\n - scsi: qedf: use correct strncpy() size (bsc#1086317).\n\n - scsi: qedi: fix building with LTO (bsc#1086315).\n\n - scsi: qedi: fix build regression (bsc#1086315).\n\n - scsi: qedi: Fix kernel crash during port toggle\n (bsc#1086315).\n\n - scsi: qedi: Send driver state to MFW (bsc#1086315).\n\n - scsi: qla2xxx: correctly shift host byte (bsc#1086327,).\n\n - scsi: qla2xxx: Correct setting of\n SAM_STAT_CHECK_CONDITION (bsc#1086327,).\n\n - scsi: qla2xxx: Fix crash on qla2x00_mailbox_command\n (bsc#1086327,).\n\n - scsi: qla2xxx: Fix Inquiry command being dropped in\n Target mode (bsc#1086327,).\n\n - scsi: qla2xxx: Fix race condition between iocb timeout\n and initialisation (bsc#1086327,).\n\n - scsi: qla2xxx: Fix Rport and session state getting out\n of sync (bsc#1086327,).\n\n - scsi: qla2xxx: Fix sending ADISC command for login\n (bsc#1086327,).\n\n - scsi: qla2xxx: Fix setting lower transfer speed if GPSC\n fails (bsc#1086327,).\n\n - scsi: qla2xxx: Fix TMF and Multi-Queue config\n (bsc#1086327,).\n\n - scsi: qla2xxx: Move GPSC and GFPNID out of session\n management (bsc#1086327,).\n\n - scsi: qla2xxx: Prevent relogin loop by removing stale\n code (bsc#1086327,).\n\n - scsi: qla2xxx: Reduce redundant ADISC command for RSCNs\n (bsc#1086327,).\n\n - scsi: qla2xxx: remove irq save in qla2x00_poll()\n (bsc#1086327,).\n\n - scsi: qla2xxx: Remove stale debug value for login_retry\n flag (bsc#1086327,).\n\n - scsi: qla2xxx: Update driver version to 10.00.00.07-k\n (bsc#1086327,).\n\n - scsi: qla2xxx: Use predefined get_datalen_for_atio()\n inline function (bsc#1086327,).\n\n - scsi: qla4xxx: Move an array from a .h into a .c file\n (bsc#1086331).\n\n - scsi: qla4xxx: Remove unused symbols (bsc#1086331).\n\n - scsi: qla4xxx: skip error recovery in case of register\n disconnect (bsc#1086331).\n\n - scsi: qla4xxx: Use dma_pool_zalloc() (bsc#1086331).\n\n - scsi: qla4xxx: Use zeroing allocator rather than\n allocator/memset (bsc#1086331).\n\n - selftests/powerpc: Fix core-pkey for default execute\n permission change (bsc#1097577).\n\n - selftests/powerpc: Fix ptrace-pkey for default execute\n permission change (bsc#1097577).\n\n - supported.conf: add drivers/md/dm-writecache\n\n - supported.conf: added hns3 modules\n\n - supported.conf: added hns-roce-hw-v1 and hns-roce-hw-v2\n\n - supported.conf: Enable HiSi v3 SAS adapter ()\n\n - tcp_rbd depends on BLK_DEV_RBD ().\n\n - typec: tcpm: fusb302: Resolve out of order messaging\n events (bsc#1087092).\n\n - udf: Detect incorrect directory size (bsc#1101891).\n\n - udf: Provide saner default for invalid uid / gid\n (bsc#1101890).\n\n - vfs: add the sb_start_intwrite_trylock() helper\n (bsc#1101841).\n\n - x86/apic: Ignore secondary threads if nosmt=force\n (bsc#1089343).\n\n - x86/CPU/AMD: Do not check CPUID max ext level before\n parsing SMP info (bsc#1089343).\n\n - x86/cpu/AMD: Evaluate smp_num_siblings early\n (bsc#1089343).\n\n - x86/CPU/AMD: Move TOPOEXT reenablement before reading\n smp_num_siblings (bsc#1089343).\n\n - x86/cpu/AMD: Remove the pointless detect_ht() call\n (bsc#1089343).\n\n - x86/cpu/common: Provide detect_ht_early() (bsc#1089343).\n\n - x86/cpu/intel: Evaluate smp_num_siblings early\n (bsc#1089343).\n\n - x86/cpu: Remove the pointless CPU printout\n (bsc#1089343).\n\n - x86/cpu/topology: Provide\n detect_extended_topology_early() (bsc#1089343).\n\n - x86/KVM/VMX: Add module argument for L1TF mitigation.\n\n - x86/smp: Provide topology_is_primary_thread()\n (bsc#1089343).\n\n - x86/topology: Provide topology_smt_supported()\n (bsc#1089343).\n\n - x86/xen: init %gs very early to avoid page faults with\n stack protector (bnc#1104777).\n\n - xen-netback: fix input validation in\n xenvif_set_hash_mapping() (bnc#1103277).\n\n - xen/netfront: do not cache skb_shinfo() (bnc#1065600).\n\n - xfs: catch inode allocation state mismatch corruption\n (bsc#1104211).\n\n - xfs: prevent creating negative-sized file via\n INSERT_RANGE (bsc#1101833).", "edition": 17, "cvss3": {"score": 6.5, "vector": "AV:L/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H"}, "published": "2019-03-27T00:00:00", "title": "openSUSE Security Update : the Linux Kernel (openSUSE-2019-618) (Foreshadow)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2018-10882", "CVE-2018-10877", "CVE-2018-10880", "CVE-2018-10878", "CVE-2018-10853", "CVE-2018-10881", "CVE-2018-3646", "CVE-2018-5391", "CVE-2018-3620", "CVE-2018-10883", "CVE-2018-10876", "CVE-2018-10879"], "modified": "2019-03-27T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:kernel-source", "p-cpe:/a:novell:opensuse:kernel-source-vanilla", "p-cpe:/a:novell:opensuse:kernel-vanilla-debugsource", "p-cpe:/a:novell:opensuse:kernel-vanilla-base-debuginfo", "p-cpe:/a:novell:opensuse:kernel-debug-debuginfo", "p-cpe:/a:novell:opensuse:kernel-vanilla-debuginfo", "p-cpe:/a:novell:opensuse:kernel-default-debugsource", "p-cpe:/a:novell:opensuse:kernel-vanilla-devel-debuginfo", "cpe:/o:novell:opensuse:15.0", "p-cpe:/a:novell:opensuse:kernel-default-debuginfo", "p-cpe:/a:novell:opensuse:kernel-vanilla-base", "p-cpe:/a:novell:opensuse:kernel-kvmsmall", "p-cpe:/a:novell:opensuse:kernel-debug-devel-debuginfo", "p-cpe:/a:novell:opensuse:kernel-kvmsmall-devel-debuginfo", "p-cpe:/a:novell:opensuse:kernel-default-devel", "p-cpe:/a:novell:opensuse:kernel-devel", "p-cpe:/a:novell:opensuse:kernel-kvmsmall-devel", "p-cpe:/a:novell:opensuse:kernel-docs-html", "p-cpe:/a:novell:opensuse:kernel-obs-qa", "p-cpe:/a:novell:opensuse:kernel-kvmsmall-base", "p-cpe:/a:novell:opensuse:kernel-macros", "p-cpe:/a:novell:opensuse:kernel-syms", "p-cpe:/a:novell:opensuse:kernel-vanilla", "p-cpe:/a:novell:opensuse:kernel-kvmsmall-debugsource", "p-cpe:/a:novell:opensuse:kernel-vanilla-devel", "p-cpe:/a:novell:opensuse:kernel-debug-base", "p-cpe:/a:novell:opensuse:kernel-debug-debugsource", "p-cpe:/a:novell:opensuse:kernel-kvmsmall-base-debuginfo", "p-cpe:/a:novell:opensuse:kernel-default", "p-cpe:/a:novell:opensuse:kernel-debug-devel", "p-cpe:/a:novell:opensuse:kernel-kvmsmall-debuginfo", "p-cpe:/a:novell:opensuse:kernel-debug-base-debuginfo", "p-cpe:/a:novell:opensuse:kernel-debug", "p-cpe:/a:novell:opensuse:kernel-obs-build-debugsource", "p-cpe:/a:novell:opensuse:kernel-default-base", "p-cpe:/a:novell:opensuse:kernel-obs-build", "p-cpe:/a:novell:opensuse:kernel-default-base-debuginfo", "p-cpe:/a:novell:opensuse:kernel-default-devel-debuginfo"], "id": "OPENSUSE-2019-618.NASL", "href": "https://www.tenable.com/plugins/nessus/123269", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update openSUSE-2019-618.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(123269);\n script_version(\"1.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/19\");\n\n script_cve_id(\"CVE-2018-10853\", \"CVE-2018-10876\", \"CVE-2018-10877\", \"CVE-2018-10878\", \"CVE-2018-10879\", \"CVE-2018-10880\", \"CVE-2018-10881\", \"CVE-2018-10882\", \"CVE-2018-10883\", \"CVE-2018-3620\", \"CVE-2018-3646\", \"CVE-2018-5391\");\n\n script_name(english:\"openSUSE Security Update : the Linux Kernel (openSUSE-2019-618) (Foreshadow)\");\n script_summary(english:\"Check for the openSUSE-2019-618 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The openSUSE Leap 15.0 kernel was updated to receive various security\nand bugfixes.\n\nThe following security bugs were fixed :\n\n - CVE-2018-10853: A flaw was found in KVM in which certain\n instructions such as sgdt/sidt call segmented_write_std\n doesn't propagate access correctly. As such, during\n userspace induced exception, the guest can incorrectly\n assume that the exception happened in the kernel and\n panic (bnc#1097104).\n\n - CVE-2018-10876: A flaw was found in the ext4 filesystem\n code. A use-after-free is possible in\n ext4_ext_remove_space() function when mounting and\n operating a crafted ext4 image. (bnc#1099811)\n\n - CVE-2018-10877: Linux kernel ext4 filesystem is\n vulnerable to an out-of-bound access in the\n ext4_ext_drop_refs() function when operating on a\n crafted ext4 filesystem image. (bnc#1099846)\n\n - CVE-2018-10878: A flaw was found in the ext4 filesystem.\n A local user can cause an out-of-bounds write and a\n denial of service or unspecified other impact is\n possible by mounting and operating a crafted ext4\n filesystem image. (bnc#1099813)\n\n - CVE-2018-10879: A flaw was found in the ext4 filesystem.\n A local user can cause a use-after-free in\n ext4_xattr_set_entry function and a denial of service or\n unspecified other impact may occur by renaming a file in\n a crafted ext4 filesystem image. (bnc#1099844)\n\n - CVE-2018-10880: Linux kernel is vulnerable to a\n stack-out-of-bounds write in the ext4 filesystem code\n when mounting and writing to a crafted ext4 image in\n ext4_update_inline_data(). An attacker could use this to\n cause a system crash and a denial of service.\n (bnc#1099845)\n\n - CVE-2018-10881: A flaw was found in the ext4 filesystem.\n A local user can cause an out-of-bound access in\n ext4_get_group_info function, a denial of service, and a\n system crash by mounting and operating on a crafted ext4\n filesystem image. (bnc#1099864)\n\n - CVE-2018-10882: A flaw was found in the ext4 filesystem.\n A local user can cause an out-of-bound write in in\n fs/jbd2/transaction.c code, a denial of service, and a\n system crash by unmounting a crafted ext4 filesystem\n image. (bnc#1099849)\n\n - CVE-2018-10883: A flaw was found in the ext4 filesystem.\n A local user can cause an out-of-bounds write in\n jbd2_journal_dirty_metadata(), a denial of service, and\n a system crash by mounting and operating on a crafted\n ext4 filesystem image. (bnc#1099863)\n\n - CVE-2018-3620: Systems with microprocessors utilizing\n speculative execution and address translations may allow\n unauthorized disclosure of information residing in the\n L1 data cache to an attacker with local user access via\n a terminal page fault and a side-channel analysis\n (bnc#1087081).\n\n - CVE-2018-3646: Systems with microprocessors utilizing\n speculative execution and address translations may allow\n unauthorized disclosure of information residing in the\n L1 data cache to an attacker with local user access with\n guest OS privilege via a terminal page fault and a\n side-channel analysis (bnc#1089343 bnc#1104365).\n\n - CVE-2018-5391 aka 'FragmentSmack': A flaw in the IP\n packet reassembly could be used by remote attackers to\n consume lots of CPU time (bnc#1103097).\n\nThe following non-security bugs were fixed :\n\n - afs: Fix directory permissions check (bsc#1101828).\n\n - bdi: Move cgroup bdi_writeback to a dedicated low\n concurrency workqueue (bsc#1101867).\n\n - be2net: gather debug info and reset adapter (only for\n Lancer) on a tx-timeout (bsc#1086288).\n\n - be2net: Update the driver version to 12.0.0.0\n (bsc#1086288 ).\n\n - befs_lookup(): use d_splice_alias() (bsc#1101844).\n\n - block: Fix transfer when chunk sectors exceeds max\n (bsc#1101874).\n\n - bpf, ppc64: fix unexpected r0=0 exit path inside\n bpf_xadd (bsc#1083647).\n\n - branch-check: fix long->int truncation when profiling\n branches (bsc#1101116,).\n\n - cdrom: do not call check_disk_change() inside\n cdrom_open() (bsc#1101872).\n\n - compiler.h: enable builtin overflow checkers and add\n fallback code (bsc#1101116,).\n\n - cpu/hotplug: Make bringup/teardown of smp threads\n symmetric (bsc#1089343).\n\n - cpu/hotplug: Provide knobs to control SMT (bsc#1089343).\n\n - cpu/hotplug: Split do_cpu_down() (bsc#1089343).\n\n - delayacct: fix crash in delayacct_blkio_end() after\n delayacct init failure (bsc#1104066).\n\n - dm: add writecache target (bsc#1101116,).\n\n - dm writecache: support optional offset for start of\n device (bsc#1101116,).\n\n - dm writecache: use 2-factor allocator arguments\n (bsc#1101116,).\n\n - EDAC: Add missing MEM_LRDDR4 entry in edac_mem_types[]\n (bsc#1103886).\n\n - EDAC: Drop duplicated array of strings for memory type\n names (bsc#1103886).\n\n - ext2: fix a block leak (bsc#1101875).\n\n - ext4: add more mount time checks of the superblock\n (bsc#1101900).\n\n - ext4: bubble errors from ext4_find_inline_data_nolock()\n up to ext4_iget() (bsc#1101896).\n\n - ext4: check for allocation block validity with block\n group locked (bsc#1104495).\n\n - ext4: check superblock mapped prior to committing\n (bsc#1101902).\n\n - ext4: do not update s_last_mounted of a frozen fs\n (bsc#1101841).\n\n - ext4: factor out helper ext4_sample_last_mounted()\n (bsc#1101841).\n\n - ext4: fix check to prevent initializing reserved inodes\n (bsc#1104319).\n\n - ext4: fix false negatives *and* false positives in\n ext4_check_descriptors() (bsc#1103445).\n\n - ext4: fix fencepost error in check for inode count\n overflow during resize (bsc#1101853).\n\n - ext4: fix inline data updates with checksums enabled\n (bsc#1104494).\n\n - ext4: include the illegal physical block in the bad map\n ext4_error msg (bsc#1101903).\n\n - ext4: report delalloc reserve as non-free in statfs for\n project quota (bsc#1101843).\n\n - ext4: update mtime in ext4_punch_hole even if no blocks\n are released (bsc#1101895).\n\n - f2fs: call unlock_new_inode() before d_instantiate()\n (bsc#1101837).\n\n - fix io_destroy()/aio_complete() race (bsc#1101852).\n\n - Force log to disk before reading the AGF during a fstrim\n (bsc#1101893).\n\n - fscache: Fix hanging wait on page discarded by writeback\n (bsc#1101885).\n\n - fs: clear writeback errors in inode_init_always\n (bsc#1101882).\n\n - fs: do not scan the inode cache before SB_BORN is set\n (bsc#1101883).\n\n - hns3: fix unused function warning (bsc#1104353).\n\n - hns3pf: do not check handle during mqprio offload\n (bsc#1104353 ).\n\n - hns3pf: fix hns3_del_tunnel_port() (bsc#1104353).\n\n - hns3pf: Fix some harmless copy and paste bugs\n (bsc#1104353 ).\n\n - hv_netvsc: Fix napi reschedule while receive completion\n is busy ().\n\n - hv/netvsc: Fix NULL dereference at single queue mode\n fallback (bsc#1104708).\n\n - hwmon: (asus_atk0110) Replace deprecated device register\n call (bsc#1103363).\n\n - IB/hns: Annotate iomem pointers correctly (bsc#1104427\n ).\n\n - IB/hns: Avoid compile test under non 64bit environments\n (bsc#1104427).\n\n - IB/hns: Declare local functions 'static' (bsc#1104427 ).\n\n - IB/hns: fix boolreturn.cocci warnings (bsc#1104427).\n\n - IB/hns: Fix for checkpatch.pl comment style warnings\n (bsc#1104427).\n\n - IB/hns: fix memory leak on ah on error return path\n (bsc#1104427 ).\n\n - IB/hns: fix returnvar.cocci warnings (bsc#1104427).\n\n - IB/hns: fix semicolon.cocci warnings (bsc#1104427).\n\n - IB/hns: Fix the bug of polling cq failed for loopback\n Qps (bsc#1104427). Refresh\n patches.suse/0001-IB-hns-checking-for-IS_ERR-instead-of-\n NULL.patch.\n\n - IB/hns: Fix the bug with modifying the MAC address\n without removing the driver (bsc#1104427).\n\n - IB/hns: Fix the bug with rdma operation (bsc#1104427 ).\n\n - IB/hns: Fix the bug with wild pointer when destroy rc qp\n (bsc#1104427).\n\n - IB/hns: include linux/interrupt.h (bsc#1104427).\n\n - IB/hns: Support compile test for hns RoCE driver\n (bsc#1104427 ).\n\n - IB/hns: Use zeroing memory allocator instead of\n allocator/memset (bsc#1104427).\n\n - isofs: fix potential memory leak in mount option parsing\n (bsc#1101887).\n\n - jump_label: Fix concurrent static_key_enable/disable()\n (bsc#1089343).\n\n - jump_label: Provide hotplug context variants\n (bsc#1089343).\n\n - jump_label: Reorder hotplug lock and jump_label_lock\n (bsc#1089343).\n\n - kabi/severities: Allow kABI changes for kvm/x86 (except\n for kvm_x86_ops)\n\n - kabi/severities: ignore qla2xxx as all symbols are\n internal\n\n - kabi/severities: ignore x86_kvm_ops; lttng-modules would\n have to be adjusted in case they depend on this\n particular change\n\n - kabi/severities: Relax kvm_vcpu_* kABI breakage\n\n - media: rc: oops in ir_timer_keyup after device unplug\n (bsc#1090888).\n\n - mm: fix __gup_device_huge vs unmap (bsc#1101839).\n\n - net: hns3: Add a check for client instance init state\n (bsc#1104353).\n\n - net: hns3: add a mask initialization for mac_vlan table\n (bsc#1104353).\n\n - net: hns3: Add *Asserting Reset* mailbox message &\n handling in VF (bsc#1104353).\n\n - net: hns3: add Asym Pause support to phy default\n features (bsc#1104353).\n\n - net: hns3: Add dcb netlink interface for the support of\n DCB feature (bsc#1104353).\n\n - net: hns3: Add DCB support when interacting with network\n stack (bsc#1104353).\n\n - net: hns3: Add ethtool interface for vlan filter\n (bsc#1104353 ).\n\n - net: hns3: add ethtool_ops.get_channels support for VF\n (bsc#1104353).\n\n - net: hns3: add ethtool_ops.get_coalesce support to PF\n (bsc#1104353).\n\n - net: hns3: add ethtool_ops.set_coalesce support to PF\n (bsc#1104353).\n\n - net: hns3: add ethtool -p support for fiber port\n (bsc#1104353 ).\n\n - net: hns3: add ethtool related offload command\n (bsc#1104353 ).\n\n - net: hns3: Add Ethtool support to HNS3 driver\n (bsc#1104353 ).\n\n - net: hns3: add existence checking before adding unicast\n mac address (bsc#1104353).\n\n - net: hns3: add existence check when remove old uc mac\n address (bsc#1104353).\n\n - net: hns3: add feature check when feature changed\n (bsc#1104353 ).\n\n - net: hns3: add get_link support to VF (bsc#1104353).\n\n - net: hns3: add get/set_coalesce support to VF\n (bsc#1104353 ).\n\n - net: hns3: add handling vlan tag offload in bd\n (bsc#1104353 ).\n\n - net: hns3: Add hclge_dcb module for the support of DCB\n feature (bsc#1104353).\n\n - net: hns3: Add HNS3 Acceleration Engine & Compatibility\n Layer Support (bsc#1104353).\n\n - net: hns3: Add HNS3 driver to kernel build framework &\n MAINTAINERS (bsc#1104353).\n\n - net: hns3: Add hns3_get_handle macro in hns3 driver\n (bsc#1104353 ).\n\n - net: hns3: Add HNS3 IMP(Integrated Mgmt Proc) Cmd\n Interface Support (bsc#1104353).\n\n - net: hns3: Add HNS3 VF driver to kernel build framework\n (bsc#1104353).\n\n - net: hns3: Add HNS3 VF HCL(Hardware Compatibility Layer)\n Support (bsc#1104353).\n\n - net: hns3: Add HNS3 VF IMP(Integrated Management Proc)\n cmd interface (bsc#1104353).\n\n - net: hns3: add int_gl_idx setup for TX and RX queues\n (bsc#1104353).\n\n - net: hns3: add int_gl_idx setup for VF (bsc#1104353 ).\n\n - net: hns3: Add mac loopback selftest support in hns3\n driver (bsc#1104353).\n\n - net: hns3: Add mailbox interrupt handling to PF driver\n (bsc#1104353).\n\n - net: hns3: Add mailbox support to PF driver (bsc#1104353\n ).\n\n - net: hns3: Add mailbox support to VF driver (bsc#1104353\n ).\n\n - net: hns3: add manager table initialization for hardware\n (bsc#1104353).\n\n - net: hns3: Add MDIO support to HNS3 Ethernet driver for\n hip08 SoC (bsc#1104353).\n\n - net: hns3: Add missing break in misc_irq_handle\n (bsc#1104353 ).\n\n - net: hns3: Add more packet size statisctics (bsc#1104353\n ).\n\n - net: hns3: add MTU initialization for hardware\n (bsc#1104353 ).\n\n - net: hns3: add net status led support for fiber port\n (bsc#1104353).\n\n - net: hns3: add nic_client check when initialize roce\n base information (bsc#1104353).\n\n - net: hns3: add querying speed and duplex support to VF\n (bsc#1104353).\n\n - net: hns3: Add repeat address checking for setting mac\n address (bsc#1104353).\n\n - net: hns3: Add reset interface implementation in client\n (bsc#1104353).\n\n - net: hns3: Add reset process in hclge_main (bsc#1104353\n ).\n\n - net: hns3: Add reset service task for handling reset\n requests (bsc#1104353).\n\n - net: hns3: add result checking for VF when modify\n unicast mac address (bsc#1104353).\n\n - net: hns3: Add some interface for the support of DCB\n feature (bsc#1104353).\n\n - net: hns3: Adds support for led locate command for\n copper port (bsc#1104353).\n\n - net: hns3: Add STRP_TAGP field support for hardware\n revision 0x21 (bsc#1104353).\n\n - net: hns3: Add support for dynamically buffer\n reallocation (bsc#1104353).\n\n - net: hns3: add support for ETHTOOL_GRXFH (bsc#1104353 ).\n\n - net: hns3: add support for get_regs (bsc#1104353).\n\n - net: hns3: Add support for IFF_ALLMULTI flag\n (bsc#1104353 ).\n\n - net: hns3: Add support for misc interrupt (bsc#1104353\n ).\n\n - net: hns3: add support for nway_reset (bsc#1104353).\n\n - net: hns3: Add support for PFC setting in TM module\n (bsc#1104353 ).\n\n - net: hns3: Add support for port shaper setting in TM\n module (bsc#1104353).\n\n - net: hns3: add support for querying advertised pause\n frame by ethtool ethx (bsc#1104353).\n\n - net: hns3: add support for querying pfc puase packets\n statistic (bsc#1104353).\n\n - net: hns3: add support for set_link_ksettings\n (bsc#1104353 ).\n\n - net: hns3: add support for set_pauseparam (bsc#1104353\n ).\n\n - net: hns3: add support for set_ringparam (bsc#1104353 ).\n\n - net: hns3: add support for set_rxnfc (bsc#1104353).\n\n - net: hns3: Add support for tx_accept_tag2 and\n tx_accept_untag2 config (bsc#1104353).\n\n - net: hns3: add support for VF driver inner interface\n hclgevf_ops.get_tqps_and_rss_info (bsc#1104353).\n\n - net: hns3: Add support of hardware rx-vlan-offload to\n HNS3 VF driver (bsc#1104353).\n\n - net: hns3: Add support of HNS3 Ethernet Driver for hip08\n SoC (bsc#1104353).\n\n - net: hns3: Add support of .sriov_configure in HNS3\n driver (bsc#1104353).\n\n - net: hns3: Add support of the HNAE3 framework\n (bsc#1104353 ).\n\n - net: hns3: Add support of TX Scheduler & Shaper to HNS3\n driver (bsc#1104353).\n\n - net: hns3: Add support to change MTU in HNS3 hardware\n (bsc#1104353).\n\n - net: hns3: Add support to enable TX/RX promisc mode for\n H/W rev(0x21) (bsc#1104353).\n\n - net: hns3: add support to modify tqps number\n (bsc#1104353 ).\n\n - net: hns3: add support to query tqps number (bsc#1104353\n ).\n\n - net: hns3: Add support to re-initialize the hclge device\n (bsc#1104353).\n\n - net: hns3: Add support to request VF Reset to PF\n (bsc#1104353 ).\n\n - net: hns3: Add support to reset the enet/ring mgmt layer\n (bsc#1104353).\n\n - net: hns3: add support to update flow control settings\n after autoneg (bsc#1104353).\n\n - net: hns3: Add tc-based TM support for sriov enabled\n port (bsc#1104353).\n\n - net: hns3: Add timeout process in hns3_enet (bsc#1104353\n ).\n\n - net: hns3: Add VF Reset device state and its handling\n (bsc#1104353).\n\n - net: hns3: Add VF Reset Service Task to support event\n handling (bsc#1104353).\n\n - net: hns3: add vlan offload config command (bsc#1104353\n ).\n\n - net: hns3: change GL update rate (bsc#1104353).\n\n - net: hns3: Change PF to add ring-vect binding & resetQ\n to mailbox (bsc#1104353).\n\n - net: hns3: Change return type of hnae3_register_ae_algo\n (bsc#1104353).\n\n - net: hns3: Change return type of hnae3_register_ae_dev\n (bsc#1104353).\n\n - net: hns3: Change return value in hnae3_register_client\n (bsc#1104353).\n\n - net: hns3: Changes required in PF mailbox to support VF\n reset (bsc#1104353).\n\n - net: hns3: Changes to make enet watchdog timeout func\n common for PF/VF (bsc#1104353).\n\n - net: hns3: Changes to support ARQ(Asynchronous Receive\n Queue) (bsc#1104353).\n\n - net: hns3: change the returned tqp number by ethtool -x\n (bsc#1104353).\n\n - net: hns3: change the time interval of int_gl\n calculating (bsc#1104353).\n\n - net: hns3: change the unit of GL value macro\n (bsc#1104353 ).\n\n - net: hns3: change TM sched mode to TC-based mode when\n SRIOV enabled (bsc#1104353).\n\n - net: hns3: check for NULL function pointer in\n hns3_nic_set_features (bsc#1104353).\n\n - net: hns3: Cleanup for endian issue in hns3 driver\n (bsc#1104353 ).\n\n - net: hns3: Cleanup for non-static function in hns3\n driver (bsc#1104353).\n\n - net: hns3: Cleanup for ROCE capability flag in ae_dev\n (bsc#1104353).\n\n - net: hns3: Cleanup for shifting true in hns3 driver\n (bsc#1104353 ).\n\n - net: hns3: Cleanup for struct that used to send cmd to\n firmware (bsc#1104353).\n\n - net: hns3: Cleanup indentation for Kconfig in the the\n hisilicon folder (bsc#1104353).\n\n - net: hns3: cleanup mac auto-negotiation state query\n (bsc#1104353 ).\n\n - net: hns3: cleanup mac auto-negotiation state query in\n hclge_update_speed_duplex (bsc#1104353).\n\n - net: hns3: cleanup of return values in\n hclge_init_client_instance() (bsc#1104353).\n\n - net: hns3: Clear TX/RX rings when stopping port &\n un-initializing client (bsc#1104353).\n\n - net: hns3: Consistently using GENMASK in hns3 driver\n (bsc#1104353).\n\n - net: hns3: converting spaces into tabs to avoid\n checkpatch.pl warning (bsc#1104353).\n\n - net: hns3: Disable VFs change rxvlan offload status\n (bsc#1104353 ).\n\n - net: hns3: Disable vf vlan filter when vf vlan table is\n full (bsc#1104353).\n\n - net: hns3: ensure media_type is uninitialized\n (bsc#1104353 ).\n\n - net: hns3: export pci table of hclge and hclgevf to\n userspace (bsc#1104353).\n\n - net: hns3: fix a bug about hns3_clean_tx_ring\n (bsc#1104353 ).\n\n - net: hns3: fix a bug for phy supported feature\n initialization (bsc#1104353).\n\n - net: hns3: fix a bug in hclge_uninit_client_instance\n (bsc#1104353).\n\n - net: hns3: fix a bug in hns3_driv_to_eth_caps\n (bsc#1104353 ).\n\n - net: hns3: fix a bug when alloc new buffer (bsc#1104353\n ).\n\n - net: hns3: fix a bug when getting phy address from\n NCL_config file (bsc#1104353).\n\n - net: hns3: fix a dead loop in hclge_cmd_csq_clean\n (bsc#1104353 ).\n\n - net: hns3: fix a handful of spelling mistakes\n (bsc#1104353 ).\n\n - net: hns3: Fix a loop index error of tqp statistics\n query (bsc#1104353).\n\n - net: hns3: Fix a misuse to devm_free_irq (bsc#1104353 ).\n\n - net: hns3: Fix an error handling path in\n 'hclge_rss_init_hw()' (bsc#1104353).\n\n - net: hns3: Fix an error macro definition of\n HNS3_TQP_STAT (bsc#1104353).\n\n - net: hns3: Fix an error of total drop packet statistics\n (bsc#1104353).\n\n - net: hns3: Fix a response data read error of tqp\n statistics query (bsc#1104353).\n\n - net: hns3: fix endian issue when PF get mbx message flag\n (bsc#1104353).\n\n - net: hns3: fix error type definition of return value\n (bsc#1104353).\n\n - net: hns3: Fixes API to fetch ethernet header length\n with kernel default (bsc#1104353).\n\n - net: hns3: Fixes error reported by Kbuild and internal\n review (bsc#1104353).\n\n - net: hns3: Fixes initalization of RoCE handle and makes\n it conditional (bsc#1104353).\n\n - net: hns3: Fixes initialization of phy address from\n firmware (bsc#1104353).\n\n - net: hns3: Fixes kernel panic issue during rmmod hns3\n driver (bsc#1104353).\n\n - net: hns3: Fixes ring-to-vector map-and-unmap command\n (bsc#1104353).\n\n - net: hns3: Fixes the back pressure setting when sriov is\n enabled (bsc#1104353).\n\n - net: hns3: Fixes the command used to unmap ring from\n vector (bsc#1104353).\n\n - net: hns3: Fixes the default VLAN-id of PF (bsc#1104353\n ).\n\n - net: hns3: Fixes the error legs in hclge_init_ae_dev\n function (bsc#1104353).\n\n - net: hns3: Fixes the ether address copy with appropriate\n API (bsc#1104353).\n\n - net: hns3: Fixes the initialization of MAC address in\n hardware (bsc#1104353).\n\n - net: hns3: Fixes the init of the VALID BD info in the\n descriptor (bsc#1104353).\n\n - net: hns3: Fixes the missing PCI iounmap for various\n legs (bsc#1104353).\n\n - net: hns3: Fixes the missing u64_stats_fetch_begin_irq\n in 64-bit stats fetch (bsc#1104353).\n\n - net: hns3: Fixes the out of bounds access in\n hclge_map_tqp (bsc#1104353).\n\n - net: hns3: Fixes the premature exit of loop when\n matching clients (bsc#1104353).\n\n - net: hns3: fixes the ring index in hns3_fini_ring\n (bsc#1104353 ).\n\n - net: hns3: Fixes the state to indicate client-type\n initialization (bsc#1104353).\n\n - net: hns3: Fixes the static checker error warning in\n hns3_get_link_ksettings() (bsc#1104353).\n\n - net: hns3: Fixes the static check warning due to missing\n unsupp L3 proto check (bsc#1104353).\n\n - net: hns3: Fixes the wrong IS_ERR check on the returned\n phydev value (bsc#1104353).\n\n - net: hns3: fix for buffer overflow smatch warning\n (bsc#1104353 ).\n\n - net: hns3: fix for changing MTU (bsc#1104353).\n\n - net: hns3: fix for cleaning ring problem (bsc#1104353 ).\n\n - net: hns3: Fix for CMDQ and Misc. interrupt init order\n problem (bsc#1104353).\n\n - net: hns3: fix for coal configuation lost when setting\n the channel (bsc#1104353).\n\n - net: hns3: fix for coalesce configuration lost during\n reset (bsc#1104353).\n\n - net: hns3: Fix for deadlock problem occurring when\n unregistering ae_algo (bsc#1104353).\n\n - net: hns3: Fix for DEFAULT_DV when dev does not support\n DCB (bsc#1104353).\n\n - net: hns3: Fix for fiber link up problem (bsc#1104353 ).\n\n - net: hns3: fix for getting advertised_caps in\n hns3_get_link_ksettings (bsc#1104353).\n\n - net: hns3: fix for getting autoneg in\n hns3_get_link_ksettings (bsc#1104353).\n\n - net: hns3: fix for getting auto-negotiation state in\n hclge_get_autoneg (bsc#1104353).\n\n - net: hns3: fix for getting wrong link mode problem\n (bsc#1104353 ).\n\n - net: hns3: Fix for hclge_reset running repeatly problem\n (bsc#1104353).\n\n - net: hns3: Fix for hns3 module is loaded multiple times\n problem (bsc#1104353).\n\n - net: hns3: fix for ipv6 address loss problem after\n setting channels (bsc#1104353).\n\n - net: hns3: fix for loopback failure when vlan filter is\n enable (bsc#1104353).\n\n - net: hns3: fix for netdev not running problem after\n calling net_stop and net_open (bsc#1104353).\n\n - net: hns3: Fix for netdev not running problem after\n calling net_stop and net_open (bsc#1104353).\n\n - net: hns3: fix for not initializing VF rss_hash_key\n problem (bsc#1104353).\n\n - net: hns3: fix for not returning problem in\n get_link_ksettings when phy exists (bsc#1104353).\n\n - net: hns3: fix for not setting pause parameters\n (bsc#1104353 ).\n\n - net: hns3: Fix for not setting rx private buffer size to\n zero (bsc#1104353).\n\n - net: hns3: Fix for packet loss due wrong filter config\n in VLAN tbls (bsc#1104353).\n\n - net: hns3: fix for pause configuration lost during reset\n (bsc#1104353).\n\n - net: hns3: Fix for PF mailbox receving unknown message\n (bsc#1104353).\n\n - net: hns3: fix for phy_addr error in\n hclge_mac_mdio_config (bsc#1104353).\n\n - net: hns3: Fix for phy not link up problem after\n resetting (bsc#1104353).\n\n - net: hns3: Fix for pri to tc mapping in TM (bsc#1104353\n ).\n\n - net: hns3: fix for returning wrong value problem in\n hns3_get_rss_indir_size (bsc#1104353).\n\n - net: hns3: fix for returning wrong value problem in\n hns3_get_rss_key_size (bsc#1104353).\n\n - net: hns3: fix for RSS configuration loss problem during\n reset (bsc#1104353).\n\n - net: hns3: Fix for rx priv buf allocation when DCB is\n not supported (bsc#1104353).\n\n - net: hns3: Fix for rx_priv_buf_alloc not setting rx\n shared buffer (bsc#1104353).\n\n - net: hns3: Fix for service_task not running problem\n after resetting (bsc#1104353).\n\n - net: hns3: Fix for setting mac address when resetting\n (bsc#1104353).\n\n - net: hns3: fix for setting MTU (bsc#1104353).\n\n - net: hns3: Fix for setting rss_size incorrectly\n (bsc#1104353 ).\n\n - net: hns3: Fix for the NULL pointer problem occurring\n when initializing ae_dev failed (bsc#1104353).\n\n - net: hns3: fix for the wrong shift problem in\n hns3_set_txbd_baseinfo (bsc#1104353).\n\n - net: hns3: fix for updating fc_mode_last_time\n (bsc#1104353 ).\n\n - net: hns3: fix for use-after-free when setting ring\n parameter (bsc#1104353).\n\n - net: hns3: Fix for VF mailbox cannot receiving PF\n response (bsc#1104353).\n\n - net: hns3: Fix for VF mailbox receiving unknown message\n (bsc#1104353).\n\n - net: hns3: fix for vlan table lost problem when\n resetting (bsc#1104353).\n\n - net: hns3: Fix for vxlan tx checksum bug (bsc#1104353 ).\n\n - net: hns3: Fix initialization when cmd is not supported\n (bsc#1104353).\n\n - net: hns3: fix length overflow when\n CONFIG_ARM64_64K_PAGES (bsc#1104353).\n\n - net: hns3: fix NULL pointer dereference before null\n check (bsc#1104353).\n\n - net: hns3: fix return value error of\n hclge_get_mac_vlan_cmd_status() (bsc#1104353).\n\n - net: hns3: fix rx path skb->truesize reporting bug\n (bsc#1104353 ).\n\n - net: hns3: Fix setting mac address error (bsc#1104353 ).\n\n - net: hns3: Fix spelling errors (bsc#1104353).\n\n - net: hns3: fix spelling mistake: 'capabilty' ->\n 'capability' (bsc#1104353).\n\n - net: hns3: fix the bug of hns3_set_txbd_baseinfo\n (bsc#1104353 ).\n\n - net: hns3: fix the bug when map buffer fail (bsc#1104353\n ).\n\n - net: hns3: fix the bug when reuse command description in\n hclge_add_mac_vlan_tbl (bsc#1104353).\n\n - net: hns3: Fix the missing client list node\n initialization (bsc#1104353).\n\n - net: hns3: fix the ops check in hns3_get_rxnfc\n (bsc#1104353 ).\n\n - net: hns3: fix the queue id for tqp enable&&reset\n (bsc#1104353 ).\n\n - net: hns3: fix the ring count for ETHTOOL_GRXRINGS\n (bsc#1104353 ).\n\n - net: hns3: fix the TX/RX ring.queue_index in\n hns3_ring_get_cfg (bsc#1104353).\n\n - net: hns3: fix the VF queue reset flow error\n (bsc#1104353 ).\n\n - net: hns3: fix to correctly fetch l4 protocol outer\n header (bsc#1104353).\n\n - net: hns3: Fix to support autoneg only for port attached\n with phy (bsc#1104353).\n\n - net: hns3: Fix typo error for feild in hclge_tm\n (bsc#1104353 ).\n\n - net: hns3: free the ring_data structrue when change tqps\n (bsc#1104353).\n\n - net: hns3: get rss_size_max from configuration but not\n hardcode (bsc#1104353).\n\n - net: hns3: get vf count by pci_sriov_get_totalvfs\n (bsc#1104353 ).\n\n - net: hns3: hclge_inform_reset_assert_to_vf() can be\n static (bsc#1104353).\n\n - net: hns3: hns3:fix a bug about statistic counter in\n reset process (bsc#1104353).\n\n - net: hns3: hns3_get_channels() can be static\n (bsc#1104353 ).\n\n - net: hns3: Increase the default depth of bucket for TM\n shaper (bsc#1104353).\n\n - net: hns3: increase the max time for IMP handle command\n (bsc#1104353).\n\n - net: hns3: make local functions static (bsc#1104353 ).\n\n - net: hns3: Mask the packet statistics query when NIC is\n down (bsc#1104353).\n\n - net: hns3: Modify the update period of packet statistics\n (bsc#1104353).\n\n - net: hns3: never send command queue message to IMP when\n reset (bsc#1104353).\n\n - net: hns3: Optimize PF CMDQ interrupt switching process\n (bsc#1104353).\n\n - net: hns3: Optimize the PF's process of updating\n multicast MAC (bsc#1104353).\n\n - net: hns3: Optimize the VF's process of updating\n multicast MAC (bsc#1104353).\n\n - net: hns3: reallocate tx/rx buffer after changing mtu\n (bsc#1104353).\n\n - net: hns3: refactor GL update function (bsc#1104353 ).\n\n - net: hns3: refactor interrupt coalescing init function\n (bsc#1104353).\n\n - net: hns3: Refactor mac_init function (bsc#1104353).\n\n - net: hns3: Refactor of the reset interrupt handling\n logic (bsc#1104353).\n\n - net: hns3: Refactors the requested reset & pending reset\n handling code (bsc#1104353).\n\n - net: hns3: refactor the coalesce related struct\n (bsc#1104353 ).\n\n - net: hns3: refactor the get/put_vector function\n (bsc#1104353 ).\n\n - net: hns3: refactor the hclge_get/set_rss function\n (bsc#1104353 ).\n\n - net: hns3: refactor the hclge_get/set_rss_tuple function\n (bsc#1104353).\n\n - net: hns3: Refactor the initialization of command queue\n (bsc#1104353).\n\n - net: hns3: refactor the loopback related function\n (bsc#1104353 ).\n\n - net: hns3: Refactor the mapping of tqp to vport\n (bsc#1104353 ).\n\n - net: hns3: Refactor the skb receiving and transmitting\n function (bsc#1104353).\n\n - net: hns3: remove a couple of redundant assignments\n (bsc#1104353 ).\n\n - net: hns3: remove add/del_tunnel_udp in hns3_enet module\n (bsc#1104353).\n\n - net: hns3: Remove a useless member of struct hns3_stats\n (bsc#1104353).\n\n - net: hns3: Remove error log when getting pfc stats fails\n (bsc#1104353).\n\n - net: hns3: Remove packet statistics in the range of\n 8192~12287 (bsc#1104353).\n\n - net: hns3: remove redundant memset when alloc buffer\n (bsc#1104353).\n\n - net: hns3: remove redundant semicolon (bsc#1104353).\n\n - net: hns3: Remove repeat statistic of rx_errors\n (bsc#1104353 ).\n\n - net: hns3: Removes unnecessary check when clearing TX/RX\n rings (bsc#1104353).\n\n - net: hns3: remove TSO config command from VF driver\n (bsc#1104353 ).\n\n - net: hns3: remove unnecessary pci_set_drvdata() and\n devm_kfree() (bsc#1104353).\n\n - net: hns3: remove unused GL setup function (bsc#1104353\n ).\n\n - net: hns3: remove unused hclgevf_cfg_func_mta_filter\n (bsc#1104353).\n\n - net: hns3: Remove unused led control code (bsc#1104353\n ).\n\n - net: hns3: report the function type the same line with\n hns3_nic_get_stats64 (bsc#1104353).\n\n - net: hns3: set the cmdq out_vld bit to 0 after used\n (bsc#1104353 ).\n\n - net: hns3: set the max ring num when alloc netdev\n (bsc#1104353 ).\n\n - net: hns3: Setting for fc_mode and dcb enable flag in TM\n module (bsc#1104353).\n\n - net: hns3: Support for dynamically assigning tx buffer\n to TC (bsc#1104353).\n\n - net: hns3: Unified HNS3 (VF|PF) Ethernet Driver for\n hip08 SoC (bsc#1104353).\n\n - net: hns3: unify the pause params setup function\n (bsc#1104353 ).\n\n - net: hns3: Unify the strings display of packet\n statistics (bsc#1104353).\n\n - net: hns3: Updates MSI/MSI-X alloc/free APIs(depricated)\n to new APIs (bsc#1104353).\n\n - net: hns3: Updates RX packet info fetch in case of multi\n BD (bsc#1104353).\n\n - net: hns3: Use enums instead of magic number in\n hclge_is_special_opcode (bsc#1104353).\n\n - net: hns3: VF should get the real rss_size instead of\n rss_size_max (bsc#1104353).\n\n - net: lan78xx: Fix race in tx pending skb size\n calculation (bsc#1100132).\n\n - net: lan78xx: fix rx handling before first packet is\n send (bsc#1100132).\n\n - net: qmi_wwan: add BroadMobi BM806U 2020:2033\n (bsc#1087092).\n\n - net: qmi_wwan: Add Netgear Aircard 779S (bsc#1090888).\n\n - net-usb: add qmi_wwan if on lte modem wistron neweb\n d18q1 (bsc#1087092).\n\n - net: usb: asix: replace mii_nway_restart in resume path\n (bsc#1100132).\n\n - orangefs: report attributes_mask and attributes for\n statx (bsc#1101832).\n\n - orangefs: set i_size on new symlink (bsc#1101845).\n\n - overflow.h: Add allocation size calculation helpers\n (bsc#1101116,).\n\n - powerpc/64: Add GENERIC_CPU support for little endian\n ().\n\n - powerpc/fadump: handle crash memory ranges array index\n overflow (bsc#1103269).\n\n - powerpc/fadump: merge adjacent memory ranges to reduce\n PT_LOAD segements (bsc#1103269).\n\n - powerpc/pkeys: Deny read/write/execute by default\n (bsc#1097577).\n\n - powerpc/pkeys: Fix calculation of total pkeys\n (bsc#1097577).\n\n - powerpc/pkeys: Give all threads control of their key\n permissions (bsc#1097577).\n\n - powerpc/pkeys: key allocation/deallocation must not\n change pkey registers (bsc#1097577).\n\n - powerpc/pkeys: make protection key 0 less special\n (bsc#1097577).\n\n - powerpc/pkeys: Preallocate execute-only key\n (bsc#1097577).\n\n - powerpc/pkeys: Save the pkey registers before fork\n (bsc#1097577).\n\n - qed*: Add link change count value to ethtool statistics\n display (bsc#1086314).\n\n - qed: Add qed APIs for PHY module query (bsc#1086314 ).\n\n - qed: Add srq core support for RoCE and iWARP\n (bsc#1086314 ).\n\n - qede: Add driver callbacks for eeprom module query\n (bsc#1086314 ).\n\n - qedf: Add get_generic_tlv_data handler (bsc#1086317).\n\n - qedf: Add support for populating ethernet TLVs\n (bsc#1086317).\n\n - qed: fix spelling mistake 'successffuly' ->\n 'successfully' (bsc#1086314).\n\n - qedi: Add get_generic_tlv_data handler (bsc#1086315).\n\n - qedi: Add support for populating ethernet TLVs\n (bsc#1086315).\n\n - qed: Make some functions static (bsc#1086314).\n\n - qed: remove redundant functions qed_get_cm_pq_idx_rl\n (bsc#1086314).\n\n - qed: remove redundant functions\n qed_set_gft_event_id_cm_hdr (bsc#1086314).\n\n - qed: remove redundant pointer 'name' (bsc#1086314).\n\n - qed: use dma_zalloc_coherent instead of allocator/memset\n (bsc#1086314).\n\n - qed*: Utilize FW 8.37.2.0 (bsc#1086314).\n\n - rdma/hns: Add 64KB page size support for hip08\n (bsc#1104427 ).\n\n - rdma/hns: Add command queue support for hip08 RoCE\n driver (bsc#1104427).\n\n - rdma/hns: Add CQ operations support for hip08 RoCE\n driver (bsc#1104427).\n\n - rdma/hns: Add detailed comments for mb() call\n (bsc#1104427 ).\n\n - rdma/hns: Add eq support of hip08 (bsc#1104427).\n\n - rdma/hns: Add gsi qp support for modifying qp in hip08\n (bsc#1104427).\n\n - rdma/hns: Add mailbox's implementation for hip08 RoCE\n driver (bsc#1104427).\n\n - rdma/hns: Add modify CQ support for hip08 (bsc#1104427\n ).\n\n - rdma/hns: Add names to function arguments in function\n pointers (bsc#1104427).\n\n - rdma/hns: Add profile support for hip08 driver\n (bsc#1104427 ).\n\n - rdma/hns: Add QP operations support for hip08 SoC\n (bsc#1104427 ).\n\n - rdma/hns: Add releasing resource operation in error\n branch (bsc#1104427).\n\n - rdma/hns: Add rereg mr support for hip08 (bsc#1104427 ).\n\n - rdma/hns: Add reset process for RoCE in hip08\n (bsc#1104427 ).\n\n - rdma/hns: Add return operation when configured global\n param fail (bsc#1104427).\n\n - rdma/hns: Add rq inline data support for hip08 RoCE\n (bsc#1104427 ).\n\n - rdma/hns: Add rq inline flags judgement (bsc#1104427 ).\n\n - rdma/hns: Add sq_invld_flg field in QP context\n (bsc#1104427 ).\n\n - rdma/hns: Add support for processing send wr and receive\n wr (bsc#1104427).\n\n - rdma/hns: Add the interfaces to support multi hop\n addressing for the contexts in hip08 (bsc#1104427).\n\n - rdma/hns: Adjust the order of cleanup hem table\n (bsc#1104427 ).\n\n - rdma/hns: Assign dest_qp when deregistering mr\n (bsc#1104427 ).\n\n - rdma/hns: Assign the correct value for tx_cqn\n (bsc#1104427 ).\n\n - rdma/hns: Assign zero for pkey_index of wc in hip08\n (bsc#1104427 ).\n\n - rdma/hns: Avoid NULL pointer exception (bsc#1104427 ).\n\n - rdma/hns: Bugfix for cq record db for kernel\n (bsc#1104427 ).\n\n - rdma/hns: Bugfix for init hem table (bsc#1104427).\n\n - rdma/hns: Bugfix for rq record db for kernel\n (bsc#1104427 ).\n\n - rdma/hns: Check return value of kzalloc (bsc#1104427 ).\n\n - rdma/hns: Configure BT BA and BT attribute for the\n contexts in hip08 (bsc#1104427).\n\n - rdma/hns: Configure fence attribute in hip08 RoCE\n (bsc#1104427 ).\n\n - rdma/hns: Configure mac&gid and user access region for\n hip08 RoCE driver (bsc#1104427).\n\n - rdma/hns: Configure sgid type for hip08 RoCE\n (bsc#1104427 ).\n\n - rdma/hns: Configure the MTPT in hip08 (bsc#1104427).\n\n - rdma/hns: Configure TRRL field in hip08 RoCE device\n (bsc#1104427 ).\n\n - rdma/hns: Create gsi qp in hip08 (bsc#1104427).\n\n - rdma/hns: Delete the unnecessary initializing enum to\n zero (bsc#1104427).\n\n - rdma/hns: Do not unregister a callback we didn't\n register (bsc#1104427).\n\n - rdma/hns: Drop local zgid in favor of core defined\n variable (bsc#1104427).\n\n - rdma/hns: Enable inner_pa_vld filed of mpt (bsc#1104427\n ).\n\n - rdma/hns: Enable the cqe field of sqwqe of RC\n (bsc#1104427 ).\n\n - rdma/hns: ensure for-loop actually iterates and free's\n buffers (bsc#1104427).\n\n - rdma/hns: Fill sq wqe context of ud type in hip08\n (bsc#1104427 ).\n\n - rdma/hns: Filter for zero length of sge in hip08 kernel\n mode (bsc#1104427).\n\n - rdma/hns: Fix a bug with modifying mac address\n (bsc#1104427 ).\n\n - rdma/hns: Fix a couple misspellings (bsc#1104427).\n\n - rdma/hns: Fix calltrace for sleeping in atomic\n (bsc#1104427 ).\n\n - rdma/hns: Fix cqn type and init resp (bsc#1104427).\n\n - rdma/hns: Fix cq record doorbell enable in kernel\n (bsc#1104427 ).\n\n - rdma/hns: Fix endian problems around imm_data and rkey\n (bsc#1104427).\n\n - rdma/hns: Fix inconsistent warning (bsc#1104427).\n\n - rdma/hns: Fix init resp when alloc ucontext (bsc#1104427\n ).\n\n - rdma/hns: Fix misplaced call to\n hns_roce_cleanup_hem_table (bsc#1104427).\n\n - rdma/hns: Fix QP state judgement before receiving work\n requests (bsc#1104427).\n\n - rdma/hns: Fix QP state judgement before sending work\n requests (bsc#1104427).\n\n - rdma/hns: fix spelling mistake: 'Reseved' -> 'Reserved'\n (bsc#1104427).\n\n - rdma/hns: Fix the bug with NULL pointer (bsc#1104427 ).\n\n - rdma/hns: Fix the bug with rq sge (bsc#1104427).\n\n - rdma/hns: Fix the endian problem for hns (bsc#1104427 ).\n\n - rdma/hns: Fix the illegal memory operation when cross\n page (bsc#1104427).\n\n - rdma/hns: Fix the issue of IOVA not page continuous in\n hip08 (bsc#1104427).\n\n - rdma/hns: Fix the qp context state diagram (bsc#1104427\n ).\n\n - rdma/hns: Generate gid type of RoCEv2 (bsc#1104427).\n\n - rdma/hns: Get rid of page operation after\n dma_alloc_coherent (bsc#1104427).\n\n - rdma/hns: Get rid of virt_to_page and vmap calls after\n dma_alloc_coherent (bsc#1104427).\n\n - rdma/hns: Implement the disassociate_ucontext API\n (bsc#1104427 ).\n\n - rdma/hns: Increase checking CMQ status timeout value\n (bsc#1104427).\n\n - rdma/hns: Initialize the PCI device for hip08 RoCE\n (bsc#1104427 ).\n\n - rdma/hns: Intercept illegal RDMA operation when use\n inline data (bsc#1104427).\n\n - rdma/hns: Load the RoCE dirver automatically\n (bsc#1104427 ).\n\n - rdma/hns: make various function static, fixes warnings\n (bsc#1104427).\n\n - rdma/hns: Modify assignment device variable to support\n both PCI device and platform device (bsc#1104427).\n\n - rdma/hns: Modify the usage of cmd_sn in hip08\n (bsc#1104427 ).\n\n - rdma/hns: Modify the value with rd&dest_rd of qp_attr\n (bsc#1104427).\n\n - rdma/hns: Modify uar allocation algorithm to avoid\n bitmap exhaust (bsc#1104427).\n\n - rdma/hns: Move priv in order to add multiple hns_roce\n support (bsc#1104427).\n\n - rdma/hns: Move the location for initializing tmp_len\n (bsc#1104427).\n\n - rdma/hns: Not support qp transition from reset to reset\n for hip06 (bsc#1104427).\n\n - rdma/hns: Only assign dest_qp if IB_QP_DEST_QPN bit is\n set (bsc#1104427).\n\n - rdma/hns: Only assign dqpn if IB_QP_PATH_DEST_QPN bit is\n set (bsc#1104427).\n\n - rdma/hns: Only assign mtu if IB_QP_PATH_MTU bit is set\n (bsc#1104427).\n\n - rdma/hns: Refactor code for readability (bsc#1104427 ).\n\n - rdma/hns: Refactor eq code for hip06 (bsc#1104427).\n\n - rdma/hns: remove redundant assignment to variable j\n (bsc#1104427 ).\n\n - rdma/hns: Remove some unnecessary attr_mask judgement\n (bsc#1104427).\n\n - rdma/hns: Remove unnecessary operator (bsc#1104427).\n\n - rdma/hns: Remove unnecessary platform_get_resource()\n error check (bsc#1104427).\n\n - rdma/hns: Rename the idx field of db (bsc#1104427).\n\n - rdma/hns: Replace condition statement using hardware\n version information (bsc#1104427).\n\n - rdma/hns: Replace __raw_write*(cpu_to_le*()) with LE\n write*() (bsc#1104427).\n\n - rdma/hns: return 0 rather than return a garbage status\n value (bsc#1104427).\n\n - rdma/hns_roce: Do not check return value of\n zap_vma_ptes() (bsc#1104427).\n\n - rdma/hns: Set access flags of hip08 RoCE (bsc#1104427 ).\n\n - rdma/hns: Set desc_dma_addr for zero when free cmq desc\n (bsc#1104427).\n\n - rdma/hns: Set NULL for __internal_mr (bsc#1104427).\n\n - rdma/hns: Set rdma_ah_attr type for querying qp\n (bsc#1104427 ).\n\n - rdma/hns: Set se attribute of sqwqe in hip08\n (bsc#1104427 ).\n\n - rdma/hns: Set sq_cur_sge_blk_addr field in QPC in hip08\n (bsc#1104427).\n\n - rdma/hns: Set the guid for hip08 RoCE device\n (bsc#1104427 ).\n\n - rdma/hns: Set the owner field of SQWQE in hip08 RoCE\n (bsc#1104427).\n\n - rdma/hns: Split CQE from MTT in hip08 (bsc#1104427).\n\n - rdma/hns: Split hw v1 driver from hns roce driver\n (bsc#1104427 ).\n\n - rdma/hns: Submit bad wr (bsc#1104427).\n\n - rdma/hns: Support cq record doorbell for kernel space\n (bsc#1104427).\n\n - rdma/hns: Support cq record doorbell for the user space\n (bsc#1104427).\n\n - rdma/hns: Support multi hop addressing for PBL in hip08\n (bsc#1104427).\n\n - rdma/hns: Support rq record doorbell for kernel space\n (bsc#1104427).\n\n - rdma/hns: Support rq record doorbell for the user space\n (bsc#1104427).\n\n - rdma/hns: Support WQE/CQE/PBL page size configurable\n feature in hip08 (bsc#1104427).\n\n - rdma/hns: Unify the calculation for hem index in hip08\n (bsc#1104427).\n\n - rdma/hns: Update assignment method for owner field of\n send wqe (bsc#1104427).\n\n - rdma/hns: Update calculation of irrl_ba field for hip08\n (bsc#1104427).\n\n - rdma/hns: Update convert function of endian format\n (bsc#1104427 ).\n\n - rdma/hns: Update the interfaces for MTT/CQE multi hop\n addressing in hip08 (bsc#1104427).\n\n - rdma/hns: Update the IRRL table chunk size in hip08\n (bsc#1104427 ).\n\n - rdma/hns: Update the PD&CQE&MTT specification in hip08\n (bsc#1104427).\n\n - rdma/hns: Update the usage of ack timeout in hip08\n (bsc#1104427 ).\n\n - rdma/hns: Update the usage of sr_max and rr_max field\n (bsc#1104427).\n\n - rdma/hns: Update the verbs of polling for completion\n (bsc#1104427).\n\n - rdma/hns: Use free_pages function instead of free_page\n (bsc#1104427).\n\n - rdma/hns: Use structs to describe the uABI instead of\n opencoding (bsc#1104427).\n\n - rdma/qedr: Fix NULL pointer dereference when running\n over iWARP without RDMA-CM (bsc#1086314).\n\n - rdma/qedr: fix spelling mistake: 'adrresses' ->\n 'addresses' (bsc#1086314).\n\n - rdma/qedr: fix spelling mistake: 'failes' -> 'fails'\n (bsc#1086314).\n\n - reiserfs: fix buffer overflow with long warning messages\n (bsc#1101847).\n\n -\n reiserfs-fix-buffer-overflow-with-long-warning-messa.pat\n ch: Silence bogus compiler warning about unused result\n of strscpy().\n\n - s390/dasd: configurable IFCC handling (bsc#1097808).\n\n - sched/smt: Update sched_smt_present at runtime\n (bsc#1089343).\n\n - scsi: mpt3sas: Add an I/O barrier (bsc#1086906,).\n\n - scsi: mpt3sas: Added support for SAS Device Discovery\n Error Event (bsc#1086906,).\n\n - scsi: mpt3sas: Add PCI device ID for Andromeda\n (bsc#1086906,).\n\n - scsi: mpt3sas: Allow processing of events during driver\n unload (bsc#1086906,).\n\n - scsi: mpt3sas: As per MPI-spec, use combined reply queue\n for SAS3.5 controllers when HBA supports more than 16\n MSI-x vectors (bsc#1086906,).\n\n - scsi: mpt3sas: Bug fix for big endian systems\n (bsc#1086906,).\n\n - scsi: mpt3sas: Cache enclosure pages during enclosure\n add (bsc#1086906,).\n\n - scsi: mpt3sas: clarify mmio pointer types\n (bsc#1086906,).\n\n - scsi: mpt3sas: Configure reply post queue depth, DMA and\n sgl tablesize (bsc#1086906,).\n\n - scsi: mpt3sas: Do not abort I/Os issued to NVMe drives\n while processing Async Broadcast primitive event\n (bsc#1086906,).\n\n - scsi: mpt3sas: Do not access the structure after\n decrementing it's instance reference count\n (bsc#1086906,).\n\n - scsi: mpt3sas: Do not mark fw_event workqueue as\n WQ_MEM_RECLAIM (bsc#1086906,).\n\n - scsi: mpt3sas: Enhanced handling of Sense Buffer\n (bsc#1086906,).\n\n - scsi: mpt3sas: Fix, False timeout prints for ioctl and\n other internal commands during controller reset\n (bsc#1086906,).\n\n - scsi: mpt3sas: fix possible memory leak (bsc#1086906,).\n\n - scsi: mpt3sas: fix spelling mistake: 'disbale' ->\n 'disable' (bsc#1086906,).\n\n - scsi: mpt3sas: For NVME device, issue a protocol level\n reset (bsc#1086906,).\n\n - scsi: mpt3sas: Incorrect command status was set/marked\n as not used (bsc#1086906,).\n\n - scsi: mpt3sas: Increase event log buffer to support 24\n port HBA's (bsc#1086906,).\n\n - scsi: mpt3sas: Introduce API to get BAR0 mapped buffer\n address (bsc#1086906,).\n\n - scsi: mpt3sas: Introduce Base function for cloning\n (bsc#1086906,).\n\n - scsi: mpt3sas: Introduce function to clone mpi reply\n (bsc#1086906,).\n\n - scsi: mpt3sas: Introduce function to clone mpi request\n (bsc#1086906,).\n\n - scsi: mpt3sas: Lockless access for chain buffers\n (bsc#1086906,).\n\n - scsi: mpt3sas: Optimize I/O memory consumption in driver\n (bsc#1086906,).\n\n - scsi: mpt3sas: Pre-allocate RDPQ Array at driver boot\n time (bsc#1086906,).\n\n - scsi: mpt3sas: Replace PCI pool old API (bsc#1081917). -\n Refresh\n patches.drivers/scsi-mpt3sas-SGL-to-PRP-Translation-for-\n I-Os-to-NVMe.patch.\n\n - scsi: mpt3sas: Report Firmware Package Version from HBA\n Driver (bsc#1086906,).\n\n - scsi: mpt3sas: Update driver version '25.100.00.00'\n (bsc#1086906,).\n\n - scsi: mpt3sas: Update driver version '26.100.00.00'\n (bsc#1086906,).\n\n - scsi: mpt3sas: Update MPI Headers (bsc#1086906,).\n\n - scsi: qedf: Add additional checks when restarting an\n rport due to ABTS timeout (bsc#1086317).\n\n - scsi: qedf: Add check for offload before flushing I/Os\n for target (bsc#1086317).\n\n - scsi: qedf: Add dcbx_not_wait module parameter so we\n won't wait for DCBX convergence to start discovery\n (bsc#1086317).\n\n - scsi: qedf: Add missing skb frees in error path\n (bsc#1086317).\n\n - scsi: qedf: Add more defensive checks for concurrent\n error conditions (bsc#1086317).\n\n - scsi: qedf: Add task id to kref_get_unless_zero() debug\n messages when flushing requests (bsc#1086317).\n\n - scsi: qedf: Check if link is already up when receiving a\n link up event from qed (bsc#1086317).\n\n - scsi: qedf: fix LTO-enabled build (bsc#1086317).\n\n - scsi: qedf: Fix VLAN display when printing sent FIP\n frames (bsc#1086317).\n\n - scsi: qedf: Honor default_prio module parameter even if\n DCBX does not converge (bsc#1086317).\n\n - scsi: qedf: Honor priority from DCBX FCoE App tag\n (bsc#1086317).\n\n - scsi: qedf: If qed fails to enable MSI-X fail PCI probe\n (bsc#1086317).\n\n - scsi: qedf: Improve firmware debug dump handling\n (bsc#1086317).\n\n - scsi: qedf: Increase the number of default FIP VLAN\n request retries to 60 (bsc#1086317).\n\n - scsi: qedf: Release RRQ reference correctly when RRQ\n command times out (bsc#1086317).\n\n - scsi: qedf: remove redundant initialization of 'fcport'\n (bsc#1086317).\n\n - scsi: qedf: Remove setting DCBX pending during soft\n context reset (bsc#1086317).\n\n - scsi: qedf: Return request as DID_NO_CONNECT if MSI-X is\n not enabled (bsc#1086317).\n\n - scsi: qedf: Sanity check FCoE/FIP priority value to make\n sure it's between 0 and 7 (bsc#1086317).\n\n - scsi: qedf: Send the driver state to MFW (bsc#1086317).\n\n - scsi: qedf: Set the UNLOADING flag when removing a vport\n (bsc#1086317).\n\n - scsi: qedf: Synchronize rport restarts when multiple ELS\n commands time out (bsc#1086317).\n\n - scsi: qedf: Update copyright for 2018 (bsc#1086317).\n\n - scsi: qedf: Update version number to 8.33.16.20\n (bsc#1086317).\n\n - scsi: qedf: use correct strncpy() size (bsc#1086317).\n\n - scsi: qedi: fix building with LTO (bsc#1086315).\n\n - scsi: qedi: fix build regression (bsc#1086315).\n\n - scsi: qedi: Fix kernel crash during port toggle\n (bsc#1086315).\n\n - scsi: qedi: Send driver state to MFW (bsc#1086315).\n\n - scsi: qla2xxx: correctly shift host byte (bsc#1086327,).\n\n - scsi: qla2xxx: Correct setting of\n SAM_STAT_CHECK_CONDITION (bsc#1086327,).\n\n - scsi: qla2xxx: Fix crash on qla2x00_mailbox_command\n (bsc#1086327,).\n\n - scsi: qla2xxx: Fix Inquiry command being dropped in\n Target mode (bsc#1086327,).\n\n - scsi: qla2xxx: Fix race condition between iocb timeout\n and initialisation (bsc#1086327,).\n\n - scsi: qla2xxx: Fix Rport and session state getting out\n of sync (bsc#1086327,).\n\n - scsi: qla2xxx: Fix sending ADISC command for login\n (bsc#1086327,).\n\n - scsi: qla2xxx: Fix setting lower transfer speed if GPSC\n fails (bsc#1086327,).\n\n - scsi: qla2xxx: Fix TMF and Multi-Queue config\n (bsc#1086327,).\n\n - scsi: qla2xxx: Move GPSC and GFPNID out of session\n management (bsc#1086327,).\n\n - scsi: qla2xxx: Prevent relogin loop by removing stale\n code (bsc#1086327,).\n\n - scsi: qla2xxx: Reduce redundant ADISC command for RSCNs\n (bsc#1086327,).\n\n - scsi: qla2xxx: remove irq save in qla2x00_poll()\n (bsc#1086327,).\n\n - scsi: qla2xxx: Remove stale debug value for login_retry\n flag (bsc#1086327,).\n\n - scsi: qla2xxx: Update driver version to 10.00.00.07-k\n (bsc#1086327,).\n\n - scsi: qla2xxx: Use predefined get_datalen_for_atio()\n inline function (bsc#1086327,).\n\n - scsi: qla4xxx: Move an array from a .h into a .c file\n (bsc#1086331).\n\n - scsi: qla4xxx: Remove unused symbols (bsc#1086331).\n\n - scsi: qla4xxx: skip error recovery in case of register\n disconnect (bsc#1086331).\n\n - scsi: qla4xxx: Use dma_pool_zalloc() (bsc#1086331).\n\n - scsi: qla4xxx: Use zeroing allocator rather than\n allocator/memset (bsc#1086331).\n\n - selftests/powerpc: Fix core-pkey for default execute\n permission change (bsc#1097577).\n\n - selftests/powerpc: Fix ptrace-pkey for default execute\n permission change (bsc#1097577).\n\n - supported.conf: add drivers/md/dm-writecache\n\n - supported.conf: added hns3 modules\n\n - supported.conf: added hns-roce-hw-v1 and hns-roce-hw-v2\n\n - supported.conf: Enable HiSi v3 SAS adapter ()\n\n - tcp_rbd depends on BLK_DEV_RBD ().\n\n - typec: tcpm: fusb302: Resolve out of order messaging\n events (bsc#1087092).\n\n - udf: Detect incorrect directory size (bsc#1101891).\n\n - udf: Provide saner default for invalid uid / gid\n (bsc#1101890).\n\n - vfs: add the sb_start_intwrite_trylock() helper\n (bsc#1101841).\n\n - x86/apic: Ignore secondary threads if nosmt=force\n (bsc#1089343).\n\n - x86/CPU/AMD: Do not check CPUID max ext level before\n parsing SMP info (bsc#1089343).\n\n - x86/cpu/AMD: Evaluate smp_num_siblings early\n (bsc#1089343).\n\n - x86/CPU/AMD: Move TOPOEXT reenablement before reading\n smp_num_siblings (bsc#1089343).\n\n - x86/cpu/AMD: Remove the pointless detect_ht() call\n (bsc#1089343).\n\n - x86/cpu/common: Provide detect_ht_early() (bsc#1089343).\n\n - x86/cpu/intel: Evaluate smp_num_siblings early\n (bsc#1089343).\n\n - x86/cpu: Remove the pointless CPU printout\n (bsc#1089343).\n\n - x86/cpu/topology: Provide\n detect_extended_topology_early() (bsc#1089343).\n\n - x86/KVM/VMX: Add module argument for L1TF mitigation.\n\n - x86/smp: Provide topology_is_primary_thread()\n (bsc#1089343).\n\n - x86/topology: Provide topology_smt_supported()\n (bsc#1089343).\n\n - x86/xen: init %gs very early to avoid page faults with\n stack protector (bnc#1104777).\n\n - xen-netback: fix input validation in\n xenvif_set_hash_mapping() (bnc#1103277).\n\n - xen/netfront: do not cache skb_shinfo() (bnc#1065600).\n\n - xfs: catch inode allocation state mismatch corruption\n (bsc#1104211).\n\n - xfs: prevent creating negative-sized file via\n INSERT_RANGE (bsc#1101833).\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1065600\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1081917\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1083647\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1086288\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1086314\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1086315\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1086317\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1086327\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1086331\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1086906\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1087081\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1087092\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1089343\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1090888\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1097104\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1097577\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1097808\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1099811\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1099813\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1099844\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1099845\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1099846\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1099849\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1099863\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1099864\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1100132\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1101116\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1101828\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1101832\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1101833\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1101837\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1101839\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1101841\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1101843\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1101844\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1101845\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1101847\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1101852\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1101853\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1101867\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1101872\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1101874\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1101875\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1101882\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1101883\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1101885\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1101887\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1101890\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1101891\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1101893\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1101895\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1101896\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1101900\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1101902\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1101903\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1102340\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1103097\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1103269\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1103277\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1103363\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1103445\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1103886\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1104066\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1104211\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1104319\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1104353\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1104365\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1104427\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1104494\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1104495\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1104708\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1104777\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected the Linux Kernel packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2018-10877\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-debug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-debug-base\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-debug-base-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-debug-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-debug-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-debug-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-debug-devel-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-default\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-default-base\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-default-base-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-default-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-default-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-default-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-default-devel-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-docs-html\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-kvmsmall\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-kvmsmall-base\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-kvmsmall-base-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-kvmsmall-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-kvmsmall-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-kvmsmall-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-kvmsmall-devel-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-macros\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-obs-build\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-obs-build-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-obs-qa\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-source\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-source-vanilla\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-syms\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-vanilla\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-vanilla-base\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-vanilla-base-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-vanilla-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-vanilla-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-vanilla-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-vanilla-devel-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:15.0\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2018/07/18\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/03/23\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/03/27\");\n script_set_attribute(attribute:\"in_the_news\", value:\"true\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2019-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE15\\.0)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"15.0\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(x86_64)$\") audit(AUDIT_ARCH_NOT, \"x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE15.0\", reference:\"kernel-debug-4.12.14-lp150.12.16.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"kernel-debug-base-4.12.14-lp150.12.16.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"kernel-debug-base-debuginfo-4.12.14-lp150.12.16.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"kernel-debug-debuginfo-4.12.14-lp150.12.16.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"kernel-debug-debugsource-4.12.14-lp150.12.16.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"kernel-debug-devel-4.12.14-lp150.12.16.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"kernel-debug-devel-debuginfo-4.12.14-lp150.12.16.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"kernel-default-4.12.14-lp150.12.16.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"kernel-default-base-4.12.14-lp150.12.16.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"kernel-default-base-debuginfo-4.12.14-lp150.12.16.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"kernel-default-debuginfo-4.12.14-lp150.12.16.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"kernel-default-debugsource-4.12.14-lp150.12.16.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"kernel-default-devel-4.12.14-lp150.12.16.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"kernel-default-devel-debuginfo-4.12.14-lp150.12.16.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"kernel-devel-4.12.14-lp150.12.16.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"kernel-docs-html-4.12.14-lp150.12.16.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"kernel-kvmsmall-4.12.14-lp150.12.16.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"kernel-kvmsmall-base-4.12.14-lp150.12.16.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"kernel-kvmsmall-base-debuginfo-4.12.14-lp150.12.16.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"kernel-kvmsmall-debuginfo-4.12.14-lp150.12.16.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"kernel-kvmsmall-debugsource-4.12.14-lp150.12.16.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"kernel-kvmsmall-devel-4.12.14-lp150.12.16.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"kernel-kvmsmall-devel-debuginfo-4.12.14-lp150.12.16.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"kernel-macros-4.12.14-lp150.12.16.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"kernel-obs-build-4.12.14-lp150.12.16.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"kernel-obs-build-debugsource-4.12.14-lp150.12.16.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"kernel-obs-qa-4.12.14-lp150.12.16.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"kernel-source-4.12.14-lp150.12.16.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"kernel-source-vanilla-4.12.14-lp150.12.16.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"kernel-syms-4.12.14-lp150.12.16.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"kernel-vanilla-4.12.14-lp150.12.16.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"kernel-vanilla-base-4.12.14-lp150.12.16.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"kernel-vanilla-base-debuginfo-4.12.14-lp150.12.16.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"kernel-vanilla-debuginfo-4.12.14-lp150.12.16.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"kernel-vanilla-debugsource-4.12.14-lp150.12.16.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"kernel-vanilla-devel-4.12.14-lp150.12.16.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"kernel-vanilla-devel-debuginfo-4.12.14-lp150.12.16.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"kernel-debug / kernel-debug-base / kernel-debug-base-debuginfo / etc\");\n}\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}], "openvas": [{"lastseen": "2020-01-27T18:34:33", "bulletinFamily": "scanner", "cvelist": ["CVE-2018-10882", "CVE-2018-3693", "CVE-2017-5754", "CVE-2015-8839", "CVE-2017-13166", "CVE-2017-13305", "CVE-2018-3665", "CVE-2017-15121", "CVE-2018-10902", "CVE-2018-19985"], "description": "The remote host is missing an update for the Huawei EulerOS\n ", "modified": "2020-01-23T00:00:00", "published": "2020-01-23T00:00:00", "id": "OPENVAS:1361412562311220191514", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562311220191514", "type": "openvas", "title": "Huawei EulerOS: Security Advisory for kernel (EulerOS-SA-2019-1514)", "sourceData": "# Copyright (C) 2020 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) the respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.1.2.2019.1514\");\n script_version(\"2020-01-23T12:01:08+0000\");\n script_cve_id(\"CVE-2015-8839\", \"CVE-2017-13166\", \"CVE-2017-13305\", \"CVE-2017-15121\", \"CVE-2017-5754\", \"CVE-2018-10882\", \"CVE-2018-10902\", \"CVE-2018-19985\", \"CVE-2018-3665\", \"CVE-2018-3693\");\n script_tag(name:\"cvss_base\", value:\"4.9\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:L/Au:N/C:N/I:N/A:C\");\n script_tag(name:\"last_modification\", value:\"2020-01-23 12:01:08 +0000 (Thu, 23 Jan 2020)\");\n script_tag(name:\"creation_date\", value:\"2020-01-23 12:01:08 +0000 (Thu, 23 Jan 2020)\");\n script_name(\"Huawei EulerOS: Security Advisory for kernel (EulerOS-SA-2019-1514)\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2020 Greenbone Networks GmbH\");\n script_family(\"Huawei EulerOS Local Security Checks\");\n script_dependencies(\"gb_huawei_euleros_consolidation.nasl\");\n script_mandatory_keys(\"ssh/login/euleros\", \"ssh/login/rpms\", re:\"ssh/login/release=EULEROSVIRT-3\\.0\\.1\\.0\");\n\n script_xref(name:\"EulerOS-SA\", value:\"2019-1514\");\n script_xref(name:\"URL\", value:\"https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2019-1514\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the Huawei EulerOS\n 'kernel' package(s) announced via the EulerOS-SA-2019-1514 advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"The function hso_get_config_data in drivers/net/usb/hso.c in the Linux kernel through 4.19.8 reads if_num from the USB device (as a u8) and uses it to index a small array, resulting in an object out-of-bounds (OOB) read that potentially allows arbitrary read in the kernel address space.(CVE-2018-19985)\n\nAn industry-wide issue was found in the way many modern microprocessor designs have implemented speculative execution of instructions (a commonly used performance optimization). There are three primary variants of the issue which differ in the way the speculative execution can be exploited. Variant CVE-2017-5754 relies on the fact that, on impacted microprocessors, during speculative execution of instruction permission faults, exception generation triggered by a faulting access is suppressed until the retirement of the whole instruction block. In a combination with the fact that memory accesses may populate the cache even when the block is being dropped and never committed (executed), an unprivileged local attacker could use this flaw to read privileged (kernel space) memory by conducting targeted cache side-channel attacks. Note: CVE-2017-5754 affects Intel x86-64 microprocessors. AMD x86-64 microprocessors are not affected by this issue.(CVE-2017-5754)\n\nA non-privileged user is able to mount a fuse filesystem on RHEL 6 or 7 and crash a system if an application punches a hole in a file that does not end aligned to a page boundary.(CVE-2017-15121)\n\nA flaw was found in the Linux kernel when attempting to 'punch a hole' in files existing on an ext4 filesystem. When punching holes into a file races with the page fault of the same area, it is possible that freed blocks remain referenced from page cache pages mapped to process' address space.(CVE-2015-8839)\n\nAn industry-wide issue was found in the way many modern microprocessor designs have implemented speculative execution of instructions past bounds check. The flaw relies on the presence of a precisely-defined instruction sequence in the privileged code and the fact that memory writes occur to an address which depends on the untrusted value. Such writes cause an update into the microprocessor's data cache even for speculatively executed instructions that never actually commit (retire). As a result, an unprivileged attacker could use this flaw to influence speculative execution and/or read privileged memory by conducting targeted cache side-channel attacks.(CVE-2018-3693)\n\nA Floating Point Unit (FPU) state information leakage flaw was found in the way the Linux kernel saved and restored the FPU state during task switch. Linux kern ...\n\n Description truncated. Please see the references for more information.\");\n\n script_tag(name:\"affected\", value:\"'kernel' package(s) on Huawei EulerOS Virtualization 3.0.1.0.\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"EULEROSVIRT-3.0.1.0\") {\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel\", rpm:\"kernel~3.10.0~862.14.1.6_42\", rls:\"EULEROSVIRT-3.0.1.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-devel\", rpm:\"kernel-devel~3.10.0~862.14.1.6_42\", rls:\"EULEROSVIRT-3.0.1.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-headers\", rpm:\"kernel-headers~3.10.0~862.14.1.6_42\", rls:\"EULEROSVIRT-3.0.1.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-tools\", rpm:\"kernel-tools~3.10.0~862.14.1.6_42\", rls:\"EULEROSVIRT-3.0.1.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-tools-libs\", rpm:\"kernel-tools-libs~3.10.0~862.14.1.6_42\", rls:\"EULEROSVIRT-3.0.1.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-tools-libs-devel\", rpm:\"kernel-tools-libs-devel~3.10.0~862.14.1.6_42\", rls:\"EULEROSVIRT-3.0.1.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"perf\", rpm:\"perf~3.10.0~862.14.1.6_42\", rls:\"EULEROSVIRT-3.0.1.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"python-perf\", rpm:\"python-perf~3.10.0~862.14.1.6_42\", rls:\"EULEROSVIRT-3.0.1.0\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if (__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);", "cvss": {"score": 4.9, "vector": "AV:L/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2020-01-27T18:33:17", "bulletinFamily": "scanner", "cvelist": ["CVE-2018-10882", "CVE-2019-3460", "CVE-2018-9568", "CVE-2018-16862", "CVE-2019-7221", "CVE-2019-3459", "CVE-2019-9213", "CVE-2019-5489", "CVE-2018-10876", "CVE-2018-19985"], "description": "The remote host is missing an update for the Huawei EulerOS\n ", "modified": "2020-01-23T00:00:00", "published": "2020-01-23T00:00:00", "id": "OPENVAS:1361412562311220191302", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562311220191302", "type": "openvas", "title": "Huawei EulerOS: Security Advisory for kernel (EulerOS-SA-2019-1302)", "sourceData": "# Copyright (C) 2020 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) the respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.1.2.2019.1302\");\n script_version(\"2020-01-23T15:42:05+0000\");\n script_cve_id(\"CVE-2018-10876\", \"CVE-2018-10882\", \"CVE-2018-16862\", \"CVE-2018-19985\", \"CVE-2018-9568\", \"CVE-2019-3459\", \"CVE-2019-3460\", \"CVE-2019-5489\", \"CVE-2019-7221\", \"CVE-2019-9213\");\n script_tag(name:\"cvss_base\", value:\"7.2\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"last_modification\", value:\"2020-01-23 15:42:05 +0000 (Thu, 23 Jan 2020)\");\n script_tag(name:\"creation_date\", value:\"2020-01-23 11:38:10 +0000 (Thu, 23 Jan 2020)\");\n script_name(\"Huawei EulerOS: Security Advisory for kernel (EulerOS-SA-2019-1302)\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2020 Greenbone Networks GmbH\");\n script_family(\"Huawei EulerOS Local Security Checks\");\n script_dependencies(\"gb_huawei_euleros_consolidation.nasl\");\n script_mandatory_keys(\"ssh/login/euleros\", \"ssh/login/rpms\", re:\"ssh/login/release=EULEROS-2\\.0SP2\");\n\n script_xref(name:\"EulerOS-SA\", value:\"2019-1302\");\n script_xref(name:\"URL\", value:\"https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2019-1302\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the Huawei EulerOS\n 'kernel' package(s) announced via the EulerOS-SA-2019-1302 advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"A flaw was found in the Linux kernel's ext4 filesystem code. A use-after-free is possible in ext4_ext_remove_space() function when mounting and operating a crafted ext4 image.(CVE-2018-10876)\n\nA flaw was found in the Linux kernel's ext4 filesystem. A local user can cause an out-of-bound write in the fs/jbd2/transaction.c code, a denial of service, and a system crash by unmounting a crafted ext4 filesystem image.(CVE-2018-10882)\n\nA use-after-free vulnerability was found in the way the Linux kernel's KVM hypervisor emulates a preemption timer for L2 guests when nested (=1) virtualization is enabled. This high resolution timer(hrtimer) runs when a L2 guest is active. After VM exit, the sync_vmcs12() timer object is stopped. The use-after-free occurs if the timer object is freed before calling sync_vmcs12() routine. A guest user/process could use this flaw to crash the host kernel resulting in a denial of service or, potentially, gain privileged access to a system.(CVE-2019-7221)\n\nA flaw was found in the Linux kernel in the function hso_probe() which reads if_num value from the USB device (as an u8) and uses it without a length check to index an array, resulting in an OOB memory read in hso_probe() or hso_get_config_data(). An attacker with a forged USB device and physical access to a system (needed to connect such a device) can cause a system crash and a denial of service.(CVE-2018-19985)\n\nA possible memory corruption due to a type confusion was found in the Linux kernel in the sk_clone_lock() function in the net/core/sock.c. The possibility of local escalation of privileges cannot be fully ruled out for a local unprivileged attacker.(CVE-2018-9568)\n\nA flaw was found in the Linux kernels implementation of Logical link control and adaptation protocol (L2CAP), part of the Bluetooth stack. An attacker with physical access within the range of standard Bluetooth transmission can create a specially crafted packet. The response to this specially crafted packet can contain part of the kernel stack which can be used in a further attack.(CVE-2019-3459)\n\nA flaw was found in the Linux kernel's implementation of logical link control and adaptation protocol (L2CAP), part of the Bluetooth stack in the l2cap_parse_conf_rsp and l2cap_parse_conf_req functions. An attacker with physical access within the range of standard Bluetooth transmission can create a specially crafted packet. The response to this specially crafted packet can contain part of the kernel stack which can be used in a further attack.(CVE-2019-3460)\n\nA flaw was found in mmap in the Linux kernel allowing the process to map a null page. This all ...\n\n Description truncated. Please see the references for more information.\");\n\n script_tag(name:\"affected\", value:\"'kernel' package(s) on Huawei EulerOS V2.0SP2.\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"EULEROS-2.0SP2\") {\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel\", rpm:\"kernel~3.10.0~327.62.59.83.h149\", rls:\"EULEROS-2.0SP2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-debug\", rpm:\"kernel-debug~3.10.0~327.62.59.83.h149\", rls:\"EULEROS-2.0SP2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-debug-devel\", rpm:\"kernel-debug-devel~3.10.0~327.62.59.83.h149\", rls:\"EULEROS-2.0SP2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-debuginfo\", rpm:\"kernel-debuginfo~3.10.0~327.62.59.83.h149\", rls:\"EULEROS-2.0SP2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-debuginfo-common-x86_64\", rpm:\"kernel-debuginfo-common-x86_64~3.10.0~327.62.59.83.h149\", rls:\"EULEROS-2.0SP2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-devel\", rpm:\"kernel-devel~3.10.0~327.62.59.83.h149\", rls:\"EULEROS-2.0SP2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-headers\", rpm:\"kernel-headers~3.10.0~327.62.59.83.h149\", rls:\"EULEROS-2.0SP2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-tools\", rpm:\"kernel-tools~3.10.0~327.62.59.83.h149\", rls:\"EULEROS-2.0SP2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-tools-libs\", rpm:\"kernel-tools-libs~3.10.0~327.62.59.83.h149\", rls:\"EULEROS-2.0SP2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"perf\", rpm:\"perf~3.10.0~327.62.59.83.h149\", rls:\"EULEROS-2.0SP2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"python-perf\", rpm:\"python-perf~3.10.0~327.62.59.83.h149\", rls:\"EULEROS-2.0SP2\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if (__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-05-29T18:33:20", "bulletinFamily": "scanner", "cvelist": ["CVE-2018-10882", "CVE-2018-10877", "CVE-2018-10878", "CVE-2018-13405", "CVE-2018-13406", "CVE-2018-10881", "CVE-2018-12233", "CVE-2017-13168", "CVE-2018-10876", "CVE-2018-10879", "CVE-2018-13094"], "description": "The remote host is missing an update for the ", "modified": "2019-03-13T00:00:00", "published": "2018-08-25T00:00:00", "id": "OPENVAS:1361412562310843626", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310843626", "type": "openvas", "title": "Ubuntu Update for linux-aws USN-3753-2", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_ubuntu_USN_3753_2.nasl 14140 2019-03-13 12:26:09Z cfischer $\n#\n# Ubuntu Update for linux-aws USN-3753-2\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2018 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.843626\");\n script_version(\"$Revision: 14140 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-13 13:26:09 +0100 (Wed, 13 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2018-08-25 06:46:31 +0200 (Sat, 25 Aug 2018)\");\n script_cve_id(\"CVE-2017-13168\", \"CVE-2018-10876\", \"CVE-2018-10879\", \"CVE-2018-10877\", \"CVE-2018-10878\", \"CVE-2018-10882\", \"CVE-2018-10881\", \"CVE-2018-12233\", \"CVE-2018-13094\", \"CVE-2018-13405\", \"CVE-2018-13406\");\n script_tag(name:\"cvss_base\", value:\"7.2\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"Ubuntu Update for linux-aws USN-3753-2\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'linux-aws'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"insight\", value:\"USN-3753-1 fixed vulnerabilities in the Linux kernel for Ubuntu 16.04\nLTS. This update provides the corresponding updates for the Linux\nHardware Enablement (HWE) kernel from Ubuntu 16.04 LTS for Ubuntu\n14.04 LTS.\n\nIt was discovered that the generic SCSI driver in the Linux kernel did not\nproperly enforce permissions on kernel memory access. A local attacker\ncould use this to expose sensitive information or possibly elevate\nprivileges. (CVE-2017-13168)\n\nWen Xu discovered that a use-after-free vulnerability existed in the ext4\nfilesystem implementation in the Linux kernel. An attacker could use this\nto construct a malicious ext4 image that, when mounted, could cause a\ndenial of service (system crash) or possibly execute arbitrary code.\n(CVE-2018-10876, CVE-2018-10879)\n\nWen Xu discovered that a buffer overflow existed in the ext4 filesystem\nimplementation in the Linux kernel. An attacker could use this to construct\na malicious ext4 image that, when mounted, could cause a denial of service\n(system crash) or possibly execute arbitrary code. (CVE-2018-10877)\n\nWen Xu discovered that an out-of-bounds write vulnerability existed in the\next4 filesystem implementation in the Linux kernel. An attacker could use\nthis to construct a malicious ext4 image that, when mounted, could cause a\ndenial of service (system crash) or possibly execute arbitrary code.\n(CVE-2018-10878, CVE-2018-10882)\n\nWen Xu discovered that the ext4 filesystem implementation in the Linux\nkernel did not properly keep meta-data information consistent in some\nsituations. An attacker could use this to construct a malicious ext4 image\nthat, when mounted, could cause a denial of service (system crash).\n(CVE-2018-10881)\n\nShankara Pailoor discovered that the JFS filesystem implementation in the\nLinux kernel contained a buffer overflow when handling extended attributes.\nA local attacker could use this to cause a denial of service (system crash)\nor possibly execute arbitrary code. (CVE-2018-12233)\n\nWen Xu discovered that the XFS filesystem implementation in the Linux\nkernel did not properly handle an error condition with a corrupted xfs\nimage. An attacker could use this to construct a malicious xfs image that,\nwhen mounted, could cause a denial of service (system crash).\n(CVE-2018-13094)\n\nIt was discovered that the Linux kernel did not properly handle setgid file\ncreation when performed by a non-member of the group. A local attacker\ncould use this to gain elevated privileges. (CVE-2018-13405)\n\nSilvio Cesare discovered that the generic VESA frame buffer driver in the\nLinux kernel contained an integer overflow. A local attacker could use this\nto cause a denial of service (system crash) or possibly execute arbitrary\ncode. (CVE-2018-13406)\");\n script_tag(name:\"affected\", value:\"linux-aws on Ubuntu 14.04 LTS\");\n script_tag(name:\"solution\", value:\"Please install the updated packages.\");\n\n script_xref(name:\"USN\", value:\"3753-2\");\n script_xref(name:\"URL\", value:\"http://www.ubuntu.com/usn/usn-3753-2/\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2018 Greenbone Networks GmbH\");\n script_family(\"Ubuntu Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/ubuntu_linux\", \"ssh/login/packages\", re:\"ssh/login/release=UBUNTU14\\.04 LTS\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nrelease = dpkg_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"UBUNTU14.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"linux-image-4.4.0-1028-aws\", ver:\"4.4.0-1028.31\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-4.4.0-134-generic\", ver:\"4.4.0-134.160~14.04.1\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-4.4.0-134-generic-lpae\", ver:\"4.4.0-134.160~14.04.1\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-4.4.0-134-lowlatency\", ver:\"4.4.0-134.160~14.04.1\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-4.4.0-134-powerpc-e500mc\", ver:\"4.4.0-134.160~14.04.1\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-4.4.0-134-powerpc-smp\", ver:\"4.4.0-134.160~14.04.1\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-4.4.0-134-powerpc64-emb\", ver:\"4.4.0-134.160~14.04.1\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-4.4.0-134-powerpc64-smp\", ver:\"4.4.0-134.160~14.04.1\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-aws\", ver:\"4.4.0.1028.28\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-generic-lpae-lts-xenial\", ver:\"4.4.0.134.114\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-generic-lts-xenial\", ver:\"4.4.0.134.114\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-lowlatency-lts-xenial\", ver:\"4.4.0.134.114\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-powerpc-e500mc-lts-xenial\", ver:\"4.4.0.134.114\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-powerpc-smp-lts-xenial\", ver:\"4.4.0.134.114\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-powerpc64-emb-lts-xenial\", ver:\"4.4.0.134.114\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-powerpc64-smp-lts-xenial\", ver:\"4.4.0.134.114\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-05-29T18:33:23", "bulletinFamily": "scanner", "cvelist": ["CVE-2018-10882", "CVE-2018-10877", "CVE-2018-10878", "CVE-2018-13405", "CVE-2018-13406", "CVE-2018-10881", "CVE-2018-12233", "CVE-2017-13168", "CVE-2018-10876", "CVE-2018-10879", "CVE-2018-13094"], "description": "The remote host is missing an update for the ", "modified": "2019-03-13T00:00:00", "published": "2018-08-25T00:00:00", "id": "OPENVAS:1361412562310843627", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310843627", "type": "openvas", "title": "Ubuntu Update for linux USN-3753-1", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_ubuntu_USN_3753_1.nasl 14140 2019-03-13 12:26:09Z cfischer $\n#\n# Ubuntu Update for linux USN-3753-1\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2018 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.843627\");\n script_version(\"$Revision: 14140 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-13 13:26:09 +0100 (Wed, 13 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2018-08-25 06:47:37 +0200 (Sat, 25 Aug 2018)\");\n script_cve_id(\"CVE-2017-13168\", \"CVE-2018-10876\", \"CVE-2018-10879\", \"CVE-2018-10877\", \"CVE-2018-10878\", \"CVE-2018-10882\", \"CVE-2018-10881\", \"CVE-2018-12233\", \"CVE-2018-13094\", \"CVE-2018-13405\", \"CVE-2018-13406\");\n script_tag(name:\"cvss_base\", value:\"7.2\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"Ubuntu Update for linux USN-3753-1\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'linux'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"insight\", value:\"It was discovered that the generic SCSI driver in the Linux kernel did not\nproperly enforce permissions on kernel memory access. A local attacker\ncould use this to expose sensitive information or possibly elevate\nprivileges. (CVE-2017-13168)\n\nWen Xu discovered that a use-after-free vulnerability existed in the ext4\nfilesystem implementation in the Linux kernel. An attacker could use this\nto construct a malicious ext4 image that, when mounted, could cause a\ndenial of service (system crash) or possibly execute arbitrary code.\n(CVE-2018-10876, CVE-2018-10879)\n\nWen Xu discovered that a buffer overflow existed in the ext4 filesystem\nimplementation in the Linux kernel. An attacker could use this to construct\na malicious ext4 image that, when mounted, could cause a denial of service\n(system crash) or possibly execute arbitrary code. (CVE-2018-10877)\n\nWen Xu discovered that an out-of-bounds write vulnerability existed in the\next4 filesystem implementation in the Linux kernel. An attacker could use\nthis to construct a malicious ext4 image that, when mounted, could cause a\ndenial of service (system crash) or possibly execute arbitrary code.\n(CVE-2018-10878, CVE-2018-10882)\n\nWen Xu discovered that the ext4 filesystem implementation in the Linux\nkernel did not properly keep meta-data information consistent in some\nsituations. An attacker could use this to construct a malicious ext4 image\nthat, when mounted, could cause a denial of service (system crash).\n(CVE-2018-10881)\n\nShankara Pailoor discovered that the JFS filesystem implementation in the\nLinux kernel contained a buffer overflow when handling extended attributes.\nA local attacker could use this to cause a denial of service (system crash)\nor possibly execute arbitrary code. (CVE-2018-12233)\n\nWen Xu discovered that the XFS filesystem implementation in the Linux\nkernel did not properly handle an error condition with a corrupted xfs\nimage. An attacker could use this to construct a malicious xfs image that,\nwhen mounted, could cause a denial of service (system crash).\n(CVE-2018-13094)\n\nIt was discovered that the Linux kernel did not properly handle setgid file\ncreation when performed by a non-member of the group. A local attacker\ncould use this to gain elevated privileges. (CVE-2018-13405)\n\nSilvio Cesare discovered that the generic VESA frame buffer driver in the\nLinux kernel contained an integer overflow. A local attacker could use this\nto cause a denial of service (system crash) or possibly execute arbitrary\ncode. (CVE-2018-13406)\");\n script_tag(name:\"affected\", value:\"linux on Ubuntu 16.04 LTS\");\n script_tag(name:\"solution\", value:\"Please install the updated packages.\");\n\n script_xref(name:\"USN\", value:\"3753-1\");\n script_xref(name:\"URL\", value:\"http://www.ubuntu.com/usn/usn-3753-1/\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2018 Greenbone Networks GmbH\");\n script_family(\"Ubuntu Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/ubuntu_linux\", \"ssh/login/packages\", re:\"ssh/login/release=UBUNTU16\\.04 LTS\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nrelease = dpkg_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"UBUNTU16.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"linux-image-4.4.0-1032-kvm\", ver:\"4.4.0-1032.38\", rls:\"UBUNTU16.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-4.4.0-1066-aws\", ver:\"4.4.0-1066.76\", rls:\"UBUNTU16.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-4.4.0-1095-raspi2\", ver:\"4.4.0-1095.103\", rls:\"UBUNTU16.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-4.4.0-1099-snapdragon\", ver:\"4.4.0-1099.104\", rls:\"UBUNTU16.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-4.4.0-134-generic\", ver:\"4.4.0-134.160\", rls:\"UBUNTU16.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-4.4.0-134-generic-lpae\", ver:\"4.4.0-134.160\", rls:\"UBUNTU16.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-4.4.0-134-lowlatency\", ver:\"4.4.0-134.160\", rls:\"UBUNTU16.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-4.4.0-134-powerpc-e500mc\", ver:\"4.4.0-134.160\", rls:\"UBUNTU16.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-4.4.0-134-powerpc-smp\", ver:\"4.4.0-134.160\", rls:\"UBUNTU16.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-4.4.0-134-powerpc64-emb\", ver:\"4.4.0-134.160\", rls:\"UBUNTU16.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-4.4.0-134-powerpc64-smp\", ver:\"4.4.0-134.160\", rls:\"UBUNTU16.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-aws\", ver:\"4.4.0.1066.68\", rls:\"UBUNTU16.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-generic\", ver:\"4.4.0.134.140\", rls:\"UBUNTU16.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-generic-lpae\", ver:\"4.4.0.134.140\", rls:\"UBUNTU16.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-kvm\", ver:\"4.4.0.1032.31\", rls:\"UBUNTU16.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-lowlatency\", ver:\"4.4.0.134.140\", rls:\"UBUNTU16.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-powerpc-e500mc\", ver:\"4.4.0.134.140\", rls:\"UBUNTU16.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-powerpc-smp\", ver:\"4.4.0.134.140\", rls:\"UBUNTU16.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-powerpc64-emb\", ver:\"4.4.0.134.140\", rls:\"UBUNTU16.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-powerpc64-smp\", ver:\"4.4.0.134.140\", rls:\"UBUNTU16.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-raspi2\", ver:\"4.4.0.1095.95\", rls:\"UBUNTU16.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-snapdragon\", ver:\"4.4.0.1099.91\", rls:\"UBUNTU16.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-01-31T17:35:30", "bulletinFamily": "scanner", "cvelist": ["CVE-2018-10882", "CVE-2018-10877", "CVE-2018-10880", "CVE-2018-10878", "CVE-2018-10853", "CVE-2018-10881", "CVE-2018-3646", "CVE-2018-5391", "CVE-2018-3620", "CVE-2018-10883", "CVE-2018-10876", "CVE-2018-10879"], "description": "The remote host is missing an update for the ", "modified": "2020-01-31T00:00:00", "published": "2018-10-26T00:00:00", "id": "OPENVAS:1361412562310851952", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310851952", "type": "openvas", "title": "openSUSE: Security Advisory for kernel (openSUSE-SU-2018:2407-1)", "sourceData": "# Copyright (C) 2018 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) of their respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.851952\");\n script_version(\"2020-01-31T08:23:39+0000\");\n script_cve_id(\"CVE-2018-10853\", \"CVE-2018-10876\", \"CVE-2018-10877\", \"CVE-2018-10878\", \"CVE-2018-10879\", \"CVE-2018-10880\", \"CVE-2018-10881\", \"CVE-2018-10882\", \"CVE-2018-10883\", \"CVE-2018-3620\", \"CVE-2018-3646\", \"CVE-2018-5391\");\n script_tag(name:\"cvss_base\", value:\"7.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:C\");\n script_tag(name:\"last_modification\", value:\"2020-01-31 08:23:39 +0000 (Fri, 31 Jan 2020)\");\n script_tag(name:\"creation_date\", value:\"2018-10-26 06:21:47 +0200 (Fri, 26 Oct 2018)\");\n script_name(\"openSUSE: Security Advisory for kernel (openSUSE-SU-2018:2407-1)\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2018 Greenbone Networks GmbH\");\n script_family(\"SuSE Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/suse\", \"ssh/login/rpms\", re:\"ssh/login/release=openSUSELeap15\\.0\");\n\n script_xref(name:\"openSUSE-SU\", value:\"2018:2407-1\");\n script_xref(name:\"URL\", value:\"https://lists.opensuse.org/opensuse-security-announce/2018-08/msg00064.html\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'kernel'\n package(s) announced via the openSUSE-SU-2018:2407-1 advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"The openSUSE Leap 15.0 kernel was updated to receive various security and\n bugfixes.\n\n The following security bugs were fixed:\n\n - CVE-2018-10853: A flaw was found in KVM in which certain instructions\n such as sgdt/sidt call segmented_write_std doesn't propagate access\n correctly. As such, during userspace induced exception, the guest can\n incorrectly assume that the exception happened in the kernel and panic\n (bnc#1097104).\n\n - CVE-2018-10876: A flaw was found in the ext4 filesystem code. A\n use-after-free is possible in ext4_ext_remove_space() function when\n mounting and operating a crafted ext4 image. (bnc#1099811)\n\n - CVE-2018-10877: Linux kernel ext4 filesystem is vulnerable to an\n out-of-bound access in the ext4_ext_drop_refs() function when operating\n on a crafted ext4 filesystem image. (bnc#1099846)\n\n - CVE-2018-10878: A flaw was found in the ext4 filesystem. A local user\n can cause an out-of-bounds write and a denial of service or unspecified\n other impact is possible by mounting and operating a crafted ext4\n filesystem image. (bnc#1099813)\n\n - CVE-2018-10879: A flaw was found in the ext4 filesystem. A local user\n can cause a use-after-free in ext4_xattr_set_entry function and a denial\n of service or unspecified other impact may occur by renaming a file in a\n crafted ext4 filesystem image. (bnc#1099844)\n\n - CVE-2018-10880: Linux kernel is vulnerable to a stack-out-of-bounds\n write in the ext4 filesystem code when mounting and writing to a crafted\n ext4 image in ext4_update_inline_data(). An attacker could use this to\n cause a system crash and a denial of service. (bnc#1099845)\n\n - CVE-2018-10881: A flaw was found in the ext4 filesystem. A local user\n can cause an out-of-bound access in ext4_get_group_info function, a\n denial of service, and a system crash by mounting and operating on a\n crafted ext4 filesystem image. (bnc#1099864)\n\n - CVE-2018-10882: A flaw was found in the ext4 filesystem. A local user\n can cause an out-of-bound write in in fs/jbd2/transaction.c code, a\n denial of service, and a system crash by unmounting a crafted ext4\n filesystem image. (bnc#1099849)\n\n - CVE-2018-10883: A flaw was found in the ext4 filesystem. A local user\n can cause an out-of-bounds write in jbd2_journal_dirty_metadata(), a\n denial of service, and a system crash by mounting and operating on a\n crafted ext4 filesystem image. (bnc#1099863)\n\n - CVE-2018-3620: Systems with microprocessors utilizing speculative\n execution and address translations may allow unauthorized disclosure of\n information residing in the L1 data cache to an attacker with local user\n access ...\n\n Description truncated, please see the referenced URL(s) for more information.\");\n\n script_tag(name:\"affected\", value:\"the on openSUSE Leap 15.0.\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"openSUSELeap15.0\") {\n if(!isnull(res = isrpmvuln(pkg:\"kernel-debug\", rpm:\"kernel-debug~4.12.14~lp150.12.16.1\", rls:\"openSUSELeap15.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-debug-base\", rpm:\"kernel-debug-base~4.12.14~lp150.12.16.1\", rls:\"openSUSELeap15.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-debug-base-debuginfo\", rpm:\"kernel-debug-base-debuginfo~4.12.14~lp150.12.16.1\", rls:\"openSUSELeap15.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-debug-debuginfo\", rpm:\"kernel-debug-debuginfo~4.12.14~lp150.12.16.1\", rls:\"openSUSELeap15.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-debug-debugsource\", rpm:\"kernel-debug-debugsource~4.12.14~lp150.12.16.1\", rls:\"openSUSELeap15.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-debug-devel\", rpm:\"kernel-debug-devel~4.12.14~lp150.12.16.1\", rls:\"openSUSELeap15.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-debug-devel-debuginfo\", rpm:\"kernel-debug-devel-debuginfo~4.12.14~lp150.12.16.1\", rls:\"openSUSELeap15.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-default\", rpm:\"kernel-default~4.12.14~lp150.12.16.1\", rls:\"openSUSELeap15.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-default-base\", rpm:\"kernel-default-base~4.12.14~lp150.12.16.1\", rls:\"openSUSELeap15.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-default-base-debuginfo\", rpm:\"kernel-default-base-debuginfo~4.12.14~lp150.12.16.1\", rls:\"openSUSELeap15.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-default-debuginfo\", rpm:\"kernel-default-debuginfo~4.12.14~lp150.12.16.1\", rls:\"openSUSELeap15.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-default-debugsource\", rpm:\"kernel-default-debugsource~4.12.14~lp150.12.16.1\", rls:\"openSUSELeap15.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-default-devel\", rpm:\"kernel-default-devel~4.12.14~lp150.12.16.1\", rls:\"openSUSELeap15.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-default-devel-debuginfo\", rpm:\"kernel-default-devel-debuginfo~4.12.14~lp150.12.16.1\", rls:\"openSUSELeap15.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-kvmsmall\", rpm:\"kernel-kvmsmall~4.12.14~lp150.12.16.1\", rls:\"openSUSELeap15.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-kvmsmall-base\", rpm:\"kernel-kvmsmall-base~4.12.14~lp150.12.16.1\", rls:\"openSUSELeap15.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-kvmsmall-base-debuginfo\", rpm:\"kernel-kvmsmall-base-debuginfo~4.12.14~lp150.12.16.1\", rls:\"openSUSELeap15.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-kvmsmall-debuginfo\", rpm:\"kernel-kvmsmall-debuginfo~4.12.14~lp150.12.16.1\", rls:\"openSUSELeap15.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-kvmsmall-debugsource\", rpm:\"kernel-kvmsmall-debugsource~4.12.14~lp150.12.16.1\", rls:\"openSUSELeap15.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-kvmsmall-devel\", rpm:\"kernel-kvmsmall-devel~4.12.14~lp150.12.16.1\", rls:\"openSUSELeap15.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-kvmsmall-devel-debuginfo\", rpm:\"kernel-kvmsmall-devel-debuginfo~4.12.14~lp150.12.16.1\", rls:\"openSUSELeap15.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-obs-build\", rpm:\"kernel-obs-build~4.12.14~lp150.12.16.1\", rls:\"openSUSELeap15.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-obs-build-debugsource\", rpm:\"kernel-obs-build-debugsource~4.12.14~lp150.12.16.1\", rls:\"openSUSELeap15.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-obs-qa\", rpm:\"kernel-obs-qa~4.12.14~lp150.12.16.1\", rls:\"openSUSELeap15.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-syms\", rpm:\"kernel-syms~4.12.14~lp150.12.16.1\", rls:\"openSUSELeap15.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-vanilla\", rpm:\"kernel-vanilla~4.12.14~lp150.12.16.1\", rls:\"openSUSELeap15.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-vanilla-base\", rpm:\"kernel-vanilla-base~4.12.14~lp150.12.16.1\", rls:\"openSUSELeap15.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-vanilla-base-debuginfo\", rpm:\"kernel-vanilla-base-debuginfo~4.12.14~lp150.12.16.1\", rls:\"openSUSELeap15.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-vanilla-debuginfo\", rpm:\"kernel-vanilla-debuginfo~4.12.14~lp150.12.16.1\", rls:\"openSUSELeap15.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-vanilla-debugsource\", rpm:\"kernel-vanilla-debugsource~4.12.14~lp150.12.16.1\", rls:\"openSUSELeap15.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-vanilla-devel\", rpm:\"kernel-vanilla-devel~4.12.14~lp150.12.16.1\", rls:\"openSUSELeap15.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-vanilla-devel-debuginfo\", rpm:\"kernel-vanilla-devel-debuginfo~4.12.14~lp150.12.16.1\", rls:\"openSUSELeap15.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-devel\", rpm:\"kernel-devel~4.12.14~lp150.12.16.1\", rls:\"openSUSELeap15.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-docs\", rpm:\"kernel-docs~4.12.14~lp150.12.16.1\", rls:\"openSUSELeap15.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-docs-html\", rpm:\"kernel-docs-html~4.12.14~lp150.12.16.1\", rls:\"openSUSELeap15.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-macros\", rpm:\"kernel-macros~4.12.14~lp150.12.16.1\", rls:\"openSUSELeap15.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-source\", rpm:\"kernel-source~4.12.14~lp150.12.16.1\", rls:\"openSUSELeap15.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-source-vanilla\", rpm:\"kernel-source-vanilla~4.12.14~lp150.12.16.1\", rls:\"openSUSELeap15.0\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if(__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);\n", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2019-05-29T18:32:22", "bulletinFamily": "scanner", "cvelist": ["CVE-2018-10882", "CVE-2018-10877", "CVE-2018-10880", "CVE-2018-10878", "CVE-2018-16882", "CVE-2018-14625", "CVE-2018-18281", "CVE-2018-10883", "CVE-2018-17972", "CVE-2018-19407", "CVE-2018-9516", "CVE-2018-10876", "CVE-2018-10879"], "description": "The remote host is missing an update for\n the ", "modified": "2019-03-18T00:00:00", "published": "2019-02-08T00:00:00", "id": "OPENVAS:1361412562310843904", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310843904", "type": "openvas", "title": "Ubuntu Update for linux-azure USN-3871-5", "sourceData": "# Copyright (C) 2019 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) the respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.843904\");\n script_version(\"$Revision: 14288 $\");\n script_cve_id(\"CVE-2018-10876\", \"CVE-2018-10879\", \"CVE-2018-10877\", \"CVE-2018-10878\",\n \"CVE-2018-10882\", \"CVE-2018-10880\", \"CVE-2018-10883\", \"CVE-2018-14625\",\n \"CVE-2018-16882\", \"CVE-2018-17972\", \"CVE-2018-18281\", \"CVE-2018-19407\",\n \"CVE-2018-9516\");\n script_tag(name:\"cvss_base\", value:\"7.2\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-18 17:34:17 +0100 (Mon, 18 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2019-02-08 04:05:18 +0100 (Fri, 08 Feb 2019)\");\n script_name(\"Ubuntu Update for linux-azure USN-3871-5\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2019 Greenbone Networks GmbH\");\n script_family(\"Ubuntu Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/ubuntu_linux\", \"ssh/login/packages\", re:\"ssh/login/release=UBUNTU(14\\.04 LTS|18\\.04 LTS|16\\.04 LTS)\");\n\n script_xref(name:\"USN\", value:\"3871-5\");\n script_xref(name:\"URL\", value:\"http://www.ubuntu.com/usn/usn-3871-5/\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for\n the 'linux-azure' package(s) announced via the USN-3871-5 advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version\n is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"Wen Xu discovered that a use-after-free\nvulnerability existed in the ext4 filesystem implementation in the Linux kernel.\nAn attacker could use this to construct a malicious ext4 image that, when mounted,\ncould cause a denial of service (system crash) or possibly execute arbitrary code.\n(CVE-2018-10876, CVE-2018-10879)\n\nWen Xu discovered that a buffer overflow existed in the ext4 filesystem\nimplementation in the Linux kernel. An attacker could use this to construct\na malicious ext4 image that, when mounted, could cause a denial of service\n(system crash) or possibly execute arbitrary code. (CVE-2018-10877)\n\nWen Xu discovered that an out-of-bounds write vulnerability existed in the\next4 filesystem implementation in the Linux kernel. An attacker could use\nthis to construct a malicious ext4 image that, when mounted, could cause a\ndenial of service (system crash) or possibly execute arbitrary code.\n(CVE-2018-10878, CVE-2018-10882)\n\nWen Xu discovered that the ext4 filesystem implementation in the Linux\nkernel did not properly ensure that xattr information remained in inode\nbodies. An attacker could use this to construct a malicious ext4 image\nthat, when mounted, could cause a denial of service (system crash).\n(CVE-2018-10880)\n\nWen Xu discovered that the ext4 file system implementation in the Linux\nkernel could possibly perform an out of bounds write when updating the\njournal for an inline file. An attacker could use this to construct a\nmalicious ext4 image that, when mounted, could cause a denial of service\n(system crash). (CVE-2018-10883)\n\nIt was discovered that a race condition existed in the vsock address family\nimplementation of the Linux kernel that could lead to a use-after-free\ncondition. A local attacker in a guest virtual machine could use this to\nexpose sensitive information (host machine kernel memory). (CVE-2018-14625)\n\nCfir Cohen discovered that a use-after-free vulnerability existed in the\nKVM implementation of the Linux kernel, when handling interrupts in\nenvironments where nested virtualization is in use (nested KVM\nvirtualization is not enabled by default in Ubuntu kernels). A local\nattacker in a guest VM could possibly use this to gain administrative\nprivileges in a host machine. (CVE-2018-16882)\n\nJann Horn discovered that the procfs file system implementation in the\nLinux kernel did not properly restrict the ability to inspect the kernel\nstack of an arbitrary task. A local attacker could use this to expose\nsensitive information. (CVE-2018-17972)\n\nJann Horn discovered that the mremap() system call in the Linux kernel did\nnot properl ...\n\n Description truncated, please see the referenced URL(s) for more information.\");\n\n script_tag(name:\"affected\", value:\"linux-azure on Ubuntu 18.04 LTS,\n Ubuntu 16.04 LTS,\n Ubuntu 14.04 LTS.\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nrelease = dpkg_get_ssh_release();\nif(!release) exit(0);\n\nres = \"\";\n\nif(release == \"UBUNTU14.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"linux-image-4.15.0-1037-azure\", ver:\"4.15.0-1037.39~14.04.2\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-azure\", ver:\"4.15.0.1037.24\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n\n\nif(release == \"UBUNTU18.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"linux-image-4.15.0-1037-azure\", ver:\"4.15.0-1037.39\", rls:\"UBUNTU18.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-azure\", ver:\"4.15.0.1037.37\", rls:\"UBUNTU18.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n\n\nif(release == \"UBUNTU16.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"linux-image-4.15.0-1037-azure\", ver:\"4.15.0-1037.39~16.04.1\", rls:\"UBUNTU16.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-azure\", ver:\"4.15.0.1037.42\", rls:\"UBUNTU16.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-05-29T18:32:22", "bulletinFamily": "scanner", "cvelist": ["CVE-2018-10882", "CVE-2018-10877", "CVE-2018-10880", "CVE-2018-10878", "CVE-2018-16882", "CVE-2018-14625", "CVE-2018-18281", "CVE-2018-10883", "CVE-2018-17972", "CVE-2018-19407", "CVE-2018-9516", "CVE-2018-10876", "CVE-2018-10879"], "description": "The remote host is missing an update for the ", "modified": "2019-03-18T00:00:00", "published": "2019-01-30T00:00:00", "id": "OPENVAS:1361412562310843884", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310843884", "type": "openvas", "title": "Ubuntu Update for linux USN-3871-1", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_ubuntu_USN_3871_1.nasl 14288 2019-03-18 16:34:17Z cfischer $\n#\n# Ubuntu Update for linux USN-3871-1\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2019 Greenbone Networks GmbH, http://www.greenbone.net\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.843884\");\n script_version(\"$Revision: 14288 $\");\n script_cve_id(\"CVE-2018-10876\", \"CVE-2018-10879\", \"CVE-2018-10877\", \"CVE-2018-10878\",\n \"CVE-2018-10882\", \"CVE-2018-10880\", \"CVE-2018-10883\", \"CVE-2018-14625\",\n \"CVE-2018-16882\", \"CVE-2018-17972\", \"CVE-2018-18281\", \"CVE-2018-19407\",\n \"CVE-2018-9516\");\n script_tag(name:\"cvss_base\", value:\"7.2\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-18 17:34:17 +0100 (Mon, 18 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2019-01-30 04:02:08 +0100 (Wed, 30 Jan 2019)\");\n script_name(\"Ubuntu Update for linux USN-3871-1\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2019 Greenbone Networks GmbH\");\n script_family(\"Ubuntu Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/ubuntu_linux\", \"ssh/login/packages\", re:\"ssh/login/release=UBUNTU18\\.04 LTS\");\n\n script_xref(name:\"USN\", value:\"3871-1\");\n script_xref(name:\"URL\", value:\"http://www.ubuntu.com/usn/usn-3871-1/\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'linux'\n package(s) announced via the USN-3871-1 advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"Wen Xu discovered that a use-after-free\nvulnerability existed in the ext4 filesystem implementation in the Linux kernel.\nAn attacker could use this to construct a malicious ext4 image that, when mounted,\ncould cause a denial of service (system crash) or possibly execute arbitrary code.\n(CVE-2018-10876, CVE-2018-10879)\n\nWen Xu discovered that a buffer overflow existed in the ext4 filesystem\nimplementation in the Linux kernel. An attacker could use this to construct\na malicious ext4 image that, when mounted, could cause a denial of service\n(system crash) or possibly execute arbitrary code. (CVE-2018-10877)\n\nWen Xu discovered that an out-of-bounds write vulnerability existed in the\next4 filesystem implementation in the Linux kernel. An attacker could use\nthis to construct a malicious ext4 image that, when mounted, could cause a\ndenial of service (system crash) or possibly execute arbitrary code.\n(CVE-2018-10878, CVE-2018-10882)\n\nWen Xu discovered that the ext4 filesystem implementation in the Linux\nkernel did not properly ensure that xattr information remained in inode\nbodies. An attacker could use this to construct a malicious ext4 image\nthat, when mounted, could cause a denial of service (system crash).\n(CVE-2018-10880)\n\nWen Xu discovered that the ext4 file system implementation in the Linux\nkernel could possibly perform an out of bounds write when updating the\njournal for an inline file. An attacker could use this to construct a\nmalicious ext4 image that, when mounted, could cause a denial of service\n(system crash). (CVE-2018-10883)\n\nIt was discovered that a race condition existed in the vsock address family\nimplementation of the Linux kernel that could lead to a use-after-free\ncondition. A local attacker in a guest virtual machine could use this to\nexpose sensitive information (host machine kernel memory). (CVE-2018-14625)\n\nCfir Cohen discovered that a use-after-free vulnerability existed in the\nKVM implementation of the Linux kernel, when handling interrupts in\nenvironments where nested virtualization is in use (nested KVM\nvirtualization is not enabled by default in Ubuntu kernels). A local\nattacker in a guest VM could possibly use this to gain administrative\nprivileges in a host machine. (CVE-2018-16882)\n\nJann Horn discovered that the procfs file system implementation in the\nLinux kernel did not properly restrict the ability to inspect the kernel\nstack of an arbitrary task. A local attacker could use this to expose\nsensitive information. (CVE-2018-17972)\n\nJann Horn discovered that the mremap() system call in the Linux kernel did\nnot properly flush the TLB when completing, potentially lea ...\n\n Description truncated, please see the referenced URL(s) for more information.\");\n\n script_tag(name:\"affected\", value:\"linux on Ubuntu 18.04 LTS.\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nrelease = dpkg_get_ssh_release();\nif(!release) exit(0);\n\nres = \"\";\n\nif(release == \"UBUNTU18.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"linux-image-4.15.0-44-generic\", ver:\"4.15.0-44.47\", rls:\"UBUNTU18.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-4.15.0-44-generic-lpae\", ver:\"4.15.0-44.47\", rls:\"UBUNTU18.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-4.15.0-44-lowlatency\", ver:\"4.15.0-44.47\", rls:\"UBUNTU18.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-4.15.0-44-snapdragon\", ver:\"4.15.0-44.47\", rls:\"UBUNTU18.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-generic\", ver:\"4.15.0.44.46\", rls:\"UBUNTU18.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-generic-lpae\", ver:\"4.15.0.44.46\", rls:\"UBUNTU18.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-lowlatency\", ver:\"4.15.0.44.46\", rls:\"UBUNTU18.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-snapdragon\", ver:\"4.15.0.44.46\", rls:\"UBUNTU18.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-05-29T18:32:22", "bulletinFamily": "scanner", "cvelist": ["CVE-2018-10882", "CVE-2018-10877", "CVE-2018-10880", "CVE-2018-10878", "CVE-2018-16882", "CVE-2018-14625", "CVE-2018-18281", "CVE-2018-10883", "CVE-2018-17972", "CVE-2018-19407", "CVE-2018-9516", "CVE-2018-10876", "CVE-2018-10879"], "description": "The remote host is missing an update for the ", "modified": "2019-03-18T00:00:00", "published": "2019-02-05T00:00:00", "id": "OPENVAS:1361412562310843891", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310843891", "type": "openvas", "title": "Ubuntu Update for linux-aws USN-3871-3", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_ubuntu_USN_3871_3.nasl 14288 2019-03-18 16:34:17Z cfischer $\n#\n# Ubuntu Update for linux-aws USN-3871-3\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2019 Greenbone Networks GmbH, http://www.greenbone.net\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.843891\");\n script_version(\"$Revision: 14288 $\");\n script_cve_id(\"CVE-2018-10876\", \"CVE-2018-10879\", \"CVE-2018-10877\", \"CVE-2018-10878\",\n \"CVE-2018-10882\", \"CVE-2018-10880\", \"CVE-2018-10883\", \"CVE-2018-14625\",\n \"CVE-2018-16882\", \"CVE-2018-17972\", \"CVE-2018-18281\", \"CVE-2018-19407\",\n \"CVE-2018-9516\");\n script_tag(name:\"cvss_base\", value:\"7.2\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-18 17:34:17 +0100 (Mon, 18 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2019-02-05 04:02:58 +0100 (Tue, 05 Feb 2019)\");\n script_name(\"Ubuntu Update for linux-aws USN-3871-3\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2019 Greenbone Networks GmbH\");\n script_family(\"Ubuntu Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/ubuntu_linux\", \"ssh/login/packages\", re:\"ssh/login/release=UBUNTU18\\.04 LTS\");\n\n script_xref(name:\"USN\", value:\"3871-3\");\n script_xref(name:\"URL\", value:\"http://www.ubuntu.com/usn/usn-3871-3/\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'linux-aws'\n package(s) announced via the USN-3871-3 advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"Wen Xu discovered that a use-after-free vulnerability existed in the ext4\nfilesystem implementation in the Linux kernel. An attacker could use this\nto construct a malicious ext4 image that, when mounted, could cause a\ndenial of service (system crash) or possibly execute arbitrary code.\n(CVE-2018-10876, CVE-2018-10879)\n\nWen Xu discovered that a buffer overflow existed in the ext4 filesystem\nimplementation in the Linux kernel. An attacker could use this to construct\na malicious ext4 image that, when mounted, could cause a denial of service\n(system crash) or possibly execute arbitrary code. (CVE-2018-10877)\n\nWen Xu discovered that an out-of-bounds write vulnerability existed in the\next4 filesystem implementation in the Linux kernel. An attacker could use\nthis to construct a malicious ext4 image that, when mounted, could cause a\ndenial of service (system crash) or possibly execute arbitrary code.\n(CVE-2018-10878, CVE-2018-10882)\n\nWen Xu discovered that the ext4 filesystem implementation in the Linux\nkernel did not properly ensure that xattr information remained in inode\nbodies. An attacker could use this to construct a malicious ext4 image\nthat, when mounted, could cause a denial of service (system crash).\n(CVE-2018-10880)\n\nWen Xu discovered that the ext4 file system implementation in the Linux\nkernel could possibly perform an out of bounds write when updating the\njournal for an inline file. An attacker could use this to construct a\nmalicious ext4 image that, when mounted, could cause a denial of service\n(system crash). (CVE-2018-10883)\n\nIt was discovered that a race condition existed in the vsock address family\nimplementation of the Linux kernel that could lead to a use-after-free\ncondition. A local attacker in a guest virtual machine could use this to\nexpose sensitive information (host machine kernel memory). (CVE-2018-14625)\n\nCfir Cohen discovered that a use-after-free vulnerability existed in the\nKVM implementation of the Linux kernel, when handling interrupts in\nenvironments where nested virtualization is in use (nested KVM\nvirtualization is not enabled by default in Ubuntu kernels). A local\nattacker in a guest VM could possibly use this to gain administrative\nprivileges in a host machine. (CVE-2018-16882)\n\nJann Horn discovered that the procfs file system implementation in the\nLinux kernel did not properly restrict the ability to inspect the kernel\nstack of an arbitrary task. A local attacker could use this to expose\nsensitive information. (CVE-2018-17972)\n\nJann Horn discovered that the mremap() system call in the Linux kernel did\nnot properly flush the TLB when completing, potentially ...\n\n Description truncated, please see the referenced URL(s) for more information.\");\n\n script_tag(name:\"affected\", value:\"linux-aws on Ubuntu 18.04 LTS.\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nrelease = dpkg_get_ssh_release();\nif(!release) exit(0);\n\nres = \"\";\n\nif(release == \"UBUNTU18.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"linux-image-4.15.0-1027-gcp\", ver:\"4.15.0-1027.28\", rls:\"UBUNTU18.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-4.15.0-1029-kvm\", ver:\"4.15.0-1029.29\", rls:\"UBUNTU18.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-4.15.0-1031-raspi2\", ver:\"4.15.0-1031.33\", rls:\"UBUNTU18.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-4.15.0-1032-aws\", ver:\"4.15.0-1032.34\", rls:\"UBUNTU18.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-4.15.0-1033-oem\", ver:\"4.15.0-1033.38\", rls:\"UBUNTU18.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-aws\", ver:\"4.15.0.1032.31\", rls:\"UBUNTU18.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-gcp\", ver:\"4.15.0.1027.29\", rls:\"UBUNTU18.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-gke\", ver:\"4.15.0.1027.29\", rls:\"UBUNTU18.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-kvm\", ver:\"4.15.0.1029.29\", rls:\"UBUNTU18.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-oem\", ver:\"4.15.0.1033.38\", rls:\"UBUNTU18.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-raspi2\", ver:\"4.15.0.1031.29\", rls:\"UBUNTU18.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-05-29T18:32:24", "bulletinFamily": "scanner", "cvelist": ["CVE-2018-10882", "CVE-2018-10877", "CVE-2018-10880", "CVE-2018-10878", "CVE-2018-16882", "CVE-2018-14625", "CVE-2018-18281", "CVE-2018-10883", "CVE-2018-17972", "CVE-2018-19407", "CVE-2018-9516", "CVE-2018-10876", "CVE-2018-10879"], "description": "The remote host is missing an update for the ", "modified": "2019-03-18T00:00:00", "published": "2019-02-05T00:00:00", "id": "OPENVAS:1361412562310843892", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310843892", "type": "openvas", "title": "Ubuntu Update for linux-aws-hwe USN-3871-4", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_ubuntu_USN_3871_4.nasl 14288 2019-03-18 16:34:17Z cfischer $\n#\n# Ubuntu Update for linux-aws-hwe USN-3871-4\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2019 Greenbone Networks GmbH, http://www.greenbone.net\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.843892\");\n script_version(\"$Revision: 14288 $\");\n script_cve_id(\"CVE-2018-10876\", \"CVE-2018-10879\", \"CVE-2018-10877\", \"CVE-2018-10878\",\n \"CVE-2018-10882\", \"CVE-2018-10880\", \"CVE-2018-10883\", \"CVE-2018-14625\",\n \"CVE-2018-16882\", \"CVE-2018-17972\", \"CVE-2018-18281\", \"CVE-2018-19407\",\n \"CVE-2018-9516\");\n script_tag(name:\"cvss_base\", value:\"7.2\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-18 17:34:17 +0100 (Mon, 18 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2019-02-05 04:03:33 +0100 (Tue, 05 Feb 2019)\");\n script_name(\"Ubuntu Update for linux-aws-hwe USN-3871-4\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2019 Greenbone Networks GmbH\");\n script_family(\"Ubuntu Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/ubuntu_linux\", \"ssh/login/packages\", re:\"ssh/login/release=UBUNTU16\\.04 LTS\");\n\n script_xref(name:\"USN\", value:\"3871-4\");\n script_xref(name:\"URL\", value:\"http://www.ubuntu.com/usn/usn-3871-4/\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'linux-aws-hwe'\n package(s) announced via the USN-3871-4 advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"USN-3871-1 fixed vulnerabilities in the Linux kernel for Ubuntu 18.04\nLTS. This update provides the corresponding updates for the Linux\nHardware Enablement (HWE) kernel from Ubuntu 18.04 LTS for Ubuntu\n16.04 LTS.\n\nWen Xu discovered that a use-after-free vulnerability existed in the ext4\nfilesystem implementation in the Linux kernel. An attacker could use this\nto construct a malicious ext4 image that, when mounted, could cause a\ndenial of service (system crash) or possibly execute arbitrary code.\n(CVE-2018-10876, CVE-2018-10879)\n\nWen Xu discovered that a buffer overflow existed in the ext4 filesystem\nimplementation in the Linux kernel. An attacker could use this to construct\na malicious ext4 image that, when mounted, could cause a denial of service\n(system crash) or possibly execute arbitrary code. (CVE-2018-10877)\n\nWen Xu discovered that an out-of-bounds write vulnerability existed in the\next4 filesystem implementation in the Linux kernel. An attacker could use\nthis to construct a malicious ext4 image that, when mounted, could cause a\ndenial of service (system crash) or possibly execute arbitrary code.\n(CVE-2018-10878, CVE-2018-10882)\n\nWen Xu discovered that the ext4 filesystem implementation in the Linux\nkernel did not properly ensure that xattr information remained in inode\nbodies. An attacker could use this to construct a malicious ext4 image\nthat, when mounted, could cause a denial of service (system crash).\n(CVE-2018-10880)\n\nWen Xu discovered that the ext4 file system implementation in the Linux\nkernel could possibly perform an out of bounds write when updating the\njournal for an inline file. An attacker could use this to construct a\nmalicious ext4 image that, when mounted, could cause a denial of service\n(system crash). (CVE-2018-10883)\n\nIt was discovered that a race condition existed in the vsock address family\nimplementation of the Linux kernel that could lead to a use-after-free\ncondition. A local attacker in a guest virtual machine could use this to\nexpose sensitive information (host machine kernel memory). (CVE-2018-14625)\n\nCfir Cohen discovered that a use-after-free vulnerability existed in the\nKVM implementation of the Linux kernel, when handling interrupts in\nenvironments where nested virtualization is in use (nested KVM\nvirtualization is not enabled by default in Ubuntu kernels). A local\nattacker in a guest VM could possibly use this to gain administrative\nprivileges in a host machine. (CVE-2018-16882)\n\nJann Horn discovered that the procfs file system implementation in the\nLinux kernel did not properly restrict the ability to inspect the kernel\nstack of an arbitrary t ...\n\n Description truncated, please see the referenced URL(s) for more information.\");\n\n script_tag(name:\"affected\", value:\"linux-aws-hwe on Ubuntu 16.04 LTS.\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nrelease = dpkg_get_ssh_release();\nif(!release) exit(0);\n\nres = \"\";\n\nif(release == \"UBUNTU16.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"linux-image-4.15.0-1027-gcp\", ver:\"4.15.0-1027.28~16.04.1\", rls:\"UBUNTU16.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-4.15.0-1032-aws\", ver:\"4.15.0-1032.34~16.04.1\", rls:\"UBUNTU16.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-4.15.0-45-generic\", ver:\"4.15.0-45.48~16.04.1\", rls:\"UBUNTU16.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-4.15.0-45-generic-lpae\", ver:\"4.15.0-45.48~16.04.1\", rls:\"UBUNTU16.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-4.15.0-45-lowlatency\", ver:\"4.15.0-45.48~16.04.1\", rls:\"UBUNTU16.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-aws-hwe\", ver:\"4.15.0.1032.33\", rls:\"UBUNTU16.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-gcp\", ver:\"4.15.0.1027.41\", rls:\"UBUNTU16.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-generic-hwe-16.04\", ver:\"4.15.0.45.66\", rls:\"UBUNTU16.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-generic-lpae-hwe-16.04\", ver:\"4.15.0.45.66\", rls:\"UBUNTU16.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-gke\", ver:\"4.15.0.1027.41\", rls:\"UBUNTU16.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-lowlatency-hwe-16.04\", ver:\"4.15.0.45.66\", rls:\"UBUNTU16.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-oem\", ver:\"4.15.0.45.66\", rls:\"UBUNTU16.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-virtual-hwe-16.04\", ver:\"4.15.0.45.66\", rls:\"UBUNTU16.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-05-29T18:32:23", "bulletinFamily": "scanner", "cvelist": ["CVE-2018-10882", "CVE-2018-10877", "CVE-2018-10880", "CVE-2018-10878", "CVE-2018-16882", "CVE-2018-14625", "CVE-2018-18281", "CVE-2018-10883", "CVE-2018-17972", "CVE-2018-19407", "CVE-2018-9516", "CVE-2018-10876", "CVE-2018-10879"], "description": "The remote host is missing an update for\n the ", "modified": "2019-03-18T00:00:00", "published": "2019-02-05T00:00:00", "id": "OPENVAS:1361412562310843897", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310843897", "type": "openvas", "title": "Ubuntu Update for linux USN-3871-2", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_ubuntu_USN_3871_2.nasl 14288 2019-03-18 16:34:17Z cfischer $\n#\n# Ubuntu Update for linux USN-3871-2\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2019 Greenbone Networks GmbH, http://www.greenbone.net\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.843897\");\n script_version(\"$Revision: 14288 $\");\n script_cve_id(\"CVE-2018-10876\", \"CVE-2018-10879\", \"CVE-2018-10877\", \"CVE-2018-10878\",\n \"CVE-2018-10882\", \"CVE-2018-10880\", \"CVE-2018-10883\", \"CVE-2018-14625\",\n \"CVE-2018-16882\", \"CVE-2018-17972\", \"CVE-2018-18281\", \"CVE-2018-19407\",\n \"CVE-2018-9516\");\n script_tag(name:\"cvss_base\", value:\"7.2\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-18 17:34:17 +0100 (Mon, 18 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2019-02-05 04:04:54 +0100 (Tue, 05 Feb 2019)\");\n script_name(\"Ubuntu Update for linux USN-3871-2\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2019 Greenbone Networks GmbH\");\n script_family(\"Ubuntu Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/ubuntu_linux\", \"ssh/login/packages\", re:\"ssh/login/release=UBUNTU18\\.04 LTS\");\n\n script_xref(name:\"USN\", value:\"3871-2\");\n script_xref(name:\"URL\", value:\"http://www.ubuntu.com/usn/usn-3871-2/\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for\n the 'linux' package(s) announced via the USN-3871-2 advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version\n is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"USN-3871-1 fixed vulnerabilities in the\nLinux kernel for Ubuntu 18.04 LTS. Unfortunately, that update introduced\nregressions with docking station displays and mounting ext4 file systems with\nthe meta_bg option enabled. This update fixes the problems.\n\nWe apologize for the inconvenience.\n\nOriginal advisory details:\n\nWen Xu discovered that a use-after-free vulnerability existed in the ext4\nfilesystem implementation in the Linux kernel. An attacker could use this\nto construct a malicious ext4 image that, when mounted, could cause a\ndenial of service (system crash) or possibly execute arbitrary code.\n(CVE-2018-10876, CVE-2018-10879)\n\nWen Xu discovered that a buffer overflow existed in the ext4 filesystem\nimplementation in the Linux kernel. An attacker could use this to construct\na malicious ext4 image that, when mounted, could cause a denial of service\n(system crash) or possibly execute arbitrary code. (CVE-2018-10877)\n\nWen Xu discovered that an out-of-bounds write vulnerability existed in the\next4 filesystem implementation in the Linux kernel. An attacker could use\nthis to construct a malicious ext4 image that, when mounted, could cause a\ndenial of service (system crash) or possibly execute arbitrary code.\n(CVE-2018-10878, CVE-2018-10882)\n\nWen Xu discovered that the ext4 filesystem implementation in the Linux\nkernel did not properly ensure that xattr information remained in inode\nbodies. An attacker could use this to construct a malicious ext4 image\nthat, when mounted, could cause a denial of service (system crash).\n(CVE-2018-10880)\n\nWen Xu discovered that the ext4 file system implementation in the Linux\nkernel could possibly perform an out of bounds write when updating the\njournal for an inline file. An attacker could use this to construct a\nmalicious ext4 image that, when mounted, could cause a denial of service\n(system crash). (CVE-2018-10883)\n\nIt was discovered that a race condition existed in the vsock address family\nimplementation of the Linux kernel that could lead to a use-after-free\ncondition. A local attacker in a guest virtual machine could use this to\nexpose sensitive information (host machine kernel memory). (CVE-2018-14625)\n\nCfir Cohen discovered that a use-after-free vulnerability existed in the\nKVM implementation of the Linux kernel, when handling interrupts in\nenvironments where nested virtualization is in use (nested KVM\nvirtualization is not enabled by default in Ubuntu kernels). A local\nattacker in a guest VM could possibly use this to gain administrative\nprivileges in a host machine. (CVE-2018-16882)\n\nJann Horn discovered that the procfs file system implementation in the\nL ...\n\n Description truncated, please see the referenced URL(s) for more information.\");\n\n script_tag(name:\"affected\", value:\"linux on Ubuntu 18.04 LTS.\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nrelease = dpkg_get_ssh_release();\nif(!release) exit(0);\n\nres = \"\";\n\nif(release == \"UBUNTU18.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"linux-image-4.15.0-45-generic\", ver:\"4.15.0-45.48\", rls:\"UBUNTU18.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-4.15.0-45-generic-lpae\", ver:\"4.15.0-45.48\", rls:\"UBUNTU18.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-4.15.0-45-lowlatency\", ver:\"4.15.0-45.48\", rls:\"UBUNTU18.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-4.15.0-45-snapdragon\", ver:\"4.15.0-45.48\", rls:\"UBUNTU18.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-generic\", ver:\"4.15.0.45.47\", rls:\"UBUNTU18.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-generic-lpae\", ver:\"4.15.0.45.47\", rls:\"UBUNTU18.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-lowlatency\", ver:\"4.15.0.45.47\", rls:\"UBUNTU18.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-snapdragon\", ver:\"4.15.0.45.47\", rls:\"UBUNTU18.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}], "ubuntu": [{"lastseen": "2020-07-18T01:45:47", "bulletinFamily": "unix", "cvelist": ["CVE-2018-10882", "CVE-2018-10877", "CVE-2018-10878", "CVE-2018-13405", "CVE-2018-13406", "CVE-2018-10881", "CVE-2018-12233", "CVE-2017-13168", "CVE-2018-10876", "CVE-2018-10879", "CVE-2018-13094"], "description": "It was discovered that the generic SCSI driver in the Linux kernel did not \nproperly enforce permissions on kernel memory access. A local attacker \ncould use this to expose sensitive information or possibly elevate \nprivileges. (CVE-2017-13168)\n\nWen Xu discovered that a use-after-free vulnerability existed in the ext4 \nfilesystem implementation in the Linux kernel. An attacker could use this \nto construct a malicious ext4 image that, when mounted, could cause a \ndenial of service (system crash) or possibly execute arbitrary code. \n(CVE-2018-10876, CVE-2018-10879)\n\nWen Xu discovered that a buffer overflow existed in the ext4 filesystem \nimplementation in the Linux kernel. An attacker could use this to construct \na malicious ext4 image that, when mounted, could cause a denial of service \n(system crash) or possibly execute arbitrary code. (CVE-2018-10877)\n\nWen Xu discovered that an out-of-bounds write vulnerability existed in the \next4 filesystem implementation in the Linux kernel. An attacker could use \nthis to construct a malicious ext4 image that, when mounted, could cause a \ndenial of service (system crash) or possibly execute arbitrary code. \n(CVE-2018-10878, CVE-2018-10882)\n\nWen Xu discovered that the ext4 filesystem implementation in the Linux \nkernel did not properly keep meta-data information consistent in some \nsituations. An attacker could use this to construct a malicious ext4 image \nthat, when mounted, could cause a denial of service (system crash). \n(CVE-2018-10881)\n\nShankara Pailoor discovered that the JFS filesystem implementation in the \nLinux kernel contained a buffer overflow when handling extended attributes. \nA local attacker could use this to cause a denial of service (system crash) \nor possibly execute arbitrary code. (CVE-2018-12233)\n\nWen Xu discovered that the XFS filesystem implementation in the Linux \nkernel did not properly handle an error condition with a corrupted xfs \nimage. An attacker could use this to construct a malicious xfs image that, \nwhen mounted, could cause a denial of service (system crash). \n(CVE-2018-13094)\n\nIt was discovered that the Linux kernel did not properly handle setgid file \ncreation when performed by a non-member of the group. A local attacker \ncould use this to gain elevated privileges. (CVE-2018-13405)\n\nSilvio Cesare discovered that the generic VESA frame buffer driver in the \nLinux kernel contained an integer overflow. A local attacker could use this \nto cause a denial of service (system crash) or possibly execute arbitrary \ncode. (CVE-2018-13406)", "edition": 5, "modified": "2018-08-24T00:00:00", "published": "2018-08-24T00:00:00", "id": "USN-3753-1", "href": "https://ubuntu.com/security/notices/USN-3753-1", "title": "Linux kernel vulnerabilities", "type": "ubuntu", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-07-15T01:35:24", "bulletinFamily": "unix", "cvelist": ["CVE-2018-10882", "CVE-2018-10877", "CVE-2018-10878", "CVE-2018-13405", "CVE-2018-13406", "CVE-2018-10881", "CVE-2018-12233", "CVE-2017-13168", "CVE-2018-10876", "CVE-2018-10879", "CVE-2018-13094"], "description": "USN-3753-1 fixed vulnerabilities in the Linux kernel for Ubuntu 16.04 \nLTS. This update provides the corresponding updates for the Linux \nHardware Enablement (HWE) kernel from Ubuntu 16.04 LTS for Ubuntu \n14.04 LTS.\n\nIt was discovered that the generic SCSI driver in the Linux kernel did not \nproperly enforce permissions on kernel memory access. A local attacker \ncould use this to expose sensitive information or possibly elevate \nprivileges. (CVE-2017-13168)\n\nWen Xu discovered that a use-after-free vulnerability existed in the ext4 \nfilesystem implementation in the Linux kernel. An attacker could use this \nto construct a malicious ext4 image that, when mounted, could cause a \ndenial of service (system crash) or possibly execute arbitrary code. \n(CVE-2018-10876, CVE-2018-10879)\n\nWen Xu discovered that a buffer overflow existed in the ext4 filesystem \nimplementation in the Linux kernel. An attacker could use this to construct \na malicious ext4 image that, when mounted, could cause a denial of service \n(system crash) or possibly execute arbitrary code. (CVE-2018-10877)\n\nWen Xu discovered that an out-of-bounds write vulnerability existed in the \next4 filesystem implementation in the Linux kernel. An attacker could use \nthis to construct a malicious ext4 image that, when mounted, could cause a \ndenial of service (system crash) or possibly execute arbitrary code. \n(CVE-2018-10878, CVE-2018-10882)\n\nWen Xu discovered that the ext4 filesystem implementation in the Linux \nkernel did not properly keep meta-data information consistent in some \nsituations. An attacker could use this to construct a malicious ext4 image \nthat, when mounted, could cause a denial of service (system crash). \n(CVE-2018-10881)\n\nShankara Pailoor discovered that the JFS filesystem implementation in the \nLinux kernel contained a buffer overflow when handling extended attributes. \nA local attacker could use this to cause a denial of service (system crash) \nor possibly execute arbitrary code. (CVE-2018-12233)\n\nWen Xu discovered that the XFS filesystem implementation in the Linux \nkernel did not properly handle an error condition with a corrupted xfs \nimage. An attacker could use this to construct a malicious xfs image that, \nwhen mounted, could cause a denial of service (system crash). \n(CVE-2018-13094)\n\nIt was discovered that the Linux kernel did not properly handle setgid file \ncreation when performed by a non-member of the group. A local attacker \ncould use this to gain elevated privileges. (CVE-2018-13405)\n\nSilvio Cesare discovered that the generic VESA frame buffer driver in the \nLinux kernel contained an integer overflow. A local attacker could use this \nto cause a denial of service (system crash) or possibly execute arbitrary \ncode. (CVE-2018-13406)", "edition": 5, "modified": "2018-08-24T00:00:00", "published": "2018-08-24T00:00:00", "id": "USN-3753-2", "href": "https://ubuntu.com/security/notices/USN-3753-2", "title": "Linux kernel (Xenial HWE) vulnerabilities", "type": "ubuntu", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-07-02T11:37:17", "bulletinFamily": "unix", "cvelist": ["CVE-2018-10882", "CVE-2018-10877", "CVE-2018-10880", "CVE-2018-10878", "CVE-2018-16882", "CVE-2018-14625", "CVE-2018-18281", "CVE-2018-10883", "CVE-2018-17972", "CVE-2018-19407", "CVE-2018-9516", "CVE-2018-10876", "CVE-2018-10879"], "description": "USN-3871-1 fixed vulnerabilities in the Linux kernel for Ubuntu 18.04 \nLTS. Unfortunately, that update introduced regressions with docking \nstation displays and mounting ext4 file systems with the meta_bg \noption enabled. This update fixes the problems.\n\nWe apologize for the inconvenience.\n\nOriginal advisory details:\n\nWen Xu discovered that a use-after-free vulnerability existed in the ext4 \nfilesystem implementation in the Linux kernel. An attacker could use this \nto construct a malicious ext4 image that, when mounted, could cause a \ndenial of service (system crash) or possibly execute arbitrary code. \n(CVE-2018-10876, CVE-2018-10879)\n\nWen Xu discovered that a buffer overflow existed in the ext4 filesystem \nimplementation in the Linux kernel. An attacker could use this to construct \na malicious ext4 image that, when mounted, could cause a denial of service \n(system crash) or possibly execute arbitrary code. (CVE-2018-10877)\n\nWen Xu discovered that an out-of-bounds write vulnerability existed in the \next4 filesystem implementation in the Linux kernel. An attacker could use \nthis to construct a malicious ext4 image that, when mounted, could cause a \ndenial of service (system crash) or possibly execute arbitrary code. \n(CVE-2018-10878, CVE-2018-10882)\n\nWen Xu discovered that the ext4 filesystem implementation in the Linux \nkernel did not properly ensure that xattr information remained in inode \nbodies. An attacker could use this to construct a malicious ext4 image \nthat, when mounted, could cause a denial of service (system crash). \n(CVE-2018-10880)\n\nWen Xu discovered that the ext4 file system implementation in the Linux \nkernel could possibly perform an out of bounds write when updating the \njournal for an inline file. An attacker could use this to construct a \nmalicious ext4 image that, when mounted, could cause a denial of service \n(system crash). (CVE-2018-10883)\n\nIt was discovered that a race condition existed in the vsock address family \nimplementation of the Linux kernel that could lead to a use-after-free \ncondition. A local attacker in a guest virtual machine could use this to \nexpose sensitive information (host machine kernel memory). (CVE-2018-14625)\n\nCfir Cohen discovered that a use-after-free vulnerability existed in the \nKVM implementation of the Linux kernel, when handling interrupts in \nenvironments where nested virtualization is in use (nested KVM \nvirtualization is not enabled by default in Ubuntu kernels). A local \nattacker in a guest VM could possibly use this to gain administrative \nprivileges in a host machine. (CVE-2018-16882)\n\nJann Horn discovered that the procfs file system implementation in the \nLinux kernel did not properly restrict the ability to inspect the kernel \nstack of an arbitrary task. A local attacker could use this to expose \nsensitive information. (CVE-2018-17972)\n\nJann Horn discovered that the mremap() system call in the Linux kernel did \nnot properly flush the TLB when completing, potentially leaving access to a \nphysical page after it has been released to the page allocator. A local \nattacker could use this to cause a denial of service (system crash), expose \nsensitive information, or possibly execute arbitrary code. (CVE-2018-18281)\n\nWei Wu discovered that the KVM implementation in the Linux kernel did not \nproperly ensure that ioapics were initialized. A local attacker could use \nthis to cause a denial of service (system crash). (CVE-2018-19407)\n\nIt was discovered that the debug interface for the Linux kernel's HID \nsubsystem did not properly perform bounds checking in some situations. An \nattacker with access to debugfs could use this to cause a denial of service \nor possibly gain additional privileges. (CVE-2018-9516)", "edition": 3, "modified": "2019-01-31T00:00:00", "published": "2019-01-31T00:00:00", "id": "USN-3871-2", "href": "https://ubuntu.com/security/notices/USN-3871-2", "title": "Linux kernel regression", "type": "ubuntu", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-07-02T11:41:10", "bulletinFamily": "unix", "cvelist": ["CVE-2018-10882", "CVE-2018-10877", "CVE-2018-10880", "CVE-2018-10878", "CVE-2018-16882", "CVE-2018-14625", "CVE-2018-18281", "CVE-2018-10883", "CVE-2018-17972", "CVE-2018-19407", "CVE-2018-9516", "CVE-2018-10876", "CVE-2018-10879"], "description": "Wen Xu discovered that a use-after-free vulnerability existed in the ext4 \nfilesystem implementation in the Linux kernel. An attacker could use this \nto construct a malicious ext4 image that, when mounted, could cause a \ndenial of service (system crash) or possibly execute arbitrary code. \n(CVE-2018-10876, CVE-2018-10879)\n\nWen Xu discovered that a buffer overflow existed in the ext4 filesystem \nimplementation in the Linux kernel. An attacker could use this to construct \na malicious ext4 image that, when mounted, could cause a denial of service \n(system crash) or possibly execute arbitrary code. (CVE-2018-10877)\n\nWen Xu discovered that an out-of-bounds write vulnerability existed in the \next4 filesystem implementation in the Linux kernel. An attacker could use \nthis to construct a malicious ext4 image that, when mounted, could cause a \ndenial of service (system crash) or possibly execute arbitrary code. \n(CVE-2018-10878, CVE-2018-10882)\n\nWen Xu discovered that the ext4 filesystem implementation in the Linux \nkernel did not properly ensure that xattr information remained in inode \nbodies. An attacker could use this to construct a malicious ext4 image \nthat, when mounted, could cause a denial of service (system crash). \n(CVE-2018-10880)\n\nWen Xu discovered that the ext4 file system implementation in the Linux \nkernel could possibly perform an out of bounds write when updating the \njournal for an inline file. An attacker could use this to construct a \nmalicious ext4 image that, when mounted, could cause a denial of service \n(system crash). (CVE-2018-10883)\n\nIt was discovered that a race condition existed in the vsock address family \nimplementation of the Linux kernel that could lead to a use-after-free \ncondition. A local attacker in a guest virtual machine could use this to \nexpose sensitive information (host machine kernel memory). (CVE-2018-14625)\n\nCfir Cohen discovered that a use-after-free vulnerability existed in the \nKVM implementation of the Linux kernel, when handling interrupts in \nenvironments where nested virtualization is in use (nested KVM \nvirtualization is not enabled by default in Ubuntu kernels). A local \nattacker in a guest VM could possibly use this to gain administrative \nprivileges in a host machine. (CVE-2018-16882)\n\nJann Horn discovered that the procfs file system implementation in the \nLinux kernel did not properly restrict the ability to inspect the kernel \nstack of an arbitrary task. A local attacker could use this to expose \nsensitive information. (CVE-2018-17972)\n\nJann Horn discovered that the mremap() system call in the Linux kernel did \nnot properly flush the TLB when completing, potentially leaving access to a \nphysical page after it has been released to the page allocator. A local \nattacker could use this to cause a denial of service (system crash), expose \nsensitive information, or possibly execute arbitrary code. (CVE-2018-18281)\n\nWei Wu discovered that the KVM implementation in the Linux kernel did not \nproperly ensure that ioapics were initialized. A local attacker could use \nthis to cause a denial of service (system crash). (CVE-2018-19407)\n\nIt was discovered that the debug interface for the Linux kernel's HID \nsubsystem did not properly perform bounds checking in some situations. An \nattacker with access to debugfs could use this to cause a denial of service \nor possibly gain additional privileges. (CVE-2018-9516)", "edition": 3, "modified": "2019-02-07T00:00:00", "published": "2019-02-07T00:00:00", "id": "USN-3871-5", "href": "https://ubuntu.com/security/notices/USN-3871-5", "title": "Linux kernel (Azure) vulnerabilities", "type": "ubuntu", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-07-02T11:44:41", "bulletinFamily": "unix", "cvelist": ["CVE-2018-10882", "CVE-2018-10877", "CVE-2018-10880", "CVE-2018-10878", "CVE-2018-16882", "CVE-2018-14625", "CVE-2018-18281", "CVE-2018-10883", "CVE-2018-17972", "CVE-2018-19407", "CVE-2018-9516", "CVE-2018-10876", "CVE-2018-10879"], "description": "Wen Xu discovered that a use-after-free vulnerability existed in the ext4 \nfilesystem implementation in the Linux kernel. An attacker could use this \nto construct a malicious ext4 image that, when mounted, could cause a \ndenial of service (system crash) or possibly execute arbitrary code. \n(CVE-2018-10876, CVE-2018-10879)\n\nWen Xu discovered that a buffer overflow existed in the ext4 filesystem \nimplementation in the Linux kernel. An attacker could use this to construct \na malicious ext4 image that, when mounted, could cause a denial of service \n(system crash) or possibly execute arbitrary code. (CVE-2018-10877)\n\nWen Xu discovered that an out-of-bounds write vulnerability existed in the \next4 filesystem implementation in the Linux kernel. An attacker could use \nthis to construct a malicious ext4 image that, when mounted, could cause a \ndenial of service (system crash) or possibly execute arbitrary code. \n(CVE-2018-10878, CVE-2018-10882)\n\nWen Xu discovered that the ext4 filesystem implementation in the Linux \nkernel did not properly ensure that xattr information remained in inode \nbodies. An attacker could use this to construct a malicious ext4 image \nthat, when mounted, could cause a denial of service (system crash). \n(CVE-2018-10880)\n\nWen Xu discovered that the ext4 file system implementation in the Linux \nkernel could possibly perform an out of bounds write when updating the \njournal for an inline file. An attacker could use this to construct a \nmalicious ext4 image that, when mounted, could cause a denial of service \n(system crash). (CVE-2018-10883)\n\nIt was discovered that a race condition existed in the vsock address family \nimplementation of the Linux kernel that could lead to a use-after-free \ncondition. A local attacker in a guest virtual machine could use this to \nexpose sensitive information (host machine kernel memory). (CVE-2018-14625)\n\nCfir Cohen discovered that a use-after-free vulnerability existed in the \nKVM implementation of the Linux kernel, when handling interrupts in \nenvironments where nested virtualization is in use (nested KVM \nvirtualization is not enabled by default in Ubuntu kernels). A local \nattacker in a guest VM could possibly use this to gain administrative \nprivileges in a host machine. (CVE-2018-16882)\n\nJann Horn discovered that the procfs file system implementation in the \nLinux kernel did not properly restrict the ability to inspect the kernel \nstack of an arbitrary task. A local attacker could use this to expose \nsensitive information. (CVE-2018-17972)\n\nJann Horn discovered that the mremap() system call in the Linux kernel did \nnot properly flush the TLB when completing, potentially leaving access to a \nphysical page after it has been released to the page allocator. A local \nattacker could use this to cause a denial of service (system crash), expose \nsensitive information, or possibly execute arbitrary code. (CVE-2018-18281)\n\nWei Wu discovered that the KVM implementation in the Linux kernel did not \nproperly ensure that ioapics were initialized. A local attacker could use \nthis to cause a denial of service (system crash). (CVE-2018-19407)\n\nIt was discovered that the debug interface for the Linux kernel's HID \nsubsystem did not properly perform bounds checking in some situations. An \nattacker with access to debugfs could use this to cause a denial of service \nor possibly gain additional privileges. (CVE-2018-9516)", "edition": 3, "modified": "2019-02-04T00:00:00", "published": "2019-02-04T00:00:00", "id": "USN-3871-3", "href": "https://ubuntu.com/security/notices/USN-3871-3", "title": "Linux kernel (AWS, GCP, KVM, OEM, Raspberry Pi 2) vulnerabilities", "type": "ubuntu", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-07-15T01:42:14", "bulletinFamily": "unix", "cvelist": ["CVE-2018-10882", "CVE-2018-10877", "CVE-2018-10880", "CVE-2018-10878", "CVE-2018-16882", "CVE-2018-14625", "CVE-2018-18281", "CVE-2018-10883", "CVE-2018-17972", "CVE-2018-19407", "CVE-2018-9516", "CVE-2018-10876", "CVE-2018-10879"], "description": "Wen Xu discovered that a use-after-free vulnerability existed in the ext4 \nfilesystem implementation in the Linux kernel. An attacker could use this \nto construct a malicious ext4 image that, when mounted, could cause a \ndenial of service (system crash) or possibly execute arbitrary code. \n(CVE-2018-10876, CVE-2018-10879)\n\nWen Xu discovered that a buffer overflow existed in the ext4 filesystem \nimplementation in the Linux kernel. An attacker could use this to construct \na malicious ext4 image that, when mounted, could cause a denial of service \n(system crash) or possibly execute arbitrary code. (CVE-2018-10877)\n\nWen Xu discovered that an out-of-bounds write vulnerability existed in the \next4 filesystem implementation in the Linux kernel. An attacker could use \nthis to construct a malicious ext4 image that, when mounted, could cause a \ndenial of service (system crash) or possibly execute arbitrary code. \n(CVE-2018-10878, CVE-2018-10882)\n\nWen Xu discovered that the ext4 filesystem implementation in the Linux \nkernel did not properly ensure that xattr information remained in inode \nbodies. An attacker could use this to construct a malicious ext4 image \nthat, when mounted, could cause a denial of service (system crash). \n(CVE-2018-10880)\n\nWen Xu discovered that the ext4 file system implementation in the Linux \nkernel could possibly perform an out of bounds write when updating the \njournal for an inline file. An attacker could use this to construct a \nmalicious ext4 image that, when mounted, could cause a denial of service \n(system crash). (CVE-2018-10883)\n\nIt was discovered that a race condition existed in the vsock address family \nimplementation of the Linux kernel that could lead to a use-after-free \ncondition. A local attacker in a guest virtual machine could use this to \nexpose sensitive information (host machine kernel memory). (CVE-2018-14625)\n\nCfir Cohen discovered that a use-after-free vulnerability existed in the \nKVM implementation of the Linux kernel, when handling interrupts in \nenvironments where nested virtualization is in use (nested KVM \nvirtualization is not enabled by default in Ubuntu kernels). A local \nattacker in a guest VM could possibly use this to gain administrative \nprivileges in a host machine. (CVE-2018-16882)\n\nJann Horn discovered that the procfs file system implementation in the \nLinux kernel did not properly restrict the ability to inspect the kernel \nstack of an arbitrary task. A local attacker could use this to expose \nsensitive information. (CVE-2018-17972)\n\nJann Horn discovered that the mremap() system call in the Linux kernel did \nnot properly flush the TLB when completing, potentially leaving access to a \nphysical page after it has been released to the page allocator. A local \nattacker could use this to cause a denial of service (system crash), expose \nsensitive information, or possibly execute arbitrary code. (CVE-2018-18281)\n\nWei Wu discovered that the KVM implementation in the Linux kernel did not \nproperly ensure that ioapics were initialized. A local attacker could use \nthis to cause a denial of service (system crash). (CVE-2018-19407)\n\nIt was discovered that the debug interface for the Linux kernel's HID \nsubsystem did not properly perform bounds checking in some situations. An \nattacker with access to debugfs could use this to cause a denial of service \nor possibly gain additional privileges. (CVE-2018-9516)", "edition": 4, "modified": "2019-01-29T00:00:00", "published": "2019-01-29T00:00:00", "id": "USN-3871-1", "href": "https://ubuntu.com/security/notices/USN-3871-1", "title": "Linux kernel vulnerabilities", "type": "ubuntu", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-07-02T11:35:52", "bulletinFamily": "unix", "cvelist": ["CVE-2018-10882", "CVE-2018-10877", "CVE-2018-10880", "CVE-2018-10878", "CVE-2018-16882", "CVE-2018-14625", "CVE-2018-18281", "CVE-2018-10883", "CVE-2018-17972", "CVE-2018-19407", "CVE-2018-9516", "CVE-2018-10876", "CVE-2018-10879"], "description": "USN-3871-1 fixed vulnerabilities in the Linux kernel for Ubuntu 18.04 \nLTS. This update provides the corresponding updates for the Linux \nHardware Enablement (HWE) kernel from Ubuntu 18.04 LTS for Ubuntu \n16.04 LTS.\n\nWen Xu discovered that a use-after-free vulnerability existed in the ext4 \nfilesystem implementation in the Linux kernel. An attacker could use this \nto construct a malicious ext4 image that, when mounted, could cause a \ndenial of service (system crash) or possibly execute arbitrary code. \n(CVE-2018-10876, CVE-2018-10879)\n\nWen Xu discovered that a buffer overflow existed in the ext4 filesystem \nimplementation in the Linux kernel. An attacker could use this to construct \na malicious ext4 image that, when mounted, could cause a denial of service \n(system crash) or possibly execute arbitrary code. (CVE-2018-10877)\n\nWen Xu discovered that an out-of-bounds write vulnerability existed in the \next4 filesystem implementation in the Linux kernel. An attacker could use \nthis to construct a malicious ext4 image that, when mounted, could cause a \ndenial of service (system crash) or possibly execute arbitrary code. \n(CVE-2018-10878, CVE-2018-10882)\n\nWen Xu discovered that the ext4 filesystem implementation in the Linux \nkernel did not properly ensure that xattr information remained in inode \nbodies. An attacker could use this to construct a malicious ext4 image \nthat, when mounted, could cause a denial of service (system crash). \n(CVE-2018-10880)\n\nWen Xu discovered that the ext4 file system implementation in the Linux \nkernel could possibly perform an out of bounds write when updating the \njournal for an inline file. An attacker could use this to construct a \nmalicious ext4 image that, when mounted, could cause a denial of service \n(system crash). (CVE-2018-10883)\n\nIt was discovered that a race condition existed in the vsock address family \nimplementation of the Linux kernel that could lead to a use-after-free \ncondition. A local attacker in a guest virtual machine could use this to \nexpose sensitive information (host machine kernel memory). (CVE-2018-14625)\n\nCfir Cohen discovered that a use-after-free vulnerability existed in the \nKVM implementation of the Linux kernel, when handling interrupts in \nenvironments where nested virtualization is in use (nested KVM \nvirtualization is not enabled by default in Ubuntu kernels). A local \nattacker in a guest VM could possibly use this to gain administrative \nprivileges in a host machine. (CVE-2018-16882)\n\nJann Horn discovered that the procfs file system implementation in the \nLinux kernel did not properly restrict the ability to inspect the kernel \nstack of an arbitrary task. A local attacker could use this to expose \nsensitive information. (CVE-2018-17972)\n\nJann Horn discovered that the mremap() system call in the Linux kernel did \nnot properly flush the TLB when completing, potentially leaving access to a \nphysical page after it has been released to the page allocator. A local \nattacker could use this to cause a denial of service (system crash), expose \nsensitive information, or possibly execute arbitrary code. (CVE-2018-18281)\n\nWei Wu discovered that the KVM implementation in the Linux kernel did not \nproperly ensure that ioapics were initialized. A local attacker could use \nthis to cause a denial of service (system crash). (CVE-2018-19407)\n\nIt was discovered that the debug interface for the Linux kernel's HID \nsubsystem did not properly perform bounds checking in some situations. An \nattacker with access to debugfs could use this to cause a denial of service \nor possibly gain additional privileges. (CVE-2018-9516)", "edition": 3, "modified": "2019-02-04T00:00:00", "published": "2019-02-04T00:00:00", "id": "USN-3871-4", "href": "https://ubuntu.com/security/notices/USN-3871-4", "title": "Linux kernel (HWE) vulnerabilities", "type": "ubuntu", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}], "cloudfoundry": [{"lastseen": "2019-05-29T18:32:53", "bulletinFamily": "software", "cvelist": ["CVE-2018-10882", "CVE-2018-10877", "CVE-2018-10878", "CVE-2018-13405", "CVE-2018-13406", "CVE-2018-10881", "CVE-2018-12233", "CVE-2017-13168", "CVE-2018-10876", "CVE-2018-10879", "CVE-2018-13094"], "description": "# \n\n# Severity\n\nMedium\n\n# Vendor\n\nCanonical Ubuntu\n\n# Versions Affected\n\n * Canonical Ubuntu 14.04\n\n# Description\n\nUSN-3753-1 fixed vulnerabilities in the Linux kernel for Ubuntu 16.04 LTS. This update provides the corresponding updates for the Linux Hardware Enablement (HWE) kernel from Ubuntu 16.04 LTS for Ubuntu 14.04 LTS.\n\nIt was discovered that the generic SCSI driver in the Linux kernel did not properly enforce permissions on kernel memory access. A local attacker could use this to expose sensitive information or possibly elevate privileges. (CVE-2017-13168)\n\nWen Xu discovered that a use-after-free vulnerability existed in the ext4 filesystem implementation in the Linux kernel. An attacker could use this to construct a malicious ext4 image that, when mounted, could cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2018-10876, CVE-2018-10879)\n\nWen Xu discovered that a buffer overflow existed in the ext4 filesystem implementation in the Linux kernel. An attacker could use this to construct a malicious ext4 image that, when mounted, could cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2018-10877)\n\nWen Xu discovered that an out-of-bounds write vulnerability existed in the ext4 filesystem implementation in the Linux kernel. An attacker could use this to construct a malicious ext4 image that, when mounted, could cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2018-10878, CVE-2018-10882)\n\nWen Xu discovered that the ext4 filesystem implementation in the Linux kernel did not properly keep meta-data information consistent in some situations. An attacker could use this to construct a malicious ext4 image that, when mounted, could cause a denial of service (system crash). (CVE-2018-10881)\n\nShankara Pailoor discovered that the JFS filesystem implementation in the Linux kernel contained a buffer overflow when handling extended attributes. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2018-12233)\n\nWen Xu discovered that the XFS filesystem implementation in the Linux kernel did not properly handle an error condition with a corrupted xfs image. An attacker could use this to construct a malicious xfs image that, when mounted, could cause a denial of service (system crash). (CVE-2018-13094)\n\nIt was discovered that the Linux kernel did not properly handle setgid file creation when performed by a non-member of the group. A local attacker could use this to gain elevated privileges. (CVE-2018-13405)\n\nSilvio Cesare discovered that the generic VESA frame buffer driver in the Linux kernel contained an integer overflow. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2018-13406)\n\n# Affected Cloud Foundry Products and Versions\n\n_Severity is medium unless otherwise noted._\n\n * Cloud Foundry BOSH trusty-stemcells are vulnerable, including: \n * 3363.x versions prior to 3363.74\n * 3421.x versions prior to 3421.81\n * 3445.x versions prior to 3445.66\n * 3468.x versions prior to 3468.67\n * 3541.x versions prior to 3541.46\n * 3586.x versions prior to 3586.40\n * All other stemcells not listed.\n\n# Mitigation\n\nOSS users are strongly encouraged to follow one of the mitigations below:\n\n * The Cloud Foundry project recommends upgrading the following BOSH trusty-stemcells: \n * Upgrade 3363.x versions to 3363.74\n * Upgrade 3421.x versions to 3421.81\n * Upgrade 3445.x versions to 3445.66\n * Upgrade 3468.x versions to 3468.67\n * Upgrade 3541.x versions to 3541.46\n * Upgrade 3586.x versions to 3586.40\n * All other stemcells should be upgraded to the latest version available on [bosh.io](<https://bosh.io/stemcells/#ubuntu-trusty>).\n\n# References\n\n * [USN-3753-2](<https://usn.ubuntu.com/3753-2>)\n * [CVE-2017-13168](<https://people.canonical.com/~ubuntu-security/cve/CVE-2017-13168>)\n * [CVE-2018-10876](<https://people.canonical.com/~ubuntu-security/cve/CVE-2018-10876>)\n * [CVE-2018-10877](<https://people.canonical.com/~ubuntu-security/cve/CVE-2018-10877>)\n * [CVE-2018-10878](<https://people.canonical.com/~ubuntu-security/cve/CVE-2018-10878>)\n * [CVE-2018-10879](<https://people.canonical.com/~ubuntu-security/cve/CVE-2018-10879>)\n * [CVE-2018-10881](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-10881>)\n * [CVE-2018-10882](<https://people.canonical.com/~ubuntu-security/cve/CVE-2018-10882>)\n * [CVE-2018-12233](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-12233>)\n * [CVE-2018-13094](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-13094>)\n * [CVE-2018-13405](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-13405>)\n * [CVE-2018-13406](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-13406>)\n", "edition": 2, "modified": "2018-09-11T00:00:00", "published": "2018-09-11T00:00:00", "id": "CFOUNDRY:CD984900F2B581632FB9816EFFC5EA33", "href": "https://www.cloudfoundry.org/blog/usn-3753-2/", "title": "USN-3753-2: Linux kernel (Xenial HWE) vulnerabilities | Cloud Foundry", "type": "cloudfoundry", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-05-29T18:32:56", "bulletinFamily": "software", "cvelist": ["CVE-2018-10882", "CVE-2018-10877", "CVE-2018-10880", "CVE-2018-10878", "CVE-2018-16882", "CVE-2018-14625", "CVE-2018-18281", "CVE-2018-10883", "CVE-2018-17972", "CVE-2018-19407", "CVE-2018-9516", "CVE-2018-10876", "CVE-2018-10879"], "description": "# \n\n# Severity\n\nMedium\n\n# Vendor\n\nCanonical Ubuntu\n\n# Versions Affected\n\n * Canonical Ubuntu 16.04\n\n# Description\n\nUSN-3871-1 fixed vulnerabilities in the Linux kernel for Ubuntu 18.04 LTS. This update provides the corresponding updates for the Linux Hardware Enablement (HWE) kernel from Ubuntu 18.04 LTS for Ubuntu 16.04 LTS.\n\nWen Xu discovered that a use-after-free vulnerability existed in the ext4 filesystem implementation in the Linux kernel. An attacker could use this to construct a malicious ext4 image that, when mounted, could cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2018-10876, CVE-2018-10879)\n\nWen Xu discovered that a buffer overflow existed in the ext4 filesystem implementation in the Linux kernel. An attacker could use this to construct a malicious ext4 image that, when mounted, could cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2018-10877)\n\nWen Xu discovered that an out-of-bounds write vulnerability existed in the ext4 filesystem implementation in the Linux kernel. An attacker could use this to construct a malicious ext4 image that, when mounted, could cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2018-10878, CVE-2018-10882)\n\nWen Xu discovered that the ext4 filesystem implementation in the Linux kernel did not properly ensure that xattr information remained in inode bodies. An attacker could use this to construct a malicious ext4 image that, when mounted, could cause a denial of service (system crash). (CVE-2018-10880)\n\nWen Xu discovered that the ext4 file system implementation in the Linux kernel could possibly perform an out of bounds write when updating the journal for an inline file. An attacker could use this to construct a malicious ext4 image that, when mounted, could cause a denial of service (system crash). (CVE-2018-10883)\n\nIt was discovered that a race condition existed in the vsock address family implementation of the Linux kernel that could lead to a use-after-free condition. A local attacker in a guest virtual machine could use this to expose sensitive information (host machine kernel memory). (CVE-2018-14625)\n\nCfir Cohen discovered that a use-after-free vulnerability existed in the KVM implementation of the Linux kernel, when handling interrupts in environments where nested virtualization is in use (nested KVM virtualization is not enabled by default in Ubuntu kernels). A local attacker in a guest VM could possibly use this to gain administrative privileges in a host machine. (CVE-2018-16882)\n\nJann Horn discovered that the procfs file system implementation in the Linux kernel did not properly restrict the ability to inspect the kernel stack of an arbitrary task. A local attacker could use this to expose sensitive information. (CVE-2018-17972)\n\nJann Horn discovered that the mremap() system call in the Linux kernel did not properly flush the TLB when completing, potentially leaving access to a physical page after it has been released to the page allocator. A local attacker could use this to cause a denial of service (system crash), expose sensitive information, or possibly execute arbitrary code. (CVE-2018-18281)\n\nWei Wu discovered that the KVM implementation in the Linux kernel did not properly ensure that ioapics were initialized. A local attacker could use this to cause a denial of service (system crash). (CVE-2018-19407)\n\nIt was discovered that the debug interface for the Linux kernel\u2019s HID subsystem did not properly perform bounds checking in some situations. An attacker with access to debugfs could use this to cause a denial of service or possibly gain additional privileges. (CVE-2018-9516)\n\nCVEs contained in this USN include: CVE-2018-10876, CVE-2018-10877, CVE-2018-10878, CVE-2018-10879, CVE-2018-10882, CVE-2018-10880, CVE-2018-17972, CVE-2018-18281, CVE-2018-10883, CVE-2018-14625, CVE-2018-16882, CVE-2018-19407, CVE-2018-9516\n\n# Affected Cloud Foundry Products and Versions\n\n_Severity is medium unless otherwise noted._\n\n * Cloud Foundry BOSH xenial-stemcells are vulnerable, including: \n * 250.x versions prior to 250.9\n * 170.x versions prior to 170.30\n * 97.x versions prior to 97.57\n * All other stemcells not listed.\n\n# Mitigation\n\nUsers of affected products are strongly encouraged to follow one of the mitigations below:\n\n * The Cloud Foundry project recommends upgrading the following BOSH xenial-stemcells: \n * Upgrade 250.x versions to 250.9\n * Upgrade 170.x versions to 170.30\n * Upgrade 97.x versions to 97.57\n * All other stemcells should be upgraded to the latest version available on [bosh.io](<https://bosh.io/stemcells/#ubuntu-xenial>).\n\n# References\n\n * [USN-3871-4](<https://usn.ubuntu.com/3871-4>)\n * [CVE-2018-10876](<https://people.canonical.com/~ubuntu-security/cve/CVE-2018-10876>)\n * [CVE-2018-10877](<https://people.canonical.com/~ubuntu-security/cve/CVE-2018-10877>)\n * [CVE-2018-10878](<https://people.canonical.com/~ubuntu-security/cve/CVE-2018-10878>)\n * [CVE-2018-10879](<https://people.canonical.com/~ubuntu-security/cve/CVE-2018-10879>)\n * [CVE-2018-10882](<https://people.canonical.com/~ubuntu-security/cve/CVE-2018-10882>)\n * [CVE-2018-10880](<https://people.canonical.com/~ubuntu-security/cve/CVE-2018-10880>)\n * [CVE-2018-17972](<https://people.canonical.com/~ubuntu-security/cve/CVE-2018-17972>)\n * [CVE-2018-18281](<https://people.canonical.com/~ubuntu-security/cve/CVE-2018-18281>)\n * [CVE-2018-10883](<https://people.canonical.com/~ubuntu-security/cve/CVE-2018-10883>)\n * [CVE-2018-14625](<https://people.canonical.com/~ubuntu-security/cve/CVE-2018-14625>)\n * [CVE-2018-16882](<https://people.canonical.com/~ubuntu-security/cve/CVE-2018-16882>)\n * [CVE-2018-19407](<https://people.canonical.com/~ubuntu-security/cve/CVE-2018-19407>)\n * [CVE-2018-9516](<https://people.canonical.com/~ubuntu-security/cve/CVE-2018-9516>)\n", "edition": 2, "modified": "2019-02-15T00:00:00", "published": "2019-02-15T00:00:00", "id": "CFOUNDRY:131A4556633D91C9BF0AE72696FADB89", "href": "https://www.cloudfoundry.org/blog/usn-3871-4/", "title": "USN-3871-4: Linux kernel (HWE) vulnerabilities | Cloud Foundry", "type": "cloudfoundry", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}], "suse": [{"lastseen": "2018-08-17T15:01:24", "bulletinFamily": "unix", "cvelist": ["CVE-2018-10882", "CVE-2018-10877", "CVE-2018-10880", "CVE-2018-10878", "CVE-2018-10853", "CVE-2018-10881", "CVE-2018-3646", "CVE-2018-5391", "CVE-2018-3620", "CVE-2018-10883", "CVE-2018-10876", "CVE-2018-10879"], "description": "The openSUSE Leap 15.0 kernel was updated to receive various security and\n bugfixes.\n\n The following security bugs were fixed:\n\n - CVE-2018-10853: A flaw was found in KVM in which certain instructions\n such as sgdt/sidt call segmented_write_std doesn't propagate access\n correctly. As such, during userspace induced exception, the guest can\n incorrectly assume that the exception happened in the kernel and panic\n (bnc#1097104).\n - CVE-2018-10876: A flaw was found in the ext4 filesystem code. A\n use-after-free is possible in ext4_ext_remove_space() function when\n mounting and operating a crafted ext4 image. (bnc#1099811)\n - CVE-2018-10877: Linux kernel ext4 filesystem is vulnerable to an\n out-of-bound access in the ext4_ext_drop_refs() function when operating\n on a crafted ext4 filesystem image. (bnc#1099846)\n - CVE-2018-10878: A flaw was found in the ext4 filesystem. A local user\n can cause an out-of-bounds write and a denial of service or unspecified\n other impact is possible by mounting and operating a crafted ext4\n filesystem image. (bnc#1099813)\n - CVE-2018-10879: A flaw was found in the ext4 filesystem. A local user\n can cause a use-after-free in ext4_xattr_set_entry function and a denial\n of service or unspecified other impact may occur by renaming a file in a\n crafted ext4 filesystem image. (bnc#1099844)\n - CVE-2018-10880: Linux kernel is vulnerable to a stack-out-of-bounds\n write in the ext4 filesystem code when mounting and writing to a crafted\n ext4 image in ext4_update_inline_data(). An attacker could use this to\n cause a system crash and a denial of service. (bnc#1099845)\n - CVE-2018-10881: A flaw was found in the ext4 filesystem. A local user\n can cause an out-of-bound access in ext4_get_group_info function, a\n denial of service, and a system crash by mounting and operating on a\n crafted ext4 filesystem image. (bnc#1099864)\n - CVE-2018-10882: A flaw was found in the ext4 filesystem. A local user\n can cause an out-of-bound write in in fs/jbd2/transaction.c code, a\n denial of service, and a system crash by unmounting a crafted ext4\n filesystem image. (bnc#1099849)\n - CVE-2018-10883: A flaw was found in the ext4 filesystem. A local user\n can cause an out-of-bounds write in jbd2_journal_dirty_metadata(), a\n denial of service, and a system crash by mounting and operating on a\n crafted ext4 filesystem image. (bnc#1099863)\n - CVE-2018-3620: Systems with microprocessors utilizing speculative\n execution and address translations may allow unauthorized disclosure of\n information residing in the L1 data cache to an attacker with local user\n access via a terminal page fault and a side-channel analysis\n (bnc#1087081).\n - CVE-2018-3646: Systems with microprocessors utilizing speculative\n execution and address translations may allow unauthorized disclosure of\n information residing in the L1 data cache to an attacker with local user\n access with guest OS privilege via a terminal page fault and a\n side-channel analysis (bnc#1089343 bnc#1104365).\n - CVE-2018-5391 aka "FragmentSmack": A flaw in the IP packet reassembly\n could be used by remote attackers to consume lots of CPU time\n (bnc#1103097).\n\n The following non-security bugs were fixed:\n\n - afs: Fix directory permissions check (bsc#1101828).\n - bdi: Move cgroup bdi_writeback to a dedicated low concurrency workqueue\n (bsc#1101867).\n - be2net: gather debug info and reset adapter (only for Lancer) on a\n tx-timeout (bsc#1086288).\n - be2net: Update the driver version to 12.0.0.0 (bsc#1086288 ).\n - befs_lookup(): use d_splice_alias() (bsc#1101844).\n - block: Fix transfer when chunk sectors exceeds max (bsc#1101874).\n - bpf, ppc64: fix unexpected r0=0 exit path inside bpf_xadd (bsc#1083647).\n - branch-check: fix long->int truncation when profiling branches\n (bsc#1101116,).\n - cdrom: do not call check_disk_change() inside cdrom_open() (bsc#1101872).\n - compiler.h: enable builtin overflow checkers and add fallback code\n (bsc#1101116,).\n - cpu/hotplug: Make bringup/teardown of smp threads symmetric\n (bsc#1089343).\n - cpu/hotplug: Provide knobs to control SMT (bsc#1089343).\n - cpu/hotplug: Split do_cpu_down() (bsc#1089343).\n - delayacct: fix crash in delayacct_blkio_end() after delayacct init\n failure (bsc#1104066).\n - dm: add writecache target (bsc#1101116,).\n - dm writecache: support optional offset for start of device\n (bsc#1101116,).\n - dm writecache: use 2-factor allocator arguments (bsc#1101116,).\n - EDAC: Add missing MEM_LRDDR4 entry in edac_mem_types[] (bsc#1103886).\n - EDAC: Drop duplicated array of strings for memory type names\n (bsc#1103886).\n - ext2: fix a block leak (bsc#1101875).\n - ext4: add more mount time checks of the superblock (bsc#1101900).\n - ext4: bubble errors from ext4_find_inline_data_nolock() up to\n ext4_iget() (bsc#1101896).\n - ext4: check for allocation block validity with block group locked\n (bsc#1104495).\n - ext4: check superblock mapped prior to committing (bsc#1101902).\n - ext4: do not update s_last_mounted of a frozen fs (bsc#1101841).\n - ext4: factor out helper ext4_sample_last_mounted() (bsc#1101841).\n - ext4: fix check to prevent initializing reserved inodes (bsc#1104319).\n - ext4: fix false negatives *and* false positives in\n ext4_check_descriptors() (bsc#1103445).\n - ext4: fix fencepost error in check for inode count overflow during\n resize (bsc#1101853).\n - ext4: fix inline data updates with checksums enabled (bsc#1104494).\n - ext4: include the illegal physical block in the bad map ext4_error msg\n (bsc#1101903).\n - ext4: report delalloc reserve as non-free in statfs for project quota\n (bsc#1101843).\n - ext4: update mtime in ext4_punch_hole even if no blocks are released\n (bsc#1101895).\n - f2fs: call unlock_new_inode() before d_instantiate() (bsc#1101837).\n - fix io_destroy()/aio_complete() race (bsc#1101852).\n - Force log to disk before reading the AGF during a fstrim (bsc#1101893).\n - fscache: Fix hanging wait on page discarded by writeback (bsc#1101885).\n - fs: clear writeback errors in inode_init_always (bsc#1101882).\n - fs: do not scan the inode cache before SB_BORN is set (bsc#1101883).\n - hns3: fix unused function warning (bsc#1104353).\n - hns3pf: do not check handle during mqprio offload (bsc#1104353 ).\n - hns3pf: fix hns3_del_tunnel_port() (bsc#1104353).\n - hns3pf: Fix some harmless copy and paste bugs (bsc#1104353 ).\n - hv_netvsc: Fix napi reschedule while receive completion is busy ().\n - hv/netvsc: Fix NULL dereference at single queue mode fallback\n (bsc#1104708).\n - hwmon: (asus_atk0110) Replace deprecated device register call\n (bsc#1103363).\n - IB/hns: Annotate iomem pointers correctly (bsc#1104427 ).\n - IB/hns: Avoid compile test under non 64bit environments (bsc#1104427).\n - IB/hns: Declare local functions 'static' (bsc#1104427 ).\n - IB/hns: fix boolreturn.cocci warnings (bsc#1104427).\n - IB/hns: Fix for checkpatch.pl comment style warnings (bsc#1104427).\n - IB/hns: fix memory leak on ah on error return path (bsc#1104427 ).\n - IB/hns: fix returnvar.cocci warnings (bsc#1104427).\n - IB/hns: fix semicolon.cocci warnings (bsc#1104427).\n - IB/hns: Fix the bug of polling cq failed for loopback Qps (bsc#1104427).\n Refresh\n patches.suse/0001-IB-hns-checking-for-IS_ERR-instead-of-NULL.patch.\n - IB/hns: Fix the bug with modifying the MAC address without removing the\n driver (bsc#1104427).\n - IB/hns: Fix the bug with rdma operation (bsc#1104427 ).\n - IB/hns: Fix the bug with wild pointer when destroy rc qp (bsc#1104427).\n - IB/hns: include linux/interrupt.h (bsc#1104427).\n - IB/hns: Support compile test for hns RoCE driver (bsc#1104427 ).\n - IB/hns: Use zeroing memory allocator instead of allocator/memset\n (bsc#1104427).\n - isofs: fix potential memory leak in mount option parsing (bsc#1101887).\n - jump_label: Fix concurrent static_key_enable/disable() (bsc#1089343).\n - jump_label: Provide hotplug context variants (bsc#1089343).\n - jump_label: Reorder hotplug lock and jump_label_lock (bsc#1089343).\n - kabi/severities: Allow kABI changes for kvm/x86 (except for kvm_x86_ops)\n - kabi/severities: ignore qla2xxx as all symbols are internal\n - kabi/severities: ignore x86_kvm_ops; lttng-modules would have to be\n adjusted in case they depend on this particular change\n - kabi/severities: Relax kvm_vcpu_* kABI breakage\n - media: rc: oops in ir_timer_keyup after device unplug (bsc#1090888).\n - mm: fix __gup_device_huge vs unmap (bsc#1101839).\n - net: hns3: Add a check for client instance init state (bsc#1104353).\n - net: hns3: add a mask initialization for mac_vlan table (bsc#1104353).\n - net: hns3: Add *Asserting Reset* mailbox message & handling in VF\n (bsc#1104353).\n - net: hns3: add Asym Pause support to phy default features (bsc#1104353).\n - net: hns3: Add dcb netlink interface for the support of DCB feature\n (bsc#1104353).\n - net: hns3: Add DCB support when interacting with network stack\n (bsc#1104353).\n - net: hns3: Add ethtool interface for vlan filter (bsc#1104353 ).\n - net: hns3: add ethtool_ops.get_channels support for VF (bsc#1104353).\n - net: hns3: add ethtool_ops.get_coalesce support to PF (bsc#1104353).\n - net: hns3: add ethtool_ops.set_coalesce support to PF (bsc#1104353).\n - net: hns3: add ethtool -p support for fiber port (bsc#1104353 ).\n - net: hns3: add ethtool related offload command (bsc#1104353 ).\n - net: hns3: Add Ethtool support to HNS3 driver (bsc#1104353 ).\n - net: hns3: add existence checking before adding unicast mac address\n (bsc#1104353).\n - net: hns3: add existence check when remove old uc mac address\n (bsc#1104353).\n - net: hns3: add feature check when feature changed (bsc#1104353 ).\n - net: hns3: add get_link support to VF (bsc#1104353).\n - net: hns3: add get/set_coalesce support to VF (bsc#1104353 ).\n - net: hns3: add handling vlan tag offload in bd (bsc#1104353 ).\n - net: hns3: Add hclge_dcb module for the support of DCB feature\n (bsc#1104353).\n - net: hns3: Add HNS3 Acceleration Engine & Compatibility Layer Support\n (bsc#1104353).\n - net: hns3: Add HNS3 driver to kernel build framework & MAINTAINERS\n (bsc#1104353).\n - net: hns3: Add hns3_get_handle macro in hns3 driver (bsc#1104353 ).\n - net: hns3: Add HNS3 IMP(Integrated Mgmt Proc) Cmd Interface Support\n (bsc#1104353).\n - net: hns3: Add HNS3 VF driver to kernel build framework (bsc#1104353).\n - net: hns3: Add HNS3 VF HCL(Hardware Compatibility Layer) Support\n (bsc#1104353).\n - net: hns3: Add HNS3 VF IMP(Integrated Management Proc) cmd interface\n (bsc#1104353).\n - net: hns3: add int_gl_idx setup for TX and RX queues (bsc#1104353).\n - net: hns3: add int_gl_idx setup for VF (bsc#1104353 ).\n - net: hns3: Add mac loopback selftest support in hns3 driver\n (bsc#1104353).\n - net: hns3: Add mailbox interrupt handling to PF driver (bsc#1104353).\n - net: hns3: Add mailbox support to PF driver (bsc#1104353 ).\n - net: hns3: Add mailbox support to VF driver (bsc#1104353 ).\n - net: hns3: add manager table initialization for hardware (bsc#1104353).\n - net: hns3: Add MDIO support to HNS3 Ethernet driver for hip08 SoC\n (bsc#1104353).\n - net: hns3: Add missing break in misc_irq_handle (bsc#1104353 ).\n - net: hns3: Add more packet size statisctics (bsc#1104353 ).\n - net: hns3: add MTU initialization for hardware (bsc#1104353 ).\n - net: hns3: add net status led support for fiber port (bsc#1104353).\n - net: hns3: add nic_client check when initialize roce base information\n (bsc#1104353).\n - net: hns3: add querying speed and duplex support to VF (bsc#1104353).\n - net: hns3: Add repeat address checking for setting mac address\n (bsc#1104353).\n - net: hns3: Add reset interface implementation in client (bsc#1104353).\n - net: hns3: Add reset process in hclge_main (bsc#1104353 ).\n - net: hns3: Add reset service task for handling reset requests\n (bsc#1104353).\n - net: hns3: add result checking for VF when modify unicast mac address\n (bsc#1104353).\n - net: hns3: Add some interface for the support of DCB feature\n (bsc#1104353).\n - net: hns3: Adds support for led locate command for copper port\n (bsc#1104353).\n - net: hns3: Add STRP_TAGP field support for hardware revision 0x21\n (bsc#1104353).\n - net: hns3: Add support for dynamically buffer reallocation (bsc#1104353).\n - net: hns3: add support for ETHTOOL_GRXFH (bsc#1104353 ).\n - net: hns3: add support for get_regs (bsc#1104353).\n - net: hns3: Add support for IFF_ALLMULTI flag (bsc#1104353 ).\n - net: hns3: Add support for misc interrupt (bsc#1104353 ).\n - net: hns3: add support for nway_reset (bsc#1104353).\n - net: hns3: Add support for PFC setting in TM module (bsc#1104353 ).\n - net: hns3: Add support for port shaper setting in TM module\n (bsc#1104353).\n - net: hns3: add support for querying advertised pause frame by ethtool\n ethx (bsc#1104353).\n - net: hns3: add support for querying pfc puase packets statistic\n (bsc#1104353).\n - net: hns3: add support for set_link_ksettings (bsc#1104353 ).\n - net: hns3: add support for set_pauseparam (bsc#1104353 ).\n - net: hns3: add support for set_ringparam (bsc#1104353 ).\n - net: hns3: add support for set_rxnfc (bsc#1104353).\n - net: hns3: Add support for tx_accept_tag2 and tx_accept_untag2 config\n (bsc#1104353).\n - net: hns3: add support for VF driver inner interface\n hclgevf_ops.get_tqps_and_rss_info (bsc#1104353).\n - net: hns3: Add support of hardware rx-vlan-offload to HNS3 VF driver\n (bsc#1104353).\n - net: hns3: Add support of HNS3 Ethernet Driver for hip08 SoC\n (bsc#1104353).\n - net: hns3: Add support of .sriov_configure in HNS3 driver (bsc#1104353).\n - net: hns3: Add support of the HNAE3 framework (bsc#1104353 ).\n - net: hns3: Add support of TX Scheduler & Shaper to HNS3 driver\n (bsc#1104353).\n - net: hns3: Add support to change MTU in HNS3 hardware (bsc#1104353).\n - net: hns3: Add support to enable TX/RX promisc mode for H/W rev(0x21)\n (bsc#1104353).\n - net: hns3: add support to modify tqps number (bsc#1104353 ).\n - net: hns3: add support to query tqps number (bsc#1104353 ).\n - net: hns3: Add support to re-initialize the hclge device (bsc#1104353).\n - net: hns3: Add support to request VF Reset to PF (bsc#1104353 ).\n - net: hns3: Add support to reset the enet/ring mgmt layer (bsc#1104353).\n - net: hns3: add support to update flow control settings after autoneg\n (bsc#1104353).\n - net: hns3: Add tc-based TM support for sriov enabled port (bsc#1104353).\n - net: hns3: Add timeout process in hns3_enet (bsc#1104353 ).\n - net: hns3: Add VF Reset device state and its handling (bsc#1104353).\n - net: hns3: Add VF Reset Service Task to support event handling\n (bsc#1104353).\n - net: hns3: add vlan offload config command (bsc#1104353 ).\n - net: hns3: change GL update rate (bsc#1104353).\n - net: hns3: Change PF to add ring-vect binding & resetQ to mailbox\n (bsc#1104353).\n - net: hns3: Change return type of hnae3_register_ae_algo (bsc#1104353).\n - net: hns3: Change return type of hnae3_register_ae_dev (bsc#1104353).\n - net: hns3: Change return value in hnae3_register_client (bsc#1104353).\n - net: hns3: Changes required in PF mailbox to support VF reset\n (bsc#1104353).\n - net: hns3: Changes to make enet watchdog timeout func common for PF/VF\n (bsc#1104353).\n - net: hns3: Changes to support ARQ(Asynchronous Receive Queue)\n (bsc#1104353).\n - net: hns3: change the returned tqp number by ethtool -x (bsc#1104353).\n - net: hns3: change the time interval of int_gl calculating (bsc#1104353).\n - net: hns3: change the unit of GL value macro (bsc#1104353 ).\n - net: hns3: change TM sched mode to TC-based mode when SRIOV enabled\n (bsc#1104353).\n - net: hns3: check for NULL function pointer in hns3_nic_set_features\n (bsc#1104353).\n - net: hns3: Cleanup for endian issue in hns3 driver (bsc#1104353 ).\n - net: hns3: Cleanup for non-static function in hns3 driver (bsc#1104353).\n - net: hns3: Cleanup for ROCE capability flag in ae_dev (bsc#1104353).\n - net: hns3: Cleanup for shifting true in hns3 driver (bsc#1104353 ).\n - net: hns3: Cleanup for struct that used to send cmd to firmware\n (bsc#1104353).\n - net: hns3: Cleanup indentation for Kconfig in the the hisilicon folder\n (bsc#1104353).\n - net: hns3: cleanup mac auto-negotiation state query (bsc#1104353 ).\n - net: hns3: cleanup mac auto-negotiation state query in\n hclge_update_speed_duplex (bsc#1104353).\n - net: hns3: cleanup of return values in hclge_init_client_instance()\n (bsc#1104353).\n - net: hns3: Clear TX/RX rings when stopping port & un-initializing client\n (bsc#1104353).\n - net: hns3: Consistently using GENMASK in hns3 driver (bsc#1104353).\n - net: hns3: converting spaces into tabs to avoid checkpatch.pl warning\n (bsc#1104353).\n - net: hns3: Disable VFs change rxvlan offload status (bsc#1104353 ).\n - net: hns3: Disable vf vlan filter when vf vlan table is full\n (bsc#1104353).\n - net: hns3: ensure media_type is unitialized (bsc#1104353 ).\n - net: hns3: export pci table of hclge and hclgevf to userspace\n (bsc#1104353).\n - net: hns3: fix a bug about hns3_clean_tx_ring (bsc#1104353 ).\n - net: hns3: fix a bug for phy supported feature initialization\n (bsc#1104353).\n - net: hns3: fix a bug in hclge_uninit_client_instance (bsc#1104353).\n - net: hns3: fix a bug in hns3_driv_to_eth_caps (bsc#1104353 ).\n - net: hns3: fix a bug when alloc new buffer (bsc#1104353 ).\n - net: hns3: fix a bug when getting phy address from NCL_config file\n (bsc#1104353).\n - net: hns3: fix a dead loop in hclge_cmd_csq_clean (bsc#1104353 ).\n - net: hns3: fix a handful of spelling mistakes (bsc#1104353 ).\n - net: hns3: Fix a loop index error of tqp statistics query (bsc#1104353).\n - net: hns3: Fix a misuse to devm_free_irq (bsc#1104353 ).\n - net: hns3: Fix an error handling path in 'hclge_rss_init_hw()'\n (bsc#1104353).\n - net: hns3: Fix an error macro definition of HNS3_TQP_STAT (bsc#1104353).\n - net: hns3: Fix an error of total drop packet statistics (bsc#1104353).\n - net: hns3: Fix a response data read error of tqp statistics query\n (bsc#1104353).\n - net: hns3: fix endian issue when PF get mbx message flag (bsc#1104353).\n - net: hns3: fix error type definition of return value (bsc#1104353).\n - net: hns3: Fixes API to fetch ethernet header length with kernel default\n (bsc#1104353).\n - net: hns3: Fixes error reported by Kbuild and internal review\n (bsc#1104353).\n - net: hns3: Fixes initalization of RoCE handle and makes it conditional\n (bsc#1104353).\n - net: hns3: Fixes initialization of phy address from firmware\n (bsc#1104353).\n - net: hns3: Fixes kernel panic issue during rmmod hns3 driver\n (bsc#1104353).\n - net: hns3: Fixes ring-to-vector map-and-unmap command (bsc#1104353).\n - net: hns3: Fixes the back pressure setting when sriov is enabled\n (bsc#1104353).\n - net: hns3: Fixes the command used to unmap ring from vector\n (bsc#1104353).\n - net: hns3: Fixes the default VLAN-id of PF (bsc#1104353 ).\n - net: hns3: Fixes the error legs in hclge_init_ae_dev function\n (bsc#1104353).\n - net: hns3: Fixes the ether address copy with appropriate API\n (bsc#1104353).\n - net: hns3: Fixes the initialization of MAC address in hardware\n (bsc#1104353).\n - net: hns3: Fixes the init of the VALID BD info in the descriptor\n (bsc#1104353).\n - net: hns3: Fixes the missing PCI iounmap for various legs (bsc#1104353).\n - net: hns3: Fixes the missing u64_stats_fetch_begin_irq in 64-bit stats\n fetch (bsc#1104353).\n - net: hns3: Fixes the out of bounds access in hclge_map_tqp (bsc#1104353).\n - net: hns3: Fixes the premature exit of loop when matching clients\n (bsc#1104353).\n - net: hns3: fixes the ring index in hns3_fini_ring (bsc#1104353 ).\n - net: hns3: Fixes the state to indicate client-type initialization\n (bsc#1104353).\n - net: hns3: Fixes the static checker error warning in\n hns3_get_link_ksettings() (bsc#1104353).\n - net: hns3: Fixes the static check warning due to missing unsupp L3 proto\n check (bsc#1104353).\n - net: hns3: Fixes the wrong IS_ERR check on the returned phydev value\n (bsc#1104353).\n - net: hns3: fix for buffer overflow smatch warning (bsc#1104353 ).\n - net: hns3: fix for changing MTU (bsc#1104353).\n - net: hns3: fix for cleaning ring problem (bsc#1104353 ).\n - net: hns3: Fix for CMDQ and Misc. interrupt init order problem\n (bsc#1104353).\n - net: hns3: fix for coal configuation lost when setting the channel\n (bsc#1104353).\n - net: hns3: fix for coalesce configuration lost during reset\n (bsc#1104353).\n - net: hns3: Fix for deadlock problem occurring when unregistering ae_algo\n (bsc#1104353).\n - net: hns3: Fix for DEFAULT_DV when dev does not support DCB\n (bsc#1104353).\n - net: hns3: Fix for fiber link up problem (bsc#1104353 ).\n - net: hns3: fix for getting advertised_caps in hns3_get_link_ksettings\n (bsc#1104353).\n - net: hns3: fix for getting autoneg in hns3_get_link_ksettings\n (bsc#1104353).\n - net: hns3: fix for getting auto-negotiation state in hclge_get_autoneg\n (bsc#1104353).\n - net: hns3: fix for getting wrong link mode problem (bsc#1104353 ).\n - net: hns3: Fix for hclge_reset running repeatly problem (bsc#1104353).\n - net: hns3: Fix for hns3 module is loaded multiple times problem\n (bsc#1104353).\n - net: hns3: fix for ipv6 address loss problem after setting channels\n (bsc#1104353).\n - net: hns3: fix for loopback failure when vlan filter is enable\n (bsc#1104353).\n - net: hns3: fix for netdev not running problem after calling net_stop and\n net_open (bsc#1104353).\n - net: hns3: Fix for netdev not running problem after calling net_stop and\n net_open (bsc#1104353).\n - net: hns3: fix for not initializing VF rss_hash_key problem\n (bsc#1104353).\n - net: hns3: fix for not returning problem in get_link_ksettings when phy\n exists (bsc#1104353).\n - net: hns3: fix for not setting pause parameters (bsc#1104353 ).\n - net: hns3: Fix for not setting rx private buffer size to zero\n (bsc#1104353).\n - net: hns3: Fix for packet loss due wrong filter config in VLAN tbls\n (bsc#1104353).\n - net: hns3: fix for pause configuration lost during reset (bsc#1104353).\n - net: hns3: Fix for PF mailbox receving unknown message (bsc#1104353).\n - net: hns3: fix for phy_addr error in hclge_mac_mdio_config (bsc#1104353).\n - net: hns3: Fix for phy not link up problem after resetting (bsc#1104353).\n - net: hns3: Fix for pri to tc mapping in TM (bsc#1104353 ).\n - net: hns3: fix for returning wrong value problem in\n hns3_get_rss_indir_size (bsc#1104353).\n - net: hns3: fix for returning wrong value problem in\n hns3_get_rss_key_size (bsc#1104353).\n - net: hns3: fix for RSS configuration loss problem during reset\n (bsc#1104353).\n - net: hns3: Fix for rx priv buf allocation when DCB is not supported\n (bsc#1104353).\n - net: hns3: Fix for rx_priv_buf_alloc not setting rx shared buffer\n (bsc#1104353).\n - net: hns3: Fix for service_task not running problem after resetting\n (bsc#1104353).\n - net: hns3: Fix for setting mac address when resetting (bsc#1104353).\n - net: hns3: fix for setting MTU (bsc#1104353).\n - net: hns3: Fix for setting rss_size incorrectly (bsc#1104353 ).\n - net: hns3: Fix for the null pointer problem occurring when initializing\n ae_dev failed (bsc#1104353).\n - net: hns3: fix for the wrong shift problem in hns3_set_txbd_baseinfo\n (bsc#1104353).\n - net: hns3: fix for updating fc_mode_last_time (bsc#1104353 ).\n - net: hns3: fix for use-after-free when setting ring parameter\n (bsc#1104353).\n - net: hns3: Fix for VF mailbox cannot receiving PF response (bsc#1104353).\n - net: hns3: Fix for VF mailbox receiving unknown message (bsc#1104353).\n - net: hns3: fix for vlan table lost problem when resetting (bsc#1104353).\n - net: hns3: Fix for vxlan tx checksum bug (bsc#1104353 ).\n - net: hns3: Fix initialization when cmd is not supported (bsc#1104353).\n - net: hns3: fix length overflow when CONFIG_ARM64_64K_PAGES (bsc#1104353).\n - net: hns3: fix null pointer dereference before null check (bsc#1104353).\n - net: hns3: fix return value error of hclge_get_mac_vlan_cmd_status()\n (bsc#1104353).\n - net: hns3: fix rx path skb->truesize reporting bug (bsc#1104353 ).\n - net: hns3: Fix setting mac address error (bsc#1104353 ).\n - net: hns3: Fix spelling errors (bsc#1104353).\n - net: hns3: fix spelling mistake: "capabilty" -> "capability"\n (bsc#1104353).\n - net: hns3: fix the bug of hns3_set_txbd_baseinfo (bsc#1104353 ).\n - net: hns3: fix the bug when map buffer fail (bsc#1104353 ).\n - net: hns3: fix the bug when reuse command description in\n hclge_add_mac_vlan_tbl (bsc#1104353).\n - net: hns3: Fix the missing client list node initialization (bsc#1104353).\n - net: hns3: fix the ops check in hns3_get_rxnfc (bsc#1104353 ).\n - net: hns3: fix the queue id for tqp enable&&reset (bsc#1104353 ).\n - net: hns3: fix the ring count for ETHTOOL_GRXRINGS (bsc#1104353 ).\n - net: hns3: fix the TX/RX ring.queue_index in hns3_ring_get_cfg\n (bsc#1104353).\n - net: hns3: fix the VF queue reset flow error (bsc#1104353 ).\n - net: hns3: fix to correctly fetch l4 protocol outer header (bsc#1104353).\n - net: hns3: Fix to support autoneg only for port attached with phy\n (bsc#1104353).\n - net: hns3: Fix typo error for feild in hclge_tm (bsc#1104353 ).\n - net: hns3: free the ring_data structrue when change tqps (bsc#1104353).\n - net: hns3: get rss_size_max from configuration but not hardcode\n (bsc#1104353).\n - net: hns3: get vf count by pci_sriov_get_totalvfs (bsc#1104353 ).\n - net: hns3: hclge_inform_reset_assert_to_vf() can be static (bsc#1104353).\n - net: hns3: hns3:fix a bug about statistic counter in reset process\n (bsc#1104353).\n - net: hns3: hns3_get_channels() can be static (bsc#1104353 ).\n - net: hns3: Increase the default depth of bucket for TM shaper\n (bsc#1104353).\n - net: hns3: increase the max time for IMP handle command (bsc#1104353).\n - net: hns3: make local functions static (bsc#1104353 ).\n - net: hns3: Mask the packet statistics query when NIC is down\n (bsc#1104353).\n - net: hns3: Modify the update period of packet statistics (bsc#1104353).\n - net: hns3: never send command queue message to IMP when reset\n (bsc#1104353).\n - net: hns3: Optimize PF CMDQ interrupt switching process (bsc#1104353).\n - net: hns3: Optimize the PF's process of updating multicast MAC\n (bsc#1104353).\n - net: hns3: Optimize the VF's process of updating multicast MAC\n (bsc#1104353).\n - net: hns3: reallocate tx/rx buffer after changing mtu (bsc#1104353).\n - net: hns3: refactor GL update function (bsc#1104353 ).\n - net: hns3: refactor interrupt coalescing init function (bsc#1104353).\n - net: hns3: Refactor mac_init function (bsc#1104353).\n - net: hns3: Refactor of the reset interrupt handling logic (bsc#1104353).\n - net: hns3: Refactors the requested reset & pending reset handling code\n (bsc#1104353).\n - net: hns3: refactor the coalesce related struct (bsc#1104353 ).\n - net: hns3: refactor the get/put_vector function (bsc#1104353 ).\n - net: hns3: refactor the hclge_get/set_rss function (bsc#1104353 ).\n - net: hns3: refactor the hclge_get/set_rss_tuple function (bsc#1104353).\n - net: hns3: Refactor the initialization of command queue (bsc#1104353).\n - net: hns3: refactor the loopback related function (bsc#1104353 ).\n - net: hns3: Refactor the mapping of tqp to vport (bsc#1104353 ).\n - net: hns3: Refactor the skb receiving and transmitting function\n (bsc#1104353).\n - net: hns3: remove a couple of redundant assignments (bsc#1104353 ).\n - net: hns3: remove add/del_tunnel_udp in hns3_enet module (bsc#1104353).\n - net: hns3: Remove a useless member of struct hns3_stats (bsc#1104353).\n - net: hns3: Remove error log when getting pfc stats fails (bsc#1104353).\n - net: hns3: Remove packet statistics in the range of 8192~12287\n (bsc#1104353).\n - net: hns3: remove redundant memset when alloc buffer (bsc#1104353).\n - net: hns3: remove redundant semicolon (bsc#1104353).\n - net: hns3: Remove repeat statistic of rx_errors (bsc#1104353 ).\n - net: hns3: Removes unnecessary check when clearing TX/RX rings\n (bsc#1104353).\n - net: hns3: remove TSO config command from VF driver (bsc#1104353 ).\n - net: hns3: remove unnecessary pci_set_drvdata() and devm_kfree()\n (bsc#1104353).\n - net: hns3: remove unused GL setup function (bsc#1104353 ).\n - net: hns3: remove unused hclgevf_cfg_func_mta_filter (bsc#1104353).\n - net: hns3: Remove unused led control code (bsc#1104353 ).\n - net: hns3: report the function type the same line with\n hns3_nic_get_stats64 (bsc#1104353).\n - net: hns3: set the cmdq out_vld bit to 0 after used (bsc#1104353 ).\n - net: hns3: set the max ring num when alloc netdev (bsc#1104353 ).\n - net: hns3: Setting for fc_mode and dcb enable flag in TM module\n (bsc#1104353).\n - net: hns3: Support for dynamically assigning tx buffer to TC\n (bsc#1104353).\n - net: hns3: Unified HNS3 {VF|PF} Ethernet Driver for hip08 SoC\n (bsc#1104353).\n - net: hns3: unify the pause params setup function (bsc#1104353 ).\n - net: hns3: Unify the strings display of packet statistics (bsc#1104353).\n - net: hns3: Updates MSI/MSI-X alloc/free APIs(depricated) to new APIs\n (bsc#1104353).\n - net: hns3: Updates RX packet info fetch in case of multi BD\n (bsc#1104353).\n - net: hns3: Use enums instead of magic number in hclge_is_special_opcode\n (bsc#1104353).\n - net: hns3: VF should get the real rss_size instead of rss_size_max\n (bsc#1104353).\n - net: lan78xx: Fix race in tx pending skb size calculation (bsc#1100132).\n - net: lan78xx: fix rx handling before first packet is send (bsc#1100132).\n - net: qmi_wwan: add BroadMobi BM806U 2020:2033 (bsc#1087092).\n - net: qmi_wwan: Add Netgear Aircard 779S (bsc#1090888).\n - net-usb: add qmi_wwan if on lte modem wistron neweb d18q1 (bsc#1087092).\n - net: usb: asix: replace mii_nway_restart in resume path (bsc#1100132).\n - orangefs: report attributes_mask and attributes for statx (bsc#1101832).\n - orangefs: set i_size on new symlink (bsc#1101845).\n - overflow.h: Add allocation size calculation helpers (bsc#1101116,).\n - powerpc/64: Add GENERIC_CPU support for little endian ().\n - powerpc/fadump: handle crash memory ranges array index overflow\n (bsc#1103269).\n - powerpc/fadump: merge adjacent memory ranges to reduce PT_LOAD segements\n (bsc#1103269).\n - powerpc/pkeys: Deny read/write/execute by default (bsc#1097577).\n - powerpc/pkeys: Fix calculation of total pkeys (bsc#1097577).\n - powerpc/pkeys: Give all threads control of their key permissions\n (bsc#1097577).\n - powerpc/pkeys: key allocation/deallocation must not change pkey\n registers (bsc#1097577).\n - powerpc/pkeys: make protection key 0 less special (bsc#1097577).\n - powerpc/pkeys: Preallocate execute-only key (bsc#1097577).\n - powerpc/pkeys: Save the pkey registers before fork (bsc#1097577).\n - qed*: Add link change count value to ethtool statistics display\n (bsc#1086314).\n - qed: Add qed APIs for PHY module query (bsc#1086314 ).\n - qed: Add srq core support for RoCE and iWARP (bsc#1086314 ).\n - qede: Add driver callbacks for eeprom module query (bsc#1086314 ).\n - qedf: Add get_generic_tlv_data handler (bsc#1086317).\n - qedf: Add support for populating ethernet TLVs (bsc#1086317).\n - qed: fix spelling mistake "successffuly" -> "successfully" (bsc#1086314).\n - qedi: Add get_generic_tlv_data handler (bsc#1086315).\n - qedi: Add support for populating ethernet TLVs (bsc#1086315).\n - qed: Make some functions static (bsc#1086314).\n - qed: remove redundant functions qed_get_cm_pq_idx_rl (bsc#1086314).\n - qed: remove redundant functions qed_set_gft_event_id_cm_hdr\n (bsc#1086314).\n - qed: remove redundant pointer 'name' (bsc#1086314).\n - qed: use dma_zalloc_coherent instead of allocator/memset (bsc#1086314).\n - qed*: Utilize FW 8.37.2.0 (bsc#1086314).\n - rdma/hns: Add 64KB page size support for hip08 (bsc#1104427 ).\n - rdma/hns: Add command queue support for hip08 RoCE driver (bsc#1104427).\n - rdma/hns: Add CQ operations support for hip08 RoCE driver (bsc#1104427).\n - rdma/hns: Add detailed comments for mb() call (bsc#1104427 ).\n - rdma/hns: Add eq support of hip08 (bsc#1104427).\n - rdma/hns: Add gsi qp support for modifying qp in hip08 (bsc#1104427).\n - rdma/hns: Add mailbox's implementation for hip08 RoCE driver\n (bsc#1104427).\n - rdma/hns: Add modify CQ support for hip08 (bsc#1104427 ).\n - rdma/hns: Add names to function arguments in function pointers\n (bsc#1104427).\n - rdma/hns: Add profile support for hip08 driver (bsc#1104427 ).\n - rdma/hns: Add QP operations support for hip08 SoC (bsc#1104427 ).\n - rdma/hns: Add releasing resource operation in error branch (bsc#1104427).\n - rdma/hns: Add rereg mr support for hip08 (bsc#1104427 ).\n - rdma/hns: Add reset process for RoCE in hip08 (bsc#1104427 ).\n - rdma/hns: Add return operation when configured global param fail\n (bsc#1104427).\n - rdma/hns: Add rq inline data support for hip08 RoCE (bsc#1104427 ).\n - rdma/hns: Add rq inline flags judgement (bsc#1104427 ).\n - rdma/hns: Add sq_invld_flg field in QP context (bsc#1104427 ).\n - rdma/hns: Add support for processing send wr and receive wr\n (bsc#1104427).\n - rdma/hns: Add the interfaces to support multi hop addressing for the\n contexts in hip08 (bsc#1104427).\n - rdma/hns: Adjust the order of cleanup hem table (bsc#1104427 ).\n - rdma/hns: Assign dest_qp when deregistering mr (bsc#1104427 ).\n - rdma/hns: Assign the correct value for tx_cqn (bsc#1104427 ).\n - rdma/hns: Assign zero for pkey_index of wc in hip08 (bsc#1104427 ).\n - rdma/hns: Avoid NULL pointer exception (bsc#1104427 ).\n - rdma/hns: Bugfix for cq record db for kernel (bsc#1104427 ).\n - rdma/hns: Bugfix for init hem table (bsc#1104427).\n - rdma/hns: Bugfix for rq record db for kernel (bsc#1104427 ).\n - rdma/hns: Check return value of kzalloc (bsc#1104427 ).\n - rdma/hns: Configure BT BA and BT attribute for the contexts in hip08\n (bsc#1104427).\n - rdma/hns: Configure fence attribute in hip08 RoCE (bsc#1104427 ).\n - rdma/hns: Configure mac&gid and user access region for hip08 RoCE driver\n (bsc#1104427).\n - rdma/hns: Configure sgid type for hip08 RoCE (bsc#1104427 ).\n - rdma/hns: Configure the MTPT in hip08 (bsc#1104427).\n - rdma/hns: Configure TRRL field in hip08 RoCE device (bsc#1104427 ).\n - rdma/hns: Create gsi qp in hip08 (bsc#1104427).\n - rdma/hns: Delete the unnecessary initializing enum to zero (bsc#1104427).\n - rdma/hns: Do not unregister a callback we didn't register (bsc#1104427).\n - rdma/hns: Drop local zgid in favor of core defined variable\n (bsc#1104427).\n - rdma/hns: Enable inner_pa_vld filed of mpt (bsc#1104427 ).\n - rdma/hns: Enable the cqe field of sqwqe of RC (bsc#1104427 ).\n - rdma/hns: ensure for-loop actually iterates and free's buffers\n (bsc#1104427).\n - rdma/hns: Fill sq wqe context of ud type in hip08 (bsc#1104427 ).\n - rdma/hns: Filter for zero length of sge in hip08 kernel mode\n (bsc#1104427).\n - rdma/hns: Fix a bug with modifying mac address (bsc#1104427 ).\n - rdma/hns: Fix a couple misspellings (bsc#1104427).\n - rdma/hns: Fix calltrace for sleeping in atomic (bsc#1104427 ).\n - rdma/hns: Fix cqn type and init resp (bsc#1104427).\n - rdma/hns: Fix cq record doorbell enable in kernel (bsc#1104427 ).\n - rdma/hns: Fix endian problems around imm_data and rkey (bsc#1104427).\n - rdma/hns: Fix inconsistent warning (bsc#1104427).\n - rdma/hns: Fix init resp when alloc ucontext (bsc#1104427 ).\n - rdma/hns: Fix misplaced call to hns_roce_cleanup_hem_table (bsc#1104427).\n - rdma/hns: Fix QP state judgement before receiving work requests\n (bsc#1104427).\n - rdma/hns: Fix QP state judgement before sending work requests\n (bsc#1104427).\n - rdma/hns: fix spelling mistake: "Reseved" -> "Reserved" (bsc#1104427).\n - rdma/hns: Fix the bug with NULL pointer (bsc#1104427 ).\n - rdma/hns: Fix the bug with rq sge (bsc#1104427).\n - rdma/hns: Fix the endian problem for hns (bsc#1104427 ).\n - rdma/hns: Fix the illegal memory operation when cross page (bsc#1104427).\n - rdma/hns: Fix the issue of IOVA not page continuous in hip08\n (bsc#1104427).\n - rdma/hns: Fix the qp context state diagram (bsc#1104427 ).\n - rdma/hns: Generate gid type of RoCEv2 (bsc#1104427).\n - rdma/hns: Get rid of page operation after dma_alloc_coherent\n (bsc#1104427).\n - rdma/hns: Get rid of virt_to_page and vmap calls after\n dma_alloc_coherent (bsc#1104427).\n - rdma/hns: Implement the disassociate_ucontext API (bsc#1104427 ).\n - rdma/hns: Increase checking CMQ status timeout value (bsc#1104427).\n - rdma/hns: Initialize the PCI device for hip08 RoCE (bsc#1104427 ).\n - rdma/hns: Intercept illegal RDMA operation when use inline data\n (bsc#1104427).\n - rdma/hns: Load the RoCE dirver automatically (bsc#1104427 ).\n - rdma/hns: make various function static, fixes warnings (bsc#1104427).\n - rdma/hns: Modify assignment device variable to support both PCI device\n and platform device (bsc#1104427).\n - rdma/hns: Modify the usage of cmd_sn in hip08 (bsc#1104427 ).\n - rdma/hns: Modify the value with rd&dest_rd of qp_attr (bsc#1104427).\n - rdma/hns: Modify uar allocation algorithm to avoid bitmap exhaust\n (bsc#1104427).\n - rdma/hns: Move priv in order to add multiple hns_roce support\n (bsc#1104427).\n - rdma/hns: Move the location for initializing tmp_len (bsc#1104427).\n - rdma/hns: Not support qp transition from reset to reset for hip06\n (bsc#1104427).\n - rdma/hns: Only assign dest_qp if IB_QP_DEST_QPN bit is set (bsc#1104427).\n - rdma/hns: Only assign dqpn if IB_QP_PATH_DEST_QPN bit is set\n (bsc#1104427).\n - rdma/hns: Only assign mtu if IB_QP_PATH_MTU bit is set (bsc#1104427).\n - rdma/hns: Refactor code for readability (bsc#1104427 ).\n - rdma/hns: Refactor eq code for hip06 (bsc#1104427).\n - rdma/hns: remove redundant assignment to variable j (bsc#1104427 ).\n - rdma/hns: Remove some unnecessary attr_mask judgement (bsc#1104427).\n - rdma/hns: Remove unnecessary operator (bsc#1104427).\n - rdma/hns: Remove unnecessary platform_get_resource() error check\n (bsc#1104427).\n - rdma/hns: Rename the idx field of db (bsc#1104427).\n - rdma/hns: Replace condition statement using hardware version information\n (bsc#1104427).\n - rdma/hns: Replace __raw_write*(cpu_to_le*()) with LE write*()\n (bsc#1104427).\n - rdma/hns: return 0 rather than return a garbage status value\n (bsc#1104427).\n - rdma/hns_roce: Do not check return value of zap_vma_ptes() (bsc#1104427).\n - rdma/hns: Set access flags of hip08 RoCE (bsc#1104427 ).\n - rdma/hns: Set desc_dma_addr for zero when free cmq desc (bsc#1104427).\n - rdma/hns: Set NULL for __internal_mr (bsc#1104427).\n - rdma/hns: Set rdma_ah_attr type for querying qp (bsc#1104427 ).\n - rdma/hns: Set se attribute of sqwqe in hip08 (bsc#1104427 ).\n - rdma/hns: Set sq_cur_sge_blk_addr field in QPC in hip08 (bsc#1104427).\n - rdma/hns: Set the guid for hip08 RoCE device (bsc#1104427 ).\n - rdma/hns: Set the owner field of SQWQE in hip08 RoCE (bsc#1104427).\n - rdma/hns: Split CQE from MTT in hip08 (bsc#1104427).\n - rdma/hns: Split hw v1 driver from hns roce driver (bsc#1104427 ).\n - rdma/hns: Submit bad wr (bsc#1104427).\n - rdma/hns: Support cq record doorbell for kernel space (bsc#1104427).\n - rdma/hns: Support cq record doorbell for the user space (bsc#1104427).\n - rdma/hns: Support multi hop addressing for PBL in hip08 (bsc#1104427).\n - rdma/hns: Support rq record doorbell for kernel space (bsc#1104427).\n - rdma/hns: Support rq record doorbell for the user space (bsc#1104427).\n - rdma/hns: Support WQE/CQE/PBL page size configurable feature in hip08\n (bsc#1104427).\n - rdma/hns: Unify the calculation for hem index in hip08 (bsc#1104427).\n - rdma/hns: Update assignment method for owner field of send wqe\n (bsc#1104427).\n - rdma/hns: Update calculation of irrl_ba field for hip08 (bsc#1104427).\n - rdma/hns: Update convert function of endian format (bsc#1104427 ).\n - rdma/hns: Update the interfaces for MTT/CQE multi hop addressing in\n hip08 (bsc#1104427).\n - rdma/hns: Update the IRRL table chunk size in hip08 (bsc#1104427 ).\n - rdma/hns: Update the PD&CQE&MTT specification in hip08 (bsc#1104427).\n - rdma/hns: Update the usage of ack timeout in hip08 (bsc#1104427 ).\n - rdma/hns: Update the usage of sr_max and rr_max field (bsc#1104427).\n - rdma/hns: Update the verbs of polling for completion (bsc#1104427).\n - rdma/hns: Use free_pages function instead of free_page (bsc#1104427).\n - rdma/hns: Use structs to describe the uABI instead of opencoding\n (bsc#1104427).\n - rdma/qedr: Fix NULL pointer dereference when running over iWARP without\n RDMA-CM (bsc#1086314).\n - rdma/qedr: fix spelling mistake: "adrresses" -> "addresses"\n (bsc#1086314).\n - rdma/qedr: fix spelling mistake: "failes" -> "fails" (bsc#1086314).\n - reiserfs: fix buffer overflow with long warning messages (bsc#1101847).\n - reiserfs-fix-buffer-overflow-with-long-warning-messa.patch: Silence\n bogus compiler warning about unused result of strscpy().\n - s390/dasd: configurable IFCC handling (bsc#1097808).\n - sched/smt: Update sched_smt_present at runtime (bsc#1089343).\n - scsi: mpt3sas: Add an I/O barrier (bsc#1086906,).\n - scsi: mpt3sas: Added support for SAS Device Discovery Error Event\n (bsc#1086906,).\n - scsi: mpt3sas: Add PCI device ID for Andromeda (bsc#1086906,).\n - scsi: mpt3sas: Allow processing of events during driver unload\n (bsc#1086906,).\n - scsi: mpt3sas: As per MPI-spec, use combined reply queue for SAS3.5\n controllers when HBA supports more than 16 MSI-x vectors (bsc#1086906,).\n - scsi: mpt3sas: Bug fix for big endian systems (bsc#1086906,).\n - scsi: mpt3sas: Cache enclosure pages during enclosure add (bsc#1086906,).\n - scsi: mpt3sas: clarify mmio pointer types (bsc#1086906,).\n - scsi: mpt3sas: Configure reply post queue depth, DMA and sgl tablesize\n (bsc#1086906,).\n - scsi: mpt3sas: Do not abort I/Os issued to NVMe drives while processing\n Async Broadcast primitive event (bsc#1086906,).\n - scsi: mpt3sas: Do not access the structure after decrementing it's\n instance reference count (bsc#1086906,).\n - scsi: mpt3sas: Do not mark fw_event workqueue as WQ_MEM_RECLAIM\n (bsc#1086906,).\n - scsi: mpt3sas: Enhanced handling of Sense Buffer (bsc#1086906,).\n - scsi: mpt3sas: Fix, False timeout prints for ioctl and other internal\n commands during controller reset (bsc#1086906,).\n - scsi: mpt3sas: fix possible memory leak (bsc#1086906,).\n - scsi: mpt3sas: fix spelling mistake: "disbale" -> "disable"\n (bsc#1086906,).\n - scsi: mpt3sas: For NVME device, issue a protocol level reset\n (bsc#1086906,).\n - scsi: mpt3sas: Incorrect command status was set/marked as not used\n (bsc#1086906,).\n - scsi: mpt3sas: Increase event log buffer to support 24 port HBA's\n (bsc#1086906,).\n - scsi: mpt3sas: Introduce API to get BAR0 mapped buffer address\n (bsc#1086906,).\n - scsi: mpt3sas: Introduce Base function for cloning (bsc#1086906,).\n - scsi: mpt3sas: Introduce function to clone mpi reply (bsc#1086906,).\n - scsi: mpt3sas: Introduce function to clone mpi request (bsc#1086906,).\n - scsi: mpt3sas: Lockless access for chain buffers (bsc#1086906,).\n - scsi: mpt3sas: Optimize I/O memory consumption in driver (bsc#1086906,).\n - scsi: mpt3sas: Pre-allocate RDPQ Array at driver boot time\n (bsc#1086906,).\n - scsi: mpt3sas: Replace PCI pool old API (bsc#1081917). - Refresh\n patches.drivers/scsi-mpt3sas-SGL-to-PRP-Translation-for-I-Os-to-NVMe.patch.\n\n - scsi: mpt3sas: Report Firmware Package Version from HBA Driver\n (bsc#1086906,).\n - scsi: mpt3sas: Update driver version "25.100.00.00" (bsc#1086906,).\n - scsi: mpt3sas: Update driver version "26.100.00.00" (bsc#1086906,).\n - scsi: mpt3sas: Update MPI Headers (bsc#1086906,).\n - scsi: qedf: Add additional checks when restarting an rport due to ABTS\n timeout (bsc#1086317).\n - scsi: qedf: Add check for offload before flushing I/Os for target\n (bsc#1086317).\n - scsi: qedf: Add dcbx_not_wait module parameter so we won't wait for DCBX\n convergence to start discovery (bsc#1086317).\n - scsi: qedf: Add missing skb frees in error path (bsc#1086317).\n - scsi: qedf: Add more defensive checks for concurrent error conditions\n (bsc#1086317).\n - scsi: qedf: Add task id to kref_get_unless_zero() debug messages when\n flushing requests (bsc#1086317).\n - scsi: qedf: Check if link is already up when receiving a link up event\n from qed (bsc#1086317).\n - scsi: qedf: fix LTO-enabled build (bsc#1086317).\n - scsi: qedf: Fix VLAN display when printing sent FIP frames (bsc#1086317).\n - scsi: qedf: Honor default_prio module parameter even if DCBX does not\n converge (bsc#1086317).\n - scsi: qedf: Honor priority from DCBX FCoE App tag (bsc#1086317).\n - scsi: qedf: If qed fails to enable MSI-X fail PCI probe (bsc#1086317).\n - scsi: qedf: Improve firmware debug dump handling (bsc#1086317).\n - scsi: qedf: Increase the number of default FIP VLAN request retries to\n 60 (bsc#1086317).\n - scsi: qedf: Release RRQ reference correctly when RRQ command times out\n (bsc#1086317).\n - scsi: qedf: remove redundant initialization of 'fcport' (bsc#1086317).\n - scsi: qedf: Remove setting DCBX pending during soft context reset\n (bsc#1086317).\n - scsi: qedf: Return request as DID_NO_CONNECT if MSI-X is not enabled\n (bsc#1086317).\n - scsi: qedf: Sanity check FCoE/FIP priority value to make sure it's\n between 0 and 7 (bsc#1086317).\n - scsi: qedf: Send the driver state to MFW (bsc#1086317).\n - scsi: qedf: Set the UNLOADING flag when removing a vport (bsc#1086317).\n - scsi: qedf: Synchronize rport restarts when multiple ELS commands time\n out (bsc#1086317).\n - scsi: qedf: Update copyright for 2018 (bsc#1086317).\n - scsi: qedf: Update version number to 8.33.16.20 (bsc#1086317).\n - scsi: qedf: use correct strncpy() size (bsc#1086317).\n - scsi: qedi: fix building with LTO (bsc#1086315).\n - scsi: qedi: fix build regression (bsc#1086315).\n - scsi: qedi: Fix kernel crash during port toggle (bsc#1086315).\n - scsi: qedi: Send driver state to MFW (bsc#1086315).\n - scsi: qla2xxx: correctly shift host byte (bsc#1086327,).\n - scsi: qla2xxx: Correct setting of SAM_STAT_CHECK_CONDITION\n (bsc#1086327,).\n - scsi: qla2xxx: Fix crash on qla2x00_mailbox_command (bsc#1086327,).\n - scsi: qla2xxx: Fix Inquiry command being dropped in Target mode\n (bsc#1086327,).\n - scsi: qla2xxx: Fix race condition between iocb timeout and\n initialisation (bsc#1086327,).\n - scsi: qla2xxx: Fix Rport and session state getting out of sync\n (bsc#1086327,).\n - scsi: qla2xxx: Fix sending ADISC command for login (bsc#1086327,).\n - scsi: qla2xxx: Fix setting lower transfer speed if GPSC fails\n (bsc#1086327,).\n - scsi: qla2xxx: Fix TMF and Multi-Queue config (bsc#1086327,).\n - scsi: qla2xxx: Move GPSC and GFPNID out of session management\n (bsc#1086327,).\n - scsi: qla2xxx: Prevent relogin loop by removing stale code\n (bsc#1086327,).\n - scsi: qla2xxx: Reduce redundant ADISC command for RSCNs (bsc#1086327,).\n - scsi: qla2xxx: remove irq save in qla2x00_poll() (bsc#1086327,).\n - scsi: qla2xxx: Remove stale debug value for login_retry flag\n (bsc#1086327,).\n - scsi: qla2xxx: Update driver version to 10.00.00.07-k (bsc#1086327,).\n - scsi: qla2xxx: Use predefined get_datalen_for_atio() inline function\n (bsc#1086327,).\n - scsi: qla4xxx: Move an array from a .h into a .c file (bsc#1086331).\n - scsi: qla4xxx: Remove unused symbols (bsc#1086331).\n - scsi: qla4xxx: skip error recovery in case of register disconnect\n (bsc#1086331).\n - scsi: qla4xxx: Use dma_pool_zalloc() (bsc#1086331).\n - scsi: qla4xxx: Use zeroing allocator rather than allocator/memset\n (bsc#1086331).\n - selftests/powerpc: Fix core-pkey for default execute permission change\n (bsc#1097577).\n - selftests/powerpc: Fix ptrace-pkey for default execute permission change\n (bsc#1097577).\n - supported.conf: add drivers/md/dm-writecache\n - supported.conf: added hns3 modules\n - supported.conf: added hns-roce-hw-v1 and hns-roce-hw-v2\n - supported.conf: Enable HiSi v3 SAS adapter ()\n - tcp_rbd depends on BLK_DEV_RBD ().\n - typec: tcpm: fusb302: Resolve out of order messaging events\n (bsc#1087092).\n - udf: Detect incorrect directory size (bsc#1101891).\n - udf: Provide saner default for invalid uid / gid (bsc#1101890).\n - vfs: add the sb_start_intwrite_trylock() helper (bsc#1101841).\n - x86/apic: Ignore secondary threads if nosmt=force (bsc#1089343).\n - x86/CPU/AMD: Do not check CPUID max ext level before parsing SMP info\n (bsc#1089343).\n - x86/cpu/AMD: Evaluate smp_num_siblings early (bsc#1089343).\n - x86/CPU/AMD: Move TOPOEXT reenablement before reading smp_num_siblings\n (bsc#1089343).\n - x86/cpu/AMD: Remove the pointless detect_ht() call (bsc#1089343).\n - x86/cpu/common: Provide detect_ht_early() (bsc#1089343).\n - x86/cpu/intel: Evaluate smp_num_siblings early (bsc#1089343).\n - x86/cpu: Remove the pointless CPU printout (bsc#1089343).\n - x86/cpu/topology: Provide detect_extended_topology_early() (bsc#1089343).\n - x86/KVM/VMX: Add module argument for L1TF mitigation.\n - x86/smp: Provide topology_is_primary_thread() (bsc#1089343).\n - x86/topology: Provide topology_smt_supported() (bsc#1089343).\n - x86/xen: init %gs very early to avoid page faults with stack protector\n (bnc#1104777).\n - xen-netback: fix input validation in xenvif_set_hash_mapping()\n (bnc#1103277).\n - xen/netfront: do not cache skb_shinfo() (bnc#1065600).\n - xfs: catch inode allocation state mismatch corruption (bsc#1104211).\n - xfs: prevent creating negative-sized file via INSERT_RANGE (bsc#1101833).\n\n", "edition": 1, "modified": "2018-08-17T12:32:52", "published": "2018-08-17T12:32:52", "id": "OPENSUSE-SU-2018:2407-1", "href": "http://lists.opensuse.org/opensuse-security-announce/2018-08/msg00064.html", "title": "Security update for the Linux Kernel (important)", "type": "suse", "cvss": {"score": 4.7, "vector": "AV:LOCAL/AC:MEDIUM/Au:NONE/C:COMPLETE/I:NONE/A:NONE/"}}, {"lastseen": "2018-08-17T15:01:24", "bulletinFamily": "unix", "cvelist": ["CVE-2018-10882", "CVE-2018-10877", "CVE-2018-10880", "CVE-2018-10878", "CVE-2018-10881", "CVE-2018-14734", "CVE-2018-3646", "CVE-2018-5391", "CVE-2018-3620", "CVE-2018-10883", "CVE-2017-18344", "CVE-2018-5390", "CVE-2018-10876", "CVE-2018-10879"], "description": "The openSUSE Leap 42.3 kernel was updated to 4.4.143 to receive various\n security and bugfixes.\n\n The following security bugs were fixed:\n\n - CVE-2017-18344: The timer_create syscall implementation in\n kernel/time/posix-timers.c didn't properly validate the\n sigevent->sigev_notify field, which leads to out-of-bounds access in the\n show_timer function (called when /proc/$PID/timers is read). This\n allowed userspace applications to read arbitrary kernel memory (on a\n kernel built with CONFIG_POSIX_TIMERS and CONFIG_CHECKPOINT_RESTORE)\n (bnc#1102851 bnc#1103580).\n - CVE-2018-10876: A flaw was found in Linux kernel in the ext4 filesystem\n code. A use-after-free is possible in ext4_ext_remove_space() function\n when mounting and operating a crafted ext4 image. (bnc#1099811)\n - CVE-2018-10877: Linux kernel ext4 filesystem is vulnerable to an\n out-of-bound access in the ext4_ext_drop_refs() function when operating\n on a crafted ext4 filesystem image. (bnc#1099846)\n - CVE-2018-10878: A flaw was found in the ext4 filesystem. A local user\n can cause an out-of-bounds write and a denial of service or unspecified\n other impact is possible by mounting and operating a crafted ext4\n filesystem image. (bnc#1099813)\n - CVE-2018-10879: A flaw was found in the ext4 filesystem. A local user\n can cause a use-after-free in ext4_xattr_set_entry function and a denial\n of service or unspecified other impact may occur by renaming a file in a\n crafted ext4 filesystem image. (bnc#1099844)\n - CVE-2018-10880: Linux kernel is vulnerable to a stack-out-of-bounds\n write in the ext4 filesystem code when mounting and writing to a crafted\n ext4 image in ext4_update_inline_data(). An attacker could use this to\n cause a system crash and a denial of service. (bnc#1099845)\n - CVE-2018-10881: A flaw was found in the ext4 filesystem. A local user\n can cause an out-of-bound access in ext4_get_group_info function, a\n denial of service, and a system crash by mounting and operating on a\n crafted ext4 filesystem image. (bnc#1099864)\n - CVE-2018-10882: A flaw was found in the ext4 filesystem. A local user\n can cause an out-of-bound write in in fs/jbd2/transaction.c code, a\n denial of service, and a system crash by unmounting a crafted ext4\n filesystem image. (bnc#1099849)\n - CVE-2018-10883: A flaw was found in the ext4 filesystem. A local user\n can cause an out-of-bounds write in jbd2_journal_dirty_metadata(), a\n denial of service, and a system crash by mounting and operating on a\n crafted ext4 filesystem image. (bnc#1099863)\n - CVE-2018-14734: drivers/infiniband/core/ucma.c allowed\n ucma_leave_multicast to access a certain data structure after a cleanup\n step in ucma_process_join, which allowed attackers to cause a denial of\n service (use-after-free) (bnc#1103119).\n - CVE-2018-3620: Systems with microprocessors utilizing speculative\n execution and address translations may allow unauthorized disclosure of\n information residing in the L1 data cache to an attacker with local user\n access via a terminal page fault and a side-channel analysis\n (bnc#1087081 1089343 ).\n - CVE-2018-3646: Systems with microprocessors utilizing speculative\n execution and address translations may allow unauthorized disclosure of\n information residing in the L1 data cache to an attacker with local user\n access with guest OS privilege via a terminal page fault and a\n side-channel analysis (bnc#1089343 1104365).\n - CVE-2018-5390 aka "SegmentSmack": The Linux kernel could be forced to\n make very expensive calls to tcp_collapse_ofo_queue() and\n tcp_prune_ofo_queue() for every incoming packet which can lead to a\n denial of service (bnc#1102340).\n - CVE-2018-5391 aka "FragmentSmack": A flaw in the IP packet reassembly\n could be used by remote attackers to consume lots of CPU time\n (bnc#1103097).\n\n The following non-security bugs were fixed:\n\n - Add support for 5,25,50, and 100G to 802.3ad bonding driver (bsc#1096978)\n - ahci: Disable LPM on Lenovo 50 series laptops with a too old BIOS\n (bnc#1012382).\n - arm64: do not open code page table entry creation (bsc#1102197).\n - arm64: kpti: Use early_param for kpti= command-line option (bsc#1102188).\n - arm64: Make sure permission updates happen for pmd/pud (bsc#1102197).\n - atm: zatm: Fix potential Spectre v1 (bnc#1012382).\n - bcm63xx_enet: correct clock usage (bnc#1012382).\n - bcm63xx_enet: do not write to random DMA channel on BCM6345\n (bnc#1012382).\n - blkcg: simplify statistic accumulation code (bsc#1082979).\n - block: copy ioprio in __bio_clone_fast() (bsc#1082653).\n - block/swim: Fix array bounds check (bsc#1082979).\n - bpf: fix loading of BPF_MAXINSNS sized programs (bsc#1012382).\n - bpf, x64: fix memleak when not converging after image (bsc#1012382).\n - btrfs: Do not remove block group still has pinned down bytes\n (bsc#1086457).\n - cachefiles: Fix missing clear of the CACHEFILES_OBJECT_ACTIVE flag\n (bsc#1099858).\n - cachefiles: Fix refcounting bug in backing-file read monitoring\n (bsc#1099858).\n - cachefiles: Wait rather than BUG'ing on "Unexpected object collision"\n (bsc#1099858).\n - cifs: fix bad/NULL ptr dereferencing in SMB2_sess_setup() (bsc#1090123).\n - compiler, clang: always inline when CONFIG_OPTIMIZE_INLINING is disabled\n (bnc#1012382).\n - compiler, clang: properly override 'inline' for clang (bnc#1012382).\n - compiler, clang: suppress warning for unused static inline functions\n (bnc#1012382).\n - compiler-gcc.h: Add __attribute__((gnu_inline)) to all inline\n declarations (bnc#1012382).\n - cpu/hotplug: Add sysfs state interface (bsc#1089343).\n - cpu/hotplug: Provide knobs to control SMT (bsc#1089343).\n - cpu/hotplug: Split do_cpu_down() (bsc#1089343).\n - crypto: crypto4xx - fix crypto4xx_build_pdr, crypto4xx_build_sdr leak\n (bnc#1012382).\n - crypto: crypto4xx - remove bad list_del (bnc#1012382).\n - dm thin metadata: remove needless work from __commit_transaction\n (bsc#1082979).\n - drm/msm: Fix possible null dereference on failure of get_pages()\n (bsc#1102394).\n - drm: re-enable error handling (bsc#1103884).\n - esp6: fix memleak on error path in esp6_input (git-fixes).\n - ext4: check for allocation block validity with block group locked\n (bsc#1104495).\n - ext4: do not update s_last_mounted of a frozen fs (bsc#1101841).\n - ext4: factor out helper ext4_sample_last_mounted() (bsc#1101841).\n - ext4: fix check to prevent initializing reserved inodes (bsc#1104319).\n - ext4: fix false negatives *and* false positives in\n ext4_check_descriptors() (bsc#1103445).\n - ext4: fix inline data updates with checksums enabled (bsc#1104494).\n - fscache: Allow cancelled operations to be enqueued (bsc#1099858).\n - fscache: Fix reference overput in fscache_attach_object() error handling\n (bsc#1099858).\n - genirq: Make force irq threading setup more robust (bsc#1082979).\n - hid: usbhid: add quirk for innomedia INNEX GENESIS/ATARI adapter\n (bnc#1012382).\n - ib/isert: fix T10-pi check mask setting (bsc#1082979).\n - ibmasm: do not write out of bounds in read handler (bnc#1012382).\n - ibmvnic: Fix error recovery on login failure (bsc#1101789).\n - ibmvnic: Remove code to request error information (bsc#1104174).\n - ibmvnic: Revise RX/TX queue error messages (bsc#1101331).\n - ibmvnic: Update firmware error reporting with cause string (bsc#1104174).\n - iw_cxgb4: correctly enforce the max reg_mr depth (bnc#1012382).\n - kabi protect includes in include/linux/inet.h (bsc#1095643).\n - kabi protect net/core/utils.c includes (bsc#1095643).\n - kABI: protect struct loop_device (kabi).\n - kABI: reintroduce __static_cpu_has_safe (kabi).\n - Kbuild: fix # escaping in .cmd files for future Make (bnc#1012382).\n - keys: DNS: fix parsing multiple options (bnc#1012382).\n - kvm: arm/arm64: Drop resource size check for GICV window (bsc#1102215).\n - kvm: arm/arm64: Set dist->spis to NULL after kfree (bsc#1102214).\n - libata: do not try to pass through NCQ commands to non-NCQ devices\n (bsc#1082979).\n - loop: add recursion validation to LOOP_CHANGE_FD (bnc#1012382).\n - loop: remember whether sysfs_create_group() was done (bnc#1012382).\n - mmc: dw_mmc: fix card threshold control configuration (bsc#1102203).\n - mm: check VMA flags to avoid invalid PROT_NONE NUMA balancing\n (bsc#1097771).\n - net: cxgb3_main: fix potential Spectre v1 (bnc#1012382).\n - net: dccp: avoid crash in ccid3_hc_rx_send_feedback() (bnc#1012382).\n - net: dccp: switch rx_tstamp_last_feedback to monotonic clock\n (bnc#1012382).\n - netfilter: ebtables: reject non-bridge targets (bnc#1012382).\n - netfilter: nf_queue: augment nfqa_cfg_policy (bnc#1012382).\n - netfilter: x_tables: initialise match/target check parameter struct\n (bnc#1012382).\n - net/mlx5: Fix command interface race in polling mode (bnc#1012382).\n - net/mlx5: Fix incorrect raw command length parsing (bnc#1012382).\n - net: mvneta: fix the Rx desc DMA address in the Rx path (bsc#1102207).\n - net/nfc: Avoid stalls when nfc_alloc_send_skb() returned NULL\n (bnc#1012382).\n - net: off by one in inet6_pton() (bsc#1095643).\n - net: phy: marvell: Use strlcpy() for ethtool::get_strings (bsc#1102205).\n - net_sched: blackhole: tell upper qdisc about dropped packets\n (bnc#1012382).\n - net: sungem: fix rx checksum support (bnc#1012382).\n - net/utils: generic inet_pton_with_scope helper (bsc#1095643).\n - null_blk: use sector_div instead of do_div (bsc#1082979).\n - nvme-rdma: Check remotely invalidated rkey matches our expected rkey\n (bsc#1092001).\n - nvme-rdma: default MR page size to 4k (bsc#1092001).\n - nvme-rdma: do not complete requests before a send work request has\n completed (bsc#1092001).\n - nvme-rdma: do not suppress send completions (bsc#1092001).\n - nvme-rdma: Fix command completion race at error recovery (bsc#1090435).\n - nvme-rdma: make nvme_rdma_[create|destroy]_queue_ib symmetrical\n (bsc#1092001).\n - nvme-rdma: use inet_pton_with_scope helper (bsc#1095643).\n - nvme-rdma: Use mr pool (bsc#1092001).\n - nvme-rdma: wait for local invalidation before completing a request\n (bsc#1092001).\n - ocfs2: subsystem.su_mutex is required while accessing the\n item->ci_parent (bnc#1012382).\n - pci: ibmphp: Fix use-before-set in get_max_bus_speed() (bsc#1100132).\n - perf tools: Move syscall number fallbacks from perf-sys.h to\n tools/arch/x86/include/asm/ (bnc#1012382).\n - pm / hibernate: Fix oops at snapshot_write() (bnc#1012382).\n - powerpc/64: Initialise thread_info for emergency stacks (bsc#1094244,\n bsc#1100930, bsc#1102683).\n - powerpc/fadump: handle crash memory ranges array index overflow\n (bsc#1103269).\n - powerpc/fadump: merge adjacent memory ranges to reduce PT_LOAD segements\n (bsc#1103269).\n - qed: Limit msix vectors in kdump kernel to the minimum required count\n (bnc#1012382).\n - r8152: napi hangup fix after disconnect (bnc#1012382).\n - rdma/ocrdma: Fix an error code in ocrdma_alloc_pd() (bsc#1082979).\n - rdma/ocrdma: Fix error codes in ocrdma_create_srq() (bsc#1082979).\n - rdma/ucm: Mark UCM interface as BROKEN (bnc#1012382).\n - rds: avoid unenecessary cong_update in loop transport (bnc#1012382).\n - Revert 'block-cancel-workqueue-entries-on-blk_mq_freeze_queue'\n (bsc#1103717)\n - Revert "sit: reload iphdr in ipip6_rcv" (bnc#1012382).\n - Revert "x86/cpufeature: Move some of the scattered feature bits to\n x86_capability" (kabi).\n - Revert "x86/cpu: Probe CPUID leaf 6 even when cpuid_level == 6" (kabi).\n - rtlwifi: rtl8821ae: fix firmware is not ready to run (bnc#1012382).\n - s390/qeth: fix error handling in adapter command callbacks (bnc#1103745,\n LTC#169699).\n - sched/smt: Update sched_smt_present at runtime (bsc#1089343).\n - scsi: qlogicpti: Fix an error handling path in 'qpti_sbus_probe()'\n (bsc#1082979).\n - scsi: sg: fix minor memory leak in error path (bsc#1082979).\n - scsi: target: fix crash with iscsi target and dvd (bsc#1082979).\n - smsc75xx: Add workaround for gigabit link up hardware errata\n (bsc#1100132).\n - smsc95xx: Configure pause time to 0xffff when tx flow control enabled\n (bsc#1085536).\n - supported.conf: Do not build KMP for openSUSE kernels The merge of\n kselftest-kmp was overseen, and bad for openSUSE-42.3\n - tcp: fix Fast Open key endianness (bnc#1012382).\n - tcp: prevent bogus FRTO undos with non-SACK flows (bnc#1012382).\n - tools build: fix # escaping in .cmd files for future Make (bnc#1012382).\n - uprobes/x86: Remove incorrect WARN_ON() in uprobe_init_insn()\n (bnc#1012382).\n - usb: core: handle hub C_PORT_OVER_CURRENT condition (bsc#1100132).\n - usb: quirks: add delay quirks for Corsair Strafe (bnc#1012382).\n - usb: serial: ch341: fix type promotion bug in ch341_control_in()\n (bnc#1012382).\n - usb: serial: cp210x: add another USB ID for Qivicon ZigBee stick\n (bnc#1012382).\n - usb: serial: keyspan_pda: fix modem-status error handling (bnc#1012382).\n - usb: serial: mos7840: fix status-register error handling (bnc#1012382).\n - usb: yurex: fix out-of-bounds uaccess in read handler (bnc#1012382).\n - vfio: platform: Fix reset module leak in error path (bsc#1102211).\n - vfs: add the sb_start_intwrite_trylock() helper (bsc#1101841).\n - vhost_net: validate sock before trying to put its fd (bnc#1012382).\n - vmw_balloon: fix inflation with batching (bnc#1012382).\n - x86/alternatives: Add an auxilary section (bnc#1012382).\n - x86/alternatives: Discard dynamic check after init (bnc#1012382).\n - x86/apic: Ignore secondary threads if nosmt=force (bsc#1089343).\n - x86/asm: Add _ASM_ARG* constants for argument registers to <asm/asm.h>\n (bnc#1012382).\n - x86/boot: Simplify kernel load address alignment check (bnc#1012382).\n - x86/CPU/AMD: Do not check CPUID max ext level before parsing SMP info\n (bsc#1089343).\n - x86/cpu/AMD: Evaluate smp_num_siblings early (bsc#1089343).\n - x86/CPU/AMD: Move TOPOEXT reenablement before reading smp_num_siblings\n (bsc#1089343). Update config files.\n - x86/cpu/AMD: Remove the pointless detect_ht() call (bsc#1089343).\n - x86/cpu/common: Provide detect_ht_early() (bsc#1089343).\n - x86/cpufeature: Add helper macro for mask check macros (bnc#1012382).\n - x86/cpufeature: Carve out X86_FEATURE_* (bnc#1012382).\n - x86/cpufeature: Get rid of the non-asm goto variant (bnc#1012382).\n - x86/cpufeature: Make sure DISABLED/REQUIRED macros are updated\n (bnc#1012382).\n - x86/cpufeature: Move some of the scattered feature bits to\n x86_capability (bnc#1012382).\n - x86/cpufeature: Replace the old static_cpu_has() with safe variant\n (bnc#1012382).\n - x86/cpufeature: Speed up cpu_feature_enabled() (bnc#1012382).\n - x86/cpufeature: Update cpufeaure macros (bnc#1012382).\n - x86/cpu/intel: Evaluate smp_num_siblings early (bsc#1089343).\n - x86/cpu: Probe CPUID leaf 6 even when cpuid_level == 6 (bnc#1012382).\n - x86/cpu: Provide a config option to disable static_cpu_has (bnc#1012382).\n - x86/cpu: Remove the pointless CPU printout (bsc#1089343).\n - x86/cpu/topology: Provide detect_extended_topology_early() (bsc#1089343).\n - x86/fpu: Add an XSTATE_OP() macro (bnc#1012382).\n - x86/fpu: Get rid of xstate_fault() (bnc#1012382).\n - x86/headers: Do not include asm/processor.h in asm/atomic.h\n (bnc#1012382).\n - x86/mm/pkeys: Fix mismerge of protection keys CPUID bits (bnc#1012382).\n - x86/mm: Simplify p[g4um]d_page() macros (1087081).\n - x86/smpboot: Do not use smp_num_siblings in __max_logical_packages\n calculation (bsc#1089343).\n - x86/smp: Provide topology_is_primary_thread() (bsc#1089343).\n - x86/topology: Add topology_max_smt_threads() (bsc#1089343).\n - x86/topology: Provide topology_smt_supported() (bsc#1089343).\n - x86/vdso: Use static_cpu_has() (bnc#1012382).\n - xen/grant-table: log the lack of grants (bnc#1085042).\n - xen-netfront: Fix mismatched rtnl_unlock (bnc#1101658).\n - xen-netfront: Update features after registering netdev (bnc#1101658).\n - xhci: xhci-mem: off by one in xhci_stream_id_to_ring() (bnc#1012382).\n\n", "edition": 1, "modified": "2018-08-17T12:20:07", "published": "2018-08-17T12:20:07", "id": "OPENSUSE-SU-2018:2404-1", "href": "http://lists.opensuse.org/opensuse-security-announce/2018-08/msg00061.html", "title": "Security update for the Linux Kernel (important)", "type": "suse", "cvss": {"score": 4.7, "vector": "AV:LOCAL/AC:MEDIUM/Au:NONE/C:COMPLETE/I:NONE/A:NONE/"}}], "debian": [{"lastseen": "2020-08-12T00:57:09", "bulletinFamily": "unix", "cvelist": ["CVE-2018-10882", "CVE-2018-10021", "CVE-2017-18255", "CVE-2018-10877", "CVE-2017-5753", "CVE-2018-10940", "CVE-2018-10880", "CVE-2018-10878", "CVE-2018-11506", "CVE-2018-10853", "CVE-2018-10881", "CVE-2018-1118", "CVE-2018-1130", "CVE-2018-1120", "CVE-2018-5814", "CVE-2018-1000204", "CVE-2018-10883", "CVE-2018-12233", "CVE-2018-10087", "CVE-2018-10124", "CVE-2018-10876", "CVE-2018-10879", "CVE-2018-3639"], "description": "Package : linux-4.9\nVersion : 4.9.110-1~deb8u1\nCVE ID : CVE-2017-5753 CVE-2017-18255 CVE-2018-1118 CVE-2018-1120\n CVE-2018-1130 CVE-2018-3639 CVE-2018-5814 CVE-2018-10021\n CVE-2018-10087 CVE-2018-10124 CVE-2018-10853 CVE-2018-10876\n CVE-2018-10877 CVE-2018-10878 CVE-2018-10879 CVE-2018-10880\n CVE-2018-10881 CVE-2018-10882 CVE-2018-10883 CVE-2018-10940\n CVE-2018-11506 CVE-2018-12233 CVE-2018-1000204\nDebian Bug : 860900 872907 892057 896775 897590 898137\n\nLinux 4.9 has been packaged for Debian 8 as linux-4.9. This provides\na supported upgrade path for systems that currently use kernel\npackages from the "jessie-backports" suite.\n\nThere is no need to upgrade systems using Linux 3.16, as that kernel\nversion will also continue to be supported in the LTS period.\n\nThis backport does not include the following binary packages:\n\n hyperv-daemons libcpupower1 libcpupower-dev libusbip-dev\n linux-compiler-gcc-4.9-x86 linux-cpupower linux-libc-dev usbip\n\nOlder versions of most of those are built from other source packages\nin Debian 8.\n\nSeveral vulnerabilities have been discovered in the Linux kernel that\nmay lead to a privilege escalation, denial of service or information\nleaks.\n\nCVE-2017-5753\n\n Further instances of code that was vulnerable to Spectre variant 1\n (bounds-check bypass) have been mitigated.\n\nCVE-2017-18255\n\n It was discovered that the performance events subsystem did not\n properly validate the value of the\n kernel.perf_cpu_time_max_percent sysctl. Setting a large value\n could have an unspecified security impact. However, only a\n privileged user can set this sysctl.\n\nCVE-2018-1118\n\n The syzbot software found that the vhost driver did not initialise\n message buffers which would later be read by user processes. A\n user with access to the /dev/vhost-net device could use this to\n read sensitive information from the kernel or other users'\n processes.\n\nCVE-2018-1120\n\n Qualys reported that a user able to mount FUSE filesystems can\n create a process such that when another process attempting to read\n its command line will be blocked for an arbitrarily long time.\n This could be used for denial of service, or to aid in exploiting\n a race condition in the other program.\n\nCVE-2018-1130\n\n The syzbot software found that the DCCP implementation of\n sendmsg() does not check the socket state, potentially leading\n to a null pointer dereference. A local user could use this to\n cause a denial of service (crash). \n\nCVE-2018-3639\n\n Multiple researchers have discovered that Speculative Store Bypass\n (SSB), a feature implemented in many processors, could be used to\n read sensitive information from another context. In particular,\n code in a software sandbox may be able to read sensitive\n information from outside the sandbox. This issue is also known as\n Spectre variant 4.\n\n This update allows the issue to be mitigated on some x86\n processors by disabling SSB. This requires an update to the\n processor's microcode, which is non-free. It may be included in\n an update to the system BIOS or UEFI firmware, or in a future\n update to the intel-microcode or amd64-microcode packages.\n\n Disabling SSB can reduce performance significantly, so by default\n it is only done in tasks that use the seccomp feature.\n Applications that require this mitigation should request it\n explicitly through the prctl() system call. Users can control\n where the mitigation is enabled with the spec_store_bypass_disable\n kernel parameter.\n\nCVE-2018-5814\n\n Jakub Jirasek reported race conditions in the USB/IP host driver.\n A malicious client could use this to cause a denial of service\n (crash or memory corruption), and possibly to execute code, on a\n USB/IP server.\n\nCVE-2018-10021\n\n A physically present attacker who unplugs a SAS cable can cause a\n denial of service (memory leak and WARN).\n\nCVE-2018-10087, CVE-2018-10124\n\n zhongjiang found that the wait4() and kill() system call\n implementations did not check for the invalid pid value of\n INT_MIN. If a user passed this value, the behaviour of the code\n was formally undefined and might have had a security impact.\n\nCVE-2018-10853\n\n Andy Lutomirski and Mika Penttil\u00e4 reported that KVM for x86\n processors did not perform a necessary privilege check when\n emulating certain instructions. This could be used by an\n unprivileged user in a guest VM to escalate their privileges\n within the guest.\n\nCVE-2018-10876, CVE-2018-10877, CVE-2018-10878, CVE-2018-10879,\nCVE-2018-10880, CVE-2018-10881, CVE-2018-10882, CVE-2018-10883\n\n Wen Xu at SSLab, Gatech, reported that crafted ext4 filesystem\n images could trigger a crash or memory corruption. A local user\n able to mount arbitrary filesystems, or an attacker providing\n filesystems to be mounted, could use this for denial of service or\n possibly for privilege escalation.\n\nCVE-2018-10940\n\n Dan Carpenter reported that the optical disc driver (cdrom) does\n not correctly validate the parameter to the CDROM_MEDIA_CHANGED\n ioctl. A user with access to a cdrom device could use this to\n cause a denial of service (crash).\n\nCVE-2018-11506\n\n Piotr Gabriel Kosinski and Daniel Shapira reported that the\n SCSI optical disc driver (sr) did not allocate a sufficiently\n large buffer for sense data. A user with access to a SCSI\n optical disc device that can produce more than 64 bytes of\n sense data could use this to cause a denial of service (crash\n or memory corruption), and possibly for privilege escalation.\n\nCVE-2018-12233\n\n Shankara Pailoor reported that a crafted JFS filesystem image\n could trigger a denial of service (memory corruption). This\n could possibly also be used for privilege escalation.\n\nCVE-2018-1000204\n\n The syzbot software found that the SCSI generic driver (sg) would\n in some circumstances allow reading data from uninitialised\n buffers, which could include sensitive information from the kernel\n or other tasks. However, only privileged users with the\n CAP_SYS_ADMIN or CAP_SYS_RAWIO capability were allowed to do this,\n so this has little or no security impact.\n\nFor Debian 8 "Jessie", these problems have been fixed in version\n4.9.110-1~deb8u1. This update additionally fixes Debian bugs\n#860900, #872907, #892057, #896775, #897590, and #898137; and\nincludes many more bug fixes from stable updates 4.9.89-4.9.110\ninclusive.\n\nWe recommend that you upgrade your linux-4.9 packages.\n\nFurther information about Debian LTS security advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: https://wiki.debian.org/LTS\n\n-- \nBen Hutchings - Debian developer, member of kernel, installer and LTS teams", "edition": 12, "modified": "2018-07-18T15:37:58", "published": "2018-07-18T15:37:58", "id": "DEBIAN:DLA-1423-1:B239D", "href": "https://lists.debian.org/debian-lts-announce/2018/debian-lts-announce-201807/msg00020.html", "title": "[SECURITY] [DLA 1423-1] linux-4.9 new package", "type": "debian", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}], "redhat": [{"lastseen": "2019-12-11T13:33:28", "bulletinFamily": "unix", "cvelist": ["CVE-2017-13166", "CVE-2017-16648", "CVE-2017-17805", "CVE-2017-17806", "CVE-2017-18075", "CVE-2017-18208", "CVE-2017-18344", "CVE-2018-1000026", "CVE-2018-1000200", "CVE-2018-1000204", "CVE-2018-10322", "CVE-2018-1065", "CVE-2018-1068", "CVE-2018-10877", "CVE-2018-10878", "CVE-2018-10879", "CVE-2018-10880", "CVE-2018-10881", "CVE-2018-10882", "CVE-2018-10883", "CVE-2018-1092", "CVE-2018-1094", "CVE-2018-10940", "CVE-2018-1095", "CVE-2018-1118", "CVE-2018-1120", "CVE-2018-11506", "CVE-2018-12232", "CVE-2018-13405", "CVE-2018-14619", "CVE-2018-14641", "CVE-2018-3639", "CVE-2018-5344", "CVE-2018-5390", "CVE-2018-5391", "CVE-2018-5750", "CVE-2018-5803", "CVE-2018-5848", "CVE-2018-7566", "CVE-2018-7757", "CVE-2018-8781", "CVE-2018-9363"], "description": "The kernel-alt packages provide the Linux kernel version 4.x.\n\nSecurity Fix(es):\n\n* An industry-wide issue was found in the way many modern microprocessor designs have implemented speculative execution of Load & Store instructions (a commonly used performance optimization). It relies on the presence of a precisely-defined instruction sequence in the privileged code as well as the fact that memory read from address to which a recent memory write has occurred may see an older value and subsequently cause an update into the microprocessor's data cache even for speculatively executed instructions that never actually commit (retire). As a result, an unprivileged attacker could use this flaw to read privileged memory by conducting targeted cache side-channel attacks. (CVE-2018-3639, aarch64)\n\n* A flaw named SegmentSmack was found in the way the Linux kernel handled specially crafted TCP packets. A remote attacker could use this flaw to trigger time and calculation expensive calls to tcp_collapse_ofo_queue() and tcp_prune_ofo_queue() functions by sending specially modified packets within ongoing TCP sessions which could lead to a CPU saturation and hence a denial of service on the system. Maintaining the denial of service condition requires continuous two-way TCP sessions to a reachable open port, thus the attacks cannot be performed using spoofed IP addresses. (CVE-2018-5390)\n\n* A flaw named FragmentSmack was found in the way the Linux kernel handled reassembly of fragmented IPv4 and IPv6 packets. A remote attacker could use this flaw to trigger time and calculation expensive fragment reassembly algorithm by sending specially crafted packets which could lead to a CPU saturation and hence a denial of service on the system. (CVE-2018-5391)\n\nSpace precludes documenting all of the security fixes in this advisory. See the descriptions of the remaining security fixes in the related Knowledge Article: \n\nhttps://access.redhat.com/articles/3658021\n\nFor more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section.\n\nRed Hat would like to thank Ken Johnson (Microsoft Security Response Center) and Jann Horn (Google Project Zero) for reporting CVE-2018-3639; Juha-Matti Tilli (Aalto University - Department of Communications and Networking and Nokia Bell Labs) for reporting CVE-2018-5390 and CVE-2018-5391; Qualys Research Labs for reporting CVE-2018-1120; David Rientjes (Google) for reporting CVE-2018-1000200; and Wen Xu for reporting CVE-2018-1092, CVE-2018-1094, and CVE-2018-1095. The CVE-2018-14619 issue was discovered by Florian Weimer (Red Hat) and Ondrej Mosnacek (Red Hat).\n\nAdditional Changes:\n\nFor detailed information on changes in this release, see the Red Hat Enterprise Linux 7.6 Release Notes linked from the References section.", "modified": "2018-10-30T12:37:20", "published": "2018-10-30T12:15:20", "id": "RHSA-2018:2948", "href": "https://access.redhat.com/errata/RHSA-2018:2948", "type": "redhat", "title": "(RHSA-2018:2948) Important: kernel-alt security, bug fix, and enhancement update", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}], "lenovo": [{"lastseen": "2020-10-15T01:02:01", "bulletinFamily": "info", "cvelist": ["CVE-2018-10882", "CVE-2016-10208", "CVE-2018-10877", "CVE-2016-7097", "CVE-2016-9191", "CVE-2018-13053", "CVE-2016-7910", "CVE-2017-17558", "CVE-2017-15299", "CVE-2018-10880", "CVE-2015-2925", "CVE-2014-9529", "CVE-2018-9568", "CVE-2014-7822", "CVE-2016-6213", "CVE-2015-8215", "CVE-2015-3288", "CVE-2016-3070", "CVE-2014-9420", "CVE-2019-10639", "CVE-2018-1066", "CVE-2019-11478", "CVE-2015-8964", "CVE-2017-7618", "CVE-2016-7916", "CVE-2014-8160", "CVE-2017-9242", "CVE-2015-3339", "CVE-2016-2847", "CVE-2018-10881", "CVE-2019-12819", "CVE-2017-16535", "CVE-2017-5551", "CVE-2015-5706", "CVE-2016-5696", "CVE-2018-5344", "CVE-2017-2671", "CVE-2016-0723", "CVE-2014-9728", "CVE-2014-8989", "CVE-2017-14106", "CVE-2014-9730", "CVE-2019-11190", "CVE-2018-6927", "CVE-2019-13272", "CVE-2018-5995", "CVE-2014-7975", "CVE-2014-5206", "CVE-2016-3156", "CVE-2018-5953", "CVE-2016-0758", "CVE-2014-8559", "CVE-2015-7613", "CVE-2017-7495", "CVE-2017-13305", "CVE-2017-1000253", "CVE-2016-6828", "CVE-2016-0728", "CVE-2017-1000364", "CVE-2019-11833", "CVE-2015-1350", "CVE-2019-11599", "CVE-2019-11477", "CVE-2018-18281", "CVE-2017-18270", "CVE-2014-3631", "CVE-2016-4482", "CVE-2018-1093", "CVE-2017-17449", "CVE-2014-9729", "CVE-2015-3636", "CVE-2018-16884", "CVE-2019-10638", "CVE-2017-5669", "CVE-2018-10883", "CVE-2019-3901", "CVE-2018-17972", "CVE-2016-8405", "CVE-2017-2647", "CVE-2013-4312", "CVE-2015-1333", "CVE-2018-18344", "CVE-2017-16531", "CVE-2018-9422", "CVE-2019-9213", "CVE-2014-5207", "CVE-2015-8816", "CVE-2013-7446", "CVE-2015-4167", "CVE-2018-10087", "CVE-2014-6410", "CVE-2017-7542", "CVE-2014-7145", "CVE-2018-20169", "CVE-2018-10124", "CVE-2016-0823", "CVE-2019-5489", "CVE-2016-7914", "CVE-2018-1092", "CVE-2018-10876", "CVE-2018-1000026", "CVE-2016-8645", "CVE-2019-11479", "CVE-2017-5897", "CVE-2017-8064", "CVE-2018-12896", "CVE-2014-7970", "CVE-2017-17806", "CVE-2015-1805"], "description": "**Lenovo Security Advisory:** LEN-29592\n\n**Potential Impact**: Denial of service, privilege escalation, information disclosure\n\n**Severity:** High\n\n**Scope of Impact:** Industry-wide\n\n**CVE Identifier:** CVE-2013-4312, CVE-2013-7446, CVE-2014-3631, CVE-2014-5206, CVE-2014-5207, CVE-2014-6410, CVE-2014-7145, CVE-2014-7822, CVE-2014-7970, CVE-2014-7975, CVE-2014-8160, CVE-2014-8559, CVE-2014-8989, CVE-2014-9420, CVE-2014-9529, CVE-2014-9728, CVE-2014-9729, CVE-2014-9730, CVE-2015-1333, CVE-2015-1350, CVE-2015-1805, CVE-2015-2925, CVE-2015-3288, CVE-2015-3339, CVE-2015-3636, CVE-2015-4167, CVE-2015-5706, CVE-2015-7613, CVE-2015-8215, CVE-2015-8816, CVE-2015-8964, CVE-2016-0723, CVE-2016-0728, CVE-2016-0758, CVE-2016-0823, CVE-2016-10208, CVE-2016-2847, CVE-2016-3070, CVE-2016-3156, CVE-2016-4482, CVE-2016-5696, CVE-2016-6213, CVE-2016-6828, CVE-2016-7097, CVE-2016-7910, CVE-2016-7914, CVE-2016-7916, CVE-2016-8405, CVE-2016-8645, CVE-2016-9191, CVE-2017-1000253, CVE-2017-1000364, CVE-2017-13305, CVE-2017-14106, CVE-2017-15299, CVE-2017-16531, CVE-2017-16535, CVE-2017-17449, CVE-2017-17558, CVE-2017-17806, CVE-2017-18270, CVE-2017-2647, CVE-2017-2671, CVE-2017-5551, CVE-2017-5669, CVE-2017-5897, CVE-2017-7495, CVE-2017-7542, CVE-2017-7618, CVE-2017-8064, CVE-2017-9242, CVE-2018-1000026, CVE-2018-10087, CVE-2018-10124, CVE-2018-1066, CVE-2018-10876, CVE-2018-10877, CVE-2018-10880, CVE-2018-10881, CVE-2018-10882, CVE-2018-10883, CVE-2018-1092, CVE-2018-1093, CVE-2018-12896, CVE-2018-13053, CVE-2018-16884, CVE-2018-17972, CVE-2018-18281, CVE-2018-18344, CVE-2018-20169, CVE-2018-5344, CVE-2018-5953, CVE-2018-5995, CVE-2018-6927, CVE-2018-9422, CVE-2018-9568, CVE-2019-10638, CVE-2019-10639, CVE-2019-11190, CVE-2019-11477, CVE-2019-11478, CVE-2019-11479, CVE-2019-11599, CVE-2019-11833, CVE-2019-12819, CVE-2019-13272, CVE-2019-3901, CVE-2019-5489, CVE-2019-9213\n\n**Summary Description: **\n\nAMI has released AMI MegaRAC SP-X Baseboard Management Controller (BMC) security enhancements to address Linux kernel vulnerabilities.\n\n**Mitigation Strategy for Customers (what you should do to protect yourself): **\n\nUpgrade to the BMC firmware version (or newer) indicated for your model in the Product Impact section below.\n\n****\n\n****\n\n**Product Impact:**\n\nTo download the version specified for your product below, follow these steps:\n\n 1. Navigate to your product's Drivers & Software page by going to [https://support.lenovo.com/](<https://pcsupport.lenovo.com/us/en/>). PRC users should go to <https://newsupport.lenovo.com.cn/>\n 2. Search for your product by name or machine type.\n 3. Click Drivers & Software on the left menu panel.\n 4. Click on Manual Update to browse by Component type.\n 5. Compare the minimum fix version for your product from the applicable product table below with the latest version posted on the support site.\n\nAlternatively and if applicable for your product, you may use Lenovo Vantage or Windows Update to update to the latest available version. To confirm you are using the minimum fix version (or higher), go to Add/Remove Programs and check the version listed there.\n", "edition": 43, "modified": "2020-09-17T13:59:41", "published": "2020-04-13T19:22:04", "id": "LENOVO:PS500321-NOSID", "href": "https://support.lenovo.com/us/en/product_security/ps500321", "title": "AMI MegaRAC SP-X BMC Vulnerabilities - Lenovo Support US", "type": "lenovo", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-03-04T15:28:08", "bulletinFamily": "info", "cvelist": ["CVE-2018-10882", "CVE-2016-10208", "CVE-2018-10877", "CVE-2016-7097", "CVE-2016-9191", "CVE-2018-13053", "CVE-2016-7910", "CVE-2017-17558", "CVE-2017-15299", "CVE-2018-10880", "CVE-2015-2925", "CVE-2014-9529", "CVE-2018-9568", "CVE-2014-7822", "CVE-2016-6213", "CVE-2015-8215", "CVE-2015-3288", "CVE-2016-3070", "CVE-2014-9420", "CVE-2019-10639", "CVE-2018-1066", "CVE-2019-11478", "CVE-2015-8964", "CVE-2017-7618", "CVE-2016-7916", "CVE-2014-8160", "CVE-2017-9242", "CVE-2015-3339", "CVE-2016-2847", "CVE-2018-10881", "CVE-2019-12819", "CVE-2017-16535", "CVE-2017-5551", "CVE-2015-5706", "CVE-2016-5696", "CVE-2018-5344", "CVE-2017-2671", "CVE-2016-0723", "CVE-2014-9728", "CVE-2014-8989", "CVE-2017-14106", "CVE-2014-9730", "CVE-2019-11190", "CVE-2018-6927", "CVE-2019-13272", "CVE-2018-5995", "CVE-2014-7975", "CVE-2014-5206", "CVE-2016-3156", "CVE-2018-5953", "CVE-2016-0758", "CVE-2014-8559", "CVE-2015-7613", "CVE-2017-7495", "CVE-2017-13305", "CVE-2017-1000253", "CVE-2016-6828", "CVE-2016-0728", "CVE-2017-1000364", "CVE-2019-11833", "CVE-2015-1350", "CVE-2019-11599", "CVE-2019-11477", "CVE-2018-18281", "CVE-2017-18270", "CVE-2014-3631", "CVE-2016-4482", "CVE-2018-1093", "CVE-2017-17449", "CVE-2014-9729", "CVE-2015-3636", "CVE-2018-16884", "CVE-2019-10638", "CVE-2017-5669", "CVE-2018-10883", "CVE-2019-3901", "CVE-2018-17972", "CVE-2016-8405", "CVE-2017-2647", "CVE-2013-4312", "CVE-2015-1333", "CVE-2018-18344", "CVE-2017-16531", "CVE-2018-9422", "CVE-2019-9213", "CVE-2014-5207", "CVE-2015-8816", "CVE-2013-7446", "CVE-2015-4167", "CVE-2018-10087", "CVE-2014-6410", "CVE-2017-7542", "CVE-2014-7145", "CVE-2018-20169", "CVE-2018-10124", "CVE-2016-0823", "CVE-2019-5489", "CVE-2016-7914", "CVE-2018-1092", "CVE-2018-10876", "CVE-2018-1000026", "CVE-2016-8645", "CVE-2019-11479", "CVE-2017-5897", "CVE-2017-8064", "CVE-2018-12896", "CVE-2014-7970", "CVE-2017-17806", "CVE-2015-1805"], "description": "**Lenovo Security Advisory:** LEN-29592\n\n**Potential Impact**: Denial of service, privilege escalation, information disclosure\n\n**Severity:** High\n\n**Scope of Impact:** Industry-wide\n\n**CVE Identifier:** CVE-2013-4312, CVE-2013-7446, CVE-2014-3631, CVE-2014-5206, CVE-2014-5207, CVE-2014-6410, CVE-2014-7145, CVE-2014-7822, CVE-2014-7970, CVE-2014-7975, CVE-2014-8160, CVE-2014-8559, CVE-2014-8989, CVE-2014-9420, CVE-2014-9529, CVE-2014-9728, CVE-2014-9729, CVE-2014-9730, CVE-2015-1333, CVE-2015-1350, CVE-2015-1805, CVE-2015-2925, CVE-2015-3288, CVE-2015-3339, CVE-2015-3636, CVE-2015-4167, CVE-2015-5706, CVE-2015-7613, CVE-2015-8215, CVE-2015-8816, CVE-2015-8964, CVE-2016-0723, CVE-2016-0728, CVE-2016-0758, CVE-2016-0823, CVE-2016-10208, CVE-2016-2847, CVE-2016-3070, CVE-2016-3156, CVE-2016-4482, CVE-2016-5696, CVE-2016-6213, CVE-2016-6828, CVE-2016-7097, CVE-2016-7910, CVE-2016-7914, CVE-2016-7916, CVE-2016-8405, CVE-2016-8645, CVE-2016-9191, CVE-2017-1000253, CVE-2017-1000364, CVE-2017-13305, CVE-2017-14106, CVE-2017-15299, CVE-2017-16531, CVE-2017-16535, CVE-2017-17449, CVE-2017-17558, CVE-2017-17806, CVE-2017-18270, CVE-2017-2647, CVE-2017-2671, CVE-2017-5551, CVE-2017-5669, CVE-2017-5897, CVE-2017-7495, CVE-2017-7542, CVE-2017-7618, CVE-2017-8064, CVE-2017-9242, CVE-2018-1000026, CVE-2018-10087, CVE-2018-10124, CVE-2018-1066, CVE-2018-10876, CVE-2018-10877, CVE-2018-10880, CVE-2018-10881, CVE-2018-10882, CVE-2018-10883, CVE-2018-1092, CVE-2018-1093, CVE-2018-12896, CVE-2018-13053, CVE-2018-16884, CVE-2018-17972, CVE-2018-18281, CVE-2018-18344, CVE-2018-20169, CVE-2018-5344, CVE-2018-5953, CVE-2018-5995, CVE-2018-6927, CVE-2018-9422, CVE-2018-9568, CVE-2019-10638, CVE-2019-10639, CVE-2019-11190, CVE-2019-11477, CVE-2019-11478, CVE-2019-11479, CVE-2019-11599, CVE-2019-11833, CVE-2019-12819, CVE-2019-13272, CVE-2019-3901, CVE-2019-5489, CVE-2019-9213\n\n**Summary Description: **\n\nAMI has released AMI MegaRAC SP-X Baseboard Management Controller (BMC) security enhancements to address Linux kernel vulnerabilities.\n\n**Mitigation Strategy for Customers (what you should do to protect yourself): **\n\nUpgrade to the BMC firmware version (or newer) indicated for your model in the Product Impact section below.\n\n****\n\n****\n\n**Product Impact:**\n\nTo download the version specified for your product below, follow these steps:\n\n 1. Navigate to your product's Drivers & Software page by going to [https://support.lenovo.com/](<https://pcsupport.lenovo.com/us/en/>). PRC users should go to <https://newsupport.lenovo.com.cn/>\n 2. Search for your product by name or machine type.\n 3. Click Drivers & Software on the left menu panel.\n 4. Click on Manual Update to browse by Component type.\n 5. Compare the minimum fix version for your product from the applicable product table below with the latest version posted on the support site.\n\nAlternatively and if applicable for your product, you may use Lenovo Vantage or Windows Update to update to the latest available version. To confirm you are using the minimum fix version (or higher), go to Add/Remove Programs and check the version listed there.\n", "edition": 23, "modified": "2020-09-17T13:59:41", "published": "2020-04-13T19:22:04", "id": "LENOVO:PS500321-AMI-MEGARAC-SP-X-BMC-VULNERABILITIES-NOSID", "href": "https://support.lenovo.com/us/en/product_security/ps500321-ami-megarac-sp-x-bmc-vulnerabilities", "title": "AMI MegaRAC SP-X BMC Vulnerabilities - Lenovo Support US", "type": "lenovo", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}]}